class genvid.toolbox.BastionTool(services_dir='bastion-services', **kwargs)

Bases: AllInOneTool

A tool for seting up and managing a local Bastion.

New in version 1.20.0.

Changed in version 1.30.0: Remove :py:attr:SETUP_LOGS. A copy exists under ClusterTool but it is no longer used.

Changed in version 1.45.0: Added configuration of traefik. Forced usage of non-proxied URL for the Bastion API.

BACKUP_STRATEGIES = (<genvid.toolbox.backup.VersionBackup object>, <genvid.toolbox.backup.ConsulBackup object>, <genvid.toolbox.backup.VaultBackup object>, <genvid.toolbox.backup.TerraformBackup object>)
SETUP_JOBS = ('bastion-api',)

Jobs run on setup.


Path where the local services (Consul, Nomad, and Vault) are installed.


The port which the bastion-api will bind.

Deprecated since version 1.45.0: Replaced with Traefik Configuration instead.


A client of the bastion API.

setup_bastion(bastionid: Optional[str] = None, force_rename=False)

Set up a local Bastion service.

This will start all jobs marked to be started at ‘setup’ and ensure a proper Bastion ID is set.

  • bastionid – The Bastion ID to set if non empty.

  • force_rename – Replace the Bastion ID if it is already set.


If a Bastion ID is already present, it must be the same as the one provided (unless force_rename is True). If no ID is provided, the Bastion ID of the service must already be set.

Changed in version 1.39.0: From this version, all setup jobs must be strict HCLv2 compliant.

load_bastion_config(excluded_services: Optional[Iterable[str]] = None, reset: bool = False)

Load the bastion configuration to the bastion-api.

Changed in version 1.34.0: Added the reset parameter.

start_bastion_jobs(*jobs: str, force: bool = False)

Start a registered job on the bastion.

  • jobs – Names of the jobs to start.

  • force – Force the task count to be updated.


If the jobs parameter is left empty, this method will start all the jobs marked to be ‘autostarted’.

stop_bastion_jobs(*jobs: str, purge: bool = False)

Stop registered jobs on the bastion.

  • jobs – A list of jobs to stop.

  • purge – If true, purge the job(s) immediately.

Changed in version 1.45.0: Add the purge parameter.


Update the Terraform repositories.

This method adds any missing modules to the repositories and updates the rest.

New in version 1.20.0.


Initialize the Bastion’s backends.

Currently, this method adds a single backend (named ‘default’) unless there is a backend already defined.

If there is already one or more backends defined then this method does nothing.

New in version 1.20.0.


Update the global Terraform variable configuration.

More specifically, this method will:

  • Query the current configuration from the Bastion.

  • Update the ‘trusted_cidr’ with the current IP address.

  • Update the ‘toolbox_location’ with the current environment.

  • Send the resulting configuration back to the Bastion.

New in version 1.20.0.

set_default_terraform_providers(*, providers_file: str, **kwargs)

Update the default Terraform providers using the content of a file.

The file content should match the expected JSON format of BastionAPI.terraform_put_default_providers.


providers_file – File containing the new providers.


Display the default Terraform providers configuration.

The displayed JSON will match the format of BastionAPI.terraform_get_default_providers.


Delete the default Terraform providers configuration.


Check whether there are default terraform providers or not and return a boolean


If the Genvid Default Repository is not present, add it back. In all cases, update it.

Changed in version 1.13.0: No longer update all repositories. Use genvid-clusters repository-update-all instead.

Changed in version 1.14.0: Add the updateall parameter.

Changed in version 1.20.0:


Initialize Bastion’s backends.

Changed in version 1.20.0: Moved the implementation to BastionTool.initialize_backends().

class bastion.BastionTool

Implementation of genvid.toolbox.BastionTool