Terraform Code Review: Module Structure & Design Review (on OpenStack)
Ғылым және технология
My first audience code review! Thanks to a friendly internet stranger who was willing to let me review their code and publish it to KZread!
Send me a GitHub link to review your code and I'll do the same for you!
Follow me on Twitter for quick code snippets and thoughts on Cloud, Automation and other things!
/ marktinderholt
Keep the knowledge flowing!
www.buymeacoffee.com/azterraf...
Пікірлер: 20
Great video. Learned lots. Thank you
@azure-terraformer
26 күн бұрын
Thanks!
That is some quality content !!
@azure-terraformer
3 ай бұрын
Thanks mate!
Great video! Re: 7:24 in your video: I disagree about reusable modules using ">=" instead of pessimistic constraint "~>". The best practice here would be to have the reusable module specify "~> 1.51", which means this module can work with >1.51.x but less than 2.0.0. The code here makes the mistake of using ~> too granularly by specifying the patch also ("~>1.51.1"), which is too constraining. As a reusable module author, I can't guarantee compatibility with the next major provider version. Major versions introduce breaking changes, so it's risky to promise support beyond what I've tested. It's responsible to set upper bounds to prevent unexpected issues for users in the future.
@azure-terraformer
8 күн бұрын
You makes some good points. It does seem that >= has an overly generous upward versioning bias, while the pessimistic constraint operator has too narrow range potential.
Excellent explanation of the different version constraints. I've been reading the docs number of times and I did not get that until I learned it from you.:)
@azure-terraformer
5 ай бұрын
Glad it was helpful!
Thanks, lots of useful insights on how to structure a main vs. a module!
@azure-terraformer
Жыл бұрын
The offer is still on the table! Send me your terraform code and I’ll review it! 😀
thank you so much :-) could you please post the github link for the repo. thanks
@azure-terraformer
Жыл бұрын
Thanks for your interest but with these code reviews the code is audience provided so I don’t share the code repo they send me. Hope you understand. 😀 if you have code you’d like me to review please send me a link!
@neelojp8460
Жыл бұрын
@@azure-terraformer Of course I understand it, thank you again for your time. It would be really helpful if you sharing some generall tips for Terraform, I mean it should work for OpenStack, Azure, AWS, GCP etc... thanks again :-)
@azure-terraformer
Жыл бұрын
I got you. Thanks I’ll see what I can do in future episodes!
I use terraform with google and the way we do the secgroups/firewall is to add tags to the instances (ie tag = ssh , http) and set the target tags for the secgroup/firewall resource to that/those tags names.
@azure-terraformer
Жыл бұрын
Interesting. Is there a way to lock down who can apply those tags? That could be concerning if somebody with access to change tags could open ports. Usually tags are used for metadata / lookup / grouping.
@gary-nw2bm
Жыл бұрын
@@azure-terraformer we disable (or so I'm told for non admins of the google projects) access from making any changes from the console, meaning us non admins can only make changes to the tags via terraform. Something about impersonating iams if that makes sense 🤷♂️
@gary-nw2bm
Жыл бұрын
I should add this doesn't stop from someone from changing tags but limits paths to do so. Hopefully a review of the code changes catches any badness before merging.
@azure-terraformer
Жыл бұрын
Yeah sounds like you have it covered. Looking at the GCP provider it looks like this is officially supported by Google in the APIs so seems legit. On other Azure and AWS this is not the case.
@azure-terraformer
Жыл бұрын
Agreed!