• Stars
    star
    1,754
  • Rank 26,543 (Top 0.6 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🌍 πŸ“‹ A web dashboard to inspect Terraform States

Terraboard

Terraboard logo

🌍 πŸ“‹ A web dashboard to inspect Terraform States

Docker Pulls Go Report Card Gitter Build Status Coverage Status By Camptocamp Documentation

Website: https://terraboard.io


Table of content

What is it?

Terraboard is a web dashboard to visualize and query Terraform states. It currently features:

  • an overview page listing the most recently updated state files with their activity
  • a state page with state file details, including versions and resource attributes
  • a search interface to query resources by type, name or attributes
  • a diff interface to compare state between versions

It currently supports several remote state backend providers:

Terraboard is now able to handle multiple buckets/providers configuration! πŸ₯³ Check configuration section for more details.

Overview

The overview presents all the state files in the S3 bucket, by most recent modification date.

Screenshot Overview

Search

The search view allows to find resources by various criteria.

Screenshot Search

State

The state view presents details of a Terraform state at a given version.

Screenshot State

Compare

From the state view, you can compare the current state version with another version.

Screenshot Compare

Requirements

Independently of the location of your statefiles, Terraboard needs to store an internal version of its dataset. For this purpose it requires a PostgreSQL database. Data resiliency is not paramount though as this dataset can be rebuilt upon your statefiles at anytime.

AWS S3 (state) + DynamoDB (lock)

  • A versioned S3 bucket name with one or more Terraform states, named with a .tfstate suffix
  • AWS credentials with the following IAM permissions over the bucket:
    • s3:GetObject
    • s3:ListBucket
    • s3:ListBucketVersions
    • s3:GetObjectVersion
  • If you want to retrieve lock states from a dynamoDB table, you need to make sure the provided AWS credentials have dynamodb:Scan access to that table.

Terraform Cloud

  • Account on Terraform Cloud
  • Existing organization
  • Token assigned to an organization

Configuration

Terraboard currently supports configuration in three different ways:

  1. Environment variables (only usable for single provider configuration)
  2. CLI parameters (only usable for single provider configuration)
  3. Configuration file (YAML). A configuration file example can be found in the root directory of this repository and in the test/ subdirectory.

Important: all flags/environment variables related to the providers settings aren't compatible with multi-provider configuration! Instead, you must use the YAML config file to be able to configure multiples buckets/providers. YAML config is able to load values from environments variables.

The precedence of configurations is as described below.

Multiple buckets/providers

In order for Terraboard to import states from multiples buckets or even providers, you must use the YAML configuration method:

  • Set the CONFIG_FILE environment variable or the -c/--config-file flag to point to a valid YAML config file.
  • In the YAML file, specify your desired providers configuration. For example with two MinIO buckets (using the AWS provider with compatible mode):
# Needed since MinIO doesn't support versioning or locking
provider:
  no-locks: true
  no-versioning: true

aws:
  - endpoint: http://minio:9000/
    region: ${AWS_DEFAULT_REGION}
    s3:
      - bucket: test-bucket
        force-path-style: true
        file-extension: 
          - .tfstate

  - endpoint: http://minio:9000/
    region: eu-west-1
    s3:
      - bucket: test-bucket2
        force-path-style: true
        file-extension: 
          - .tfstate

In the case of AWS, don't forget to set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.

That's it! Terraboard will now fetch these two buckets on DB refresh. You can also mix providers like AWS and Gitlab or anything else. You can find a ready-to-use Docker example with two MinIO buckets in the test/multiple-minio-buckets/ sub-folder.

Available parameters

Application Options

  • -V, --version Display version.
  • -c, --config-file <default: $CONFIG_FILE> Config File path
    • Env: CONFIG_FILE

General Provider Options

  • --no-versioning <default: $TERRABOARD_NO_VERSIONING> Disable versioning support from Terraboard (useful for S3 compatible providers like MinIO)
    • Env: TERRABOARD_NO_VERSIONING
    • Yaml: provider.no-versioning
  • --no-locks <default: $TERRABOARD_NO_LOCKS> Disable locks support from Terraboard (useful for S3 compatible providers like MinIO)
    • Env: TERRABOARD_NO_LOCKS
    • Yaml: provider.no-locks

Logging Options

  • -l, --log-level <default: "info"> Set log level ('debug', 'info', 'warn', 'error', 'fatal', 'panic').
    • Env: TERRABOARD_LOG_LEVEL
    • Yaml: log.level
  • --log-format <default: "plain"> Set log format ('plain', 'json').
    • Env: TERRABOARD_LOG_FORMAT
    • Yaml: log.format

