Terraboard
:earth_africa: :clipboard: A web dashboard to inspect Terraform States
Install / Use
/learn @camptocamp/TerraboardREADME
<p align="center"><strong>Caution: Terraboard's Docker registry was migrated from Dockerhub to GHCR! All new tags will be now pushed <a href="https://github.com/camptocamp/terraboard/pkgs/container/terraboard">here</a>. You can still access to old tags on the legacy Dockerhub repository.</strong></p> <details><summary>Table of content</summary>
- What is it?
- Configuration
- Push plans to Terraboard
- Use with Docker
- Use with Kubernetes
- Use with Rancher
- Authentication and base URL
- Install from source
- Compatibility Matrix
- Development
What is it?
Terraboard is a web dashboard to visualize and query Terraform states. It currently features:
- an overview page listing the most recently updated state files with their activity
- a state page with state file details, including versions and resource attributes
- a search interface to query resources by type, name or attributes
- a diff interface to compare state between versions
It currently supports several remote state backend providers:
- AWS S3 (state) + DynamoDB (lock)
- S3 compatible backends (ex: MinIO)
- Google Cloud Storage
- Terraform Cloud (remote)
- GitLab
Terraboard is now able to handle multiple buckets/providers configuration! 🥳 Check configuration section for more details.
Overview
The overview presents all the state files in the S3 bucket, by most recent modification date.
Search
The search view allows to find resources by various criteria.
State
The state view presents details of a Terraform state at a given version.
Compare
From the state view, you can compare the current state version with another version.
Requirements
Independently of the location of your statefiles, Terraboard needs to store an internal version of its dataset. For this purpose it requires a PostgreSQL database. Data resiliency is not paramount though as this dataset can be rebuilt upon your statefiles at anytime.
AWS S3 (state) + DynamoDB (lock)
- A versioned S3 bucket name with one or more Terraform states, named with a
.tfstatesuffix - AWS credentials with the following IAM permissions over the bucket:
s3:GetObjects3:ListBuckets3:ListBucketVersionss3:GetObjectVersion
- If you want to retrieve lock states from a dynamoDB table, you need to make sure the provided AWS credentials have
dynamodb:Scanaccess to that table.
Terraform Cloud
- Account on Terraform Cloud
- Existing organization
- Token assigned to an organization
Configuration
Terraboard currently supports configuration in three different ways:
- Environment variables (only usable for single provider configuration)
- CLI parameters (only usable for single provider configuration)
- Configuration file (YAML). A configuration file example can be found in the root directory of this repository and in the
test/subdirectory.
Important: all flags/environment variables related to the providers settings aren't compatible with multi-provider configuration! Instead, you must use the YAML config file to be able to configure multiples buckets/providers. YAML config is able to load values from environments variables.
The precedence of configurations is as described below.
Multiple buckets/providers
In order for Terraboard to import states from multiples buckets or even providers, you must use the YAML configuration method:
- Set the
CONFIG_FILEenvironment variable or the-c/--config-fileflag to point to a valid YAML config file. - In the YAML file, specify your desired providers configuration. For example with two MinIO buckets (using the AWS provider with compatible mode):
# Needed since MinIO doesn't support versioning or locking
provider:
no-locks: true
no-versioning: true
aws:
- endpoint: http://minio:9000/
region: ${AWS_DEFAULT_REGION}
s3:
- bucket: test-bucket
force-path-style: true
file-extension:
- .tfstate
- endpoint: http://minio:9000/
region: eu-west-1
s3:
- bucket: test-bucket2
force-path-style: true
file-extension:
- .tfstate
In the case of AWS, don't forget to set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.
That's it! Terraboard will now fetch these two buckets on DB refresh. You can also mix providers like AWS and Gitlab or anything else.
You can find a ready-to-use Docker example with two MinIO buckets in the test/multiple-minio-buckets/ sub-folder.
Available parameters
Application Options
-V,--versionDisplay version.-c,--config-file<default: $CONFIG_FILE> Config File path- Env: CONFIG_FILE
General Provider Options
--no-versioning<default: $TERRABOARD_NO_VERSIONING> Disable versioning support from Terraboard (useful for S3 compatible providers like MinIO)- Env: TERRABOARD_NO_VERSIONING
- Yaml: provider.no-versioning
--no-locks<default: $TERRABOARD_NO_LOCKS> Disable locks support from Terraboard (useful for S3 compatible providers like MinIO)- Env: TERRABOARD_NO_LOCKS
- Yaml: provider.no-locks
Logging Options
-l,--log-level<default: "info"> Set log level ('debug', 'info', 'warn', 'error', 'fatal', 'panic').- Env: TERRABOARD_LOG_LEVEL
- Yaml: log.level
--log-format<default: "plain"> Set log format ('plain', 'json').- Env: TERRABOARD_LOG_FORMAT
- Yaml: log.format
Database Options
--db-host<default: "db"> Database host.- Env: DB_HOST
- Yaml: database.host
--db-port<default: "5432"> Database port.- Env: DB_PORT
- Yaml: database.port
--db-user<default: "gorm"> Database user.- Env: DB_USER
- Yaml: database.user
--db-password<default: $DB_PASSWORD> Database password.- Env: DB_PASSWORD
- Yaml: database.password
--db-name<default: "gorm"> Database name.- Env: DB_NAME
- Yaml: database.name
--db-sslmode<default: "require"> Database SSL mode.- Env: DB_SSLMODE
- Yaml: database.sslmode
--no-syncDo not sync database.- Yaml: database.no-sync
--sync-interval<default: "1"> DB sync interval (in minutes)- Yaml: database.sync-interval
AWS (and S3 compatible providers) Options
--aws-access-key<default: $AWS_ACCESS_KEY_ID> AWS account access key.- Env: AWS_ACCESS_KEY_ID
- Yaml: *aws
