terraform-aws-gitlab-runner icon indicating copy to clipboard operation
terraform-aws-gitlab-runner copied to clipboard

Published 20 hours ago verified publisher icon cattle-ops

This rewritten variable blocks all naming convention in AWS Parameter Store (same for Sentry)

Open o-be-one opened this issue 3 years ago • 6 comments
trafficstars

Hello,

https://github.com/npalm/terraform-aws-gitlab-runner/blob/e36c97184bc008fdd5ea1a9510cfa520df5b276f/locals.tf#L14

This overwrite what we define as secure_parameter_store_runner_token_key which prevent us to use any naming we would like. On our side for example we use stuffs like /<team>/<service>/<key-name> but we got <env>-/<team>/<service>/<key-name> instead.

Thanks.

o-be-one avatar Feb 09 '22 21:02 o-be-one

@kayman-mk do you recognize this issue?

npalm avatar Feb 09 '22 22:02 npalm

Have seen this before also with other modules. If you have a company wide naming strategy for your resources it would be nice when all modules follows it. I simply live with the fact that some resources have other names.

This local prepends the environment to the key name which is imported via secure_parameter_store_runner_token_key. Options which came into my mind are

  • remove the var.environment from the local. Breaking change. Users have to update the secure_parameter_store_runner_token_key to make the names unique again.
  • use something like a var.resource_prefix which prefixes all resource names. Could be non breaking if we make it optional for the time being. We use such a variable in our company for the Terraform modules.

kayman-mk avatar Feb 10 '22 18:02 kayman-mk

Has you already have some other "prefix" variables, i guess it would be an acceptable solution. Thanks a lot for considering my issue :).

o-be-one avatar Feb 10 '22 20:02 o-be-one

When I have written the module years ago. I introduced the environment for two purposes

  • Create unique resources to deploy the module multiple times in an account. And also make it easy for a human to recognize to which deployment a resource belang.
  • Tag all resources to find them easily back.

For tagging this is overkill today, since the AWS provider provides now an option to tag all resources. And after the years passed by environment seems to be used a standard one in companies. A better name today would be namespace.

An option to comply to more naming polices for the KMS keys could something like the following (pseudo code)

locals {
  secure_parameter_store_runner_token_key_prefix = var.secure_parameter_store_runner_token_key_prefix ? secure_parameter_store_runner_token_key_prefix : "${var.environment}-"
  secure_parameter_store_runner_token_key  = "${local.secure_parameter_store_runner_token_key_prefix}${var.secure_parameter_store_runner_token_key}" 

}

Next you could set an optional variable which is by default null to

secure_parameter_store_runner_token_key_prefix =  "/myteam/myservice/"

What do you think?

npalm avatar Feb 10 '22 22:02 npalm

If you are asking to me, npalm, this will definitively work for my usecase. Thanks a lot for thinking about it!

o-be-one avatar Feb 14 '22 15:02 o-be-one

@o-be-one would you have time for a PR ?

npalm avatar Feb 24 '22 22:02 npalm

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Mar 17 '23 02:03 github-actions[bot]

This issue was closed because it has been stalled for 15 days with no activity.

github-actions[bot] avatar Apr 02 '23 02:04 github-actions[bot]