Database Options

  • --db-host <default: "db"> Database host.
    • Env: DB_HOST
    • Yaml: database.host
  • --db-port <default: "5432"> Database port.
    • Env: DB_PORT
    • Yaml: database.port
  • --db-user <default: "gorm"> Database user.
    • Env: DB_USER
    • Yaml: database.user
  • --db-password <default: $DB_PASSWORD> Database password.
    • Env: DB_PASSWORD
    • Yaml: database.password
  • --db-name <default: "gorm"> Database name.
    • Env: DB_NAME
    • Yaml: database.name
  • --db-sslmode <default: "require"> Database SSL mode.
    • Env: DB_SSLMODE
    • Yaml: database.sslmode
  • --no-sync Do not sync database.
    • Yaml: database.no-sync
  • --sync-interval <default: "1"> DB sync interval (in minutes)
    • Yaml: database.sync-interval

AWS (and S3 compatible providers) Options

  • --aws-access-key <default: $AWS_ACCESS_KEY_ID> AWS account access key.
    • Env: AWS_ACCESS_KEY_ID
    • Yaml: aws.access-key
  • --aws-secret-access-key <default: $AWS_SECRET_ACCESS_KEY> AWS secret account access key.
    • Env: AWS_SECRET_ACCESS_KEY
    • Yaml: aws.secret-access-key
  • --aws-session-token <default: $AWS_SESSION_TOKEN> AWS session token.
    • Env: AWS_SESSION_TOKEN
    • Yaml: aws.session-token
  • --dynamodb-table <default: $AWS_DYNAMODB_TABLE> AWS DynamoDB table for locks.
    • Env: AWS_DYNAMODB_TABLE
    • Yaml: aws.dynamodb-table
  • --aws-endpoint <default: $AWS_ENDPOINT> AWS endpoint.
    • Env: AWS_ENDPOINT
    • Yaml: aws.endpoint
  • --aws-region <default: $AWS_REGION> AWS region.
    • Env: AWS_REGION
    • Yaml: aws.region
  • --aws-role-arn <default: $APP_ROLE_ARN> Role ARN to Assume.
    • Env: APP_ROLE_ARN
    • Yaml: aws.app-role-arn
  • --aws-external-id <default: $AWS_EXTERNAL_ID> External ID to use when assuming role.
    • Env: AWS_EXTERNAL_ID
    • Yaml: aws.external-id

S3 Options

  • --s3-bucket <default: $AWS_BUCKET> AWS S3 bucket.
    • Env: AWS_BUCKET
    • Yaml: aws.s3.bucket
  • --key-prefix <default: $AWS_KEY_PREFIX> AWS Key Prefix.
    • Env: AWS_KEY_PREFIX
    • Yaml: aws.s3.key-prefix
  • --file-extension <default: ".tfstate"> File extension(s) of state files.
    • Env: AWS_FILE_EXTENSION
    • Yaml: aws.s3.file-extension
  • --force-path-style <default: $AWS_FORCE_PATH_STYLE> Force path style S3 bucket calls.
    • Env: AWS_FORCE_PATH_STYLE
    • Yaml: aws.s3.force-path-style

Terraform Enterprise Options

  • --tfe-address <default: $TFE_ADDRESS> Terraform Enterprise address for states access
    • Env: TFE_ADDRESS
    • Yaml: tfe.address
  • --tfe-token <default: $TFE_TOKEN> Terraform Enterprise Token for states access
    • Env: TFE_TOKEN
    • Yaml: tfe.token
  • --tfe-organization <default: $TFE_ORGANIZATION> Terraform Enterprise organization for states access
    • Env: TFE_ORGANIZATION
    • Yaml: tfe.organization

Google Cloud Platform Options

  • --gcs-bucket Google Cloud bucket to search
    • Yaml: gcp.gcs-bucket
  • --gcp-sa-key-path <default: $GCP_SA_KEY_PATH> The path to the service account to use to connect to Google Cloud Platform
    • Env: GCP_SA_KEY_PATH
    • Yaml: gcp.gcp-sa-key-path

GitLab Options

  • --gitlab-address <default: *"https://gitlab.com"*> GitLab address (root)
    • Env: GITLAB_ADDRESS
    • Yaml: gitlab.address
  • --gitlab-token <default: $GITLAB_TOKEN> Token to authenticate upon GitLab
    • Env: GITLAB_TOKEN
    • Yaml: gitlab.token

