rfc: Terraform provider #2613

msanft · 2023-11-17T16:11:29Z

Context

We want to determine how the Terraform provider should look in practice. This should not yet discuss implementation details, but rather a high-level overview of what the outcome should be.

Proposed change(s)

Add an RFC on how the overall structure of the Terraform provider, mostly user-facing but also on some high-level implementation side, should look like.

Additional info

AB#3541

Checklist

Add labels (e.g., for changelog category)
Is PR title adequate for changelog?
Link to Milestone

netlify · 2023-11-17T16:11:46Z

✅ Deploy Preview for constellation-docs canceled.

Name	Link
🔨 Latest commit	`e80b8a5`
🔍 Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/655f044e42d945000849346e

rfc/terraform-provider.md

3u13r

LGTM

burgerdev

lgtm

Signed-off-by: Moritz Sanft <[email protected]>

Co-authored-by: Adrian Stobbe <[email protected]>

Signed-off-by: Moritz Sanft <[email protected]>

Co-authored-by: Adrian Stobbe <[email protected]>

Signed-off-by: Moritz Sanft <[email protected]>

thomasten · 2023-11-23T09:05:39Z

rfc/terraform-provider.md

+    master_secret = "foo" # updating this would force recreation of the cluster
+    init_secret = "bar" # maybe derive from master_secret, updating this would force recreation of the cluster


Do I understand correctly that the user generates these secrets and pastes them into this TF config?
If so, is it common to have such secrets in a TF config? Or should they come from input variables, env variables, etc.?

You could use the Terraform random provider (what we currently do) to generate this, load them from your HashiCorp vault by using the corresponding provider, etc.

I don't think you would expose them in the configuration files usually, but only in the state, which can be stored remotely, etc. and only have a reference to it, e.g. by using the random provider, in the configuration files - But the RFC should be agnostic of where the value comes from actually. When documenting our provider we could mention some recommendations of how secrets can be provisioned.

* rfc: Terraform provider Signed-off-by: Moritz Sanft <[email protected]> * fix typo Co-authored-by: Adrian Stobbe <[email protected]> * rfc: annotate fields that force recreation Signed-off-by: Moritz Sanft <[email protected]> * reword "cluster applying" Co-authored-by: Adrian Stobbe <[email protected]> * rfc: resembles -> declares Signed-off-by: Moritz Sanft <[email protected]> * rfc: connect dangling sentence Signed-off-by: Moritz Sanft <[email protected]> * rfc: indicate sensitive state Signed-off-by: Moritz Sanft <[email protected]> * rfc: warn about PVs on recreation Signed-off-by: Moritz Sanft <[email protected]> * rfc: idempotent -> nilpotent Signed-off-by: Moritz Sanft <[email protected]> * rfc: reword deletion Signed-off-by: Moritz Sanft <[email protected]> * rfc: mention resource outputs Signed-off-by: Moritz Sanft <[email protected]> --------- Signed-off-by: Moritz Sanft <[email protected]> Co-authored-by: Adrian Stobbe <[email protected]>

msanft added the no changelog Change won't be listed in release changelog label Nov 17, 2023

msanft added this to the v2.14.0 milestone Nov 17, 2023

msanft requested review from malt3, burgerdev, m1ghtym0, derpsteb, 3u13r, elchead, katexochen, thomasten, daniel-weisse and miampf November 17, 2023 16:11

