From b02370bcb2cf28411d53e7255d85791b393bd624 Mon Sep 17 00:00:00 2001 From: Veronika Gnilitska Date: Wed, 18 Dec 2024 13:30:51 -0500 Subject: [PATCH] chore: adds precondition + addressess PR feedback --- README.md | 88 +++++++++---------- .../components/random-pet/stacks/common.yaml | 2 + .../components/random-pet/stacks/example.yaml | 3 +- main.tf | 15 ++++ variables.tf | 6 +- 5 files changed, 66 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index 1d9d7bf..91b3c1b 100644 --- a/README.md +++ b/README.md @@ -144,50 +144,50 @@ NOTE to Masterpoint team: We might want to create a small wrapper to automatize ## Inputs -| Name | Description | Type | Default | Required | -| --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ---------------------------------------------------------- | :------: | -| [administrative](#input_administrative) | Flag to mark the stack as administrative | `bool` | `false` | no | -| [after_apply](#input_after_apply) | List of after-apply scripts | `list(string)` | `[]` | no | -| [after_destroy](#input_after_destroy) | List of after-destroy scripts | `list(string)` | `[]` | no | -| [after_init](#input_after_init) | List of after-init scripts | `list(string)` | `[]` | no | -| [after_perform](#input_after_perform) | List of after-perform scripts | `list(string)` | `[]` | no | -| [after_plan](#input_after_plan) | List of after-plan scripts | `list(string)` | `[]` | no | -| [all_root_modules_enabled](#input_all_root_modules_enabled) | When set to true, all subdirectories in root_modules_path will be treated as root modules. | `bool` | `false` | no | -| [autodeploy](#input_autodeploy) | Flag to enable/disable automatic deployment of the stack | `bool` | `true` | no | -| [autoretry](#input_autoretry) | Flag to enable/disable automatic retry of the stack | `bool` | `false` | no | -| [aws_integration_attachment_read](#input_aws_integration_attachment_read) | Indicates whether this attachment is used for read operations. | `bool` | `true` | no | -| [aws_integration_attachment_write](#input_aws_integration_attachment_write) | Indicates whether this attachment is used for write operations. | `bool` | `true` | no | -| [aws_integration_enabled](#input_aws_integration_enabled) | Indicates whether the AWS integration is enabled. | `bool` | `false` | no | -| [aws_integration_id](#input_aws_integration_id) | ID of the AWS integration to attach. | `string` | `null` | no | -| [before_apply](#input_before_apply) | List of before-apply scripts | `list(string)` | `[]` | no | -| [before_destroy](#input_before_destroy) | List of before-destroy scripts | `list(string)` | `[]` | no | -| [before_init](#input_before_init) | List of before-init scripts | `list(string)` | `[]` | no | -| [before_perform](#input_before_perform) | List of before-perform scripts | `list(string)` | `[]` | no | -| [before_plan](#input_before_plan) | List of before-plan scripts | `list(string)` | `[]` | no | -| [branch](#input_branch) | Specify which branch to use within the infrastructure repository. | `string` | `"main"` | no | -| [common_config_file](#input_common_config_file) | Name of the common configuration file for the stack across a root module. | `string` | `"common.yaml"` | no | -| [default_tf_workspace_enabled](#input_default_tf_workspace_enabled) | Enables the use of `default` Terraform workspace instead of managing multiple workspaces within a root module.

