@opengeni/runtime 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-2PO56VAL.js +3478 -0
- package/dist/chunk-2PO56VAL.js.map +1 -0
- package/dist/index.d.ts +912 -0
- package/dist/index.js +3663 -0
- package/dist/index.js.map +1 -0
- package/dist/sandbox/index.d.ts +1738 -0
- package/dist/sandbox/index.js +187 -0
- package/dist/sandbox/index.js.map +1 -0
- package/package.json +49 -0
- package/src/bundled_hashicorp_terraform_skills/LICENSE +373 -0
- package/src/bundled_hashicorp_terraform_skills/README.md +18 -0
- package/src/bundled_hashicorp_terraform_skills/UPSTREAM_GIT_SHA +1 -0
- package/src/bundled_hashicorp_terraform_skills/azure-verified-modules/SKILL.md +613 -0
- package/src/bundled_hashicorp_terraform_skills/checkov/SKILL.md +43 -0
- package/src/bundled_hashicorp_terraform_skills/refactor-module/SKILL.md +538 -0
- package/src/bundled_hashicorp_terraform_skills/social-media-marketing/SKILL.md +35 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/SKILL.md +372 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/references/MANUAL-IMPORT.md +113 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/scripts/list_resources.sh +38 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/SKILL.md +480 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/api-monitoring.md +543 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/component-blocks.md +476 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/deployment-blocks.md +391 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/examples.md +1529 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/linked-stacks.md +187 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/troubleshooting.md +671 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-style-guide/SKILL.md +353 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/SKILL.md +451 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/CI_CD.md +80 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/EXAMPLES.md +314 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/MOCK_PROVIDERS.md +171 -0
- package/src/codex-tool-search.ts +267 -0
- package/src/context-compaction.ts +538 -0
- package/src/history-sanitizer.ts +719 -0
- package/src/index.ts +3299 -0
- package/src/sandbox/capabilities.ts +69 -0
- package/src/sandbox/channel-a.ts +1031 -0
- package/src/sandbox/display-stack.ts +231 -0
- package/src/sandbox/errors.ts +34 -0
- package/src/sandbox/index.ts +832 -0
- package/src/sandbox/providers/blaxel.ts +35 -0
- package/src/sandbox/providers/cloudflare.ts +24 -0
- package/src/sandbox/providers/daytona.ts +34 -0
- package/src/sandbox/providers/docker.ts +17 -0
- package/src/sandbox/providers/e2b.ts +36 -0
- package/src/sandbox/providers/index.ts +107 -0
- package/src/sandbox/providers/local.ts +13 -0
- package/src/sandbox/providers/modal.ts +55 -0
- package/src/sandbox/providers/none.ts +13 -0
- package/src/sandbox/providers/runloop.ts +32 -0
- package/src/sandbox/providers/selfhosted.ts +96 -0
- package/src/sandbox/providers/types.ts +38 -0
- package/src/sandbox/providers/vercel.ts +29 -0
- package/src/sandbox/recording.ts +286 -0
- package/src/sandbox/routing/backend-resolver.ts +189 -0
- package/src/sandbox/routing/routing-session.ts +455 -0
- package/src/sandbox/select.ts +371 -0
- package/src/sandbox/selfhosted/capabilities.ts +255 -0
- package/src/sandbox/selfhosted/control-rpc.ts +351 -0
- package/src/sandbox/selfhosted/session.ts +930 -0
- package/src/sandbox/selfhosted/testing.ts +230 -0
- package/src/sandbox/stream-port.ts +185 -0
- package/src/sandbox/stream-token.ts +90 -0
- package/src/sandbox/terminal-server.ts +203 -0
- package/src/sandbox-computer.ts +835 -0
package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/deployment-blocks.md
ADDED
|
@@ -0,0 +1,391 @@
|
|
|
1
|
+
# Deployment Configuration Block Reference
|
|
2
|
+
|
|
3
|
+
Complete reference for all blocks available in Terraform Stack deployment configuration files (`.tfdeploy.hcl`).
