June 5th, 2025

v0.19.590

Action Triggers

Action triggers are now available for all workflows. You can now use the following set of triggers:

  • pre-provision
  • post-provision
  • pre-reprovision
  • post-reprovision
  • pre-deprovision
  • post-deprovision
  • pre-deploy-all-components
  • post-deploy-all-components
  • pre-teardown-all-components
  • post-teardown-all-components
  • pre-deprovision-sandbox
  • post-deprovision-sandbox
  • pre-reprovision-sandbox
  • post-reprovision-sandbox
  • pre-update-inputs
  • post-update-inputs
  • pre-secrets-sync
  • post-secrets-sync

Each workflow trigger is called at the beginning or end of the workflow. In some cases, such as pre-provision or pre-reprovision that include a stack-run, the trigger will be called right after the runner is healthy.

The following triggers require a component_name field to be set, as they are tied to a specific component:

  • pre-deploy-component
  • post-deploy-component
  • post-teardown-component
  • pre-teardown-component

pre-component-deploy and post-component-deploy have been renamed to pre-deploy-component and post-deploy-component for consistency with other triggers. pre-sandbox-run and post-sandbox-run have been deprecated, in favor of pre|post-reprovision, pre|post-provision, and pre|post-deprovision

Inputs, Permissions and Secrets Dirs

You can now structure configs using directories. The following fields support loading their config from either a sub-directory, or a single file:

  • secrets - supports either a secrets.toml or a secrets/ directory
  • inputs - supports either an inputs.toml or an inputs/ and input_groups directory.
  • permissions - support either a permissions.toml or a permissions/ directory.

The configuration format is slightly different for files that are added to a directory:

Input

No longer requires the [[inputs]] syntax when added into ./inputs/input-name.toml.

name         = "auth_audience"
description  = "Auth0 Audience"
default      = "api.{{.nuon.install.id}}.nuon.run"
display_name = "Auth0 Audience"
group        = "auth"

Input Group

No longer requires the [[groups]] syntax when added into ./input_groups/group-name.toml.

name         = "auth"
description  = "Auth0"
display_name = "Authentication Configuration."

Secret

No longer requires the [[groups]] syntax when added into ./input_groups/group-name.toml.

name          = "clickhouse_cluster_pw"
display_name  = "Clickhouse Cluster Password"
description   = "Password for the Clickhouse Cluster for the Nuon CTL API User."
auto_generate = true

kubernetes_sync             = true
kubernetes_secret_namespace = "clickhouse"
kubernetes_secret_name      = "clickhouse-cluster-pw"

Permissions

No longer requires the [provision_role], [deprovision_role], or [maintenance_role] syntax, but now requires a type.

type = "deprovision"
name = "{{.nuon.install.id}}-deprovision"
description = "deprovision"
display_name = "deprovision"
permissions_boundary = "./deprovision_boundary.json"

[[policies]]
managed_policy_name = "AdministratorAccess"

Improved Schema

Each configuration file now supports a JSON schema that can be loaded via our api. You can now add #:schema https://api.nuon.co/v1/general/config-schema?type=input at the beginning of any Nuon config file for editor supported TOML LSP integrations.

The following types are valid:

  • runner - for use in runner.toml
  • sandbox - for use in sandbox.toml
  • helm - for use in any helm component toml config in components/.
  • docker-build - for use in any docker-build component toml config in components/.
  • container-image - for use in any container-image component toml config in components/.
  • terraform - for use in any terraform component toml config in components/.
  • permissions - for use in any permissions config in permissions/.
  • secret - for use in any permissions config in secrets/.
  • input - for use in any input config in input/.
  • input-group - for use in any input config in input_groups/.
  • metadata - for use in metadata.toml.
  • action - for use in action defined in actions/.
  • stack - for use in stack.toml.
  • installer - for use in installer.toml.
  • full - only useful for validating a full, parsed Nuon config.

Component and Action Groups

You can now group components and actions using subdirectories. For now, the change is purely for configuration management, but will soon be added into the ui and other places.

Default Secrets

You can now provide a default for secrets that get added in a cloudformation stack.

Fixes

  • Made org creation email configurable for BYOC installs of Nuon.
  • Fixed a bug where content in the permissions config would not look in the ./permissions subdirectory.