NOTE: We encourage the use of Terraform workspaces to manage multiple environments. However, in some cases,
you may want to disable this behavior. This is particularly useful when integrating this module
into an existing (brownfield) infrastructure setup. | `bool` | `false` | no | -| [description](#input_description) | Description of the stack | `string` | `"Managed by spacelift-automation Terraform root module."` | no | -| [destructor_enabled](#input_destructor_enabled) | Flag to enable/disable the destructor for the Stack. | `bool` | `false` | no | -| [drift_detection_enabled](#input_drift_detection_enabled) | Flag to enable/disable Drift Detection configuration for a Stack. | `bool` | `false` | no | -| [drift_detection_ignore_state](#input_drift_detection_ignore_state) | Controls whether drift detection should be performed on a stack
in any final state instead of just 'Finished'. | `bool` | `false` | no | -| [drift_detection_reconcile](#input_drift_detection_reconcile) | Flag to enable/disable automatic reconciliation of drifts. | `bool` | `false` | no | -| [drift_detection_schedule](#input_drift_detection_schedule) | The schedule for drift detection. | `list(string)` | 
[
 "0 4 * * *"
]
| no | -| [drift_detection_timezone](#input_drift_detection_timezone) | The timezone for drift detection. | `string` | `"UTC"` | no | -| [enable_local_preview](#input_enable_local_preview) | Indicates whether local preview runs can be triggered on this Stack. | `bool` | `false` | no | -| [enable_well_known_secret_masking](#input_enable_well_known_secret_masking) | Indicates whether well-known secret masking is enabled. | `bool` | `true` | no | -| [enabled_root_modules](#input_enabled_root_modules) | List of root modules where to look for stack config files.
Ignored when all_root_modules_enabled is true.
Example: ["spacelift-automation", "k8s-cluster"] | `list(string)` | `[]` | no | -| [github_action_deploy](#input_github_action_deploy) | Indicates whether GitHub users can deploy from the Checks API. | `bool` | `true` | no | -| [github_enterprise](#input_github_enterprise) | The GitHub VCS settings | 
object({
 namespace = string
 id = optional(string)
 })
| n/a | yes | -| [manage_state](#input_manage_state) | Determines if Spacelift should manage state for this stack. | `bool` | `false` | no | -| [protect_from_deletion](#input_protect_from_deletion) | Protect this stack from accidental deletion. If set, attempts to delete this stack will fail. | `bool` | `false` | no | -| [repository](#input_repository) | The name of your infrastructure repo | `string` | n/a | yes | -| [root_modules_path](#input_root_modules_path) | The path, relative to the root of the repository, where the root module can be found. | `string` | `"root-modules"` | no | -| [space_id](#input_space_id) | Place the stack in the specified space_id. | `string` | `"root"` | no | -| [terraform_smart_sanitization](#input_terraform_smart_sanitization) | Indicates whether runs on this will use terraform's sensitive value system to sanitize
the outputs of Terraform state and plans in spacelift instead of sanitizing all fields. | `bool` | `false` | no | -| [terraform_version](#input_terraform_version) | Terraform version to use. | `string` | `"1.7.2"` | no | -| [terraform_workflow_tool](#input_terraform_workflow_tool) | Defines the tool that will be used to execute the workflow.
This can be one of OPEN_TOFU, TERRAFORM_FOSS or CUSTOM. | `string` | `"OPEN_TOFU"` | no | -| [worker_pool_id](#input_worker_pool_id) | ID of the worker pool to use.
