mach-composer-cli icon indicating copy to clipboard operation
mach-composer-cli copied to clipboard

Published 20 hours ago verified publisher icon mach-composer

add support for removal of default execution domain on AWS

Open MichielBijland opened this issue 3 years ago • 4 comments

MichielBijland avatar Dec 20 '21 07:12 MichielBijland

I think instead of a setting we could make this a sane default? And the same could be implemented for Azure so instead of only implementing this for AWS, shall we implement it for Azure as well.

So I think we have a couple of options;

  • Remove the setting and just implement it as default behaviour
  • Introduce a setting (so not AWS-specific) called always_include_default_domain which is set to false by default

tleguijt avatar Dec 21 '21 07:12 tleguijt

@tleguijt I'm all for sane defaults, but the current default is false which is backwards compatible but gives the option to remove it for compliance reasons. I rather have a good default and the ability to override it.

if you look at https://github.com/labd/mach-composer/blob/master/src/mach/templates/partials/endpoints/aws_endpoints.tf#L109 it's the same thing, we set a default but with no ability to change it but it will fail most compliance checks

On the azure bit, I don't think something like this exists on frontdoor.

MichielBijland avatar Dec 21 '21 08:12 MichielBijland

We manage the frontdoor domains ourselves, so with this setting in mind we can choose to create / not to create the default Azure endpoint. So in the end; you'll have the same behaviour, but other way of implementing it. Therefore I think it would be a good idea to make this a generic setting.

And the example you brought up; if it fails compliance checks let's change the default there. Also for this setting; if we make the default behaviour so that if you have a custom domain, the default domain won't be created anymore, we can include that in the Upgrade notes. If you want backwards compatibility, you can use the setting to re-enable it again.

tleguijt avatar Dec 21 '21 08:12 tleguijt

So after discussing this with @MichielBijland came up with the following;

  • By default, disable_execute_api_endpoint is set to true once an endpoint has a custom domain
  • With this change the behaviour will be the same as for Azure; in the Azure frontdoor implementation we only route traffic from the default frontdoor domain to the endpoints if that endpoint has no custom domain.
  • This is a breaking change and will be included in the Upgrade notes of the next version.
  • An AWS-specific settings always_include_default_domain (or other name) is going to be added with which you can disable this behaviour for backwards compatability

tleguijt avatar Dec 21 '21 09:12 tleguijt

With all the recent changes this PR is now out of date.

Can you submit a new PR to the plugin at https://github.com/mach-composer/mach-composer-plugin-aws

mvantellingen avatar Dec 02 '22 14:12 mvantellingen