Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: support TF default workspace, more attributes + fix drift detection schedule #11

Merged
merged 4 commits into from
Dec 18, 2024
Merged

fix: support TF default workspace, more attributes + fix drift detection schedule #11

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
df259b2
fix: support more attributes
gberenice Dec 17, 2024
2986282
chore: enable well-known secret masking by default
gberenice Dec 18, 2024
8ccba9f
feat: allow TF workspace usage
gberenice Dec 18, 2024
b02370b
chore: adds precondition + addressess PR feedback
gberenice Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ NOTE to Masterpoint team: We might want to create a small wrapper to automatize

| Name | Version |
| ------------------------------------------------------------------ | ------- |
| <a name="provider_spacelift"></a> [spacelift](#provider_spacelift) | 1.16.1 |
| <a name="provider_spacelift"></a> [spacelift](#provider_spacelift) | 1.19.0 |

## Modules

Expand Down Expand Up @@ -174,7 +174,9 @@ NOTE to Masterpoint team: We might want to create a small wrapper to automatize
| <a name="input_drift_detection_schedule"></a> [drift_detection_schedule](#input_drift_detection_schedule) | The schedule for drift detection. | `list(string)` | <pre>[<br> "0 4 * * *"<br>]</pre> | no |
| <a name="input_drift_detection_timezone"></a> [drift_detection_timezone](#input_drift_detection_timezone) | The timezone for drift detection. | `string` | `"UTC"` | no |
| <a name="input_enable_local_preview"></a> [enable_local_preview](#input_enable_local_preview) | Indicates whether local preview runs can be triggered on this Stack. | `bool` | `false` | no |
| <a name="input_enable_well_known_secret_masking"></a> [enable_well_known_secret_masking](#input_enable_well_known_secret_masking) | Indicates whether well-known secret masking is enabled. | `bool` | `true` | no |
| <a name="input_enabled_root_modules"></a> [enabled_root_modules](#input_enabled_root_modules) | List of root modules where to look for stack config files.<br>Ignored when all_root_modules_enabled is true.<br>Example: ["spacelift-automation", "k8s-cluster"] | `list(string)` | `[]` | no |
| <a name="input_github_action_deploy"></a> [github_action_deploy](#input_github_action_deploy) | Indicates whether GitHub users can deploy from the Checks API. | `bool` | `true` | no |
| <a name="input_github_enterprise"></a> [github_enterprise](#input_github_enterprise) | The GitHub VCS settings | <pre>object({<br> namespace = string<br> id = optional(string)<br> })</pre> | n/a | yes |
| <a name="input_manage_state"></a> [manage_state](#input_manage_state) | Determines if Spacelift should manage state for this stack. | `bool` | `false` | no |
| <a name="input_protect_from_deletion"></a> [protect_from_deletion](#input_protect_from_deletion) | Protect this stack from accidental deletion. If set, attempts to delete this stack will fail. | `bool` | `false` | no |
Expand All @@ -188,7 +190,9 @@ NOTE to Masterpoint team: We might want to create a small wrapper to automatize

## Outputs

No outputs.
| Name | Description |
| ----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| <a name="output_spacelift_stacks"></a> [spacelift_stacks](#output_spacelift_stacks) | A map of Spacelift stacks with selected attributes.<br>To reduce the risk of accidentally exporting sensitive data, only a subset of attributes is exported. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Expand Down
1 change: 1 addition & 0 deletions examples/complete/components/spacelift-automation/stacks/example.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ stack_settings:
description: This Automation stack is used for Masterpoint's testing purposes
labels:
- stack_specific_label
drift_detection_enabled: true
62 changes: 31 additions & 31 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,36 +234,36 @@ module "deep" {
resource "spacelift_stack" "default" {
for_each = local.stacks

space_id = coalesce(try(local.stack_configs[each.key].space_id, null), var.space_id)
name = each.key
administrative = coalesce(try(local.stack_configs[each.key].administrative, null), var.administrative)
after_apply = compact(concat(try(local.stack_configs[each.key].after_apply, []), var.after_apply))
after_destroy = compact(concat(try(local.stack_configs[each.key].after_destroy, []), var.after_destroy))
after_init = compact(concat(try(local.stack_configs[each.key].after_init, []), var.after_init))
after_perform = compact(concat(try(local.stack_configs[each.key].after_perform, []), var.after_perform))
after_plan = compact(concat(try(local.stack_configs[each.key].after_plan, []), var.after_plan))
autodeploy = coalesce(try(local.stack_configs[each.key].autodeploy, null), var.autodeploy)
autoretry = try(local.stack_configs[each.key].autoretry, var.autoretry)
before_apply = compact(coalesce(try(local.stack_configs[each.key].before_apply, []), var.before_apply))
before_destroy = compact(coalesce(try(local.stack_configs[each.key].before_destroy, []), var.before_destroy))
before_init = compact(coalesce(try(local.before_init[each.key], []), var.before_init))
before_perform = compact(coalesce(try(local.stack_configs[each.key].before_perform, []), var.before_perform))
before_plan = compact(coalesce(try(local.stack_configs[each.key].before_plan, []), var.before_plan))
description = coalesce(try(local.stack_configs[each.key].description, null), var.description)
repository = try(local.stack_configs[each.key].repository, var.repository)
branch = try(local.stack_configs[each.key].branch, var.branch)
project_root = local.configs[each.key].project_root
manage_state = try(local.stack_configs[each.key].manage_state, var.manage_state)
labels = local.labels[each.key]
enable_local_preview = try(local.stack_configs[each.key].enable_local_preview, var.enable_local_preview)
terraform_smart_sanitization = try(local.stack_configs[each.key].terraform_smart_sanitization, var.terraform_smart_sanitization)
terraform_version = try(local.stack_configs[each.key].terraform_version, var.terraform_version)
terraform_workflow_tool = var.terraform_workflow_tool
terraform_workspace = local.configs[each.key].terraform_workspace