|
|
4
|
+
|
|
5
|
+
## Table of Contents
|
|
6
|
+
|
|
7
|
+
1. [Identity Token Block](#identity-token-block)
|
|
8
|
+
2. [Locals Block](#locals-block)
|
|
9
|
+
3. [Deployment Block](#deployment-block)
|
|
10
|
+
4. [Deployment Group Block](#deployment-group-block)
|
|
11
|
+
5. [Deployment Auto-Approve Block](#deployment-auto-approve-block)
|
|
12
|
+
|
|
13
|
+
**Note**: For Publish Output and Upstream Input blocks (linked Stacks), see `linked-stacks.md`.
|
|
14
|
+
|
|
15
|
+
## Identity Token Block
|
|
16
|
+
|
|
17
|
+
Generates JWT tokens for OIDC authentication with cloud providers.
|
|
18
|
+
|
|
19
|
+
### Syntax
|
|
20
|
+
|
|
21
|
+
```hcl
|
|
22
|
+
identity_token "<token_name>" {
|
|
23
|
+
audience = [<audience_strings>]
|
|
24
|
+
}
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
### Arguments
|
|
28
|
+
|
|
29
|
+
- **token_name** (label, required): Unique identifier for this token
|
|
30
|
+
- **audience** (required): List of audience strings for the JWT
|
|
31
|
+
|
|
32
|
+
### Accessing Token
|
|
33
|
+
|
|
34
|
+
Reference the JWT using: `identity_token.<n>.jwt`
|
|
35
|
+
|
|
36
|
+
### Cloud Provider Audiences
|
|
37
|
+
|
|
38
|
+
**AWS:**
|
|
39
|
+
```hcl
|
|
40
|
+
identity_token "aws" {
|
|
41
|
+
audience = ["aws.workload.identity"]
|
|
42
|
+
}
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
**Azure:**
|
|
46
|
+
```hcl
|
|
47
|
+
identity_token "azure" {
|
|
48
|
+
audience = ["api://AzureADTokenExchange"]
|
|
49
|
+
}
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
**Google Cloud:**
|
|
53
|
+
```hcl
|
|
54
|
+
identity_token "gcp" {
|
|
55
|
+
audience = ["//iam.googleapis.com/projects/<PROJECT_NUMBER>/locations/global/workloadIdentityPools/<POOL_ID>/providers/<PROVIDER_ID>"]
|
|
56
|
+
}
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
**Setup Documentation:** For detailed instructions on configuring OIDC/workload identity for each cloud provider (including IAM roles, trust policies, and federated credentials), see: https://developer.hashicorp.com/terraform/cloud-docs/dynamic-provider-credentials
|
|
60
|
+
|
|
61
|
+
### Examples
|
|
62
|
+
|
|
63
|
+
**Single Token:**
|
|
64
|
+
|
|
65
|
+
```hcl
|
|
66
|
+
identity_token "aws" {
|
|
67
|
+
audience = ["aws.workload.identity"]
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
deployment "production" {
|
|
71
|
+
inputs = {
|
|
72
|
+
identity_token = identity_token.aws.jwt
|
|
73
|
+
role_arn = var.role_arn
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
For complete working examples including multi-region identity token usage, see `examples.md`.
|
|
79
|
+
|
|
80
|
+
## Locals Block
|
|
81
|
+
|
|
82
|
+
Defines local values for reuse within deployment configuration.
|
|
83
|
+
|
|
84
|
+
### Syntax
|
|
85
|
+
|
|
86
|
+
```hcl
|
|
87
|
+
locals {
|
|
88
|
+
<n> = <expression>
|
|
89
|
+
}
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
### Example
|
|
93
|
+
|
|
94
|
+
```hcl
|
|
95
|
+
locals {
|
|
96
|
+
aws_regions = ["us-west-1", "us-east-1", "eu-west-1"]
|
|
97
|
+
role_arn = "arn:aws:iam::123456789012:role/hcp-terraform-stacks"
|
|
98
|
+
|
|
99
|
+
common_inputs = {
|
|
100
|
+
project_name = "my-app"
|
|
101
|
+
environment = "production"
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
## Deployment Block
|
|
107
|
+
|
|
108
|
+
Defines deployment instances of the Stack.