katexochen removed their request for review November 17, 2023 16:20

elchead reviewed Nov 20, 2023

View reviewed changes

rfc/terraform-provider.md Outdated Show resolved Hide resolved

rfc/terraform-provider.md Outdated Show resolved Hide resolved

rfc/terraform-provider.md Outdated Show resolved Hide resolved

rfc/terraform-provider.md Outdated Show resolved Hide resolved

elchead reviewed Nov 21, 2023

View reviewed changes

rfc/terraform-provider.md Outdated Show resolved Hide resolved

rfc/terraform-provider.md Outdated Show resolved Hide resolved

msanft requested a review from elchead November 21, 2023 13:01

burgerdev reviewed Nov 21, 2023

View reviewed changes

msanft requested a review from burgerdev November 22, 2023 08:20

elchead reviewed Nov 22, 2023

View reviewed changes

rfc/terraform-provider.md Show resolved Hide resolved

elchead approved these changes Nov 22, 2023

View reviewed changes

3u13r requested changes Nov 22, 2023

View reviewed changes

rfc/terraform-provider.md Outdated Show resolved Hide resolved

msanft requested a review from 3u13r November 22, 2023 14:29

daniel-weisse approved these changes Nov 22, 2023

View reviewed changes

3u13r approved these changes Nov 22, 2023

View reviewed changes

burgerdev approved these changes Nov 22, 2023

View reviewed changes

malt3 approved these changes Nov 22, 2023

View reviewed changes

msanft force-pushed the feat/rfc/terraform-provider-structure branch from c2ac55d to 4045cc0 Compare November 22, 2023 16:31

rfc: Terraform provider

3aafa21

Signed-off-by: Moritz Sanft <[email protected]>

msanft and others added 10 commits November 23, 2023 08:50

fix typo

8e5624b

Co-authored-by: Adrian Stobbe <[email protected]>

rfc: annotate fields that force recreation

cb556a2

Signed-off-by: Moritz Sanft <[email protected]>

reword "cluster applying"

a96ce37

Co-authored-by: Adrian Stobbe <[email protected]>

rfc: resembles -> declares

8b9a3ae

Signed-off-by: Moritz Sanft <[email protected]>

rfc: connect dangling sentence

2b36208

Signed-off-by: Moritz Sanft <[email protected]>

rfc: indicate sensitive state

b941453

Signed-off-by: Moritz Sanft <[email protected]>

rfc: warn about PVs on recreation

3d4a1e4

Signed-off-by: Moritz Sanft <[email protected]>

rfc: idempotent -> nilpotent

951951d

Signed-off-by: Moritz Sanft <[email protected]>

rfc: reword deletion

ca794a4

Signed-off-by: Moritz Sanft <[email protected]>

rfc: mention resource outputs

e80b8a5

Signed-off-by: Moritz Sanft <[email protected]>

msanft force-pushed the feat/rfc/terraform-provider-structure branch from 4045cc0 to e80b8a5 Compare November 23, 2023 07:50

thomasten reviewed Nov 23, 2023

View reviewed changes

msanft requested a review from thomasten November 23, 2023 09:56

thomasten approved these changes Nov 23, 2023

View reviewed changes

msanft merged commit 310960f into main Nov 23, 2023
5 checks passed

msanft deleted the feat/rfc/terraform-provider-structure branch November 23, 2023 09:58

elchead mentioned this pull request Nov 24, 2023

terraform-provider: add attestation data source #2640

Merged

4 tasks

elchead mentioned this pull request Dec 4, 2023

terraform-provider: data skeleton for cluster resource #2678

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rfc: Terraform provider #2613

rfc: Terraform provider #2613

msanft commented Nov 17, 2023 •

edited by azure-boards bot

Loading

netlify bot commented Nov 17, 2023 •

edited

Loading

3u13r left a comment

burgerdev left a comment

thomasten Nov 23, 2023

msanft Nov 23, 2023

		master_secret = "foo" # updating this would force recreation of the cluster
		init_secret = "bar" # maybe derive from master_secret, updating this would force recreation of the cluster

rfc: Terraform provider #2613

rfc: Terraform provider #2613

Conversation

msanft commented Nov 17, 2023 • edited by azure-boards bot Loading

Context

Proposed change(s)

Additional info

Checklist

netlify bot commented Nov 17, 2023 • edited Loading

✅ Deploy Preview for constellation-docs canceled.

3u13r left a comment

Choose a reason for hiding this comment

burgerdev left a comment

Choose a reason for hiding this comment

thomasten Nov 23, 2023

Choose a reason for hiding this comment

msanft Nov 23, 2023

Choose a reason for hiding this comment

msanft commented Nov 17, 2023 •

edited by azure-boards bot

Loading

netlify bot commented Nov 17, 2023 •

edited

Loading