Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Enhanced upgrade process and state management #229

Open
1 task done
jaredfholgate opened this issue Oct 22, 2024 · 1 comment
Open
1 task done

Feature Request: Enhanced upgrade process and state management #229

jaredfholgate opened this issue Oct 22, 2024 · 1 comment
Labels
Status: Long Term ⌛ We will do it, but will take a longer amount of time due to complexity/priorities Type: Enhancement ✨ New feature or request

Comments

@jaredfholgate
Copy link
Member

Is there an existing issue for this?

  • I have searched the existing issues

Infrastructure as Code Type? (Required)

both

Starter Module? (Required)

not relevant

Use Case (Required)

As a user of the ALZ Accelerator, I want the bootstrap state to be managed and the update / upgrade process to handle that.

Proposed Solution (Required)

Options include:

  1. Send it up to the storage account we create in the bootstrap.
    • This storage account can have a private end point and restricted access. Adding a break out for this would be less than ideal.
  2. Create a new storage account with public networking specifically for this purpose. Specify accounts / groups with access

In both cases we need to:

  1. Spit out a backend file for the bootstrap.
  2. Store and version the input files in blob storage too?
    • Would need to make it mandatory to supply sensitive inputs via env var?

Needs some more thought...

Once we have something in place, the upgrade / update process should be able to support remote state.

Important Factoids (Optional)

No response

References (Optional)

No response
@jaredfholgate jaredfholgate added Needs: Triage 🔍 Needs triaging by the team Type: Enhancement ✨ New feature or request Status: Long Term ⌛ We will do it, but will take a longer amount of time due to complexity/priorities and removed Needs: Triage 🔍 Needs triaging by the team labels Oct 22, 2024
@mikejonestechno
Copy link

Please prioritize - we need an upgrade path without having to create our own bootstrap for the bootstrap!

In my use case I want to use azure devops with bicep and need to try different bootstrap options and starter options over the upcoming weeks. Even though iac_type = bicep I still want remote backend to persist the initial bootstrap tf state and avoid keeping persistent bootstrap state files on my laptop.

Would need to make it mandatory to supply sensitive inputs via env var?
Nice to have but not required, at least for first iteration of bootstrap state storage. Just update doco and sample configs telling user that setting token values in config or inputs.yaml is insecure and should be set using local environment variables.
TF_VAR_azure_devops_personal_access_token='<token-1>'
TF_VAR_azure_devops_agents_personal_access_token='<token-2>'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Long Term ⌛ We will do it, but will take a longer amount of time due to complexity/priorities Type: Enhancement ✨ New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaredfholgate @mikejonestechno