|
|
109
|
+
|
|
110
|
+
### Syntax
|
|
111
|
+
|
|
112
|
+
```hcl
|
|
113
|
+
deployment "<deployment_name>" {
|
|
114
|
+
inputs = {
|
|
115
|
+
<input_name> = <value>
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
### Arguments
|
|
121
|
+
|
|
122
|
+
- **deployment_name** (label, required): Unique identifier for this deployment
|
|
123
|
+
- **inputs** (required): Map of input variable values
|
|
124
|
+
- **destroy** (optional, default: false): Boolean flag to destroy this deployment
|
|
125
|
+
|
|
126
|
+
### Constraints
|
|
127
|
+
|
|
128
|
+
- Minimum 1 deployment per Stack
|
|
129
|
+
- Maximum 20 deployments per Stack
|
|
130
|
+
- No meta-arguments supported (no `for_each`, `count`)
|
|
131
|
+
|
|
132
|
+
### Destroying a Deployment
|
|
133
|
+
|
|
134
|
+
To safely remove a deployment from your Stack:
|
|
135
|
+
|
|
136
|
+
1. Set `destroy = true` in the deployment block
|
|
137
|
+
2. Apply the plan through HCP Terraform
|
|
138
|
+
3. After successful destruction, remove the deployment block from your configuration
|
|
139
|
+
|
|
140
|
+
**Important**: Using the `destroy` argument ensures your configuration has the provider authentication necessary to properly destroy the deployment's resources.
|
|
141
|
+
|
|
142
|
+
**Example:**
|
|
143
|
+
```hcl
|
|
144
|
+
deployment "old_environment" {
|
|
145
|
+
inputs = {
|
|
146
|
+
aws_region = "us-west-1"
|
|
147
|
+
instance_count = 2
|
|
148
|
+
role_arn = local.role_arn
|
|
149
|
+
identity_token = identity_token.aws.jwt
|
|
150
|
+
}
|
|
151
|
+
destroy = true # Mark for destruction
|
|
152
|
+
}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
After applying this plan and the deployment is destroyed, remove the entire `deployment "old_environment"` block from your configuration.
|
|
156
|
+
|
|
157
|
+
### Examples
|
|
158
|
+
|
|
159
|
+
**Single Deployment:**
|
|
160
|
+
|
|
161
|
+
```hcl
|
|
162
|
+
deployment "production" {
|
|
163
|
+
inputs = {
|
|
164
|
+
aws_region = "us-west-1"
|
|
165
|
+
instance_count = 5
|
|
166
|
+
instance_type = "t3.large"
|
|
167
|
+
role_arn = local.role_arn
|
|
168
|
+
identity_token = identity_token.aws.jwt
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
**Using Locals for Multiple Deployments:**
|
|
174
|
+
|
|
175
|
+
```hcl
|
|
176
|
+
locals {
|
|
177
|
+
common_inputs = {
|
|
178
|
+
role_arn = "arn:aws:iam::123456789012:role/terraform"
|
|
179
|
+
identity_token = identity_token.aws.jwt
|
|
180
|
+
project_name = "my-app"
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
deployment "dev" {
|
|
185
|
+
inputs = merge(local.common_inputs, {
|
|
186
|
+
aws_region = "us-east-1"
|
|
187
|
+
instance_count = 1
|
|
188
|
+
environment = "dev"
|
|
189
|
+
})
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
deployment "prod" {
|
|
193
|
+
inputs = merge(local.common_inputs, {
|
|
194
|
+
aws_region = "us-west-1"
|
|
195
|
+
instance_count = 5
|
|
196
|
+
environment = "prod"
|
|
197
|
+
})
|
|
198
|
+
}
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
For complete multi-environment and multi-region deployment examples, see `examples.md`.
