Skip to content

fix: use organization_id smarter #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 15, 2024
Merged

fix: use organization_id smarter #75

merged 8 commits into from
May 15, 2024

Conversation

@badass-aoz
Copy link
Contributor

@badass-aoz badass-aoz commented May 15, 2024

Summary

While working on #74 I noticed that organization_id isn't consistently set, so I went through all the example files and ensured it's used in a consistent way. In details:

  1. if organization_id is not provided, we try to derive it w/ the provider project_id
  2. we fail to do that, we warn users
  3. in places where organization_id is used, we consistently use the derived local.organization_id instead of user-provided var.organization_id.

I also updated the min version requirements because minimum TF 1.5 is needed to support checks block. This makes it consistent w/ the Azure TF repo.

How did you test this change?

  1. Go through all example main.tf, add a valid provider project_id, and observe terraform apply goes through.
  2. Remove project_id and observe checks kick in

Issue

https://lacework.atlassian.net/browse/LINK-2695

@badass-aoz badass-aoz force-pushed the orgid_validator branch 2 times, most recently from 9d7fe8b to 1ad69d9 Compare May 15, 2024 00:48
@badass-aoz badass-aoz marked this pull request as ready for review May 15, 2024 00:48
@badass-aoz badass-aoz requested review from a team, ammarekbote and tmac1973 and removed request for tmac1973 May 15, 2024 00:50
badass-aoz
badass-aoz commented May 15, 2024
View reviewed changes
main.tf
// if the scanning project id is not provided, use the project specified in the provider
data "google_project" "selected" {
count = length(var.scanning_project_id) > 0 ? (length(var.organization_id) > 0 ? 0 : 1) : 1
count = length(var.scanning_project_id) > 0 ? 0 : 1
Copy link
Contributor Author

@badass-aoz badass-aoz May 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will make the logic here less convoluted. Previously there's an implicit dependency:

  • local.scanning_project_id depends on data.google_project.selected depends on var.organization_id

which made things a bit hard to reason about. Hence I'm doing this cleanup, so we'll always try to get the current project regardless whether organization_id is provided. LMK if this condition is actually needed.

selvats
selvats reviewed May 15, 2024
View reviewed changes
@selvats
Copy link

selvats commented May 15, 2024

@badass-aoz, there is feedback in https://lacework.slack.com/archives/C03H3863SQG/p1714591554167629 on the version for the google provider. Can it also be addressed in this PR?

Base automatically changed from more_perm to main May 15, 2024 17:20
@badass-aoz badass-aoz merged commit 17a6d54 into main May 15, 2024
@badass-aoz badass-aoz deleted the orgid_validator branch May 15, 2024 17:26
@badass-aoz badass-aoz changed the title misc: use organization_id smarter fix: use organization_id smarter May 15, 2024
@badass-aoz badass-aoz mentioned this pull request May 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@selvats selvats selvats left review comments

@ammarekbote ammarekbote ammarekbote approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@badass-aoz @selvats @ammarekbote