Terragrunt: External authentication mechanisms

We've had several requests for hooks that run earlier in the lifecycle (e.g., https://github.com/gruntwork-io/terragrunt/issues/620). Seems like a generally useful feature that would support this use case too. Bonus points if hooks can affect env vars of Terragrunt/Terraform itself. This stuff is on our list, but I'm not sure when we'll get to it. If anyone is up for it, a PR to add this would be very much appreciated 👍

We actually have something implemented to make this possible. @tmeckel made changes to our Terraform/Terragrunt setup to allow hooks that parse their own output as variables and pass them as environment variables to subsequent hooks or to the provider configuration.

Like so:

before_hook "get_secrets" {
      commands = [
        "init",
        "apply",
        "plan",
        "destroy",
        "import",
        "push",
        "refresh",
        "validate",
      ]

      load_env_vars {
        execute = [
          "pwsh",
          "-nop",
          "-nol",
          "-File",
          "${get_parent_tfvars_dir()}/Scripts/Get-Secrets.ps1",
        ]
      }

      run_on_error = false
    }

We expect KEY=value output to STDOUT from the hook. Then these variables can be used with standard interpolation (get_env()).

@tmeckel, any plans to contribute this back to this repository soon? 🙃️

@brikis98 I can provide a WIP PullRequest of the current implementation over the weekend that we're currently have in place as @tiwood mentioned. The changes that we're applied to terragrunt include late binding (evaluation) of environment variables every time a command is issued and the ability to change/initialize the environment variables used by terragrunt via a hook, as you can see in the example that @tiwood added to his reply.

@brikis98 there you go .. as promised I provided a pull request (#680) with the changes we applied to Terragrunt