### Shell command example Source: https://docs.scalr.io/docs/changelog This example demonstrates the output of a shell command, showing hook execution and logging. ```shell Executing pre-init hook... pre-init: ~$ echo "running" pre-init: running Pre-init hook failed with code 0 in 123.0ms ``` -------------------------------- ### Configure Scalr Provider for GitHub with Nested Parameters Source: https://docs.scalr.io/docs/custom-providers This example demonstrates configuring the Scalr provider for GitHub, including nested authentication parameters like app ID, installation ID, and PEM file. ```hcl resource "scalr_provider_configuration" "github" { name = "custom-github" custom { provider_name = "github" argument { name = "app_auth.id" value = var.app_id } argument { name = "app_auth.installation_id" value = var.app_installation_id } argument { name = "app_auth[0].pem_file" value = app_pem_file } } } ``` -------------------------------- ### Example Audit Log Output Source: https://docs.scalr.io/docs/datadog This is a full example of an audit log entry, showing details about the action, actor, request, and target. ```json { "id": "AgAAAY2x_1pxzx914QAAAAAAAAAYAAAAAEFZMnhfMXRKQUFDY1RCNUtZb3FoTlFBQQAAACQ12345656E4ZGIxZmYtNWE3MS00MTU3LWJlMTctODhmMTZhYTU5Nzhl", "content": { "timestamp": "2024-02-16T12:58:38.577Z", "tags": [ "scalr-workspace-name:demo-ws", "scalr-environment-name:cs-m", "scalr-workspace:ws-v0o370ouv5kbjmk9h", "scalr-user-email:docs@scalr.com", "scalr-action:discard-run", "scalr-environment:org-sscctbkdgkdr123", "source:scalr", "datadog.submission_auth:private_api_key" ], "host": "docs.scalr.io", "service": "audit-log", "attributes": { "actor": { "id": "user-stp8qjepev3a123", "access-token": { "type": "session", "token": "...B6wifA" }, "type": "user", "email": "docs@scalr.com" }, "request": { "ip-address": "69.206.111.123", "action": "discard-run", "id": "a3a473d725c730382558c25d52bd1234", "source": "ui", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" }, "hostname": "docs.scalr.io", "service": "audit-log", "outcome": { "result": "SUCCESS", "status-code": 202 }, "target": { "display-name": "run-v0o370pcff0e53123", "context": { "environment": { "display-name": "CS-M", "id": "org-sscctbkdgkdrqg0" }, "workspace": { "display-name": "demo-ws", "id": "ws-v0o370ouv5kbjmk9h" }, "account": { "display-name": "docs", "id": "acc-sscctbisjkl3123" } }, "id": "run-v0o370pcff0e53", "type": "runs" }, "timestamp": "2024-02-16T12:58:38.577846" } } } ``` -------------------------------- ### Initialize Workspace with Scalr Backend Source: https://docs.scalr.io/docs/cli Run this command after setup to connect your Terraform or Tofu CLI to the Scalr remote backend. It automatically migrates existing state files. ```bash terraform init ``` -------------------------------- ### Azure CLI create-for-rbac Output Source: https://docs.scalr.io/docs/azure Example output from the Azure CLI `az ad sp create-for-rbac` command, which provides the necessary credentials for client secret authentication. ```JSON { "appId": "c5f583b2-xxxx-xxxx-xxxx-baa93d369f1b", "displayName": "azure-cli-2020-04-21-07-39-09", "name": "http://azure-cli-2020-04-21-07-39-09", "password": "2458ffd6-xxxx-xxxx-xxxx-3b9f3964ab67", "tenant": "8ad9e98e-xxxx-xxxx-xxxx-7969b23753d4" } ``` -------------------------------- ### Example Datadog Audit Log Output Source: https://docs.scalr.io/docs/audit-logs This is an example of a full audit log event as it would appear when streamed to Datadog. It includes details about the actor, request, and target of the action. ```json { "id": "AgAAAY2x_1pxzx914QAAAAAAAAAYAAAAAEFZMnhfMXRKQUFDY1RCNUtZb3FoTlFBQQAAACQ12345656E4ZGIxZmYtNWE3MS00MTU3LWJlMTctODhmMTZhYTU5Nzhl", "content": { "timestamp": "2024-02-16T12:58:38.577Z", "tags": [ "scalr-workspace-name:demo-ws", "scalr-environment-name:cs-m", "scalr-workspace:ws-v0o370ouv5kbjmk9h", "scalr-user-email:docs@scalr.com", "scalr-action:discard-run", "scalr-environment:org-sscctbkdgkdr123", "source:scalr", "datadog.submission_auth:private_api_key" ], "host": "docs.scalr.io", "service": "audit-log", "attributes": { "actor": { "id": "user-stp8qjepev3a123", "access-token": { "type": "session", "token": "...B6wifA" }, "type": "user", "email": "docs@scalr.com" }, "request": { "ip-address": "69.206.111.123", "action": "discard-run", "id": "a3a473d725c730382558c25d52bd1234", "source": "ui", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" }, "hostname": "docs.scalr.io", "service": "audit-log", "outcome": { "result": "SUCCESS", "status-code": 202 }, "target": { "display-name": "run-v0o370pcff0e53123", "context": { "environment": { "display-name": "CS-M", "id": "org-sscctbkdgkdrqg0" }, "workspace": { "display-name": "demo-ws", "id": "ws-v0o370ouv5kbjmk9h" }, "account": { "display-name": "docs", "id": "acc-sscctbisjkl3123" } }, "id": "run-v0o370pcff0e53", "type": "runs" }, "timestamp": "2024-02-16T12:58:38.577846" } } } ``` -------------------------------- ### Example AuditLogDisabled Event Source: https://docs.scalr.io/docs/aws-event-bridge This JSON structure represents an example of an AuditLogDisabled event sent by Scalr. It includes details about the event, the user, and the integration that was disabled. ```json { "version": "0", "id": "6d475ada-25dd-2374-7b6b-ecc56a4c0eec", "detail-type": "AuditLogDisabled", "source": "aws.partner/company.com/account/test", "account": "010438481993", "time": "2025-04-17T15:25:55Z", "region": "eu-north-1", "resources": [], "detail": { "title": "Audit Log Disabled. ", "timestamp": "2025-04-17T15:25:55.632471+00:00", "user-id": 111, "user-email": "admin@company.com", "disabled-integration": { "id": "in-123456789", "name": "test", "type": "AWS EventBridge" } } } ``` -------------------------------- ### Full AWS IAM Trust Policy Example for OIDC Source: https://docs.scalr.io/docs/aws This is a complete example of an IAM trust policy for OIDC authentication with Scalr. It includes conditions for audience and subject assertions to control access. ```javascript { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::1111111111:oidc-provider/scalr.io" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "scalr.io:aud": "my-awesome-audience" }, "StringLike": { "scalr.io:sub": [ "account:mycorp:environment:development-*:workspace:*", "account:mycorp:environment:qa-*:workspace:*", ] } } ] } ``` -------------------------------- ### Azure CLI Error Example Source: https://docs.scalr.io/docs/azure This error indicates that the provider configuration is not being exported as a shell variable. Ensure the 'Export provider configurations as shell variables into the run pipeline' option is enabled in your Scalr provider configuration. ```text could not configure AzureCli Authorizer: obtaining tenant ID: running Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account. ``` -------------------------------- ### Set Environment Variable in Helm Chart Source: https://docs.scalr.io/docs/configuration Use the `extraEnv` option in the Helm chart to set environment variables for Kubernetes installations. This example enables the provider cache. ```shell helm install ... --set extraEnv.SCALR_AGENT_PROVIDER_CACHE_ENABLED=true ``` -------------------------------- ### Create Workspace, Upload Config, and Trigger Run via Scalr API Source: https://docs.scalr.io/docs/api-driven This script demonstrates the full API-driven workflow for managing Scalr workspaces. Ensure your SCALR_TOKEN environment variable is set and update placeholder values for base_url, env_id, ws_id, and upload_archive_path. The `is_dry_run` flag controls whether a plan or apply is executed. ```python import requests import os token = os.environ.get("SCALR_TOKEN") base_url = 'https://example.scalr.io/' headers = { 'accept': 'application/vnd.api+json', 'content-type': 'application/vnd.api+json', 'Authorization': f'Bearer {token}' } env_id = "" ws_id = "" is_dry_run = True # Set to `False` to trigger a run in the "Plan & Apply" mode. upload_archive_path = '' ## create CV url = f'{base_url}/api/iacp/v3/configuration-versions' data = { 'data': { 'attributes': { "auto-queue-runs": False, }, 'relationships': { 'workspace': { 'data': { 'type': 'workspaces', 'id': ws_id } } }, 'type': 'configuration-versions' } } response = requests.post(url, headers=headers, json=data) cv_id = None if response.status_code == 201: # Successful request result = response.json() # Process the response data print(result) cv_id = result['data']['id'] else: # Request failed raise Exception(f"Error: {response.status_code} - {response.text}") upload_url = result['data']['links']['upload'] print(upload_url) upload = requests.put(upload_url, headers={'Content-Type': 'application/octet-stream'}, data=open(upload_archive_path, 'rb')) print(upload.status_code) ## create run url = f'{base_url}/api/iacp/v3/runs' data = { 'data': { 'attributes': { "is-dry": is_dry_run, }, 'relationships': { 'configuration-version': { 'data': { 'type': 'configuration-versions', 'id': cv_id } }, 'workspace': { 'data': { 'type': 'workspaces', 'id': ws_id } } }, 'type': 'runs' } } response = requests.post(url, headers=headers, json=data) if response.status_code == 201: # Successful request result = response.json() # Process the response data print(result) else: # Request failed raise Exception(f"Error: {response.status_code} - {response.text}") ``` -------------------------------- ### Apply Saved OpenTofu Execution Plan Source: https://docs.scalr.io/docs/cli Apply a previously saved execution plan using `tofu apply FILENAME`. This ensures that the exact changes reviewed in the plan are deployed. ```bash tofu apply FILENAME ``` -------------------------------- ### Import Resources with Terraform Source: https://docs.scalr.io/docs/custom-hooks Use this command in a pre-plan hook to import existing infrastructure resources into your Terraform state. Ensure the instance ID is correctly specified. ```bash terraform import aws_instance.example ``` -------------------------------- ### Create a Scalr Environment Source: https://docs.scalr.io/docs/creating-environments Use the `scalr_environment` resource to create a new environment. Specify the name, account ID, and optionally enable cost estimation, assign policy groups, and default provider configurations. ```hcl resource "scalr_environment" "this" { name = "test-env" account_id = "acc-xxxxxxxxxx" cost_estimation_enabled = true policy_groups = ["pgrp-xxxxxxxxxx", "pgrp-yyyyyyyyyy"] default_provider_configurations = ["pcfg-xxxxxxxxxx", "pcfg-yyyyyyyyyy"] } ``` -------------------------------- ### Save OpenTofu Execution Plan to File Source: https://docs.scalr.io/docs/cli Use the `-out=FILENAME` argument with `tofu plan` to save the execution plan to a file. This plan can be applied later with `tofu apply FILENAME`, ensuring exact changes are executed. ```bash tofu plan -out=FILENAME ``` -------------------------------- ### Suppress Linux Package Deprecation Warning Source: https://docs.scalr.io/docs/changelog Use `SCALR_AGENT_SUPPRESS_WARNINGS=LINUX_PACKAGE_DEPRECATED` to suppress the deprecation warning for DEB and RPM Linux packages. This warning is relevant for installations prior to March 31st, 2026. ```bash SCALR_AGENT_SUPPRESS_WARNINGS=LINUX_PACKAGE_DEPRECATED ``` -------------------------------- ### Azure CLI Login Source: https://docs.scalr.io/docs/container-image-info Use this command to log in to Azure using a service principal. Ensure the necessary environment variables are set. ```javascript az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID az account set --subscription=$ARM_SUBSCRIPTION_ID ``` -------------------------------- ### Add Checkov Custom Parameters Source: https://docs.scalr.io/docs/checkov Use custom parameters to tailor Checkov's rule evaluation. For example, skip specific checks by ID or configure hard/soft fail behavior. Ensure spaces between rules