Web

  • -p, --port <default: "8080"> Port to listen on.
    • Env: TERRABOARD_PORT
    • Yaml: web.port
  • --base-url <default: "/"> Base URL.
    • Env: TERRABOARD_BASE_URL
    • Yaml: web.base-url
  • --logout-url <default: $TERRABOARD_LOGOUT_URL> Logout URL.
    • Env: TERRABOARD_LOGOUT_URL
    • Yaml: web.logout-url

Help Options

  • -h, --help Show this help message

Push plans to Terraboard

In order to send Terraform plans to Terraboard, you must wrap it in this JSON format:

{
    "lineage": "<Plan's lineage>",
    "terraform_version": "<Terraform version>",
    "git_remote": "<The URL of the remote that generated this plan>",
    "git_commit": "<Commit hash>",
    "ci_url": "<The URL of the CI that sent this plan>",
    "source": "<Free field for the triggering event>",
    "plan_json": "<Terraform plan JSON export>"
}

And send it to /api/plans using POST method

Use with Docker

Docker-compose

Configuration file can be provided to the container using a volume or a configuration.

# Set AWS credentials as environment variables:
export AWS_ACCESS_KEY_ID=<access_key>
export AWS_SECRET_ACCESS_KEY=<access_secret>

# Set AWS configuration as environment variables:
export AWS_DEFAULT_REGION=<AWS default region>
export AWS_BUCKET=<S3 Bucket name>
export AWS_DYNAMODB_TABLE=<Aws DynamoDB Table>

docker-compose up

Then point your browser to http://localhost:8080.

Docker command line

# Set AWS credentials as environment variables:
export AWS_ACCESS_KEY_ID=<access_key>
export AWS_SECRET_ACCESS_KEY=<access_secret>

# Set AWS configuration as environment variables:
export AWS_DEFAULT_REGION=<AWS default region>
export AWS_BUCKET=<S3 Bucket name>
export AWS_DYNAMODB_TABLE=<AWS_DYNAMODB_TABLE>

# Spin up the two containers and a network for them to communciate on:
docker network create terraboard
docker run --name db \
  -e POSTGRES_USER=gorm \
  -e POSTGRES_DB=gorm \
  -e POSTGRES_PASSWORD="<mypassword>" \
  -e GODEBUG="netdns=go" \
  --net terraboard \
  --detach \
  --restart=always \
  postgres:9.5

docker run -p 8080:8080 \
  -e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
  -e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
  -e AWS_REGION="${AWS_DEFAULT_REGION}" \
  -e AWS_BUCKET="${AWS_BUCKET}" \
  -e AWS_DYNAMODB_TABLE="${AWS_DYNAMODB_TABLE}" \
  -e DB_PASSWORD="<mypassword>" \
  -e DB_SSLMODE="disable" \
  --net terraboard \
  camptocamp/terraboard:latest

Then point your browser to http://localhost:8080.

Use with Kubernetes

A Helm chart is available on Camptocamp's repository.

In order to install it:

$ helm repo add c2c https://camptocamp.github.io/charts
$ helm install -v values.yaml terraboard c2c/terraboard

Use with Rancher

Camptocamp's Rancher Catalog contains a Terraboard template to automate its installation in Cattle.

Authentication and base URL

Terraboard does not implement authentication. Instead, it is recommended to use an authentication proxy such as oauth2_proxy.

If you need to set a route path for Terraboard, you can set a base URL by passing it as the BASE_URL environment variable.

When using an authentication proxy, Terraboard will retrieve the logged in user and email from the headers passed by the proxy. Terraboard expects you to setup the HTTP Headers X-Forwarded-User and X-Forwarded-Email when passing the logged in user and email. A Nginx example can be found below:

location / {
  ....
  auth_request_set $user   $upstream_http_x_auth_request_user;
  auth_request_set $email  $upstream_http_x_auth_request_email;
  proxy_set_header X-Forwarded-User  $user;
  proxy_set_header X-Forwarded-Email $email;
  ...
  proxy_pass http://terraboard/;
}

You can also pass a TERRABOARD_LOGOUT_URL parameter to allow users to sign out of the proxy.

Install from source

$ go get github.com/camptocamp/terraboard

Compatibility Matrix

Terraboard Max Terraform version
0.15.0 0.12.7
0.16.0 0.12.7
0.17.0 0.12.18
0.18.0 0.12.18
0.19.0 0.12.20
0.20.0 0.12.26
0.21.0 0.12.28
0.22.0 0.13.0
1.0.0 0.14.5
1.1.0 0.14.10

Development

Architecture

Terraboard is made of two components:

A server process

The server is written in go and runs a web server which serves:

  • the API on known access points, taking the data from the PostgreSQL database
  • the index page (from static/index.html) on all other URLs

The server also has a routine which regularly (every 1 minute) feeds the PostgreSQL database from the S3 bucket.