|
|
202
|
+
|
|
203
|
+
## Deployment Group Block
|
|
204
|
+
|
|
205
|
+
Groups deployments together to configure shared settings and auto-approval rules (HCP Terraform Premium tier feature).
|
|
206
|
+
|
|
207
|
+
### Syntax
|
|
208
|
+
|
|
209
|
+
```hcl
|
|
210
|
+
deployment_group "<group_name>" {
|
|
211
|
+
deployments = [<deployment_references>]
|
|
212
|
+
}
|
|
213
|
+
```
|
|
214
|
+
|
|
215
|
+
### Arguments
|
|
216
|
+
|
|
217
|
+
- **group_name** (label, required): Unique identifier for this deployment group
|
|
218
|
+
- **deployments** (required): List of deployment references to include in this group
|
|
219
|
+
|
|
220
|
+
### Purpose
|
|
221
|
+
|
|
222
|
+
Deployment groups allow you to:
|
|
223
|
+
- Organize deployments logically (by environment, team, region, etc.)
|
|
224
|
+
- Configure shared auto-approval rules for multiple deployments
|
|
225
|
+
- Manage deployments more effectively at scale
|
|
226
|
+
- Establish consistent configuration patterns across all Stacks
|
|
227
|
+
|
|
228
|
+
### Examples
|
|
229
|
+
|
|
230
|
+
**Single Deployment Group (Best Practice):**
|
|
231
|
+
|
|
232
|
+
```hcl
|
|
233
|
+
deployment "production" {
|
|
234
|
+
inputs = {
|
|
235
|
+
aws_region = "us-west-1"
|
|
236
|
+
instance_count = 5
|
|
237
|
+
role_arn = local.role_arn
|
|
238
|
+
identity_token = identity_token.aws.jwt
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
deployment_group "production" {
|
|
243
|
+
deployments = [deployment.production]
|
|
244
|
+
}
|
|
245
|
+
```
|
|
246
|
+
|
|
247
|
+
**Multiple Deployment Groups:**
|
|
248
|
+
|
|
249
|
+
```hcl
|
|
250
|
+
deployment_group "non_production" {
|
|
251
|
+
deployments = [
|
|
252
|
+
deployment.development,
|
|
253
|
+
deployment.staging
|
|
254
|
+
]
|
|
255
|
+
}
|
|
256
|
+
|
|
257
|
+
deployment_group "production" {
|
|
258
|
+
deployments = [
|
|
259
|
+
deployment.prod_us_east,
|
|
260
|
+
deployment.prod_us_west,
|
|
261
|
+
deployment.prod_eu_west
|
|
262
|
+
]
|
|
263
|
+
}
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
## Deployment Auto-Approve Block
|
|
267
|
+
|
|
268
|
+
Defines rules that automatically approve deployment plans based on specific conditions (HCP Terraform Premium feature).
