Description
Description
I want a utility to extract the generated terraform from a module CR in my CI pipeline.
While I love the fact that I can package an artifact representing the infrastructure for my application as a helm chart of these CRs. I still miss some of ci checks my normal tf cli workflow has. Two in particular:
- speculative plans
- running policy checks
In terms of speculative plans, this may happen because in our gitops repo a dev is changing the module cr. It would be helpful to have some sanity checks that we wouldn't see unless we attempted to use the module in at least a spec plan.
Additionally, we don't just rely on sentinel running in tfc. We also run some lint as part of our normal vcs flow.
Our proposed solution for this is to extract the terraform files from the module CR into the local file system and then run our normal tf cli commands prior to merging the CR change.
Potential YAML Configuration
N/A
This function could be made public: https://github.com/hashicorp/hcp-terraform-operator/blob/main/internal/controller/module_controller.go#L328
And then I'd be happy with just the library to write my utility outside this project. Otherwise, this project could host some operational cli commmands.
Usage I am thinking is
cat example-module-cr.yml | tfk8s extract-terraform-module
References
One of my use cases is: #268 where I might want to do some validations on the CR prior to helm chart creation by doing a speculative plan. We could catch some low hanging fruit if we could leverage some of the tf module built in input validation.
Community Note
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
- If you are interested in working on this issue or have submitted a pull request, please leave a comment.