Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF modules pinning notes #128

Closed
MaxymVlasov opened this issue Jun 1, 2023 · 7 comments
Closed

TF modules pinning notes #128

MaxymVlasov opened this issue Jun 1, 2023 · 7 comments

Comments

@MaxymVlasov
Copy link
Contributor

MaxymVlasov commented Jun 1, 2023
edited
Loading

That's a kind of "latest" pin

terraform-aws-cloudtrail/main.tf

Lines 617 to 619 in 006c2f3

module "lacework_ct_iam_role" {
source = "lacework/iam-role/aws"
version = "~> 0.3"

In case, if something will be broken in version 0.9999 - all module versions from the time when version = "~> 0.3" was introduced will become broken without any changes to the code.

Which is a little bit violating https://reproducible-builds.org/ (a little bit, because the main reason this site is not about infra at all)

Regarding TF best practices:

For modules maintained within your organization, specifying version ranges may be appropriate if semantic versioning is used consistently or if there is a well-defined release process that avoids unwanted updates.

it +- okay, because you manage both modules, and if you have cross-module change testing CI somewhere.

But if not - better not to have such floating stuff for modules. And update versions when you need or, automate these updates by Renovate/dependabot. For example, here is a quick start solution - https://github.com/SpotOnInc/renovate-config/.
@MaxymVlasov
Copy link
Contributor Author

Also, "~> 0.3" is analogue of ">= 0.3, < 1.0"

If you want use ">= 0.3.0, < 0.4", you need specify "~> 0.3.0"

@MaxymVlasov MaxymVlasov mentioned this issue Jun 1, 2023
Merged
@MaxymVlasov MaxymVlasov changed the title Module pinning notes TF modules pinning notes Jun 1, 2023
@robert-mcclary-1uphealth
Copy link

robert-mcclary-1uphealth commented Sep 19, 2023
edited
Loading

Just dug around a bunch of external dependencies and noticed that this is what is causing something have contraints mismatch when attempting to use the lacework provider pinned at a certain version.

For instance we are pinning to version ~> 0.2, ~>0.25 (which don't conflict but work out to be 0.27.0) because we are not ready to jump to some of the other higher dependencies, aws provider being one of them.

module "lacework_config" {
    source  = "lacework/config/aws"
    version = "0.7"
}

module "lacework_cloudtrail" {
    source = "lacework/cloudtrail/aws"
    version = "1.0.2"
}

However, since late last week there was an update to the lacework/iam-role/aws (which is sourced within the cloudtrail lacework/cloudtrail/aws module that is versioned as 0.4.1 which is within the current ~> 0.1 that our older 1.0.2 version cloudtrail module sources which creates a dependency on ~> 1.0, ~> 1.15 provider which is conflicting with the current attempt to pin at ~> 0.2 (0.27.0) and outputting an error when doing a terragrunt init due to the collision of version requirements.

Could not retrieve the list of available versions for provider lacework/lacework: no available releases match the given constraints 0.27.0, ~> 1.0, ~> 1.15

And because this is an external dependency within the cloudtrail module we cannot change/update this without forking and setting this to be different at the moment.

@afiune
Copy link
Contributor

afiune commented Sep 21, 2023

@MaxymVlasov Thank you so much for your feedback, the team is looking into this issue actively. I will come back to you with some updates soon.

@afiune
Copy link
Contributor

afiune commented Oct 4, 2023

@robert-mcclary-1uphealth Thank you so much for such detailed feedback. Also, apologies for the troubles.

We are about to hit the one year mark from the release of v0.27.0 of our provider, this version still uses some APIv1 endpoints that are about to be decommissioned in November 2023 (next month), I highly encourage you to do update to the latest version, or at least jump to v1.0.0.

Having said that, we acknowledge that we have put you in a bad spot here since you have no way to continue using the versions you were using. 😞

I am going to work on releasing two more versions of both modules to unblock you with @MaxymVlasov recommendation. Once again, we apologize for the inconveniences.

@afiune
Copy link
Contributor

afiune commented Oct 4, 2023

@robert-mcclary-1uphealth here you have them:

-- Please, let me know if these versions unblock you.

@afiune
Copy link
Contributor

afiune commented Oct 18, 2023

Please, feel free to re-open this issue if this hasn't been solved.

@afiune afiune closed this as completed Oct 18, 2023
@MaxymVlasov
Copy link
Contributor Author

@afiune well, you still pointing modules from 0.4 to 0.99999999999999.

terraform-aws-cloudtrail/main.tf

Line 616 in 984385b

version = "~> 0.4"

change ~> 0.4 to ~> 0.4.0 to fix that (and probably other occurrence)

Also, I can't reopen issue, only create a new one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@afiune @MaxymVlasov @robert-mcclary-1uphealth