The Problem
DevOps engineers sometimes need to perform one-off commands on their Terraform code or state. For example, terraform import or terraform state rm, or any other Terraform or bash commands. The problem is that it is dangerous to allow users to work directly from a terminal.
Running commands from terminal means there’s no visibility into what has been done/changed, and also lacks the guardrails that protects your infrastructure from users accidentally deleting resources in production.
Furthermore, if some operations are needed for debugging/editing/etc., you’ll want to be able to properly track and audit what was done.
To solve this problem, we’re releasing a new feature: Ad-hoc tasks.
Since env0 manages all the deployments and the context of the git repo, the terraform code, the working directory and the cloud provider credentials are inside the container. This functionality gives the approved user (Org admins) the ability to run those commands inside the deployment container.
This significantly cuts down on debug time, creates visibility into those ad hoc changes, and builds governance/compliance for such commands.
How env0 solves this
As an organization admin, you’re now able to go to every environment in your organization, click on the menu button and click on the 'Run a Task' button.
This will prompt a modal where you can enter your commands.
You can run any bash command, or run any script while using all the environment variables you defined in that environment or any other tools that are already installed on the container - https://docs.env0.com/docs/custom-flows#the-deployment-container. Each line of command will be executed separately.
Ad-hoc tasks are using the same queue mechanism as other deployments, but are blocking the queue and can be canceled or aborted.
Once the task starts, this will load the working directory of the latest deployment, load all the variables, execute the task, and save the working directory for future deployments.
Conclusion
DevOps teams need the ability to run one-off tasks, while maintaining visibility, auditability, and guardrails. We’re enabling this with the release of this new feature “Ad Hoc Commands”
The Problem
DevOps engineers sometimes need to perform one-off commands on their Terraform code or state. For example, terraform import or terraform state rm, or any other Terraform or bash commands. The problem is that it is dangerous to allow users to work directly from a terminal.
Running commands from terminal means there’s no visibility into what has been done/changed, and also lacks the guardrails that protects your infrastructure from users accidentally deleting resources in production.
Furthermore, if some operations are needed for debugging/editing/etc., you’ll want to be able to properly track and audit what was done.
To solve this problem, we’re releasing a new feature: Ad-hoc tasks.
Since env0 manages all the deployments and the context of the git repo, the terraform code, the working directory and the cloud provider credentials are inside the container. This functionality gives the approved user (Org admins) the ability to run those commands inside the deployment container.
This significantly cuts down on debug time, creates visibility into those ad hoc changes, and builds governance/compliance for such commands.
How env0 solves this
As an organization admin, you’re now able to go to every environment in your organization, click on the menu button and click on the 'Run a Task' button.
This will prompt a modal where you can enter your commands.
You can run any bash command, or run any script while using all the environment variables you defined in that environment or any other tools that are already installed on the container - https://docs.env0.com/docs/custom-flows#the-deployment-container. Each line of command will be executed separately.
Ad-hoc tasks are using the same queue mechanism as other deployments, but are blocking the queue and can be canceled or aborted.
Once the task starts, this will load the working directory of the latest deployment, load all the variables, execute the task, and save the working directory for future deployments.
Conclusion
DevOps teams need the ability to run one-off tasks, while maintaining visibility, auditability, and guardrails. We’re enabling this with the release of this new feature “Ad Hoc Commands”