NOTE: worker_pool_id is required when using a self-hosted instance of Spacelift. | `string` | `null` | no | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ---------------------------------------------------------- | :------: | +| [administrative](#input_administrative) | Flag to mark the stack as administrative | `bool` | `false` | no | +| [after_apply](#input_after_apply) | List of after-apply scripts | `list(string)` | `[]` | no | +| [after_destroy](#input_after_destroy) | List of after-destroy scripts | `list(string)` | `[]` | no | +| [after_init](#input_after_init) | List of after-init scripts | `list(string)` | `[]` | no | +| [after_perform](#input_after_perform) | List of after-perform scripts | `list(string)` | `[]` | no | +| [after_plan](#input_after_plan) | List of after-plan scripts | `list(string)` | `[]` | no | +| [all_root_modules_enabled](#input_all_root_modules_enabled) | When set to true, all subdirectories in root_modules_path will be treated as root modules. | `bool` | `false` | no | +| [autodeploy](#input_autodeploy) | Flag to enable/disable automatic deployment of the stack | `bool` | `true` | no | +| [autoretry](#input_autoretry) | Flag to enable/disable automatic retry of the stack | `bool` | `false` | no | +| [aws_integration_attachment_read](#input_aws_integration_attachment_read) | Indicates whether this attachment is used for read operations. | `bool` | `true` | no | +| [aws_integration_attachment_write](#input_aws_integration_attachment_write) | Indicates whether this attachment is used for write operations. | `bool` | `true` | no | +| [aws_integration_enabled](#input_aws_integration_enabled) | Indicates whether the AWS integration is enabled. | `bool` | `false` | no | +| [aws_integration_id](#input_aws_integration_id) | ID of the AWS integration to attach. | `string` | `null` | no | +| [before_apply](#input_before_apply) | List of before-apply scripts | `list(string)` | `[]` | no | +| [before_destroy](#input_before_destroy) | List of before-destroy scripts | `list(string)` | `[]` | no | +| [before_init](#input_before_init) | List of before-init scripts | `list(string)` | `[]` | no | +| [before_perform](#input_before_perform) | List of before-perform scripts | `list(string)` | `[]` | no | +| [before_plan](#input_before_plan) | List of before-plan scripts | `list(string)` | `[]` | no | +| [branch](#input_branch) | Specify which branch to use within the infrastructure repository. | `string` | `"main"` | no | +| [common_config_file](#input_common_config_file) | Name of the common configuration file for the stack across a root module. | `string` | `"common.yaml"` | no | +| [default_tf_workspace_enabled](#input_default_tf_workspace_enabled) | Enables the use of `default` Terraform workspace instead of managing multiple workspaces within a root module.

NOTE: We encourage the use of Terraform workspaces to manage multiple environments.
However, you will want to disable this behavior if you're utilizing different backends for each instance
of your root modules (we call this "Dynamic Backends"). | `bool` | `false` | no | +| [description](#input_description) | Description of the stack | `string` | `"Managed by spacelift-automation Terraform root module."` | no | +| [destructor_enabled](#input_destructor_enabled) | Flag to enable/disable the destructor for the Stack. | `bool` | `false` | no | +| [drift_detection_enabled](#input_drift_detection_enabled) | Flag to enable/disable Drift Detection configuration for a Stack. | `bool` | `false` | no | +| [drift_detection_ignore_state](#input_drift_detection_ignore_state) | Controls whether drift detection should be performed on a stack
in any final state instead of just 'Finished'. | `bool` | `false` | no | +| [drift_detection_reconcile](#input_drift_detection_reconcile) | Flag to enable/disable automatic reconciliation of drifts. | `bool` | `false` | no | +| [drift_detection_schedule](#input_drift_detection_schedule) | The schedule for drift detection. | `list(string)` | 
[
 "0 4 * * *"
]
| no | +| [drift_detection_timezone](#input_drift_detection_timezone) | The timezone for drift detection. | `string` | `"UTC"` | no | +| [enable_local_preview](#input_enable_local_preview) | Indicates whether local preview runs can be triggered on this Stack. | `bool` | `false` | no | +| [enable_well_known_secret_masking](#input_enable_well_known_secret_masking) | Indicates whether well-known secret masking is enabled. | `bool` | `true` | no | +| [enabled_root_modules](#input_enabled_root_modules) | List of root modules where to look for stack config files.
Ignored when all_root_modules_enabled is true.
