feat: Add role name suffix #64
Conversation
| @@ -126,7 +126,7 @@ resource "aws_iam_role_policy_attachment" "logs" { | |||
| resource "aws_iam_role" "service_role" { | |||
| for_each = local.service_roles_with_specific_policies | |||
|
|
|||
| name = lookup(each.value, "service_role_name", "${each.key}-role") | |||
| name = "${lookup(each.value, "service_role_name", "${each.key}-role")}${var.role_suffix}" | |||
There was a problem hiding this comment.
You need to specify service_role_name argument in services to achieve what you want.
There was a problem hiding this comment.
not sure what you mean by services
undocumented field of maps passed into datasources variable?
i think that's what you're implying
will try to validate next week
might update pull request to be documentation-focused if it validates
speaking of variables/inputs with nested maps, are you aware of any prior art for documenting schemas for these complex inputs?
There was a problem hiding this comment.
My bad, it was not services, but datasources:
datasources = {
lambda1 = {
# omitted...
service_role_name = "whatever-you-want-as-a-role-name"
}
}Regarding documenting nested map types, I am not sure I understand what you mean or whether it is related to this module.
There was a problem hiding this comment.
validated service_role_name. thanks.
Regarding documenting nested map types, I am not sure I understand what you mean or whether it is related to this module.
not this module specifically...
the terraform authors gave us a way to document variables and specify types for them, but i've seen no guidance on any pattern to document the contents of a map, especially with nested fields.
oh wow - i've been sleeping on the tf docs - this exists! https://developer.hashicorp.com/terraform/language/v1.5.x/expressions/type-constraints#optional-object-type-attributes
well, i guess one of us might should make a pr updating the variables types
There was a problem hiding this comment.
take a look at #65 and let me know if i'm on the right track. ty.
Description
add optional input whose value is appended to generated role names to prevent collisions in same account
Motivation and Context
if you want to deploy multiple instances of a configuration using this module in the same account, without this change, the role names would collide
Breaking Changes
no
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull requestI used this module in the development of an application config module.
The issue was discovered by invoking my module twice.
Collisions were resolved in other resources in my module.
The appsync module provided needed forked because there was no provision to change the generated datasource roles.
After the changes were made and the proper inputs provided, I was able to deploy two side by side instances of my app module.