feat: add authorization policy for spoke -> hub DNS access #775
Conversation
MatthewLemmond
requested review from
rajatagarwal-ibm and
maheshwarishikha
as code owners
examples/existing_vpc/variables.tf
Outdated
| @@ -32,5 +32,5 @@ variable "existing_resource_group_name" { | |||
| variable "name" { | |||
| description = "The string is used as a prefix for the naming of VPC resources." | |||
| type = string | |||
| default = null | |||
| default = "existing-vpc" | |||
There was a problem hiding this comment.
As a note, pre-commit was failing on this line when it was null with the following:
TFLint in examples/existing_vpc/:
Failed to prepare rule checking; failed to eval an expression in ../../dynamic_values.tf:7; ../../dynamic_values.tf:7,64-72: Invalid template interpolation value; The expression result is null. Cannot include a null value in a string template.:
Error: Invalid template interpolation value
on ../../dynamic_values.tf line 7, in module "dynamic_values":
7: prefix = var.prefix != null ? "${var.prefix}-${var.name}" : var.name
with var.name set to null.
The expression result is null. Cannot include a null value in a string template.
I added a default string here to get past the pre-commit error, but this may need to have no default/require a value be passed in at all times
There was a problem hiding this comment.
I'd suggest to make it mandatory
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
1 similar comment
|
/run pipeline |
|
Also, you could update readme in examples and at the root module about supporting different accounts for hub and spoke vpcs. |
examples/existing_vpc/variables.tf
Outdated
| @@ -32,5 +32,5 @@ variable "existing_resource_group_name" { | |||
| variable "name" { | |||
| description = "The string is used as a prefix for the naming of VPC resources." | |||
| type = string | |||
| default = null | |||
| default = "existing-vpc" | |||
There was a problem hiding this comment.
I'd suggest to make it mandatory
|
The hub and spoke delegated example (weekly test) is failing with a different error than the one seen that prompted this PR, error is as follows: Not sure if this is an issue with the terraform or a problem on the provider side but needs more investigation |
|
/run pipeline |
|
/run pipeline |
Would you like a create an issue please? I think there might be some update to the provider and we may need to investigate the deletion flow. |
|
🎉 This PR is included in version 7.18.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
#776 created to track the aforementioned issue with the destroy |
Description
Create an authorization policy from the spoke vpc to hub vpc to authorize the spoke to receive the DNS information from the hub, more details on the issue in #757
resolves #757
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers