To make the review of your request easier, please use the following template to provide all the required details and also include any other information that may be relevant.
-
name: terragrunt
-
description: a thin wrapper for Terraform that provides extra tools
for working with multiple Terraform modules, remote state, and locking.
-
snapcraft: terragrunt/snap/snapcraft.yaml at candidate · snapcrafters/terragrunt · GitHub
-
upstream-relation: none
-
supported-category: “kubernetes tools requiring arbitrary authentication agents” (similar to terraform)
-
reasoning: terragrunt is a wrapper of Terraform/OpenTofu. With strict confinement, the two options would be:
- ship Terraform/OpenTofu inside this snap: this feels unnecessary and incurs the same concerns previously addressed when making Terraform a classic snap
- add a
contentplug in this snap, to be able to rely on the separately installed Terraform/OpenTofu binaries. However, 1) the provider snap(s) do not define such a slot and cannot afaiu, cause it’s a classic snap (terraform), and 2) very much like Terraform, Terragrunt will still dynamically create its own hidden folders (e.g. cache) and may require access to terragrunt files and other resources anywhere in the system
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.
Note that snappy-debug can be used to identify possible required interfaces. See https://snapcraft.io/docs/debug-snaps for more information.