A web UI

The UI is an AngularJS application served from index.html. All the UI code can be found in the static/ directory.

Testing

$ docker-compose build && docker-compose up -d
# Point your browser to http://localhost

Contributing

See CONTRIBUTING.md

More Repositories

1

bivac

πŸ• πŸ“¦ Backup Interface for Volumes Attached to Containers
Go
315
star
2

grafana-prometheus-alertmanager-datasource

Grafana Datasource for the Prometheus Alertmanager
TypeScript
263
star
3

tilecloud

A powerful utility for generating, managing, transforming, and visualizing map tiles in multiple formats.
Python
229
star
4

odoo-cloud-platform

C2C Odoo cloud platform addons
Python
195
star
5

ngeo

Library combining OpenLayers and AngularJS
JavaScript
134
star
6

devops-stack

🌊 An all-in-one Kubernetes ☸ stack using Argo CD πŸ™ and Terraform as base components
HCL
134
star
7

docker-odoo-project

Base images for Odoo projects
Shell
125
star
8

puppet-tomcat

Tomcat puppet module
HTML
90
star
9

terraform-provider-pass

Pass Terraform provider
Go
86
star
10

inkmap

A library for generating high-quality, printable maps on the browser.
JavaScript
79
star
11

puppet-apache_c2c

HTML
68
star
12

docker-consul-demo

Docker + consul + haproxy
66
star
13

ogc-client

A TypeScript library for interacting with geospatial services
TypeScript
63
star
14

c2cgeoportal

c2cgeoportal application
Python
60
star
15

puppet-iptables

Ruby
57
star
16

helm-sops

Go
48
star
17

puppet-augeas

Helper for using augeas with puppet
Ruby
46
star
18

tilecloud-chain

Tools to generate tiles from WMS or Mapnik, to S3, Berkley DB, MBTiles, or local filesystem in WMTS layout using Amazon cloud services.
Python
44
star
19

oerpscenario

Business Driven Development (BDD) for OpenERP/Odoo
Gherkin
37
star
20

puppet-varnish

Ruby
36
star
21

docker-mapserver

https://hub.docker.com/r/camptocamp/mapserver/
Dockerfile
35
star
22

oapi-poc

OGC API & STAC - Proof of Concept
Rust
33
star
23

camptocamp-rancher-catalog

Camptocamp's Rancher Catalog
Makefile
33
star
24

puppet-nfs

manage your nfs shares (client and server)
Ruby
31
star
25

build-debian-cloud

Script to create Debian Squeeze Amazon Machine Images (AMIs)
Python
30
star
26

helm-geoserver-cloud

Helm chart to install geoserver-cloud
Smarty
29
star
27

papyrus

Geospatial Extensions for Pyramid
Python
28
star
28

puppet-archive

Puppet
28
star
29

terradb

A unified database for Terraform data
Go
27
star
30

docker-argocd

Shell
27
star
31

terraform-provider-freeipa

FreeIPA Terraform Provider
Go
27
star
32

puppetfile-updater

Keep your Puppetfile up-to-date
Ruby
26
star
33

puppet-bind

Installs and configures Bind9 domain name server
Ruby
24
star
34

puppet-sudo

Ruby
23
star
35

puppet-openerp

install openerp server/client/web-client
Ruby
23
star
36

puppet-nagios

A simple way to build distributed monitoring solutions with puppet !
HTML
23
star
37

charts

Camptocamp Charts for Kubernetes Helm
Mustache
22
star
38

cgxp

JavaScript
22
star
39

anthem

make your odoo scripts sing
Python
22
star
40

marabunta

🐜🐜🐜 Migrating ants for Odoo 🐜🐜🐜
Python
22
star
41

puppet-haproxy_c2c

Puppet module for managing haproxy
Augeas
22
star
42

puppet-dell

dell specific installations (openmanage and others)
Puppet
21
star
43

puppet-drbd

Manage your DRBD volumes using puppet
Puppet
20
star
44

ceph-rbd-backup

Ceph RBD images replication / backup tool
Python
19
star
45

docker-qgis-server

All that is needed to generate a proper QGIS server image
Dockerfile
18
star
46

puppet-aws

Tools for using Puppet with Amazon Web Services (AWS)
Ruby
17
star
47

GeoFormAlchemy

GeoFormAlchemy provides geographic extensions to FormAlchemy. GeoFormAlchemy is based on FormAlchemy and GeoAlchemy. Happy hacking Alchemysts!
Python
17
star
48

