Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generic data sources #349

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Generic data sources #349

wants to merge 4 commits into from
+916 −1

Conversation

a-ferri
Copy link

@a-ferri a-ferri commented Apr 4, 2022
edited

Issue-id

PR Checklist

  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code follows the code style of this project.
  • I ran lint checks locally prior to submission.
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Description

Currently, we have no options to reference resources that are not being managed by the CAF Module.

This PR provides a way to dynamically add data sources for gathering data from external resources.

It can be handy as many of us have to deal with the existing infrastructure that is not worth importing to CAF's module.

General guidance

Using this requires a new variable (data_sources) with the following structure:

data_sources = {
  resource_type = {
    key = {
      # key = value :: attributes used by this resource type data source
    }
  }
}

example:

You can check the data source documentation so you know which attributes are needed.

Note that this link takes you to an older version of azurerm provider docs

If we want to query for a subscription our data_sources variable would look like this:

data_sources = {
  subscriptions = {
    my_subscription_key = {
      subscription_id = "11111111-1111-1111-1111-1111111111111111"
    }
  }
}

And then you can refer to that subscription like:

role_mapping = {
  built_in_role_mapping = {
    subscriptions = {
      my_subscription_key = {
        "Contributor" = {
          managed_identities = {
            keys = ["my_msi"]
          }
        }
      }
    }
  } 
}

Caveats

For most cases, you can only refer to resources at the same subscription that you've configured your backend as most of data sources needs the resource group name (which is scoped to the subscription) as an input.

In our example case, the subscription data source is not tied to the subscription that your authenticated principal is using, so it will work if your credentials have access to it.

Does this introduce a breaking change

  • YES
  • NO

In order to have it working, the aztfmod module needs the variable data_sources in place and some locals changes.
The aztfmod/terraform-azurerm-caf/pull/1068 must be merged first.

Testing

@a-ferri a-ferri mentioned this pull request Apr 4, 2022
Merged
6 tasks
@a-ferri a-ferri marked this pull request as ready for review April 4, 2022 16:11
@LaurentLesle LaurentLesle self-requested a review April 12, 2022 05:33
@LaurentLesle LaurentLesle added the enhancement New feature or request label Apr 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LaurentLesle LaurentLesle Awaiting requested review from LaurentLesle

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@a-ferri @LaurentLesle