terragrunt-atlantis-config
terragrunt-atlantis-config copied to clipboard
transcend-io
Parent Terragrunt is included as dependency
Here is my parent terragrunt.hcl:
locals {
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
project_vars = read_terragrunt_config(find_in_parent_folders("project.hcl"))
region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
aws_account_id = local.account_vars.locals.account_id
aws_region_name = local.region_vars.locals.region_name
}
# Generate backend
remote_state {
backend = "consul"
generate = {
path = "backend.tf"
if_exists = "overwrite"
}
config = {
lock = true
path = "terraform-state/${path_relative_to_include()}/terraform.tfstate"
scheme = "http"
}
}
# Generate provider
generate "provider" {
path = "provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "aws" {
region = "${local.aws_region_name}"
allowed_account_ids = ["${local.aws_account_id}"]
}
EOF
}
Here is my child terragrunt.hcl
terraform {
source = "git::[email protected]:terraform-aws-modules/terraform-aws-iam.git//modules/iam-user?ref=v5.1.0"
}
include {
path = find_in_parent_folders()
}
inputs = {
name = "example-two"
}
Here is the command I run:
terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --create-workspace --parallel --ignore-parent-terragrunt
And here is the resulting Atlantis config:
automerge: false
parallel_apply: true
parallel_plan: true
projects:
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- ../../../../../terragrunt.hcl
dir: test/example/global/iam-user/example-two
workspace: test_example_global_iam-user_example-two
version: 3
Why does it include the parent config ../../../../../terragrunt.hcl? Is there a bug or I am doing something wrong?
I am using the latest version.
After some digging I found out that this behavour was introduced in v1.14.0 with the release of https://github.com/transcend-io/terragrunt-atlantis-config/pull/202.
It mentions the changes but doesn't reflect them in documentation:
There is an important caveat to this approach however, every include block is added as an implicit dependency, including any parent module. This means that irrespective of the state of --ignore-parent-terragrunt the parent terragrunt.hcl will be included as there is no easy way differentiate between includes to find the "real" parent.
I'll keep this issue open in case I'll find the time to work on the is_parent_terragrunt_file idea mentioned in the same issue.
same issue here on latest 1.15.0
file below is the parent nonprod/terragrunt.hcl which i want to exclude from plans.
remote_state {
backend = "s3"
config = {
bucket = "redacted-${get_env("TF_VAR_account_alias", "")}-${get_env("AWS_DEFAULT_REGION", "")}-infra"
region = get_env("AWS_DEFAULT_REGION", "")
key = "state/${path_relative_to_include()}/redacted.tfstate"
encrypt = true
dynamodb_table = "redacted-redacted-redacted"
}
}
terraform {
extra_arguments "common" {
commands = get_terraform_commands_that_need_vars()
arguments = [
"-var",
"redacted=redacted-${get_env("TF_VAR_account_alias", "")}-${get_env("AWS_DEFAULT_REGION", "")}-infra",
]
}
}
locals {
global = yamldecode(file("${find_in_parent_folders("global.yaml")}"))
}
inputs = {
redacted = local.global.redacted
redacted = local.global.redacted
redacted = local.global.redacted
redacted = local.global.redacted
redacted = "${get_env("redacted")}/${path_relative_to_include()}"
}
file below is the child in nonprod/eu-west-1/dev/acm/terragrunt.hcl
include {
path = find_in_parent_folders()
}
terraform {
source = "git::[email protected]/terraform.git//acm"
}
inputs = {
domain_name = "redacted.redacted.net"
route53_enabled = false
}
sample from atlantis.yaml created by version 1.15:
terragrunt-atlantis-config generate --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output ./atlantis.yaml
dir: aws/accounts/nonprod/eu-west-1/dev/acm
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- ../../../terragrunt.hcl
sample from atlantis.yaml created by version 1.13 with same command
dir: aws/accounts/nonprod/eu-west-1/dev/acm
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
not sure if this comment belongs here, or in https://github.com/transcend-io/terragrunt-atlantis-config/issues/217 so i've posted in both. sorry!
Was just about to open an issue, I am seeing the same problem. It would be nice to have a way to ignore the extra top-level terragrunt.hcl file that is being added to the when_modified block.
Has anyone been able to find a work around for this?
I use this hacky workaround in Atlantis config. Since my directory structure is consistent, I just remove the root file from all projects each time terragrunt-atlantis-config generates a new config.
- run: >
terragrunt-atlantis-config generate --output atlantis.yaml --autoplan
--workflow terragrunt --create-workspace --parallel &&
sed -i -r '/^\s+-\s\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/terragrunt\.hcl$/d' atlantis.yaml
@enarmontas I was thinking about doing something similar. Glad to hear it wasn't as crazy as I thought! Thanks for the reply, I will give something like that a try.
I think there might be a misunderstanding here on the feature supported by --ignore-parent-terragrunt.
You get the parent terragrunt config listed because of the use of an include block in your child terragrunt config.
This --ignore-parent-terragrunt flag prevents the creation of a project for the parent terragrunt.hcl within atlantis.tf, based on my understanding of the test suit implemented in this repo.
So if you want to avoid triggering a plan/apply for all your projects each time there's a change in the parent terragrunt config and you are using include blocks, there's for now no other way than using a sed as suggested by @enarmontas .