when specifying multiple parameters. ```bash --skip-check CKV_AWS_123 --skip-check CKV_AZURE_456 ``` ```bash --hard-fail ``` -------------------------------- ### Enable Stateless Agent Mode Source: https://docs.scalr.io/docs/changelog Set `SCALR_AGENT_STATE_PERSISTENCE_ENABLED=false` to operate the agent in stateless mode. This mode does not persist connection state to disk and reconnects on each startup, improving performance for serverless and ephemeral workloads. ```bash SCALR_AGENT_STATE_PERSISTENCE_ENABLED=false ``` -------------------------------- ### Run Scalr Agent with Custom CA Certificates Source: https://docs.scalr.io/docs/configuration Mount a custom CA certificate file into the agent container and specify its path using SCALR_AGENT_CA_CERT. ```Shell ~ docker run \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/scalr-agent:/var/lib/scalr-agent \ -e SCALR_AGENT_TOKEN={token} \ -e SCALR_AGENT_CA_CERT=/var/lib/scalr-agent/ca.cert \ --rm -it --pull=always --name=scalr-agent scalr/agent:latest run ``` -------------------------------- ### Enable State Persistence Source: https://docs.scalr.io/docs/changelog Set `SCALR_AGENT_STATE_PERSISTENCE_ENABLED=true` to enable the agent to persist connection state to disk. This is the default behavior and stores connection information in `$SCALR_AGENT_DATA_DIR/.agent.state`. ```bash SCALR_AGENT_STATE_PERSISTENCE_ENABLED=true ``` -------------------------------- ### Scalr Run Executed Event Sample Source: https://docs.scalr.io/docs/aws-event-bridge This JSON snippet represents a sample event from Scalr when a run is executed. It includes details about the run, source, resources, and any policy failures. ```json { "id": "run-1234567890", "account": "test", "version": 1, "time": "2024-04-19T13:44:02Z", "source": "aws.partner/scalr.com/account-name/integration-name", "resources": [], "region": "us-east-1", "detail-type": "RunExecuted", "detail": { "title": "Scalr run execution completed on workspace 'workspace-name' (environment-name). Run ID: run-1234567890.", "event": { "run-id": "run-1234567890", "source": "vcs", "is-dry": false, "is-destroy": false, "is-agent": false, "is-postponed": false, "result": "applied", "duration": 137000000000.0, "account": "account-name", "workspace": "workspace-name", "environment": "environment-name", "user-email": "user@company.com", "run-url": "https://my_acc.scalr.io/v2/e/env-11111/workspaces/ws-111111/runs/run-111111", "vcs": { "repository": "my-org/my-repo", "branch": "main", "commit": { "sha": "deecfbbda1267982bc3a971a57e2eabda09452e", "message": "for_each_config", "html-url": "https://github.com/my-org/my-repo/commit/deecfbbda1267982bc3a971a57e2eabda09452e" } }, "provider-configurations": [ { "name": "scalr-auth", "provider-name": "scalr", "auth-type": "token" } ], "policy_failures": [ { "policy-group": "policy-group-name", "policy": "ws_name", "enforcement-level": "advisory", "messages": [ "Failure reason 1", "Failure reason 2" ] } ], "connection-name": "integration-name" }, "tags": [ "scalr-environment:env-1234567890", "scalr-workspace:ws-1234567890", "scalr-environment-name:environment-name", "scalr-workspace-name:workspace-name" ], "event_type": "success" } } ``` -------------------------------- ### Build Custom Agent Image with CA Certificates Source: https://docs.scalr.io/docs/configuration Create a custom Scalr agent Docker image by adding a CA certificate file and updating the system's certificate store. ```Dockerfile FROM scalr/agent:latest ADD extra_ca_root.crt /usr/local/share/ca-certificates/extra-ca.crt RUN apt update \ apt install ca-certificates -y \ chmod 644 /usr/local/share/ca-certificates/extra-ca.crt \ update-ca-certificates ENV SCALR_AGENT_CA_CERT="/etc/ssl/certs/ca-certificates.crt" ``` -------------------------------- ### Export Terraform Plan Details Source: https://docs.scalr.io/docs/custom-hooks This command, executed before or after a Terraform plan/apply, exports the plan details