[wip] Basic AWS OpsWorks support #1892
Conversation
|
Ah, I'm also working on implementing basic OpsWorks support and I found this PR when I supposed to open PR. You can find my works at https://github.com/nabeken/terraform/tree/aws-opsworks I have finished implementing 3 resources that has acc tests passing:
Currently, I have no interest in implementing builtin layer resources but I think we can merge our efforts. |
|
@nabeken I'm sorry that we've done some duplicated work here. Hopefully we can take a bit of both of our work and merge them together. It looks like you made custom recipes a separate resource than the layer itself, which was a different direction than I took. In my current implementation the custom recipes are just nested inside the layer, with a separate property for each type: resource "aws_opsworks_custom_layer" "foo" {
stack_id = "${aws_opsworks_stack.bar.id}"
name = "foo"
short_name = "foo"
custom_undeploy_recipes = [
"x", "y", "x"
]
custom_configure_recipes = [
"foo", "bar", "baz"
]
}What was your reason for making the custom recipes a separate resource? It feels a little unnatural to do that since each layer can have only one set of recipes for each type, and so it wouldn't make sense to have more than one I have support for all of the different layer types in my changesets, as well as the "custom" one. Our stack designs look very similar, with only internal implementation differences between them. I was planning to finish up my work here with the following extra parts:
I've not written any acceptance tests yet, since I've just been testing manually with a local configuration. Do you mind if I incorporate your acceptance tests into my patchset as a starting point? Then I will also write more acceptance tests for the other resource types mentioned above once I get to them. (I hope to be able to wrap this whole thing up later in the week.) |
|
@apparentlymart Thanks for your comment.
I tried to implement a layer resource as close as API request object so it looked like this: I found You made custom recipes into flatten
No, I don't mind. Feel free to take any my changes:smile: I'll do some manual testing with your changes if I have a chance.
It is very interesting to me but I guess we need more time to land. This PR has already over 1000 lines and it will become more larger:smile: I think having at least two Once basic OpsWorks support lands on Terraform, more user can start using OpsWorks resources and we can get more feedbacks. What do you think? |
|
Sure, we could try to just land the changes so far, and I'll attack the rest as a separate changeset. For the use-case I have in mind (using Terraform to deploy an app to OpsWorks) I need the rest of the functionality, but no reason we can't get this first set of resources polished and merged first. |
|
What is already possible to do? Would love to see it merged and contribute, so I will probably use your fork for now. |
|
@apparentlymart I tested Here is my thoughts. around aws.awsResourceDataYou tried to wrap
For example: In this case, TF tries to set A solution here is just putting The solution results in mixing up If we really want to have Regionregion value can be filled automatically from AWS provider. Create and UpdateWe can reduce some duplications between In createOpts := &opsworks.CreateStackInput{
DefaultInstanceProfileARN: aws.String(d.Get("default_instance_profile_arn").(string)),
Name: aws.String(d.Get("name").(string)),
Region: aws.String(stackRegion),
ServiceRoleARN: aws.String(d.Get("service_role_arn").(string)),
}
... conn.CreateStack(createOpts)
...Then, we can return with calling When we need to add a new value, we can just put a value only in That's all for now and sorry for long reply. I really want this to be landed. I'll test layer resources if I have a change. Thanks! |
|
Thanks for the testing and feedback, @nabeken. I will see how the patch looks without the Given that OpsWorks is a "global" service but that its stack resources must in fact be attached to regions, I concluded that it was better for usability to not expose this detail and just use the provider region, so that the opsworks resources work the same way as most other AWS resources. It sounds like you disagree and would like the ability to override it per-resource. Given that it is easy to support (as you showed) I will include the ability to override it as you did. Unfortunately some other work came up for me that prevented me from completing this last week, but I will work on this again once I am finished with my other project. |
|
@apparentlymart I tested here is my thoughts (cont): raid_levelI think Another point is here: Go's zero-value for int is also ebs_volumeI guess custom_jsonI forgot to mention in previous but I'm really missing stack in VPC vs security groups and IAMThere are some wired problems in AWS's end. For Security Groups: OpsWorks tries to create builtin security groups in VPC and it will happen in async. Without this workarounds, acceptance tests in VPC will become harder. For IAM: IAM's change seems not to propagate immediately. In some cases, especially with TF's IAM resources, we might get That's all from me. Thank you for your hard work. |
|
@nabeken thanks again for the feedback. I will be working on this patch some more today. I should have mentioned This seems much more natural than what I presume we'd need to do today: So I skipped over that attribute with the intention of discussing its implementation, but didn't then start the discussion. I'll just implement it as in the second example above (for which there is already a precedent in |
There are several AWS services that are global in scope and thus need to be accessed via the us-east-1 endpoints, so we'll make the us-east-1 variant of the config available as a variable we can reuse between multiple clients as we add support for new services.
|
I have rewritten the |
Although the AWS API only has one type called "Layer", it actually has a number of different "soft" types that each have slightly different validation rules and extra properties that are packed into the Attributes map. To make the validation rule differences explicit in Terraform, and to make the Terraform structure more closely resemble the OpsWorks UI than its API, we use a separate resource type per layer type, with the common code factored out into a shared struct type.
|
I created #2162 to submit just the stack and layer support, as suggested earlier. I'm going to keep this PR open to represent the work to implement the remaining OpsWorks objects, since it's been linked from a few places like the AWS support checklist spreadsheet. |
|
Right now I don't see myself doing any further work on Opsworks so I'm closing this so I don't scare others away from working on it. #2162 represents a subset of what this PR originally set out to do, and I'm not expecting to go beyond that since it takes a long time to get these things merged and maintaining my branches against ongoing other changes to the AWS provider is becoming a timesuck. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This merge request is still a work-in-progress. Pushing it up early so others can see that this is being worked on, and to gather any early feedback anyone might want to give.