chore: disable of default backend provisioning #4703
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
📝 WalkthroughWalkthroughReplaces strict-control–gated backend auto-provisioning with an explicit --backend-bootstrap flow: run.go now queries remoteState.NeedsBootstrap and uses BackendBootstrap/command-state presence to decide bootstrapping; docs and tests updated to use --backend-bootstrap; error messages enhanced for missing remote-state buckets. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant U as User
participant TG as Terragrunt
participant RS as remoteState
participant TF as Terraform
participant EE as ErrorExplainer
U->>TG: terragrunt run/apply [--backend-bootstrap]
TG->>TG: remoteStateNeedsInit(ctx, opts)
alt BackendBootstrap disabled OR no remote_state OR cmd doesn't use state
TG-->>TG: skip bootstrap
else
TG->>RS: NeedsBootstrap(ctx, logger, opts)
alt bootstrap needed
TG->>RS: Bootstrap(...)
RS-->>TG: success/failure
else not needed
TG-->>TG: proceed
end
end
TG->>TF: invoke Terraform
TF-->>TG: error (e.g., bucket not found)
TG->>EE: ExplainError(err)
EE-->>TG: "Remote state bucket not found… rerun with --backend-bootstrap"
TG-->>U: output / error
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Assessment against linked issues
Assessment against linked issues: Out-of-scope changes
Possibly related PRs
Suggested reviewers
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 💡 Knowledge Base configuration:
You can enable these sources in your CodeRabbit configuration. 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
Status, Documentation and Community
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
denis256
changed the title
* Group tests update * Added checking for group tests * chore: lint fixes * runner-pool handling of TestOutputModuleGroups
* Bypass partytown * GTM in header
* Tighten up sidebar. * Standardize CSS ordering between dev and prod. Previously, the site would render one way in prod and another in dev! The issue was that vite was tree-shaking CSS and wound up re-ordering things in a way it thought was permissible, whereas in dev, without that optimization, the CSS was actuallys sequenced differently. This led to a noticable huge margin in dev, but not in prod. This commit asserts the official ordering the CSS layers, and then adds a fix for the left-margin issue. This should now standard dev and prod. * Reduce code font-size from 16px to 14px. * Improve main paragraph text rendering. Use more readable line height and paragraph separation. * Improve spacing after file tree. * Fix sidebar inconsistencies on 3rd level of nav.
* feat: Finalizing topological generation of stacks * feat: Adding tests for topological stack generation * fix: Address race condition in warning suppression * feat: Set name of test to `TestStackGenerationWithNestedTopologyWithRacing` to ensure it's caught by race test * feat: Adding extra generate at the end for confirmation * fix: Updating expected log messages in tests
* test: Attempting to reproduce issue with OIDC * fix: Fixing `get_aws_account_id()` when using AuthProviderCmd * fix: Addressing lint findings * fix: Adding fixture for backend with OIDC * fix: Adding integration test for OIDC with backend * fix: Consolidating logic for AWS credential acquisition * fix: Addressing lint findings * test: Removing cleanup to fix this * fix: Fixing delete bucket cleanup * fix: Fixing role assumption when env creds aren't fetched from auth provider * fix: Removing unnecessary debug * fix: Skipping failing test for now * Fixed failing OIDC tests * Tests cleanup * chore: aws helper complexity reduction * Updated cleanup order * enabled build tags --------- Co-authored-by: Denis O <[email protected]>
* Group tests update * Added checking for group tests * chore: lint fixes * runner-pool handling of TestOutputModuleGroups * Updated plan path save file * Improved FAIL errors * IsExperimentMode() simplification * Discovery include flags * Added passing of discovery include/exclude directories * Fixed discovery flags passing * Improved parsing of tests
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md (3)
77-79: Double-check flag naming consistency: “exclude” vs “excludes”.The pair
--queue-exclude-dir--queue-excludes-filemixes singular vs plural. If this is not intentional, align both to the correct canonical names from the CLI.
79-79: Link users to the new bootstrap flow instead of a bare “removed”.Make the migration path explicit and discoverable with links.
-| `--terragrunt-fail-on-state-bucket-creation` | removed (no equivalent; backend provisioning is explicit) | +| `--terragrunt-fail-on-state-bucket-creation` | removed; use [`--backend-bootstrap`](/docs/reference/cli/commands/run/#backend-bootstrap) or [`backend bootstrap`](/docs/reference/cli/commands/backend/bootstrap/) |
103-106: Add missing mapping for non-interactive (mentioned above in examples).The doc earlier advises switching to
--non-interactive, but this row is not in the table that claims to be comprehensive. Add it near the other “n*” flags.| `--terragrunt-modules-that-include` | `--units-that-include` | +| `--terragrunt-non-interactive` | `--non-interactive` | | `--terragrunt-no-auto-approve` | `--no-auto-approve` |
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
docs-starlight/**/*.md*
⚙️ CodeRabbit configuration file
Review the documentation for clarity, grammar, and spelling. Make sure that the documentation is easy to understand and follow. There is currently a migration underway from the Jekyll based documentation in
docsto the Starlight + Astro based documentation indocs-starlight. Make sure that thedocs-starlightdocumentation is accurate and up-to-date with thedocsdocumentation, and that any difference between them results in an improvement in thedocs-starlightdocumentation.