in JSON format. This is useful for external analysis or processing. ```bash terraform show -json /opt/data/terraform.tfplan.bin ``` -------------------------------- ### Configure Scalr Provider for Kubernetes Source: https://docs.scalr.io/docs/custom-providers Use this configuration to manage Kubernetes resources via the Scalr provider. Ensure all required authentication arguments are provided. ```hcl resource "scalr_provider_configuration" "kubernetes" { name = "k8s" account_id = "acc-xxxxxxxxx" custom { provider_name = "kubernetes" argument { name = "host" value = "my-host" description = "The hostname (in form of URI) of the Kubernetes API." } argument { name = "username" value = "my-username" } argument { name = "password" value = "my-password" sensitive = true } } } ``` -------------------------------- ### Kubernetes Job Template Replacement Source: https://docs.scalr.io/docs/changelog The `SCALR_AGENT_KUBERNETES_JOB_TEMPLATE` configuration option has been replaced with `SCALR_AGENT_KUBERNETES_TASK_TEMPLATE`. This change is related to updates in the beta agent-job chart. ```bash SCALR_AGENT_KUBERNETES_TASK_TEMPLATE ``` -------------------------------- ### Run Scalr Agent with HTTP Proxy Source: https://docs.scalr.io/docs/configuration Configure the Scalr agent to use an HTTP proxy by setting the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables during container run. ```Shell ~ docker run \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/scalr-agent:/var/lib/scalr-agent \ -e SCALR_AGENT_TOKEN={token} \ -e HTTP_PROXY="{proxy-address}" \ -e HTTPS_PROXY="{proxy-address}" \ -e NO_PROXY="{addr1},{addr2}" \ --rm -it --pull=always --name=scalr-agent scalr/agent:latest run ``` -------------------------------- ### Google CLI Service Account Activation Source: https://docs.scalr.io/docs/container-image-info This script activates a Google Cloud service account using a provided key file and sets the project. The key file is removed after activation. ```javascript printenv GOOGLE_CREDENTIALS > key.json gcloud auth activate-service-account --key-file=key.json --project=$GOOGLE_PROJECT rm -f key.json ``` -------------------------------- ### Control Runner Image Mode (Golden) Source: https://docs.scalr.io/docs/changelog Set `SCALR_AGENT_CONTAINER_TASK_IMAGE_MODE=golden` to use a single runner image for all runs. This mode uses binary releases from scalr.io instead of software-specific Docker images. ```bash SCALR_AGENT_CONTAINER_TASK_IMAGE_MODE=golden ``` -------------------------------- ### Control Runner Image Mode (Legacy) Source: https://docs.scalr.io/docs/changelog Set `SCALR_AGENT_CONTAINER_TASK_IMAGE_MODE=legacy` (default) to use software-specific Docker images. This mode uses images like `scalr/opentofu:x.y.z` based on workspace settings. ```bash SCALR_AGENT_CONTAINER_TASK_IMAGE_MODE=legacy ``` -------------------------------- ### Configure Auto Queue Runs for a Workspace Source: https://docs.scalr.io/docs/auto-queue-runs Use the `auto_queue_runs` argument within the `scalr_workspace` resource to control when runs are automatically triggered. Options include 'always', 'on_create_only', 'skip_first' (default), and 'never'. ```terraform resource "scalr_workspace" "infra" { name = "infra" environment_id = "org-123456" auto_queue_runs = "always" } ``` -------------------------------- ### Configure Scalr AzureRM Provider Source: https://docs.scalr.io/docs/azure Use this resource to configure the AzureRM provider within Scalr. Ensure all required credentials like client ID, client secret, subscription ID, and tenant ID are provided. ```hcl resource "scalr_environment" "a_prod" { name = "team-a-production" } resource "scalr_provider_configuration" "azurerm" { name = "azurerm" account_id = "acc-xxxxxxxxx" environments = [scalr_environment.a_prod.id] azurerm { client_id = "my-client-id" client_secret = "my-client-secret" subscription_id = "my-subscription-id" tenant_id = "my-tenant-id" } } ```