Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update terraform-validator version, instructions and CMEK bucket #397

Merged
merged 5 commits into from
Apr 1, 2021
Merged

Update terraform-validator version, instructions and CMEK bucket #397

merged 5 commits into from
Apr 1, 2021

Conversation

daniel-cit
Copy link
Contributor

This PR:

  • Updates the version of terraform-validator used to version 2021-03-22
  • Update the README instructions regarding manual execution of terraform-validator

This PR also replaces the module used in the creation of the Google Cloud Storage bucket in the CMEK examples in the 4-projects environments.

From the main module

terraform-example-foundation/4-projects/business_unit_1/production/example_storage_cmek.tf

Line 69 in 137a379

source = "terraform-google-modules/cloud-storage/google"

to the simple bucket module

   source             = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"

This is necessary because the way the main module construct the bucket attribute in the context of a random bucket name

locals {
...
  names_set    = toset(var.names)
...
resource "google_storage_bucket" "buckets" {
  for_each = local.names_set
...
  uniform_bucket_level_access = lookup(
    var.bucket_policy_only,
    lower(each.value),
    true,
  )

makes the after state of the bucket to be known only after apply which make terraform-validator crash.

Running the terraform-validator version in the master branch
which has the bugfix for the crash, terraform-validator rises a false positive.

Found Violations:

Constraint GCPStorageBucketPolicyOnlyConstraintV1.require_bucket_policy_only on resource //storage.googleapis.com/placeholder-fgDsc2WD: //storage.googleapis.com/placeholder-fgDsc2WD does not have bucket policy only enabled.

both issues, the crash and the false positive do not happen when using the simple bucket module

This change can be made because the CMEK creates a single bucket.

@daniel-cit daniel-cit requested a review from a team as a code owner March 29, 2021 19:52
bharathkkb
bharathkkb approved these changes Mar 29, 2021
View reviewed changes
0-bootstrap/README.md Outdated Show resolved Hide resolved
@daniel-cit daniel-cit force-pushed the bugfix/fix-terraform-validator-instructions branch from 4168ac5 to 889519d Compare March 31, 2021 18:19
@daniel-cit daniel-cit changed the base branch from develop to master March 31, 2021 18:20
@daniel-cit
Copy link
Contributor Author

@bharathkkb rebased to main branch

@bharathkkb bharathkkb merged commit 8f7c58e into terraform-google-modules:master Apr 1, 2021
@daniel-cit daniel-cit mentioned this pull request Apr 27, 2021
Closed
@daniel-cit daniel-cit deleted the bugfix/fix-terraform-validator-instructions branch September 2, 2022 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bharathkkb bharathkkb bharathkkb approved these changes

@rjerrems rjerrems Awaiting requested review from rjerrems rjerrems is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@daniel-cit @bharathkkb