3237 better index

[Stevesibilia]

PR Type

Enhancement

---

Description

• Major refactoring of the outputs structure to improve data organization and secret management:
  • Introduced nested mapping using helm release names as secondary keys
  • Added better handling of null values for helm_release_name and database_name
  • Improved secret name resolution by incorporating helm_release_name consistently
• Added new output variables for better visibility into secret mappings
• Enhanced data structure with grouped_resources for better project organization
• Added conditional creation of bucket_secrets_map based on var.create_buckets
• Improved error handling with better null checks and default values

---

Changes walkthrough 📝

Relevant files

Enhancement

outputs.tf Refactor outputs structure for improved secret management outputs.tf Introduced grouped_resources local variable for better project data organization Enhanced secret mapping with improved handling of helm_release_name Added new outputs for bucket_secrets_map, database_secrets_map, and database_credentials_map Restructured data structure to use nested maps with helm release names as keys +70/-32

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[sparkfabrik-ai-bot]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 Security concerns Sensitive Information Exposure: While the sensitive outputs are properly marked with sensitive = true, the grouped_resources output (lines 55-57) may expose internal project structure and naming conventions that could be useful for attackers. Consider limiting the exposed information in this output.

⚡ Recommended focus areas for review Null Safety The nested try/if conditions for database credentials lookup could fail silently. Need to validate the error handling and default values behavior. Performance Concern Multiple nested for loops and map transformations may impact performance with large number of projects. Consider optimizing data structure transformations. Code Complexity The conditional logic for helm_release_name and database_name resolution is complex and spread across multiple places. Consider extracting common logic into helper functions.

[sparkfabrik-ai-bot]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible bug	Add safety check before accessing first element of a potentially empty list to prevent runtime errors Add error handling for the case when no matching database credentials are found in the list comprehension. Currently, accessing index [0] could fail if the list is empty. outputs.tf [12-17] -[for cred in module.drupal_databases_and_users[0].sql_users_creds : cred +length([for cred in module.drupal_databases_and_users[0].sql_users_creds : cred if cred.database == ( r.database_name != null ? r.database_name : replace("${r.project_name}_${r.gitlab_project_id}_${r.release_branch_name}_dp", "-", "_") -)][0] +)]) > 0 ? [for cred in module.drupal_databases_and_users[0].sql_users_creds : cred + if cred.database == ( + r.database_name != null ? + r.database_name : + replace("${r.project_name}_${r.gitlab_project_id}_${r.release_branch_name}_dp", "-", "_") +)][0] : null Suggestion importance[1-10]: 8 Why: The suggestion addresses a critical potential runtime error by adding a safety check before accessing the first element of a filtered list, which could be empty. This is an important defensive programming practice.	8
Possible issue	Add validation to prevent creation of map entries with null key components Consider adding validation for empty or null values in the grouped_resources map to prevent potential issues with downstream dependencies. outputs.tf [2-3] grouped_resources = { - for p in var.drupal_projects_list : "${p.project_name}-${p.gitlab_project_id}-${p.release_branch_name}" => p... + for p in var.drupal_projects_list : "${p.project_name}-${p.gitlab_project_id}-${p.release_branch_name}" => p... if p.project_name != null && p.gitlab_project_id != null && p.release_branch_name != null } Suggestion importance[1-10]: 6 Why: The suggestion adds important input validation to prevent potential issues with null values in key components, which could cause problems in downstream resources or make debugging difficult.	6
Maintainability	Extract repeated complex string manipulation into a named local variable for better maintainability Consider extracting the complex database name generation logic into a local variable to improve readability and reduce code duplication. outputs.tf [16] -replace("${r.project_name}_${r.gitlab_project_id}_${r.release_branch_name}_dp", "-", "_") +local.generated_database_name +# Add at top of locals block: +# generated_database_name = replace("${r.project_name}_${r.gitlab_project_id}_${r.release_branch_name}_dp", "-", "_") Suggestion importance[1-10]: 3 Why: While the suggestion would improve code maintainability by reducing duplication, the current implementation is already clear and the extraction would add complexity by introducing another variable.	3

[andypanix]

Just a note, it would have been better to avoid repeating the logic for generating the names of the various resources in the output, but if it makes the task much longer/complicated, for me the actual code is good enough and we can merge the PR as is.

Maybe we can consider the feature a nice to have for a refactoring in the future.