camptocamp/terraboard
Caution: deprecated registry ! All new releases are now hosted on GHCR registry.
10M+
🌍 📋 A web dashboard to inspect Terraform States
Website: https://terraboard.io
Terraboard is a web dashboard to visualize and query Terraform states. It currently features:
It currently supports several remote state backend providers:
The overview presents all the state files in the S3 bucket, by most recent modification date.
The search view allows to find resources by various criteria.
The state view presents details of a Terraform state at a given version.
From the state view, you can compare the current state version with another version.
Independently of the location of your statefiles, Terraboard needs to store an internal version of its dataset. For this purpose it requires a PostgreSQL database. Data resiliency is not paramount though as this dataset can be rebuilt upon your statefiles at anytime.
AWS S3 (state) + DynamoDB (lock)
.tfstate
suffixs3:GetObject
s3:ListBucket
s3:ListBucketVersions
s3:GetObjectVersion
dynamodb:Scan
access to that table.Terraform Cloud
Terraboard currently supports configuration in three different ways:
The precedence of configurations is as described below.
Application Options
-V
, --version
Display version.-c
, --config-file
<default: $CONFIG_FILE> Config File path
General Provider Options
--no-versioning
<default: $TERRABOARD_NO_VERSIONING> Disable versioning support from Terraboard (useful for S3 compatible providers like MinIO)
--no-locks
<default: $TERRABOARD_NO_LOCKS> Disable locks support from Terraboard (useful for S3 compatible providers like MinIO)
Logging Options
-l
, --log-level
<default: "info"> Set log level ('debug', 'info', 'warn', 'error', 'fatal', 'panic').
--log-format
<default: "plain"> Set log format ('plain', 'json').
Database Options
--db-host
<default: "db"> Database host.
--db-port
<default: "5432"> Database port.
--db-user
<default: "gorm"> Database user.
--db-password
<default: $DB_PASSWORD> Database password.
--db-name
<default: "gorm"> Database name.
--db-sslmode
<default: "require"> Database SSL mode.
--no-sync
Do not sync database.
--sync-interval
<default: "1"> DB sync interval (in minutes)
AWS (and S3 compatible providers) Options
--dynamodb-table
<default: $AWS_DYNAMODB_TABLE> AWS DynamoDB table for locks.
--aws-endpoint
<default: $AWS_ENDPOINT> AWS endpoint.
--aws-region
<default: $AWS_REGION> AWS region.
--aws-role-arn
<default: $APP_ROLE_ARN> Role ARN to Assume.
--aws-external-id
<default: $AWS_EXTERNAL_ID> External ID to use when assuming role.
S3 Options
--s3-bucket
<default: $AWS_BUCKET> AWS S3 bucket.
--key-prefix
<default: $AWS_KEY_PREFIX> AWS Key Prefix.
--file-extension
<default: ".tfstate"> File extension(s) of state files.
--force-path-style
<default: $AWS_FORCE_PATH_STYLE> Force path style S3 bucket calls.
Terraform Enterprise Options
--tfe-address
<default: $TFE_ADDRESS> Terraform Enterprise address for states access
--tfe-token
<default: $TFE_TOKEN> Terraform Enterprise Token for states access
--tfe-organization
<default: $TFE_ORGANIZATION> Terraform Enterprise organization for states access
Google Cloud Platform Options
--gcs-bucket
Google Cloud bucket to search
--gcp-sa-key-path
<default: $GCP_SA_KEY_PATH> The path to the service account to use to connect to Google Cloud Platform
GitLab Options
--gitlab-address
<default: *"https://gitlab.com"*> GitLab address (root)
--gitlab-token
<default: $GITLAB_TOKEN> Token to authenticate upon GitLab
Web
-p
, --port
<default: "8080"> Port to listen on.
--base-url
<default: "/"> Base URL.
--logout-url
<default: $TERRABOARD_LOGOUT_URL> Logout URL.
Help Options
-h
, --help
Show this help messageConfiguration file can be provided to the container using a volume or a configuration.
# Set AWS credentials as environment variables:
export AWS_ACCESS_KEY_ID=<access_key>
export AWS_SECRET_ACCESS_KEY=<access_secret>
# Set AWS configuration as environment variables:
export AWS_DEFAULT_REGION=<AWS default region>
export AWS_BUCKET=<S3 Bucket name>
export AWS_DYNAMODB_TABLE=<Aws DynamoDB Table>
docker-compose up
Then point your browser to http://localhost:8080.
# Set AWS credentials as environment variables:
export AWS_ACCESS_KEY_ID=<access_key>
export AWS_SECRET_ACCESS_KEY=<access_secret>
# Set AWS configuration as environment variables:
export AWS_DEFAULT_REGION=<AWS default region>
export AWS_BUCKET=<S3 Bucket name>
export AWS_DYNAMODB_TABLE=<AWS_DYNAMODB_TABLE>
# Spin up the two containers and a network for them to communciate on:
docker network create terraboard
docker run --name db \
-e POSTGRES_USER=gorm \
-e POSTGRES_DB=gorm \
-e POSTGRES_PASSWORD="<mypassword>" \
-e GODEBUG="netdns=go" \
--net terraboard \
--detach \
--restart=always \
postgres:9.5
docker run -p 8080:8080 \
-e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
-e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
-e AWS_REGION="${AWS_DEFAULT_REGION}" \
-e AWS_BUCKET="${AWS_BUCKET}" \
-e WS_DYNAMODB_TABLE="${AWS_DYNAMODB_TABLE}" \
-e DB_PASSWORD="<mypassword>" \
-e DB_SSLMODE="disable" \
--net terraboard \
camptocamp/terraboard:latest
Then point your browser to http://localhost:8080.
Camptocamp's Rancher Catalog contains a Terraboard template to automate its installation in Cattle.
Terraboard does not implement authentication. Instead, it is recommended to use an authentication proxy such as oauth2_proxy.
If you need to set a route path for Terraboard, you can set a base URL by
passing it as the BASE_URL
environment variable.
When using an authentication proxy, Terraboard will retrieve the logged in
user and email from the headers passed by the proxy.
You can also pass a TERRABOARD_LOGOUT_URL
parameter to allow users to
sign out of the proxy.
$ go get github.com/camptocamp/terraboard
Terraboard | Max Terraform version |
---|---|
0.15.0 | 0.12.7 |
0.16.0 | 0.12.7 |
0.17.0 | 0.12.18 |
0.18.0 | 0.12.18 |
0.19.0 | 0.12.20 |
0.20.0 | 0.12.26 |
0.21.0 | 0.12.28 |
0.22.0 | 0.13.0 |
1.0.0 | 0.14.5 |
1.1.0 | 0.14.10 |
Terraboard is made of two components:
A server process
The server is written in go and runs a web server which serves:
The server also has a routine which regularly (every 1 minute) feeds the PostgreSQL database from the S3 bucket.
A web UI
The UI is an AngularJS application served from index.html
. All the UI code
can be found in the static/ directory.
$ docker-compose build && docker-compose up -d
# Point your browser to http://localhost
See CONTRIBUTING.md
docker pull camptocamp/terraboard