QGIS-SpreadSheetLayers

QGIS plugin to load layers from spreadsheet files (*.ods, *.xls, *.xlsx)
Python
16
star
49

prometheus-puppetdb-sd

Generate scrape files for Prometheus from PuppetDB
Go
15
star
50

prometheus-puppetdb-exporter

Prometheus Exporter for PuppetDB
Go
15
star
51

puppet-postgis

Support for geographic objects to the PostgreSQL
Ruby
15
star
52

github-backup

A Python script to backup your GH organization
Python
15
star
53

c2c-rd-addons

Python
15
star
54

GeoBI

Java
13
star
55

android-gis

GIS for Android
Java
13
star
56

upkick

Unattended upgrades for Docker containers, the hard way.
Go
13
star
57

cartoweb3

Advanced Geographical Information System for the Web
PHP
13
star
58

docker-odoo-nginx

Configure nginx for Odoo projects
Dockerfile
13
star
59

Studio

Web-based administration interface for MapServer
JavaScript
12
star
60

puppet-dovecot

installs and manage dovecot
Puppet
12
star
61

locustodoorpc

Locust custom client: odoorpc
Python
12
star
62

puppet-rdiff_backup

This module provide a simple way to manage a central backup server based on rdiff-backup
Python
11
star
63

docker_smtp

A simple docker image with SMTP, IMAP and a webmail
PHP
11
star
64

terraform-provider-puppetca

Terraform Puppet CA Provider
Go
11
star
65

puppet-php

Ruby
11
star
66

terraform-provider-geoserver

Terraform Provider for Geoserver
Go
11
star
67

puppet-accounts

Ruby
11
star
68

puppet-gnome

Puppet module for configuring Gnome
Ruby
11
star
69

odoo-elasticsearch-kibana

Odoo addons related to ElasticSearch and Kibana
Python
10
star
70

puppet-rsyncd

Manage rsyncd.conf using augeas
Ruby
10
star
71

puppetca-issuer

Cert-manager issuer for the Puppet Certificate Authority
Go
10
star
72

puppet-couchdb

A basic module to install this document-oriented database containing a function to retrieve metadata from couchdb
Ruby
10
star
73

puppet-samba

HTML
9
star
74

docker-puppetserver

Dockerfile
9
star
75

docker-geoserver

GeoServer with a few useful plugins for Docker
Scheme
9
star
76

puppet-lint-roles_and_profiles-check

Ruby
9
star
77

puppet-buildenv

Ruby
8
star
78

argocd-helm-sops-example

HTML
8
star
79

lyrx2sld

Conversion of ArcGIS Pro styling to GeoServer using bridge-style
Python
8
star
80

openlayers-webgl-integration

OpenLayers/WebGL integration
JavaScript
8
star
81

puppet-python

Puppet
8
star
82

puppet-dhcp

Manage a dhcp server (and client - will come later)
Ruby
8
star
83

ms_perfs

Scheme
8
star
84

docker-exim

Dockerfile
8
star
85

puppet-syslog-ng

Syslog-ng puppet module
HTML
7
star
86

puppet-pacemaker

Manage pacemaker/heartbeat v2 using puppet
Puppet
7
star
87

docker-pghoard

Dockerfile
7
star
88

puppet-gitlabci-pipelines

GitLab CI Pipelines for Puppet
7
star
89

wal-g-prometheus-exporter

Export prometheus metrics for wal-g backup tool
Python
7
star
90

terraform-provider-puppetdb

Terraform Provider to manage resources in PuppetDB
Go
7
star
91

docker-postgis

Shell
7
star
92

ipahealthcheck_exporter

Prometheus exporter for exposing ipa-healthcheck tool checks as metrics
Go
7
star
93

github-repositories-dashboard

Github Repositories Dashboard
JavaScript
7
star
94

puppet-ssh

SSH Puppet module
Ruby
7
star
95

secureOWS

The Secure OWS Project is a framework for adding security on top of some OGC protocols developed by Camptocamp SA. This project was initially sponsored by the Swiss Federal Office of Topography
Java
7
star
96

GeoMapFish

6
star
97

demo_geomapfish

PLpgSQL
6
star
98

terraform-docker-k3s

HCL
6
star
99

github_pki

Use GitHub as a centralized repository of SSH keys
Go
6
star
100

c2cwsgiutils

Python
6
star