feat: support for new quotas submodule and standard DA #208
Conversation
Soaib024
changed the title
|
Upgrade test is expected to fail as previous directory used by it no longer exists |
Soaib024
changed the title
| destroy_method = "PATCH" | ||
| destroy_path = "//${var.container_registry_endpoint}/api/v1/quotas" | ||
| destroy_data = jsonencode({ | ||
| "storage_megabytes" : 500 # set to default 500 MB |
There was a problem hiding this comment.
This might be ok but my worry here is that if a user does not start at 500mb the destroy is not reverting to the previous value. Account settings with IAM settings have a similar problem. We should check how that module handles it. @ocofaigh this is what I mentioned
There was a problem hiding this comment.
Here is what I was thinking of. The ibm_iam_account_settings resource supports setting the value NOT_SET for some account settings. And as per provider docs:
NOT_SET - to 'unset' a previous set value.
I don't know how the provider is doing this? Are the storing the previous value in the state?
There was a problem hiding this comment.
We are using restapi provider here and there isn't any previous value in the state file, it's mostly the api response
There was a problem hiding this comment.
Not sure what else we can do here. Do we have a provider issue open to support doing this in provider?
There was a problem hiding this comment.
Created the provider issue -> IBM-Cloud/terraform-provider-ibm#5816
| destroy_method = "PATCH" | ||
| destroy_path = "//${var.container_registry_endpoint}/api/v1/quotas" | ||
| destroy_data = jsonencode({ | ||
| "storage_megabytes" : 500 # set to default 500 MB |
There was a problem hiding this comment.
Here is what I was thinking of. The ibm_iam_account_settings resource supports setting the value NOT_SET for some account settings. And as per provider docs:
NOT_SET - to 'unset' a previous set value.
I don't know how the provider is doing this? Are the storing the previous value in the state?
solutions/standard/variables.tf
Outdated
|
|
||
| variable "region" { | ||
| type = string | ||
| description = "The IBM Cloud region where the container registry namespace and retentation policy will be created." |
There was a problem hiding this comment.
It seems your only using region in the provider config. Meaning its going to apply to all resources in the DA. Since the namespace resources doesn't take in any region value, I suspect it takes it from the provider config? So what happens if a user want to create a global namespace? Does region support taking in the string global? If so, I suspect you will want to use a provider alias just for namespace creation.
There was a problem hiding this comment.
Yes, using global as a region works
I have added a new provider block with namespace alias and also renamed region variable to namespace_region
This block will be used for resource group and to get a iam token
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = "us-south"
}
This block will be used to create namespace and set retentation policy
provider "ibm" {
alias = "namespace"
ibmcloud_api_key = var.ibmcloud_api_key
region = var.namespace_region
}
solutions/standard/variables.tf
Outdated
| variable "container_registry_endpoint" { | ||
| description = "The endpoint of the ICR region, eg. https://us.icr.io or https://de.icr.io" | ||
| type = string | ||
| default = "us.icr.io" |
There was a problem hiding this comment.
why do we need to ask for this if we already ask for region? I suspect we can create a mapping between region and the corresponding CR endpoint.
We may though wan't to ask what endpoint type to use, and default to private
There was a problem hiding this comment.
region field was used for namespace, whereas the registry endpoint field is used to set the plan and quotas for the registry. I have renamed region to namespace_region as it is more intuitive.
Additionally, there isn't a direct one-to-one mapping between regions and ICR endpoints. For instance, if I want to use the jp.icr.io registry, its local region name is ap-north, but it's also known as jp-tok.
I think directly inputting the endpoint with a clear description indicating that it will be used for updating plan and quotas would be a simpler and more convenient approach also we might need to maintain mapping and validation if theres any changes in future.
However, if you think a mapping would be beneficial, let me know, and I can create it based on this table https://cloud.ibm.com/docs/Registry?topic=Registry-registry_overview#registry_regions_local
There was a problem hiding this comment.
I think if we can programatically determine this we should. I'm trying to reduce the amount of places where the consumer can make a mistake. If they entered jp-tok for namespace_region for example, they may not realise they also need to update this variable to be jp.icr.io. So I think its a better user experience if we do mapping. We do it in other DAs too (for example here)
There was a problem hiding this comment.
one thing we may need to expose is an endpoint type incase user doesn't have access to public endpoint, and does have access to the IBM private one. But perhaps we can re-use the value passed with the provider_visibility input?
|
/run pipeline |
solutions/standard/variables.tf
Outdated
|
|
||
| variable "storage_megabytes" { | ||
| type = number | ||
| description = "The storage quota in megabytes for the container registry. Use -1 for unlimited storage." |
There was a problem hiding this comment.
What is the behaviour is no value is set? The description should include this information
| destroy_method = "PATCH" | ||
| destroy_path = "//${var.container_registry_endpoint}/api/v1/quotas" | ||
| destroy_data = jsonencode({ | ||
| "storage_megabytes" : 500 # set to default 500 MB |
There was a problem hiding this comment.
Not sure what else we can do here. Do we have a provider issue open to support doing this in provider?
|
@Soaib024 what is the latest here? |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
🎉 This PR is included in version 1.3.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Description
issue: https://github.ibm.com/GoldenEye/issues/issues/11125
(At a time only one namespace can be created, and plan and quotas can be set only for one registry this is done to avoid complex input variable (list of object))
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers