Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate that workspace name aligns with var.assessment_account_name value #243

Merged
merged 5 commits into from
May 21, 2024
Merged

Validate that workspace name aligns with var.assessment_account_name value #243

merged 5 commits into from
May 21, 2024

Conversation

dav3r
Copy link
Member

@dav3r dav3r commented May 20, 2024
edited
Loading

🗣 Description

This PR adds an additional check to validate that the value in var.assessment_account_name aligns with the currently-selected workspace name (6ad9330).

Additionally, this PR updates the terraform_apply.sh script so that all of the validation checks of user-supplied data in assessment_validation.tf are performed before any other changes are applied (43126de).

Also note that part of 1b6f8b5 includes a documentation verbiage change (from terraform-docs) that was overlooked during #240.

💭 Motivation and context

We are constantly striving to find ways to reduce human error in our processes. This change should prevent errors where a COOL environment administrator accidentally uses a Terraform variables (tfvars) file meant for a different workspace.

Resolves #241.

🧪 Testing

I tested terraform plan, terraform apply, and terraform_apply.sh by supplying a tfvars file meant for a different COOL workspace. In each case, I got an error message like this:

Error: Resource precondition failed

│   on assessment_validation.tf line 15, in resource "null_resource" "validate_assessment_account_name_matches_workspace":
│   15:       condition     = replace(replace(lower(var.assessment_account_name), "/[()]/", ""), " ", "-") == terraform.workspace
│     ├────────────────
│     │ terraform.workspace is "env123-production"
│     │ var.assessment_account_name is "env456 (Production)"

│ Assessment account name (env456 (Production)) does not align with the currently-selected workspace (env123-production).  Are you sure that you are using the correct tfvars file?

I also verified that when I used the correct tfvars file for my workspace, the error above was not displayed.

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

✅ Post-merge checklist

  • Notify COOL environment administrators about this new validation.

@dav3r dav3r added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label May 20, 2024
@dav3r dav3r self-assigned this May 20, 2024
mcdonnnj
mcdonnnj approved these changes May 21, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@dav3r dav3r changed the title Validate that workspace name aligns with var. assessment_account_name value Validate that workspace name aligns with var.assessment_account_name value May 21, 2024
jsf9k
jsf9k approved these changes May 21, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, with one suggestion that you can take or leave.

assessment_validation.tf Outdated Show resolved Hide resolved
@dav3r dav3r merged commit c050ca8 into develop May 21, 2024
5 checks passed
@dav3r dav3r deleted the improvement/add-workspace-tfvars-check branch May 21, 2024 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

Assignees

@dav3r dav3r

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check that assessment_account_name matches selected Terraform workspace
3 participants
@dav3r @jsf9k @mcdonnnj