search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
7.93k stars 965 forks source link

New command `graph` has wrong parameter documentation (+ potential anomaly when running in monorepo) #3342

Open ziererfl opened 1 month ago

ziererfl commented 1 month ago

Describe the bug

Let me start by saying thank you for the great value and improvements you provide to the community with terragrunt!

My first remark is that the documentation for the new command terragrunt graph <command> states --graph-root as a parameter for the root (by default the git root dir), but it should be --terragrunt-graph-root.

My second remark is that I encountered a weird phenomenon within my monorepo where I have in the git-root three completely decoupled environment directories: terragrunt graph plan escaped my current env-directory and travesed into another env-directory.

Steps To Reproduce

For the first remark:

terragrunt graph plan --graph-root foo/bar/path
ERRO[0000] flag provided but not defined: -graph-root
ERRO[0000] Unable to determine underlying exit code, so Terragrunt will exit with error code 1

For the second remark:
In my git root directory I have no terragrunt.hcl. For each environment dev, test, and prod, I have a dedicated directory, each with a root terragrunt.hcl.

When inside a deep directory dir-1 within dev which depends on another dir-2 inside dev and this dir-2 is refering a local file next to its own terragrunt.hcl using get_terragrunt_dir(), e.g., a SOPS encrypted secret like this:

locals {
  secret_values = yamldecode(sops_decrypt_file("${get_terragrunt_dir()}/secrets.yaml"))
}

then terragrunt ended up in test trying to fetch the secrets.yaml found inside test environment.

When I run with 

terragrunt graph plan --terragrunt-graph-root <PATH TO DEV-DIR>

then this anomaly does not happen.

Expected behavior

For my first remark:
Either the documentation is updated or the command accepts the key specified at the moment in the documentation.

For my second remark:
Running terragrunt graph plan in a mono-repo containing several envs should not attempt to touch files in a neighbouring environment directory.

Nice to haves

For my first remark:

For my second remark:
I might try creating a hello-world example but lack time right now (also to rule out any other anomalies due to my setup). Till then I was hoping that some experienced person could tell me if this is a false-positive and terragrunt graph is meant to behave like that.

Versions

Additional context

n/a

alex-candfield commented 1 month ago

The graph command seems to be broken, or at least not working with most setups, at the moment. There are many open issues already on this topic.

ziererfl commented 1 month ago

Thanks for the hint!

Regarding my second remark in this issue, I might implement my own alternative to have a similar look-and-feel: Invoke terragrunt graph-dependencies on the root terragrunt.hcl, then use the digraph to detect all northbound dependencies to my current directory, e.g., dir-1 in my example should have its its dependency dir-2 --> dir-1 visible in the root level digraph. --- Just a random idea, but sounds easy to implement as a custom/home-grown workaround.

PS: I noticed another issue I have no clue how to invoke the terraform command terraform graph via terragrunt now. I will check if an open issue exists and otherwise create a new one.