Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow user provided descriptions #1491

Closed
9 tasks done
wiktorn opened this issue Jul 5, 2023 · 5 comments · Fixed by #1572
Closed
9 tasks done

Allow user provided descriptions #1491

wiktorn opened this issue Jul 5, 2023 · 5 comments · Fixed by #1572
Assignees
@skalolazka
Labels
enhancement New feature or request

Comments

@wiktorn
Copy link
Collaborator

wiktorn commented Jul 5, 2023
edited by ludoo

Following modules create resources with hard-coded descriptions:

  • modules/bigquery-dataset
  • modules/data-catalog-policy-tag
  • modules/logging-bucket
  • modules/net-address (with exception of external addresses)
  • modules/net-address
  • modules/net-vpc-firewall
  • modules/net-vpc
  • modules/net-vpn-ha
  • modules/net-vpc-swp (or net/swp)
    * [ ] modules/folder
    * [ ] modules/organization
    * [ ] modules/project

Modules should allow users to provide description of the resources, using current values as defaults.

Details:

$ find modules -type f -name '*tf' -not -name 'variables.tf' -not -name 'outputs.tf' -not -name 'variables-*.tf' | xargs grep  'description \+= \+"'  | sort
modules/bigquery-dataset/main.tf:  description         = "Terraform managed."
modules/bigquery-dataset/main.tf:  description         = "Terraform managed."
modules/data-catalog-policy-tag/main.tf:  description  = "${each.key} - Terraform managed.  "
modules/folder/logging.tf:  description = "${each.key} (Terraform-managed)."
modules/folder/logging.tf:    description = "Grants bucketWriter to ${google_logging_folder_sink.sink[each.key].writer_identity} used by log sink ${each.key} on ${local.folder.id}"
modules/logging-bucket/main.tf:  description = "Log Analytics Dataset"
modules/net-address/main.tf:  description  = "Terraform managed."
modules/net-vpc-firewall/default-rules.tf:  description   = "Access from the admin subnet to all subnets."
modules/net-vpc-firewall/default-rules.tf:  description   = "Allow http to machines with matching tags."
modules/net-vpc-firewall/default-rules.tf:  description   = "Allow http to machines with matching tags."
modules/net-vpc-firewall/default-rules.tf:  description   = "Allow SSH to machines with matching tags."
modules/net-vpc/routes.tf:  description         = "Terraform-managed."
modules/net-vpc/routes.tf:  description       = "Terraform-managed."
modules/net-vpc/routes.tf:  description      = "Terraform-managed."
modules/net-vpc/routes.tf:  description  = "Terraform-managed."
modules/net-vpc/routes.tf:  description = "Terraform-managed."
modules/net-vpn-ha/main.tf:  description     = "Terraform managed external VPN gateway"
modules/organization/iam.tf:  description = "Terraform-managed."
modules/organization/logging.tf:  description = "${each.key} (Terraform-managed)."
modules/organization/logging.tf:    description = "Grants bucketWriter to ${google_logging_organization_sink.sink[each.key].writer_identity} used by log sink ${each.key} on ${var.organization_id}"
modules/project/iam.tf:  description = "Terraform-managed."
modules/project/logging.tf:  description = "${each.key} (Terraform-managed)."
modules/project/logging.tf:    description = "Grants bucketWriter to ${google_logging_project_sink.sink[each.key].writer_identity} used by log sink ${each.key} on ${local.project.project_id}"

(Last update: 2023-08-01 16:05:50)
@skalolazka skalolazka self-assigned this Jul 5, 2023
@ludoo ludoo added the enhancement New feature or request label Jul 8, 2023
@wiktorn wiktorn mentioned this issue Jul 10, 2023
Merged
@skalolazka skalolazka mentioned this issue Jul 20, 2023
Merged
@skalolazka
Copy link
Member

The module list needs updating. net-vpc-swp done (will be renamed to net-swp).

juliocc added a commit that referenced this issue Aug 4, 2023
@juliocc
Allow custom route descriptions in net-vpc module
86d8805 
Related: #1491
@juliocc juliocc mentioned this issue Aug 4, 2023
Merged
juliocc added a commit that referenced this issue Aug 4, 2023
@juliocc
Allow custom route descriptions in net-vpc module
bbe778e 
Related: #1491
@ludoo
Copy link
Collaborator

ludoo commented Aug 6, 2023

I'm ambivalent on some of the changes here. For example in the project module, the custom_roles variable is currently

variable "custom_roles" {
  description = "Map of role name => list of permissions to create in this project."
  type        = map(list(string))
  default     = {}
  nullable    = false
}

Adding a description will either

  • require a new variable just for custom roles description, "polluting" the variable namespace with something that will almost never be used, or
  • change the type to an object, making module invocation more verbose

IMHO this falls into the "we cover 99% of use cases, the extra 1% can be easily covered by the user editing the module to support their specific requirements". @juliocc @wiktorn @apichick WDYT?

@ludoo ludoo mentioned this issue Aug 6, 2023
Merged
@wiktorn
Copy link
Collaborator Author

wiktorn commented Aug 6, 2023

I tend to agree to leave it as it is for now, especially that this would be backward incompatible change.

OTOH custom_roles is one of the few things, where I find custom description useful.

@ludoo
Copy link
Collaborator

ludoo commented Aug 6, 2023
edited

I tend to agree to leave it as it is for now, especially that this would be backward incompatible change.

OTOH custom_roles is one of the few things, where I find custom description useful.

Yep, but it drastically changes the interface. My preference would be to leave as is until someone really needs it, but if you and Julio strongly feel about this, let's. I would just tackle resource management modules in their own PR as they need other fixes (eg fw policies), and they are really critical for everything else.

@juliocc
Copy link
Collaborator

juliocc commented Aug 6, 2023
edited

I tend to agree to leave it as it is for now, especially that this would be backward incompatible change.
OTOH custom_roles is one of the few things, where I find custom description useful.

Yep, but it drastically changes the interface. My preference would be to leave as is until someone really needs it, but if you and Julio strongly feel about this, let's. I would just tackle resource management modules in their own PR as they need other fixes (eg fw policies), and they are really critical for everything else.

I took a look at custom roles last week and I came to the same conclusion. There are two extra fields that we could potentially add (stage and description). That being said I like the simplicity of a map(list(string)).

I vote to leave it as it is for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skalolazka skalolazka

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

More module descriptions GoogleCloudPlatform/cloud-foundation-fabric
4 participants
@ludoo @juliocc @wiktorn @skalolazka