Great video. Learned lots. Thank you

@azure-terraformer

26 күн бұрын

Thanks!

That is some quality content !!

@azure-terraformer

3 ай бұрын

Thanks mate!

Great video! Re: 7:24 in your video: I disagree about reusable modules using ">=" instead of pessimistic constraint "~>". The best practice here would be to have the reusable module specify "~> 1.51", which means this module can work with >1.51.x but less than 2.0.0. The code here makes the mistake of using ~> too granularly by specifying the patch also ("~>1.51.1"), which is too constraining. As a reusable module author, I can't guarantee compatibility with the next major provider version. Major versions introduce breaking changes, so it's risky to promise support beyond what I've tested. It's responsible to set upper bounds to prevent unexpected issues for users in the future.

@azure-terraformer

8 күн бұрын

You makes some good points. It does seem that >= has an overly generous upward versioning bias, while the pessimistic constraint operator has too narrow range potential.

Excellent explanation of the different version constraints. I've been reading the docs number of times and I did not get that until I learned it from you.:)

@azure-terraformer

5 ай бұрын

Glad it was helpful!

Thanks, lots of useful insights on how to structure a main vs. a module!

@azure-terraformer

Жыл бұрын

The offer is still on the table! Send me your terraform code and I’ll review it! 😀

thank you so much :-) could you please post the github link for the repo. thanks

@azure-terraformer

Жыл бұрын

Thanks for your interest but with these code reviews the code is audience provided so I don’t share the code repo they send me. Hope you understand. 😀 if you have code you’d like me to review please send me a link!

@neelojp8460

Жыл бұрын

@@azure-terraformer Of course I understand it, thank you again for your time. It would be really helpful if you sharing some generall tips for Terraform, I mean it should work for OpenStack, Azure, AWS, GCP etc... thanks again :-)

@azure-terraformer

Жыл бұрын

I got you. Thanks I’ll see what I can do in future episodes!

I use terraform with google and the way we do the secgroups/firewall is to add tags to the instances (ie tag = ssh , http) and set the target tags for the secgroup/firewall resource to that/those tags names.

@azure-terraformer

Жыл бұрын

Interesting. Is there a way to lock down who can apply those tags? That could be concerning if somebody with access to change tags could open ports. Usually tags are used for metadata / lookup / grouping.

@gary-nw2bm

Жыл бұрын

@@azure-terraformer we disable (or so I'm told for non admins of the google projects) access from making any changes from the console, meaning us non admins can only make changes to the tags via terraform. Something about impersonating iams if that makes sense 🤷‍♂️

@gary-nw2bm

Жыл бұрын

I should add this doesn't stop from someone from changing tags but limits paths to do so. Hopefully a review of the code changes catches any badness before merging.

@azure-terraformer

Жыл бұрын

Yeah sounds like you have it covered. Looking at the GCP provider it looks like this is officially supported by Google in the APIs so seems legit. On other Azure and AWS this is not the case.

@azure-terraformer

Жыл бұрын

Agreed!