brikis98
commented
6 years ago Ah, that's a good idea. A allow_override = false flag or similar seems like a good addition.
Open ghost opened 6 years ago
brikis98
commented
6 years ago Ah, that's a good idea. A allow_override = false flag or similar seems like a good addition.
rmitula
commented
4 years ago Any update on that?
I'm sure I'm not the only one with an alias for easily running terragrunt with --terragrunt-source while doing development - we've got a system that allows the alias to look up the correct path to put in the terragrunt-source value. And my fingers are very much in the habit of typing that alias since it is the only thing I use when doing development of new infrastructure.
We finally went live with our 100% terraform/terragrunt-managed infrastructure yesterday, and I've already nearly screwed things up by using my development alias by mistake against the prod infrastructure, at a time when that path had a development branch checked out - not a good thing to do. It would be very handy to have a flag I could put in the terragrunt block in a tfvars file which would prevent --terragrunt-source overrides and force the tool to resolve the template via the git source listed in the file, since our production releases always have an explicit tag in the git source. Forcing git source would just be a useful safeguard against doing something dumb when rushing during an outage or just a careless late-night mistake, and it forces people to cut releases rather than making ad-hoc changes and running locally modified code against prod - something everyone in a hurry has considered doing at one point or another - until they've learned the hard way why it's not worth it. One could easily modify the tfvars file on the rare occasion when you specifically want to use local overrides of the code, but you'd have to do it very consciously. In development environments, I'd just leave --terragrunt-source overrides enabled.