Remote peering #81
Remote peering #81
Conversation
fix merge
fix merge
There was a problem hiding this comment.
This looks fantastic, nicely done @alexwood. No real significant feedback.
Perhaps while the Authenticators API is still togglable/unstable, is there a way to annotate a resource in TF to indicate its experimental ? Just don't want this Terraform release to be our formal commitment to the API until we officially make it stable in future platform releases.
| file_sets = data.kaleido_platform_network_bootstrap_data.net_og_bootstrap.bootstrap_files != null ? { | ||
| init = data.kaleido_platform_network_bootstrap_data.net_og_bootstrap.bootstrap_files | ||
| } : {} | ||
| init_files = data.kaleido_platform_network_bootstrap_data.net_og_bootstrap.bootstrap_files != null ? "init" : null |
There was a problem hiding this comment.
do we need the conditional if we have a proper dependency on the data object here ?
There was a problem hiding this comment.
yeah good point. I will try removing it. I added this when I was trying to make it work with one resource before I added the datasource
| } : {} | ||
| init_files = data.kaleido_platform_network_bootstrap_data.net_og_bootstrap.bootstrap_files != null ? "init" : null | ||
| config_json = jsonencode({}) | ||
| depends_on = [kaleido_platform_network.net_og, kaleido_platform_service.bns_signer_net_og, data.kaleido_platform_network_bootstrap_data.net_og_bootstrap] |
There was a problem hiding this comment.
nit: depends_on is needed to make explicit dependencies btwn objects when a clear dependency doesn't exist. So I think only the service.bns_signer... is really needed here bc the data is directly referenced in the file sets / init files, and the data depends on the network (and the service).
There was a problem hiding this comment.
yeah also true. I will remove and retest it
| // Authenticators | ||
| resource "kaleido_platform_authenticator" "net_sec_authenticator" { | ||
| provider = kaleido.secondary | ||
| type = "Permitted" | ||
| name = "${var.secondary_name}_auth" | ||
| environment = kaleido_platform_environment.env_sec.id | ||
| network = kaleido_platform_network.net_sec.id | ||
| zone = var.secondary_peer_network_dz | ||
| conn = var.secondary_peer_network_connection | ||
| permitted_json = jsonencode({ peers = [ for peer in resource.kaleido_platform_service.bns_peer_net_og : jsondecode(peer.connectivity_json) ] }) | ||
| depends_on = [kaleido_platform_network.net_sec, kaleido_platform_service.bns_peer_net_og] | ||
| } | ||
|
|
||
|
|
||
| resource "kaleido_platform_authenticator" "net_og_authenticator" { | ||
| provider = kaleido.originator | ||
| type = "Permitted" | ||
| name = "${var.originator_name}_auth" | ||
| environment = kaleido_platform_environment.env_og.id | ||
| network = kaleido_platform_network.net_og.id | ||
| zone = var.originator_peer_network_dz | ||
| conn = var.originator_peer_network_connection | ||
| permitted_json = jsonencode({ peers = [ for peer in resource.kaleido_platform_service.bns_peer_net_sec : jsondecode(peer.connectivity_json) ] }) | ||
| depends_on = [kaleido_platform_network.net_og, kaleido_platform_service.bns_peer_net_sec] | ||
| } |
yes this is a good point. |
Support remote peering in kaleido platform terraform
Adds
Also had to add additional read in service Create so that the connectivity status got read again (after wait for ready completed) or else it would not be set.
There is an operator PR to go along with this https://github.com/kaleido-io/kap-operator/pull/1858