Container Groups (ACI) - added secure environment variables #1874
Conversation
|
@metacpp @tombuildsstuff - I see that this PR has gone conflicted. I going to hold off on fixing the conflict until some interest / traction / feedback has been given to the PR. Let me know and I will fix it up. Thanks |
azurerm/config.go
Outdated
| @@ -14,7 +14,7 @@ import ( | |||
| "github.com/Azure/azure-sdk-for-go/services/automation/mgmt/2015-10-31/automation" | |||
| "github.com/Azure/azure-sdk-for-go/services/cdn/mgmt/2017-10-12/cdn" | |||
| "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-06-01/compute" | |||
| "github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-04-01/containerinstance" | |||
| "github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-06-01/containerinstance" | |||
There was a problem hiding this comment.
Please use the 2018-09-01 in v21.1.0
There was a problem hiding this comment.
@metacpp, per our email conversation, I will keep this one at 2018-06-01 due to significant refactor in 2018-09-01. Once the secure environment variables PR has been merged, I will create a new PR to refactor the provider to use ACI 2018-09-01.
| Optional: true, | ||
| ForceNew: true, | ||
| Sensitive: true, | ||
| }, |
There was a problem hiding this comment.
Since this newly added schema, can you also update the documentation for ACI resource?
| } | ||
|
|
||
| for _, v := range *secevar { | ||
| *evar = append(*evar, v) | ||
| } |
There was a problem hiding this comment.
Allocation for too many times, change it to:
evar = &append(*evar, *secevar...)
| @@ -564,10 +571,24 @@ func expandContainerGroupContainers(d *schema.ResourceData) (*[]containerinstanc | |||
| containerGroupPorts = append(containerGroupPorts, containerGroupPort) | |||
| } | |||
|
|
|||
| // Set both secure and non-secure environment variables | |||
| var evar *[]containerinstance.EnvironmentVariable | |||
| SecureValue: utils.String(v.(string)), | ||
| } | ||
|
|
||
| output = append(output, ev) |
There was a problem hiding this comment.
Isn't the re-allocation happening too frequently?
There was a problem hiding this comment.
@metacpp - I am struggling with this one, most likely a misunderstanding on my part about how this should work in Go.
Basically an environment variable and secure environment variable are the same type, with the only difference being the name of the value property (Value vs. SecureValue). That said, rather then having a single Terraform argument for environment_variables with a flag for secure, I think it works better to have two, one for environment_variables and another for secure_environment_variables. This makes for a nicer Terraform configuration.
So, for each argument, I pass the list of environment variables to the expand function.
// Expand environment variables, produces a slice of env (envVars)
if v, ok := data["environment_variables"]; ok {
envVars = expandContainerEnvironmentVariables(v, false)
}
// Expand environment variables, produces a slice of env (secEnvVars)
if v, ok := data["secure_environment_variables"]; ok {
secEnvVars = expandContainerEnvironmentVariables(v, true)
}
The expand function is called at max twice and returns a []containerinstance.EnvironmentVariable for each type of environment variable.
func expandContainerEnvironmentVariables(input interface{}, secure bool) *[]containerinstance.EnvironmentVariable {
envVars := input.(map[string]interface{})
output := make([]containerinstance.EnvironmentVariable, 0)
// For each secure environment variable, build the instance and add to output (slice)
if secure == true {
for k, v := range envVars {
ev := containerinstance.EnvironmentVariable{
Name: utils.String(k),
SecureValue: utils.String(v.(string)),
}
output = append(output, ev)
}
} else {
for k, v := range envVars {
ev := containerinstance.EnvironmentVariable{
Name: utils.String(k),
Value: utils.String(v.(string)),
}
output = append(output, ev)
}
}
return &output
}
These are then combined and set.
// Combine envVars and secEnvVars
*envVars = append(*envVars, *secEnvVars...)
container.EnvironmentVariables = envVars
| Value: utils.String(v.(string)), | ||
| } | ||
|
|
||
| output = append(output, ev) |
There was a problem hiding this comment.
Isn't re-allocation happening too frequently?
| @@ -469,6 +475,12 @@ resource "azurerm_container_group" "test" { | |||
| "foo" = "bar" | |||
| "foo1" = "bar1" | |||
| } | |||
|
|
|||
| secure_environment_variables { | |||
| "foo" = "bar" | |||
| @@ -536,6 +548,11 @@ resource "azurerm_container_group" "test" { | |||
| "foo1" = "bar1" | |||
| } | |||
|
|
|||
| secure_environment_variables { | |||
| "foo" = "bar" | |||
|
@neilpeterson I did some cleanup work on your branch and hope you don't mind. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
This PR adds Azure Container Instances secure environment variables.
Fundamentally the only difference between an environment variable and a secured variable is the value property name (Value vs. SecureValue), however for ease of use I am treating them as separate properties (seen in the below sample).
I have limited experience with Go, and this is my first PR to this project. Any critique / coaching would be appreciated.