Add the config_entry resource #127
Conversation
ghost
added
There was a problem hiding this comment.
He @remilapeyre this is looking great!
I think it would be even better if we could make these more generic so that we lower the overhead to maintain the schema and docs as we add more types (we've already added 3 more to be released this week for example!). I'm not familiar enough with TF provider code to know the best way to do that but please let me know what you think.
Since hashicorp/consul@4eb7397 Consul store additional information in its service metadata field. (cherry picked from commit 06343cd)
|
Hi @banks, I've been trying to use a more generic What if we just use a For example : resource "consul_config_entry" "service-router" {
kind = "service-router"
name = "web"
config = <<-EOF
routes = [
{
match {
http {
path_prefix = "/admin"
}
}
destination {
service = "admin"
}
}
]
EOF
}This could make it work albeit the integration with Terraform and user-experience might not be the best. |
|
Sorry it took so long to respond @remilapeyre - HashiConf was upon us last week! I'm honestly not sure about that UX - I think it would be good to loop in some Terraform folks here to steer us towards the best path. There may well be good reasons not to do the embedded HCL route beyond just looking a bit ugly that are too subtle for my experience to tease out. I'll ask around internally first and see what the consensus is. |
|
Hey @remilapeyre I have spoken to our Terraform Gurus (@paultyng) and have some good ideas now. The FutureFirst up the TF providers team are trying to solve this very problem for Kube right now - 0.12 dynamic types make it possible in the language to do much better but the SDK to support that in providers is still work in progress. Even when it does land, it will only work for 0.12 so keep an eye out for a major SDK update soon but we need another solution medium term for 0.11 support anyway. The PresentThe present prior art here is pretty much what you came up with. You probably know this but for the purpose of future readers, Nomad job files can inline HCL or JSON: https://www.terraform.io/docs/providers/nomad/r/job.html and AWS IAM policies inline JSON: https://www.terraform.io/docs/providers/aws/r/iam_policy.html. Paul's suggestion for us now is that we go with inlining the Config Entry payload but he proposes that we do it as JSON (or at least support JSON too - Nomad can do either). The main reason for this is that in 0.12 people can use the ( resource "consul_config_entry" "service-router" {
kind = "service-router"
name = "web"
config_json = jsonencode({
routes = [
{
match {
http {
path_prefix = "/admin"
}
}
destination {
service = "admin"
}
}
]
})
}I'd be fine with just JSON for now and possibly naming the field explicitly like in example above so that when we do get to update to use 0.12 dynamic types that can be added in a backwards compatible way with just What do you think? |
remilapeyre
changed the title
remilapeyre
force-pushed
the
resource-configuration-entry
branch
from
4248cec
to
b1f4c6e
Compare
|
Hi @banks, thanks for this feedback! I made the changes to have the configuration in a To update An other thing to note, is that if the user does not set fields with default values like If the user set a configuration like https://github.com/terraform-providers/terraform-provider-consul/pull/127/files#diff-88aef67908852df198cd4fd86a154965R226-R235, Consul will silently replace the Let me know what you think about this implementation, I hope the extensive example in thee documentation will make it easy enough for the user to adapt it to its need despite the less than ideal API :) |
|
Thanks @remilapeyre!
Commented inline but seems like the best option for now.
That does seem a bit gross - wont that happen in pretty much every case? I think it's worth doing the deep-equals comparison of structs if it helps avoid that as we expect most fields to be defaulted most of the time especially as we add more. But maybe I'm misunderstanding how often this might trip people up?
Yeah that ones a bit gross but you're right hard coding exceptions is ugly and Consul will change this behaviour "Soon". I guess the key would be documenting the valid value here well, and maybe even calling out the potential error if it's typoed or misconfigured? What do you think @remilapeyre about adding a "notice" to the docs under the name field that calls out |
One thing that worries me with doing deep compares is that resource "consul_config_entry" "proxy_defaults" {
kind = "proxy-defaults"
name = "global"
config_json = jsonencode({
mesh_gateway = {
mode = "local"
}
Config = {
local_connect_timeout_ms = 1000
handshake_timeout_ms = 10000
}
})
}will actually create this config entry: {
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"handshake_timeout_ms": 10000,
"local_connect_timeout_ms": 1000
},
"MeshGateway": {},
"CreateIndex": 16,
"ModifyIndex": 40
}and it seems to me that using a deep-equals comparison would not detect any difference here and there is no way to detect that the
This is a good idea, this way we keep the same behavior as Consul HTTP API but warn the user. I will add this. |
|
Hi @banks, if you are OK with it I propose we merge with the current behavior and we improve over it when the support for multiple schemas land in the Terraform SDK. |
|
Sorry @remilapeyre, I read your last update but never responded. In your example for why deep equals was bad, is that different from not doing a deep equal check? If we don't accept a snake_case version in the What would you need exposed in the |
|
To be clearer. I think my confusion is that as far as I understand, the terraform in your example would actually not create a ConfigEntry with an empty There is still the issue of the TF provider comparison of the CamelCase output to what the user provided, but if we made the same normalisation the server uses available in the Another thing we could do (and arguably should have done) would be to make In fact is that the only problematic field for defaults? |
|
Hi @banks, I finally came back to this, I think the UX is better now:
It seems to me that this the best we can do until the support for dynamic fields is ready. |
There was a problem hiding this comment.
@remilapeyre amazing job thanks for getting those UX improvements in.
I'm approving as this all looks good although I'd be keen if possible to remove the unnecessary MeshGateway: {} lines from the docs. Tests matter less although I'd probably stick with the more common pattern of not specifying the empty field in most cases there too.
Thanks again, this is great work and we have a few people asking for this already!
No description provided.