|
|
269
|
+
|
|
270
|
+
### Syntax
|
|
271
|
+
|
|
272
|
+
```hcl
|
|
273
|
+
deployment_auto_approve "<rule_name>" {
|
|
274
|
+
deployment_group = deployment_group.<group_name>
|
|
275
|
+
|
|
276
|
+
check {
|
|
277
|
+
condition = <boolean_expression>
|
|
278
|
+
reason = "<failure_message>"
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
```
|
|
282
|
+
|
|
283
|
+
### Arguments
|
|
284
|
+
|
|
285
|
+
- **rule_name** (label, required): Unique identifier for this auto-approve rule
|
|
286
|
+
- **deployment_group** (required): Reference to the deployment group this rule applies to
|
|
287
|
+
- **check** (required, one or more): Condition that must be met for auto-approval
|
|
288
|
+
|
|
289
|
+
### Context Variables
|
|
290
|
+
|
|
291
|
+
Access plan information through `context` object:
|
|
292
|
+
|
|
293
|
+
- `context.plan.applyable` - Boolean: plan succeeded without errors
|
|
294
|
+
- `context.plan.changes.add` - Number: resources to add
|
|
295
|
+
- `context.plan.changes.change` - Number: resources to change
|
|
296
|
+
- `context.plan.changes.remove` - Number: resources to remove
|
|
297
|
+
- `context.plan.changes.import` - Number: resources to import
|
|
298
|
+
|
|
299
|
+
### Important Notes
|
|
300
|
+
|
|
301
|
+
- All checks must pass for auto-approval to occur
|
|
302
|
+
- If any check fails, manual approval is required
|
|
303
|
+
- HCP Terraform displays the failure reason from failed checks
|
|
304
|
+
- Auto-approve rules only apply to deployments in the specified deployment group
|
|
305
|
+
|
|
306
|
+
### Examples
|
|
307
|
+
|
|
308
|
+
**Auto-approve Successful Plans:**
|
|
309
|
+
|
|
310
|
+
```hcl
|
|
311
|
+
deployment_group "canary" {
|
|
312
|
+
deployments = [
|
|
313
|
+
deployment.dev,
|
|
314
|
+
deployment.staging
|
|
315
|
+
]
|
|
316
|
+
}
|
|
317
|
+
|
|
318
|
+
deployment_auto_approve "applyable_plans" {
|
|
319
|
+
deployment_group = deployment_group.canary
|
|
320
|
+
|
|
321
|
+
check {
|
|
322
|
+
condition = context.plan.applyable
|
|
323
|
+
reason = "Plan must be applyable without errors"
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
```
|
|
327
|
+
|
|
328
|
+
**Auto-approve Non-Destructive Changes:**
|
|
329
|
+
|
|
330
|
+
```hcl
|
|
331
|
+
deployment_group "production" {
|
|
332
|
+
deployments = [
|
|
333
|
+
deployment.prod_primary,
|
|
334
|
+
deployment.prod_secondary
|
|
335
|
+
]
|
|
336
|
+
}
|
|
337
|
+
|
|
338
|
+
deployment_auto_approve "safe_production_changes" {
|
|
339
|
+
deployment_group = deployment_group.production
|
|
340
|
+
|
|
341
|
+
check {
|
|
342
|
+
condition = context.plan.changes.remove == 0
|
|
343
|
+
reason = "Production deletions require manual approval"
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
check {
|
|
347
|
+
condition = context.plan.applyable
|
|
348
|
+
reason = "Plan must be successful"
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
```
|
|
352
|
+
|
|
353
|
+
**Graduated Rollout Pattern:**
|
|
354
|
+
|
|
355
|
+
```hcl
|
|
356
|
+
deployment_group "canary" {
|
|
357
|
+
deployments = [deployment.canary]
|
|
358
|
+
}
|
|
359
|
+
|
|
360
|
+
deployment_group "production" {
|
|
361
|
+
deployments = [
|
|
362
|
+
deployment.prod_us,
|
|
363
|
+
deployment.prod_eu,
|
|
364
|
+
deployment.prod_asia
|
|
365
|
+
]
|
|
366
|
+
}
|
|
367
|
+
|
|
368
|
+
# Canary auto-approves with strict checks
|
|
369
|
+
deployment_auto_approve "canary_strict" {
|
|
370
|
+
deployment_group = deployment_group.canary
|
|
371
|
+
|
|
372
|
+
check {
|
|
373
|
+
condition = context.plan.changes.remove == 0
|
|
374
|
+
reason = "Canary cannot delete resources"
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
check {
|
|
378
|
+
condition = context.plan.changes.change <= 5
|
|
379
|
+
reason = "Canary limited to 5 resource changes"
|
|
380
|
+
}
|
|
381
|
+
|
|
382
|
+
check {
|
|
383
|
+
condition = context.plan.applyable
|
|
384
|
+
reason = "Plan must be applyable"
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
# Production requires manual approval after canary validation
|
|
389
|
+
```
|
|
390
|
+
|
|
391
|
+
For complete deployment configuration examples with all blocks, see `examples.md`.
|