Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advocate tags that comply with the standard #30

Open
explorigin opened this issue Apr 25, 2023 · 5 comments
Open

Advocate tags that comply with the standard #30

explorigin opened this issue Apr 25, 2023 · 5 comments

Comments

@explorigin
Copy link
Contributor

explorigin commented Apr 25, 2023
edited
Loading

The default tags specified in https://github.com/RSS-Engineering/terraform/blob/main/backend_state_init/backend.tf.sample#L17 should be changed to meet two standards:

For RPCS:

  • Set confidentiality to "Confidential" - this is a base default and can be modified but we want it to be secure by default

For RSS:

  • Set env (doubles with environment but better to have both)
  • service - name of the app
@cre8ive-gds
Copy link

@explorigin Shall the version be a 7-digit hash of the git commit as per the RSS tagging standard?
In the issue, it says 6-digit hash.

@explorigin
Copy link
Contributor Author

Actually, I don't recommend it at all. If we have the commit hash as a tag on every asset we either have to ignore that tag in the lifecycle settings or update that resource on every apply. (-: (ask me how I know!)

@explorigin
Copy link
Contributor Author

Removed version from the original issue description.

@cre8ive-gds
Copy link

cre8ive-gds commented May 4, 2023
edited
Loading

Actually, I don't recommend it at all. If we have the commit hash as a tag on every asset we either have to ignore that tag in the lifecycle settings or update that resource on every apply. (-: (ask me how I know!)

For our use case, we'll most likely end up running terraform commands only once when setting up the infrastructure (S3 buckets) for the new micro-ui, so it doesn't hurt to keep the version.

Ooc :), does the ignore_changes lifecycle hook work for tags?

locals {
  common_tags = {
    app-name: 'my-app'
    version: 'git-sha'
  }
}

resource "aws_s3_bucket" "application" {
  bucket = "my-app"
  tags   = local.common_tags
  lifecycle {
    ignore_changes = [
      tags.version
    ]
  }
}

@explorigin
Copy link
Contributor Author

The example I saw was more like:

  lifecycle {
    ignore_changes = [
      tags["version"]
    ]
  }

But I didn't try it so I'm not certain that it will work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@explorigin @cre8ive-gds