Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(modules): set variable default values #6

Merged
merged 13 commits into from
Jan 10, 2025
Merged

feat(modules): set variable default values #6

merged 13 commits into from
Jan 10, 2025

Conversation

Balsir
Copy link
Contributor

@Balsir Balsir commented Dec 5, 2024
edited by jaygridley
Loading

Description

This PRs sets default values of internal module variables and adds automation of syncing these variables with the integration part.

The automated creation of actual integration part addon[-irsa|oidc].tf is quite tricky and will demand substantial work, so this task will be deferred to another PR.

Type of change

  • A bug fix (PR prefix fix)
  • A new feature (PR prefix feat)
  • A code change that neither fixes a bug nor adds a feature (PR prefix refactor)
  • Adding missing tests or correcting existing tests (PR prefix test)
  • Changes that do not affect the meaning of the code like white-spaces, formatting, missing semi-colons, etc. (PR prefix style)
  • Changes to our CI configuration files and scripts (PR prefix ci)
  • Documentation only changes (PR prefix docs)

How Has This Been Tested?

@Balsir Balsir requested a review from jaygridley December 5, 2024 10:54
@jaygridley
Copy link
Member

I got an idea for this to take it forward.

Phase 1: Manual alignment

  • Set the default value of all variables in modules/addon-X/variables.tf to an actual values instead of null based on the opinionated setup
  • Set the default value of all variables in variables-addon-X.tf to null
  • Set the default value from modules/addon-X/variables.tf as the last option in the "conditional" logic in addon-X.tf

Phase 2: Automation

  • Add a local automation that will automate phase 1 process
    • Take variables from modules/addon-X/variables.tf and create the same variables in corresponding variables-addon-X.tf but setting the default to null
    • Update variables-addon-X.tf and pass all variables to the module with "conditional" logic
  • Add GitHub action to validate output of phase 1 so we can prevent missconfigurations

@jaygridley jaygridley force-pushed the feat/align-irsa-variables branch 2 times, most recently from b71a533 to a15e6c0 Compare December 19, 2024 13:28
@jaygridley jaygridley changed the title feat(irsa): Align IRSA variables feat(modules): set variable default values Dec 19, 2024
Balsir
Balsir commented Dec 20, 2024
View reviewed changes
.tool-versions Outdated
@@ -4,3 +4,4 @@ tflint 0.50.3
checkov 3.2.37
awscli 2.15.29
pre-commit 3.6.2
python 3.9.16
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.9 is nearing end-of-life, can't we use newer version?
https://devguide.python.org/versions/

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay, I should update my tool as well :-) Will do

addon-irsa.tf Show resolved Hide resolved
modules/addon-irsa/iam.tf Outdated
format("system:serviceaccount:%s:%s", var.service_account_namespace != null ? var.service_account_namespace : "", var.service_account_name != null ? var.service_account_name : "")
]
irsa_role_create = var.enabled && var.rbac_create && var.service_account_create && var.irsa_role_create
irsa_role_name_prefix = coalesce(var.irsa_role_name_prefix, "${module.label.id}-irsa")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not "" default value?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"" would simplify it and I am fine with it, so be it

modules/addon-irsa/variables.tf Outdated
default = null
description = "IRSA role name prefix. Defaults to addon IRSA component name with `irsa` suffix."
default = ""
description = "IRSA role name prefix. Defaults to addon IRSA component name (if provided) with `irsa` suffix."
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure it should construct a name if the values is ""...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, if the role name would end up empty, Terraform plan will fail, I think this is OK behaviour, or?

modules/addon-irsa/variables.tf Outdated
}

variable "irsa_permissions_boundary" {
type = string
default = null
description = "ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to `\"\"`."
description = "ARN of the policy that is used to set the permissions boundary for the IRSA role."
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

null or "" as default value?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need null otherwise Terraform plan fails on invalid perm boundary name

modules/addon-oidc/iam.tf Outdated
oidc_assume_role_enabled = var.oidc_assume_role_enabled == true && try(length(var.oidc_assume_role_arns) > 0, false)
oidc_provider_create = var.enabled && var.oidc_provider_create
oidc_role_create = var.enabled && var.oidc_role_create
oidc_role_name_prefix = coalesce(var.oidc_role_name_prefix, "${module.label.id}-oidc")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same concern as with irsa

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup

modules/addon-oidc/variables.tf Outdated
}

variable "oidc_policy" {
type = string
default = null
default = ""
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add an example of the policy format

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added more clear wording

scripts/sync-variables.py Outdated Show resolved Hide resolved
variables-addon.tf Outdated
variable "argo_kubernetes_manifest_computed_fields" {
type = list(string)
default = null
description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `[\"metadata.labels\", \"metadata.annotations\", \"metadata.finalizers\"]`."
description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `['metadata.labels', 'metadata.annotations', 'metadata.finalizers']`."
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are the single quotes ok?

Copy link
Member

@jaygridley jaygridley Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will try to improve this

variables-addon.tf Outdated
default = null
description = "ArgoCD info manifest parameter. Defaults to `[{name=\"terraform\",value=true}]`."
description = "ArgoCD Application manifest info parameter. Defaults to `[{'name': 'terraform', 'value': 'true'}]`."
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are the single quotes ok?

Copy link
Member

@jaygridley jaygridley Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #6 (comment)

@jaygridley jaygridley self-assigned this Dec 20, 2024
@jaygridley jaygridley marked this pull request as ready for review December 20, 2024 15:06
@jaygridley jaygridley force-pushed the feat/align-irsa-variables branch from 57900cd to 5a3dd5a Compare December 20, 2024 15:08
Balsir
Balsir commented Jan 10, 2025
View reviewed changes
modules/addon-irsa/variables.tf Outdated
default = null
description = "IRSA role name. The value is prefixed by `var.irsa_role_name_prefix`. Defaults to addon Helm chart name."
default = ""
description = "IRSA role name. The value is prefixed by `irsa_role_name_prefix`."
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment that at least one of name or prefix have to be set

@jaygridley jaygridley mentioned this pull request Jan 10, 2025
Merged
7 tasks
@jaygridley jaygridley force-pushed the feat/align-irsa-variables branch from 3189f60 to d204cca Compare January 10, 2025 15:50
@jaygridley jaygridley merged commit ccdd46e into main Jan 10, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katapultcloud katapultcloud katapultcloud left review comments

@jaygridley jaygridley Awaiting requested review from jaygridley

Assignees

@jaygridley jaygridley

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Balsir @jaygridley @katapultcloud