Giters

terramate-io / terramate

Terramate CLI is an open-source Infrastructure as Code (IaC) Orchestration and Code Generation tool for Terraform, OpenTofu and Terragrunt.

Home Page:https://terramate.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[FEATURE] Tag filters for script jobs or script commands

cwe1ss opened this issue · comments

commented

Is your feature request related to a problem? Please describe.
I'm running a "validation" script in my reusable modules and also in my actual stacks. Both share a lot of the logic (e.g. terraform fmt, terraform init), but they also have some differences - e.g. I'm currently only running terraform-docs against my reusable modules.

I can define my "validation" script separately for my modules and my stacks (and this works well), but this leaves me with quite a lot of duplication in my script definition because both scripts need to contain all commands.

Describe the solution you'd like
I was thinking if it would be a good idea to support tag filters within scripts, so that scripts that are defined in a parent folder can contain conditional logic based on the actual stack they're running in.

Maybe this could look something like this, by applying the filters to jobs:

script "validate" {
  description = "Validate Terraform"
  job {
    # Shared for modules and stacks
    commands = [
      ["terraform", "fmt", "-check"],
      ["terraform", "init"],
    ]
  }
  job {
    # Applies only to stacks matching this tag filter - https://terramate.io/docs/cli/orchestration/tag-filter
    filter = "modules"
    commands = [
      ["terraform-docs", ".", "--output-check"]
    ]
  }
}

Describe alternatives you've considered

  • Having fully separate script definitions for any use-case, including any duplication that comes with it.
  • Using terramate.stack.tags somehow within my commands to conditionally run them. But AFAIU, I currently would always have to use something like ["/bin/bash", "-c", " ... manually check ${terramate.stack.tags} here ..."] to "escape" the commands-syntax which requires a list of args.
commented

Maybe an even better option would be to have a condition parameter on the job that allows to control the invocation based on much more than just tags. This would be more similar to the existing conditional code generation (e.g. generate_hcl.condition)

But in that case, it would be great to have a Terramate-function that contains the tag filter-logic so that we don't have to recreate that.

script "validate" {
  description = "Validate Terraform"
  job {
    # Shared for modules and stacks
    commands = [
      ["terraform", "fmt", "-check"],
      ["terraform", "init"],
    ]
  }
  job {
    # Example 1: Use a global variable
    condition = global.my_var == true
    # Example 2 Using a (not yet existing?) function to match stack tags
    condition = tm_tag_filter(terramate.stack.tags, "modules")

    commands = [
      ["terraform-docs", ".", "--output-check"]
    ]
  }
}
commented

This makes perfect sense to us and we already planned similar behavior for the scripts feature. we will keep this issue open to track the progress.