Example: ["spacelift-automation", "k8s-cluster"] | `list(string)` | `[]` | no | +| [github_action_deploy](#input_github_action_deploy) | Indicates whether GitHub users can deploy from the Checks API. | `bool` | `true` | no | +| [github_enterprise](#input_github_enterprise) | The GitHub VCS settings | 
object({
 namespace = string
 id = optional(string)
 })
| n/a | yes | +| [manage_state](#input_manage_state) | Determines if Spacelift should manage state for this stack. | `bool` | `false` | no | +| [protect_from_deletion](#input_protect_from_deletion) | Protect this stack from accidental deletion. If set, attempts to delete this stack will fail. | `bool` | `false` | no | +| [repository](#input_repository) | The name of your infrastructure repo | `string` | n/a | yes | +| [root_modules_path](#input_root_modules_path) | The path, relative to the root of the repository, where the root module can be found. | `string` | `"root-modules"` | no | +| [space_id](#input_space_id) | Place the stack in the specified space_id. | `string` | `"root"` | no | +| [terraform_smart_sanitization](#input_terraform_smart_sanitization) | Indicates whether runs on this will use terraform's sensitive value system to sanitize
the outputs of Terraform state and plans in spacelift instead of sanitizing all fields. | `bool` | `false` | no | +| [terraform_version](#input_terraform_version) | Terraform version to use. | `string` | `"1.7.2"` | no | +| [terraform_workflow_tool](#input_terraform_workflow_tool) | Defines the tool that will be used to execute the workflow.
This can be one of OPEN_TOFU, TERRAFORM_FOSS or CUSTOM. | `string` | `"OPEN_TOFU"` | no | +| [worker_pool_id](#input_worker_pool_id) | ID of the worker pool to use.
NOTE: worker_pool_id is required when using a self-hosted instance of Spacelift. | `string` | `null` | no | ## Outputs diff --git a/examples/complete/components/random-pet/stacks/common.yaml b/examples/complete/components/random-pet/stacks/common.yaml index 5cdd375..e640853 100644 --- a/examples/complete/components/random-pet/stacks/common.yaml +++ b/examples/complete/components/random-pet/stacks/common.yaml @@ -1,3 +1,5 @@ stack_settings: manage_state: true description: This stack generates random pet names + labels: + - common_label diff --git a/examples/complete/components/random-pet/stacks/example.yaml b/examples/complete/components/random-pet/stacks/example.yaml index a47acac..8ecded4 100644 --- a/examples/complete/components/random-pet/stacks/example.yaml +++ b/examples/complete/components/random-pet/stacks/example.yaml @@ -1,4 +1,5 @@ stack_settings: manage_state: true - + labels: + - stack_specific_label default_tf_workspace_enabled: true diff --git a/main.tf b/main.tf index 2a6cd2e..7117a8c 100644 --- a/main.tf +++ b/main.tf @@ -274,6 +274,21 @@ resource "spacelift_stack" "default" { namespace = github_enterprise.value["namespace"] } } + + lifecycle { + # Expected `tfvars` file exists + precondition { + condition = fileexists("${local.configs[each.key].project_root}/tfvars/${local.configs[each.key].tfvars_file_name}.tfvars") + error_message = <<-EOT + The required .tfvars file is missing for stack "${each.key}". + + Expected location: + "${local.configs[each.key].project_root}/tfvars/${local.configs[each.key].tfvars_file_name}.tfvars" + + Ensure that the specified .tfvars file exists in the expected path and try again. + EOT + } + } } # The Spacelift Destructor is a feature designed to automatically clean up the resources no longer managed by our IaC. diff --git a/variables.tf b/variables.tf index c205cf5..ddcb2fd 100644 --- a/variables.tf +++ b/variables.tf @@ -171,9 +171,9 @@ variable "default_tf_workspace_enabled" { description = <<-EOT Enables the use of `default` Terraform workspace instead of managing multiple workspaces within a root module. - NOTE: We encourage the use of Terraform workspaces to manage multiple environments. However, in some cases, - you may want to disable this behavior. This is particularly useful when integrating this module - into an existing (brownfield) infrastructure setup. + NOTE: We encourage the use of Terraform workspaces to manage multiple environments. + However, you will want to disable this behavior if you're utilizing different backends for each instance + of your root modules (we call this "Dynamic Backends"). EOT }