Infrastructure-as-Code Templating

Working with modules can involve a lot of boilerplate code that can be difficult to maintain due to the sheer amount of copy / paste required to apply updates.

To combat this, we have created a basic templating system for automatically managing the most tedious maintenance tasks when using Panfactum submodules in your .tf files.

The templating system works as follows:

1. Add the # pf-generate: <directive> and # end-generate blocks to your .tf code:

   module "kube_labels" {
     source = "github.com/Panfactum/stack.git//packages/infrastructure/kube_workload_utility?ref=edge.24-09-12"
   
     # pf-generate: set_vars
     # end-generate
   }
   

2. Run pf-update-iac.

3. The code will automatically be updated:

   module "util" {
     source = "github.com/Panfactum/stack.git//packages/infrastructure/kube_workload_utility?ref=edge.24-09-12"
   
    # pf-generate: set_vars
     pf_stack_version = var.pf_stack_version
     pf_stack_commit  = var.pf_stack_commit
     environment      = var.environment
     region           = var.region
     pf_root_module   = var.pf_root_module
     pf_module        = var.pf_module
     is_local         = var.is_local
     extra_tags       = var.extra_tags
     # end-generate
   }
   

Using this method, you can be sure your variables are being passed through to all modules, and this code can be easily updated if the calling conventions update in the future.

Directives

We provide the following template directives:

standard_vars

Adds variable declarations for the standard input variables that are automatically injected by Terragrunt and consumed by every Panfactum IaC module:

# pf-generate: standard_vars
variable "environment" {
  description = "The name of the environment the infrastructure is being deployed into. #injected"
  type        = string
  default     = null
}

...

variable "pf_stack_commit" {
  description = "The commit hash for the version of the Panfactum stack being used #injected"
  type        = string
  default     = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
# end-generate

pass_vars

Passes the standard input variables into a submodule:

module "workflow_perms" {
  source = "github.com/Panfactum/stack.git//packages/infrastructure/kube_sa_auth_workflow?ref=edge.24-09-12"

  # pf-generate: pass_vars
  pf_stack_version = var.pf_stack_version
  pf_stack_commit  = var.pf_stack_commit
  environment      = var.environment
  region           = var.region
  pf_root_module   = var.pf_root_module
  is_local         = var.is_local
  extra_tags       = var.extra_tags
  # end-generate
}

pass_vars_no_extra_tags

The same as set_vars but does not pass extra_tags. This allows you to customize the extra_tags input without it being overridden by the templating system.

set_vars

The same as pass_vars, but also passes the pf_module input variable. This is useful for utility modules where you want the panfactum.com/pf-module tag to be set to the calling module, not the submodule.

We recommend this for kube_workload_utility and aws_tags.

module "util" {
  source = "github.com/Panfactum/stack.git//packages/infrastructure/kube_workload_utility?ref=edge.24-09-12"

  # pf-generate: set_vars
  pf_stack_version = var.pf_stack_version
  pf_stack_commit  = var.pf_stack_commit
  environment      = var.environment
  region           = var.region
  pf_root_module   = var.pf_root_module
  pf_module        = var.pf_module
  is_local         = var.is_local
  extra_tags       = var.extra_tags
  # end-generate
}

set_vars_no_extra_tags

The same as set_vars but does not pass extra_tags. This allows you to customize the extra_tags input without it being overridden by the templating system.

set_vars_no_region

The same as set_vars but does not pass region. This allows you to customize the region input without it being overridden by the templating system. This is useful in modules that deploy resources in multiple regions.