Sandbox
Properties
| Property | Description | Values | Example |
|---|---|---|---|
typestring | sandbox IaC type IaC type for this sandbox: ‘terraform’ (default) or ‘pulumi’. ‘pulumi’ requires the pulumi-sandbox feature flag | Optional | "terraform", "pulumi" |
terraform_versionstring | Terraform version Version of Terraform to use for deployments. Required when type=terraform | Optional | "1.5.0", "1.6.0", "latest" |
runtimestring | Pulumi runtime The Pulumi runtime to use for the program (go, nodejs, python). Required when type=pulumi | Optional | "go", "nodejs", "python" |
pulumi_versionstring | Pulumi version Version of the Pulumi CLI to use. If not specified, uses the latest version | Optional | "3.100.0" |
pulumi_configobject | Pulumi stack config Map of Pulumi stack configuration values as key-value pairs. Keys use the format ‘namespace:key’ (e.g., ‘gcp:project’). Supports templating | Optional | - |
connected_repoConnectedRepoConfig | connected repository configuration Configuration for a private repository connected to the Nuon platform | Optional | - |
public_repoPublicRepoConfig | public repository configuration Configuration for a public repository accessible without authentication | Optional | - |
drift_schedulestring | drift detection schedule Cron expression for periodic drift detection. If not set, drift detection is disabled | Optional | "0 2 * * *", "*/10 * * * *" |
env_varsobject | environment variables Map of environment variables passed to Terraform as key-value pairs | Optional | - |
varsobject | Terraform variables Map of Terraform input variables as key-value pairs. Supports templating | Optional | - |
var_filearray | Terraform variable files Array of external Terraform variable files to load. Each file contents support templating and external file sources: HTTP(S) URLs (https://example.com/vars.tfvars), git rep… | Optional | - |
operation_rolesarray | operation-specific IAM role assignments Map of sandbox operations to IAM role names. Allows using different roles for different operations (provision, deprovision, reprovision). Roles must be defin… | Optional | - |
max_auto_retriesinteger | maximum automatic retry attempts on sandbox apply failure Maximum number of automatic retry attempts for failed sandbox provision, reprovision, and deprovision applies. Set to 0 to disable auto-ret… | Optional Default: "0" | "3", "5" |
skip_noopsboolean | Skip the sandbox apply when the plan has no changes (a no-op). Defaults to false | Optional Default: "false" | "true" |
auto_approve_on_policies_passingboolean | Auto-approve the sandbox apply when all policy checks pass. Defaults to false | Optional Default: "false" | "true" |
connected_repo
| Property | Description | Values | Example |
|---|---|---|---|
repostring | repository identifier Identifier of the connected repository configured in the Nuon platform | ✅ Required | "my-repo", "production-infrastructure" |
directorystring | directory path Path within the repository to the configuration files | ✅ Required | "terraform", "infra/terraform" |
branchstring | Git branch Git branch to checkout and use for deployments | ✅ Required | "main", "develop", "production" |
public_repo
| Property | Description | Values | Example |
|---|---|---|---|
repostring | repository URL HTTPS URL to the public Git repository | ✅ Required | "https://github.com/user/repo.git", "https://github.com/user/terraform-modules.git" |
directorystring | directory path Path within the repository to the configuration files | ✅ Required | "terraform", "infra/terraform" |
branchstring | Git branch Git branch to checkout and use for deployments | ✅ Required | "main", "develop", "production" |
var_file
| Property | Description | Values | Example |
|---|---|---|---|
contentsstring | variable file contents Contents of a Terraform .tfvars file. Supports Nuon templating and external file sources: HTTP(S) URLs (https://example.com/vars.tfvars), git repositories (git::https://githu… | Optional | "./sandbox.tfvars", "./variables/production.tfvars" |
operation_roles
| Property | Description | Values | Example |
|---|---|---|---|
operationstring | operation type Type of operation: provision, deprovision, update, reprovision, or trigger | ✅ Required | "provision", "deploy", "deprovision" |
rolestring | IAM role name Name of the IAM role to use for this operation (not ARN). Role must exist in install stack outputs | ✅ Required | "{{.nuon.install.id}}-maintenance", "{{.nuon.install.id}}-provision" |