protect_from_deletion = try(local.stack_configs[each.key].protect_from_deletion, var.protect_from_deletion)

worker_pool_id = try(local.stack_configs[each.key].worker_pool_id, var.worker_pool_id)
administrative = coalesce(try(local.stack_configs[each.key].administrative, null), var.administrative)
after_apply = compact(concat(try(local.stack_configs[each.key].after_apply, []), var.after_apply))
after_destroy = compact(concat(try(local.stack_configs[each.key].after_destroy, []), var.after_destroy))
after_init = compact(concat(try(local.stack_configs[each.key].after_init, []), var.after_init))
after_perform = compact(concat(try(local.stack_configs[each.key].after_perform, []), var.after_perform))
after_plan = compact(concat(try(local.stack_configs[each.key].after_plan, []), var.after_plan))
autodeploy = coalesce(try(local.stack_configs[each.key].autodeploy, null), var.autodeploy)
autoretry = try(local.stack_configs[each.key].autoretry, var.autoretry)
before_apply = compact(coalesce(try(local.stack_configs[each.key].before_apply, []), var.before_apply))
before_destroy = compact(coalesce(try(local.stack_configs[each.key].before_destroy, []), var.before_destroy))
before_init = compact(coalesce(try(local.before_init[each.key], []), var.before_init))
before_perform = compact(coalesce(try(local.stack_configs[each.key].before_perform, []), var.before_perform))
before_plan = compact(coalesce(try(local.stack_configs[each.key].before_plan, []), var.before_plan))
branch = try(local.stack_configs[each.key].branch, var.branch)
description = coalesce(try(local.stack_configs[each.key].description, null), var.description)
enable_local_preview = try(local.stack_configs[each.key].enable_local_preview, var.enable_local_preview)
enable_well_known_secret_masking = try(local.stack_configs[each.key].enable_well_known_secret_masking, var.enable_well_known_secret_masking)
github_action_deploy = try(local.stack_configs[each.key].github_action_deploy, var.github_action_deploy)
labels = local.labels[each.key]
manage_state = try(local.stack_configs[each.key].manage_state, var.manage_state)
name = each.key
project_root = local.configs[each.key].project_root
protect_from_deletion = try(local.stack_configs[each.key].protect_from_deletion, var.protect_from_deletion)
repository = try(local.stack_configs[each.key].repository, var.repository)
space_id = coalesce(try(local.stack_configs[each.key].space_id, null), var.space_id)
terraform_smart_sanitization = try(local.stack_configs[each.key].terraform_smart_sanitization, var.terraform_smart_sanitization)
terraform_version = try(local.stack_configs[each.key].terraform_version, var.terraform_version)
terraform_workflow_tool = var.terraform_workflow_tool
terraform_workspace = local.configs[each.key].terraform_workspace
worker_pool_id = try(local.stack_configs[each.key].worker_pool_id, var.worker_pool_id)

dynamic "github_enterprise" {
for_each = var.github_enterprise != null ? [var.github_enterprise] : []
Expand Down Expand Up @@ -318,7 +318,7 @@ resource "spacelift_drift_detection" "default" {

lifecycle {
precondition {
condition = can(regex("^([0-9,\\-\\*]+\\s+){4}[0-9,\\-\\*]+$", try(local.stack_configs[each.key].drift_detection_schedule, var.drift_detection_schedule)))
condition = alltrue([for schedule in try(local.stack_configs[each.key].drift_detection_schedule, var.drift_detection_schedule) : can(regex("^([0-9,\\-\\*]+\\s+){4}[0-9,\\-\\*]+$", schedule))])
error_message = "Invalid cron schedule format for drift detection"
}
}
Expand Down
14 changes: 14 additions & 0 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
output "spacelift_stacks" {
description = <<-EOT
A map of Spacelift stacks with selected attributes.
To reduce the risk of accidentally exporting sensitive data, only a subset of attributes is exported.
EOT
value = {
for name, stack in spacelift_stack.default : name => {
id = stack.id
labels = stack.labels
autodeploy = stack.autodeploy
administrative = stack.administrative
}
}
}
12 changes: 12 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,20 @@ variable "enable_local_preview" {
type = bool
description = "Indicates whether local preview runs can be triggered on this Stack."
default = false
}

variable "enable_well_known_secret_masking" {
type = bool
description = "Indicates whether well-known secret masking is enabled."
default = true
}

variable "github_action_deploy" {
type = bool
description = "Indicates whether GitHub users can deploy from the Checks API."
default = true
}

variable "manage_state" {
type = bool
description = "Determines if Spacelift should manage state for this stack."
Expand Down
Loading