Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: gruntwork-io/terragrunt
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.36.12
Choose a base ref
...
head repository: gruntwork-io/terragrunt
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.37.0
Choose a head ref
  • 1 commit
  • 8 files changed
  • 1 contributor

Commits on May 11, 2022

  1. fix config remote state s3 and update if needs (#2063) 

    * some fixes for staticheck

* check if bucket is config and updated

* check if policy is set

* update doc reference

* fix check bucket policy and nested blocks

* change struct bucket updates required

* fix err public access block
    Leonardo Biffi authored May 11, 2022
    Copy the full SHA
    05b1216 View commit details
37 changes: 37 additions & 0 deletions aws_helper/policy.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package aws_helper

import "encoding/json"

// A representation of the polciy for AWS
type Policy struct {
Version string `json:"Version"`
Statement []Statement `json:"Statement"`
}

type Statement struct {
Sid string `json:"Sid"`
Effect string `json:"Effect"`
Principal interface{} `json:"Principal"`
Action string `json:"Action"`
Resource []string `json:"Resource"`
Condition *map[string]interface{} `json:"Condition,omitempty"`
}

func UnmarshalPolicy(policy string) (Policy, error) {
var p Policy
err := json.Unmarshal([]byte(policy), &p)
if err != nil {
return p, err
}

return p, nil
}

func MarshalPolicy(policy Policy) ([]byte, error) {
policyJson, err := json.Marshal(policy)
if err != nil {
return nil, err
}

return policyJson, nil
}
1 change: 1 addition & 0 deletions docs/_docs/04_reference/config-blocks-and-attributes.md
View file
Original file line number Diff line number Diff line change
@@ -387,6 +387,7 @@ For the `s3` backend, the following additional properties are supported in the `
- `skip_bucket_accesslogging`: _DEPRECATED_ If provided, will be ignored. A log warning will be issued in the console output to notify the user.
- `skip_bucket_root_access`: When `true`, the S3 bucket that is created will not be configured with bucket policies that allow access to the root AWS user.
- `skip_bucket_enforced_tls`: When `true`, the S3 bucket that is created will not be configured with a bucket policy that enforces access to the bucket via a TLS connection.
- `disable_bucket_update`: When `true`, disable update S3 bucket if not equal configured in config block
- `enable_lock_table_ssencryption`: When `true`, the synchronization lock table in DynamoDB used for remote state concurrent access will not be configured with server side encryption.
- `s3_bucket_tags`: A map of key value pairs to associate as tags on the created S3 bucket.
- `dynamodb_table_tags`: A map of key value pairs to associate as tags on the created DynamoDB remote state lock table.
8 changes: 4 additions & 4 deletions remote/remote_state.go
View file
Original file line number Diff line number Diff line change
@@ -55,7 +55,7 @@ func (remoteState *RemoteState) FillDefaults() {
// Validate that the remote state is configured correctly
func (remoteState *RemoteState) Validate() error {
if remoteState.Backend == "" {
return errors.WithStackTrace(RemoteBackendMissing)
return errors.WithStackTrace(ErrRemoteBackendMissing)
}

return nil
@@ -173,7 +173,7 @@ func (remoteState RemoteState) ToTerraformInitArgs() []string {
// Generate the terraform code for configuring remote state backend.
func (remoteState *RemoteState) GenerateTerraformCode(terragruntOptions *options.TerragruntOptions) error {
if remoteState.Generate == nil {
return errors.WithStackTrace(GenerateCalledWithNoGenerateAttr)
return errors.WithStackTrace(ErrGenerateCalledWithNoGenerateAttr)
}

// Make sure to strip out terragrunt specific configurations from the config.
@@ -205,6 +205,6 @@ func (remoteState *RemoteState) GenerateTerraformCode(terragruntOptions *options

// Custom errors
var (
RemoteBackendMissing = fmt.Errorf("The remote_state.backend field cannot be empty")
GenerateCalledWithNoGenerateAttr = fmt.Errorf("Generate code routine called when no generate attribute is configured.")
ErrRemoteBackendMissing = fmt.Errorf("the remote_state.backend field cannot be empty")
ErrGenerateCalledWithNoGenerateAttr = fmt.Errorf("generate code routine called when no generate attribute is configured")
)
4 changes: 2 additions & 2 deletions remote/remote_state_gcs.go
View file
Original file line number Diff line number Diff line change
@@ -289,7 +289,7 @@ func checkIfGCSVersioningEnabled(gcsClient *storage.Client, config *RemoteStateC
return errors.WithStackTrace(err)
}

if attrs.VersioningEnabled == false {
if !attrs.VersioningEnabled {
terragruntOptions.Logger.Warnf("Versioning is not enabled for the remote state GCS bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.", config.Bucket)
}

@@ -326,7 +326,7 @@ func AddLabelsToGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteState
ctx := context.Background()
bucket := gcsClient.Bucket(config.remoteStateConfigGCS.Bucket)

bucketAttrs := *&storage.BucketAttrsToUpdate{}
bucketAttrs := storage.BucketAttrsToUpdate{}

for key, value := range config.GCSBucketLabels {
bucketAttrs.SetLabel(key, value)
Loading