Files:
docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md
🧠 Learnings (1)
📚 Learning: 2025-04-17T13:02:28.098Z
Learnt from: yhakbar
PR: gruntwork-io/terragrunt#4169
File: cli/commands/hcl/validate/cli.go:29-60
Timestamp: 2025-04-17T13:02:28.098Z
Learning: Avoid shadowing imported packages with local variables in Go code, such as using a variable named `flags` when the `github.com/gruntwork-io/terragrunt/cli/flags` package is imported. Use more specific variable names like `flagSet` instead.
Applied to files:
docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: build-and-test
- GitHub Check: Pull Request has non-contributor approval
🔇 Additional comments (2)
docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md (2)
68-70: Table header looks good; consider future-proofing with validation.No blocking issues. I’m adding a verification script in a separate comment to prevent drift between this table and the CLI reference.
117-118: Verify flag name:--queue-include-units-reading.This looks suspicious and may be a typo. Please confirm against the CLI help and flags docs; correct if needed.
Comment on lines
68
to
125
| | Old Flag | New Flag | | ||
| |---------------------------------------------------|-----------------------------------------------------------| | ||
| | `--terragrunt-check` | `--check` | | ||
| | `--terragrunt-config` | `--config` | | ||
| | `--terragrunt-debug` | `--inputs-debug` | | ||
| | `--terragrunt-diff` | `--diff` | | ||
| | `--terragrunt-disable-bucket-update` | `--disable-bucket-update` | | ||
| | `--terragrunt-disable-command-validation` | `--disable-command-validation` | | ||
| | `--terragrunt-download-dir` | `--download-dir` | | ||
| | `--terragrunt-exclude-dir` | `--queue-exclude-dir` | | ||
| | `--terragrunt-excludes-file` | `--queue-excludes-file` | | ||
| | `--terragrunt-fail-on-state-bucket-creation` | removed (no equivalent; backend provisioning is explicit) | | ||
| | `--terragrunt-fetch-dependency-output-from-state` | `--dependency-fetch-output-from-state` | | ||
| | `--terragrunt-forward-tf-stdout` | `--tf-forward-stdout` | | ||
| | `--terragrunt-hclfmt-exclude-dir` | `--exclude-dir` | | ||
| | `--terragrunt-hclfmt-file` | `--file` | | ||
| | `--terragrunt-hclfmt-stdin` | `--stdin` | | ||
| | `--terragrunt-hclvalidate-json` | `--json` | | ||
| | `--terragrunt-hclvalidate-show-config-path` | `--show-config-path` | | ||
| | `--terragrunt-iam-assume-role-duration` | `--iam-assume-role-duration` | | ||
| | `--terragrunt-iam-role` | `--iam-assume-role` | | ||
| | `--terragrunt-iam-web-identity-token` | `--iam-assume-role-web-identity-token` | | ||
| | `--terragrunt-ignore-dependency-errors` | `--queue-ignore-errors` | | ||
| | `--terragrunt-ignore-dependency-order` | `--queue-ignore-dag-order` | | ||
| | `--terragrunt-ignore-external-dependencies` | `--queue-exclude-external` | | ||
| | `--terragrunt-include-dir` | `--queue-include-dir` | | ||
| | `--terragrunt-include-external-dependencies` | `--queue-include-external` | | ||
| | `--terragrunt-json-disable-dependent-modules` | `--disable-dependent-modules` | | ||
| | `--terragrunt-json-out-dir` | `--json-out-dir` | | ||
| | `--terragrunt-json-out` | `--out` | | ||
| | `--terragrunt-log-custom-format` | `--log-custom-format` | | ||
| | `--terragrunt-log-disable` | `--log-disable` | | ||
| | `--terragrunt-log-format` | `--log-format` | | ||
| | `--terragrunt-log-level` | `--log-level` | | ||
| | `--terragrunt-log-show-abs-paths` | `--log-show-abs-paths` | | ||
| | `--terragrunt-modules-that-include` | `--units-that-include` | | ||
| | `--terragrunt-no-auto-approve` | `--no-auto-approve` | | ||
| | `--terragrunt-no-auto-init` | `--no-auto-init` | | ||
| | `--terragrunt-no-auto-retry` | `--no-auto-retry` | | ||
| | `--terragrunt-no-color` | `--no-color` | | ||
| | `--terragrunt-no-destroy-dependencies-check` | `--no-destroy-dependencies-check` | | ||
| | `--terragrunt-out-dir` | `--out-dir` | | ||
| | `--terragrunt-parallelism` | `--parallelism` | | ||
| | `--terragrunt-provider-cache-dir` | `--provider-cache-dir` | | ||
| | `--terragrunt-provider-cache-hostname` | `--provider-cache-hostname` | | ||
| | `--terragrunt-provider-cache-port` | `--provider-cache-port` | | ||
| | `--terragrunt-provider-cache-registry-names` | `--provider-cache-registry-names` | | ||
| | `--terragrunt-provider-cache-token` | `--provider-cache-token` | | ||
| | `--terragrunt-provider-cache` | `--provider-cache` | | ||
| | `--terragrunt-queue-include-units-reading` | `--queue-include-units-reading` | | ||
| | `--terragrunt-source-map` | `--source-map` | | ||
| | `--terragrunt-source-update` | `--source-update` | | ||
| | `--terragrunt-source` | `--source` | | ||
| | `--terragrunt-strict-include` | `--queue-strict-include` | | ||
| | `--terragrunt-strict-validate` | `--strict-validate` | | ||
| | `--terragrunt-use-partial-parse-config-cache` | `--use-partial-parse-config-cache` | | ||
| | `--terragrunt-working-dir` | `--working-dir` | | ||
|
|
Contributor
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Automate verification to prevent table/CLI drift.
