sops_decrypt_file()
: resolve path argument relative to terragrunt.hcl
#2752
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Update path resolution logic in
sops_decrypt_file()
to resolve relative path arguments relative to the file containing the call tosops_decrypt_file()
, rather than relative to the working directory of the Terragrunt process.This change should be invisible for the common case of running Terragrunt directly inside the directory containing
terragrunt.hcl
. However, it enables intuitive use ofterragrunt run-all
withsops_decrypt_file()
, ensuring configurations behave the same, no matter if they're evaluated directly or underrun-all
.An additional test case for
sops_decrypt_file()
was added that validates its behavior in combination withrun-all
.TODOs
Read the Gruntwork contribution guidelines.
Release Notes (draft)
Updated
sops_decrypt_file()
path resolution to be relative toterragrunt.hcl
instead of Terragrunt's working directory.Migration Guide
If you were relying on the behavior of
terragrunt run-all
on a set of modules usingsops_decrypt_file()
using a file in the current working directory, such as a shared secret, you can wrap the argument tosops_decrypt_file()
in a call tofind_in_parent_folders()
, as shown in the documentation forsops_decrypt_file()
.