Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sops_decrypt_file(): resolve path argument relative to terragrunt.hcl #2752

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

sops_decrypt_file(): resolve path argument relative to terragrunt.hcl #2752

wants to merge 2 commits into from

Conversation

sybereal
Copy link

Description

Update path resolution logic in sops_decrypt_file() to resolve relative path arguments relative to the file containing the call to sops_decrypt_file(), rather than relative to the working directory of the Terragrunt process.

This change should be invisible for the common case of running Terragrunt directly inside the directory containing terragrunt.hcl. However, it enables intuitive use of terragrunt run-all with sops_decrypt_file(), ensuring configurations behave the same, no matter if they're evaluated directly or under run-all.

An additional test case for sops_decrypt_file() was added that validates its behavior in combination with run-all.

TODOs

Read the Gruntwork contribution guidelines.

  • Update the docs.
  • Run the relevant tests successfully, including pre-commit checks.
  • Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Updated sops_decrypt_file() path resolution to be relative to terragrunt.hcl instead of Terragrunt's working directory.

Migration Guide

If you were relying on the behavior of terragrunt run-all on a set of modules using sops_decrypt_file() using a file in the current working directory, such as a shared secret, you can wrap the argument to sops_decrypt_file() in a call to find_in_parent_folders(), as shown in the documentation for sops_decrypt_file().

@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from cc531bc to b469653 Compare January 26, 2024 16:00
@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from b469653 to 51569e0 Compare February 23, 2024 16:16
@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from 51569e0 to 7d67e2a Compare March 28, 2024 09:30
@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from 7d67e2a to e229b95 Compare April 5, 2024 15:52
@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from e229b95 to 04cbc25 Compare April 15, 2024 14:40
@sybereal
Fix relative paths with sops_decrypt_file()
717dc48 
sops_decrypt_file() computed the file path relative to the working
directory instead of relative to the Terragrunt configuration. This
generally worked with individual `terragrunt apply` operations but
failed for `terragrunt run-all apply`, as it would look for the file in
the parent directory.

Fixes gruntwork-io#1319.
@sybereal
Add test case for sops_decrypt_file() + run-all
a710ec0 
Verify that sops_decrypt_file() behaves as expected in combination with
run-all.
@sybereal sybereal force-pushed the fix/sopsdecryptfile-relativepath-1319 branch from 04cbc25 to a710ec0 Compare May 23, 2024 09:47
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 23, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denis256 denis256 Awaiting requested review from denis256 denis256 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sybereal