Run this to (a) ensure every “New Flag” appears somewhere in docs-starlight, and (b) catch the missing --terragrunt-non-interactive row.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md"
echo "Checking that --terragrunt-non-interactive is present in the migration table..."
if ! rg -n --fixed-strings '| `--terragrunt-non-interactive`' "$FILE" >/dev/null; then
echo "MISSING ROW: --terragrunt-non-interactive -> --non-interactive"
fi
echo "Extracting 'New Flag' column from the migration table..."
# Grab the table block lines, then column 3 (New Flag), strip code fences and whitespace.
mapfile -t NEW_FLAGS < <(awk '
$0 ~ /^\|/ {print $0}
' "$FILE" \
| awk -F"|" '{gsub(/`/,"",$3); gsub(/^[ \t]+|[ \t]+$/,"",$3); if ($3 != "" && $3 !~ /^removed/) print $3 }' \
| sort -u)
echo "Found ${#NEW_FLAGS[@]} new flags."
missing=0
for flag in "${NEW_FLAGS[@]}"; do
# Only search docs for the literal flag string
if ! rg -n --fixed-strings --glob 'docs-starlight/**' "$flag" >/dev/null; then
echo "MISSING DOCS REFERENCE: $flag"
((missing++)) || true
fi
done
echo "Verifying suspicious or easily mistyped flags..."
for flag in "--queue-excludes-file" "--queue-include-units-reading"; do
if rg -n --fixed-strings "$flag" "$FILE" >/dev/null; then
if ! rg -n --fixed-strings --glob 'docs-starlight/**' "$flag" >/dev/null; then
echo "POTENTIAL TYPO (not referenced elsewhere): $flag"
fi
fi
done
if [ "$missing" -eq 0 ]; then
echo "All new flags are referenced somewhere in docs-starlight."
else
echo "$missing flags are not referenced in docs-starlight."
fiLength of output: 992
Add missing CLI flag mapping and fix verification script
The migration table in docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md is missing this row:
| `--terragrunt-non-interactive` | `--non-interactive` |
Also the automation script fails on mapfile (no /dev/fd); replace it with a POSIX-compatible capture, for example:
NEW_FLAGS=$(awk '
/^\|/ { gsub(/`/,"",$3); gsub(/^[[:space:]]+|[[:space:]]+$/,"",$3);
if ($3 != "" && $3 !~ /^removed/) print $3 }
' "$FILE" | sort -u)
for flag in $NEW_FLAGS; do
… # existing check logic
doneThis ensures both the new flag is documented and the check runs reliably.
🤖 Prompt for AI Agents
In docs-starlight/src/content/docs/07-migrate/03-cli-redesign.md around lines 68
to 125, add the missing CLI flag mapping row exactly: `|
--terragrunt-non-interactive | --non-interactive |` into the migration table,
and update the verification automation to avoid mapfile and /dev/fd by replacing
the mapfile capture with a POSIX-compatible pipeline that extracts the "New
Flag" column (strip backticks and whitespace, ignore empty/removed entries)
using awk (or similar) piped to sort -u, then iterate over the resulting words
with a simple for loop to run the existing check logic.
yhakbar
requested changes
Sep 5, 2025
| SkipDependenciesInputs = "skip-dependencies-inputs" | ||
|
|
||
| // RequireExplicitBootstrap is the control that prevents the backend for remote state from being bootstrapped unless the `--backend-bootstrap` flag is specified. | ||
| RequireExplicitBootstrap = "require-explicit-bootstrap" |
Collaborator
There was a problem hiding this comment.
We shouldn't remove strict controls, we should only complete them. That prevents the breaking change of users using --strict-control require-explicit-bootstrap. They'll just get a warning instead this way.
yhakbar
previously approved these changes
Sep 5, 2025
yhakbar
approved these changes
Sep 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes #4598.
TODOs
Read the Gruntwork contribution guidelines.
Release Notes (draft)
Added / Removed / Updated [X].
Migration Guide
Summary by CodeRabbit
New Features
Documentation
Tests
Bug Fixes