-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
terraform: Terraform module for AWS #2503
Conversation
✅ Deploy Preview for constellation-docs canceled.
|
556b2a4
to
1daf560
Compare
2f7eb4d
to
445e017
Compare
|
||
resource "terraform_data" "apply" { | ||
provisioner "local-exec" { | ||
command = "./constellation init --force" # TODO use apply --yes --skip-phases infrastructure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the reason why we use --force
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no reason. was just handy during testing. This should be replaced by apply as annotated before merging at any rate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EDIT: it is needed for devbuilds of the CLI (since currently only release images are supported).
cli/internal/terraform/terraform/constellation-cluster/install-constellation.sh
Outdated
Show resolved
Hide resolved
IMO, as we also discussed yesterday, we shouldn't place the module in the CLI directory. Here is my idea: Move all of our Terraform configurations to a top-level directory called |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, as we also discussed yesterday, we shouldn't place the module in the CLI directory. Here is my idea:
Move all of our Terraform configurations to a top-level directory called terraform
. In that directory, place an assets.go
, similar to what we use in the debugd. This file should just embed all the Terraform configurations that we currently embed in the CLI Terraform code directly. Then, in the CLI, we can import this assets-file. What do you think?
cli/internal/terraform/terraform/aws-constellation/variables.tf
Outdated
Show resolved
Hide resolved
cli/internal/terraform/terraform/constellation-cluster/install-constellation.sh
Outdated
Show resolved
Hide resolved
cli/internal/terraform/terraform/constellation-cluster/install-constellation.sh
Outdated
Show resolved
Hide resolved
cli/internal/terraform/terraform/constellation-cluster/install-constellation.sh
Outdated
Show resolved
Hide resolved
3178817
to
9e84f27
Compare
e442f9c
to
d58f91b
Compare
a03abaa
to
632925e
Compare
7fdecaf
to
1666334
Compare
a5aeab1
to
be58543
Compare
be58543
to
85a1caa
Compare
Looking good from a first glance! Will give this one more thorough review on monday, then we should be gtm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last commit addressing my suggestions looks good. I'm not familiar enough with our TF code to approve the whole PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM apart from the comments I made. Still, I feel unsure about approving this alone. I would like if @3u13r or someone else could have another look
f339483
to
b850c4b
Compare
Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Context
This is the first implementation to manage constellation through Terraform using a module. It internally still relies on the CLI to call
constellation apply
.However, the CLI is automatically fetched (and yq), so it's hidden from the user.
Proposed change(s)
Additional info
yq
like the constellation CLI in the background? It was found thatyq
has incompatible changes in different minor releases. E.g. one version required-
to be present to processstdout
input and another didn't. I'm not aware of any incompatibility issues in the current code, but I think it's safer to ensure one yq version.yq
? and potentially install as dependency too?You need to perform a bazel devbuild inside
aws-constellation
such that the binary is available.Usage
terraform-module
artifact.cd terraform-module/aws-constellation
terraform.tfvars
file with the input (see E2E test)terraform-module/aws-constellation
. Otherwise the latest CLI release is fetched during the execution.Checklist