rfc: resource pinning #5711
rfc: resource pinning #5711
Conversation
|
Thanks for opening this pull request! 🎉
|
|
|
||
| ## Requirements | ||
|
|
||
| ### Functional |
There was a problem hiding this comment.
Is there a requirement to be able to control the policy? In CFN and TF there's a distinction between "disallow removal" and "leave orphan".
There was a problem hiding this comment.
I'm not sure what this means in the context of the logical tree.
In the context of CFN/TF, I considered platform-level handling out of scope for this RFC. Presumably this is the sort of metadata that can be added to the pinfile next to.
There was a problem hiding this comment.
Yes, sounds like the right direction to put this in the pinfile as additional attributes.
Might want to make sure the schema of this file allows it.
There was a problem hiding this comment.
In CFN and TF there's a distinction between "disallow removal" and "leave orphan".
Does TF have "leave orphan"? I mean you can technically remove a tf resource from the json and the statefile at the same time but terraform itself doesn't have a any way to declare that intention AFAIK. hashicorp/terraform#27035
If TF doesn't have it, I think it's okay leaving out for now. We can add it to the pinfile but it would likely not be implemented in the first version.
|
|
||
| ```shell | ||
| # (output) | ||
| [-pin] /root/CoolBucket |
There was a problem hiding this comment.
| [-pin] /root/CoolBucket | |
| [unpinned] /root/CoolBucket |
There was a problem hiding this comment.
I like the simple verb, it's shorter (IMO unpinned is kinda an icky looking word) and makes it clear that the CLI just did an action for you. Not a deal breaker for me though.
Co-authored-by: Elad Ben-Israel <eladb@monada.co>
| "tf-aws": { | ||
| "aws_s3_bucket.MyBucket_AD8CE4AC": { | ||
| "type": "@cdktf/provider-aws.s3bucket.S3Bucket", | ||
| "originalPath": "aws_s3_bucket.CoolBucket", |
There was a problem hiding this comment.
This still feels wrong... I am sorry :-(
The new terraform resource name (aws_s3_bucket.MyBucket_AD8CE4AC) is not really something that I care about or understand as a user and not something that I need to carry forward with me.
Wing code "speaks" in logical node path terms. These are the IDs that users understand (and oftentimes assign themselves through as X).
I am sorry but I still think that this simply needs to be a map between logical node paths and terraform resource names.
Happy to talk more about this because it feels like something is misaligned in requirements/use case :-)
I also don't think we need the attributes of the resource here. This will be huge duplication with the Terraform output and I don't see why it is needed.
This is what I think this should look like:
// main.w.pin.json
{
"version": "1",
"pinned": {
"tf-aws": {
"/MyBucket/Bucket": {
"terraform_name": "aws_s3_bucket.CoolBucket",
"type": "@cdktf/provider-aws.s3bucket.S3Bucket"
}
}
}
}There was a problem hiding this comment.
The problem with logical->physical is that 1 logical can have multiple physical, no?
I'm probably mistaken, so I'll change that
I also don't think we need the attributes of the resource here.
To prevent attributes from changing to avoid resource replacement. I can remove this if it's not needed.
terraform_name
I think it's useful for the schema of this pinfile to be standard across platforms (other than the attribute keys). Especially since it's not difficult to do. If it's not useful I can remove it.
There was a problem hiding this comment.
The problem with logical->physical is that 1 logical can have multiple physical, no?
I think this should refer to the logical path of the leaf node.
I think it's useful for the schema of this pinfile to be standard across platforms
OK, although I am not sure this is something we need to abstract. This name is target specific. For example, in Terraform, it always has the TF type as a prefix, in CFN there are some characters that are not allowed, in K8S it has a strict length limit. In other targets it might not even be a string (god forbid)...
So from a design perspective, it actually makes more sense to give it a concrete name like terraform_name or terraform_id instead of trying to generalize.
There was a problem hiding this comment.
I think this should refer to the logical path of the leaf node.
Yeah that's what I meant. I think platforms can technically emit more than one physical thing given a single logical leaf.
There was a problem hiding this comment.
Eventually, in CDKTF/AWSCDK/CDK8S there's a 1:1 mapping between L1s and resources in the target configuration. That's the "leaf node" that we should pin.
There was a problem hiding this comment.
Eventually, in CDKTF/AWSCDK/CDK8S there's a 1:1 mapping between L1s and resources in the target configuration
I understand that's how these CDKs work, but it is technically possible for a single construct to spit out multiple things. Or I could even make my own type of CDK and not consider that restriction either. I thought it'd be useful for this pinfile to basically skip any possible abstractions and go straight to the actual output both for the source and destination of the mapping.
That being said, I'll change it to logical -> physical because the 1:many is obviously the 0.01% case
btw, are you okay with storing the attributes in the pinfile as well or should that be addressed?
There was a problem hiding this comment.
btw, are you okay with storing the attributes in the pinfile as well or should that be addressed?
I would recommend starting with the minimal amount of surface for this and add later, so I'd feel more comfortable to remove it for now, but if you feel strongly about it, then I am okay :-)
#901
Rendered Version
By submitting this pull request, I confirm that my contribution is made under the terms of the Wing Cloud Contribution License.