Refactor Terraform variables and locals for environment consistency

[brettcurtis]

Summary by CodeRabbit

• New Features

  • Streamlined Terraform configuration by removing unnecessary input variables (environment, region, zone), simplifying the setup process.

• Bug Fixes

  • Updated versions of pre-commit hooks to ensure improved functionality and security.

• Documentation

  • Revised documentation to reflect the removal of input variables, aiding in clearer understanding for users.

• Tests

  • Adjusted test configurations to align with the updated input variables, ensuring accurate testing environments.

[infracost]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[coderabbitai]

Walkthrough

This pull request includes updates to Terraform configuration files and pre-commit hook versions. The .pre-commit-config.yaml file has updated versions for the pre-commit-hooks and checkov repositories. Several input variables related to Terraform configurations, specifically environment, region, and zone, have been removed from various files, while new local variables have been introduced. Additionally, modifications were made to the resource definitions in main.tf and manifest files to streamline configurations and improve dynamic referencing.

Changes

File	Change Summary
.pre-commit-config.yaml	Updated pre-commit-hooks from v4.6.0 to v5.0.0; updated checkov from 3.2.255 to 3.2.257.
regional/README.md	Removed input variables: environment, region, zone.
regional/locals.tf	Added local variables: environment, region, zone; updated multi_cluster_name and env references.
regional/main.tf	Updated google_compute_global_address name; replaced static set blocks with dynamic blocks for Helm; updated issuer references in kubernetes_manifest.
regional/manifests/main.tf	Removed commented-out instructions for TLS certificate configuration in istio_gateway.
regional/variables.tf	Removed input variables: environment, region, zone.
tests/default.tftest.hcl	Removed variables: region, zone, environment from default_regional run.
tests/fixtures/default/locals.tf	Updated env key in labels map to hardcoded string "mock-environment".
tests/fixtures/default/regional/locals.tf	Updated env key in labels map to hardcoded string "mock-environment".
tests/fixtures/default/regional/main.tf	Removed variables: environment, region, zone in module test.
tests/fixtures/default/regional/variables.tf	Removed input variables: environment, region, zone.
tests/fixtures/default/variables.tf	Removed variable: environment.

Possibly related PRs

• Resource alignment #7: Involves an update to the .pre-commit-config.yaml file, specifically changing the version of the checkov repository, which is directly related to the version updates in the main PR.
• Add cert-manager resources for Istio CA and TLS certificates #22: Introduces a new input variable zone in the regional/variables.tf file, relevant to the main PR's context of managing Terraform configurations.

Suggested labels

enhancement

Suggested reviewers

• osinfra-sa

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

regional/locals.tf (1)

17-17: Expand env_map to include all environments

The env_map currently includes mappings for "non-production", "production", and "sandbox". If there are additional environments that might be used, they should be added to the map to prevent falling back to the default "none" value.

Consider updating env_map to include all possible environments derived from terraform.workspace.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between c5d0253 and e6d05d5.

📒 Files selected for processing (12)

• .pre-commit-config.yaml (2 hunks)
• regional/README.md (0 hunks)
• regional/locals.tf (1 hunks)
• regional/main.tf (6 hunks)
• regional/manifests/main.tf (0 hunks)
• regional/variables.tf (0 hunks)
• tests/default.tftest.hcl (0 hunks)
• tests/fixtures/default/locals.tf (1 hunks)
• tests/fixtures/default/regional/locals.tf (1 hunks)
• tests/fixtures/default/regional/main.tf (0 hunks)
• tests/fixtures/default/regional/variables.tf (0 hunks)
• tests/fixtures/default/variables.tf (0 hunks)

💤 Files with no reviewable changes (7)

• regional/README.md
• regional/manifests/main.tf
• regional/variables.tf
• tests/default.tftest.hcl
• tests/fixtures/default/regional/main.tf
• tests/fixtures/default/regional/variables.tf
• tests/fixtures/default/variables.tf

✅ Files skipped from review due to trivial changes (1)

• .pre-commit-config.yaml

🧰 Additional context used

🔇 Additional comments (11)

tests/fixtures/default/locals.tf (1)

7-7: LGTM! Consistent approach for test fixtures.

The change from var.environment to a hardcoded "mock-environment" aligns well with the PR objective of refactoring for environment consistency. It also matches the pattern used for other labels in this test fixture, improving overall consistency.

To ensure this approach is consistent across all test fixtures, could you please run the following script:

Also, could you confirm if there are any test scenarios that might require flexible environment values? If so, we might need to consider a different approach for those cases.

✅ Verification successful

Verification Complete: Consistent "mock-environment" usage confirmed.

The usage of "mock-environment" is consistent across all test fixtures, and there are no remaining instances of var.environment. This aligns with the PR objective of environment consistency.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistency of "mock-environment" usage in test fixtures

# Search for "mock-environment" in all .tf files under the tests directory
echo "Files using 'mock-environment':"
rg --type tf "mock-environment" tests/

# Search for any remaining uses of var.environment in test fixtures
echo "\nAny remaining uses of var.environment in test fixtures:"
rg --type tf "var\.environment" tests/

Length of output: 432

tests/fixtures/default/regional/locals.tf (1)

7-7: Environment value hardcoded for testing purposes

The change from var.environment to "mock-environment" aligns with the PR objective of refactoring for environment consistency. This modification appears to be intentional for testing or fixture purposes, as evidenced by other "mock-" prefixed values in the labels map.

However, consider the following:

1. Verify that this change doesn't unintentionally affect any tests or configurations that may have relied on a variable-based environment value.
2. Ensure that this hardcoding is limited to test fixtures and doesn't propagate to production configurations.
3. If there's a need for flexibility in testing different environments, consider using a default value for a variable instead of a hardcoded string.

To ensure this change is isolated to test fixtures, let's verify the usage of environment variables in other files:

✅ Verification successful

Hardcoding of Environment Value Limited to Test Fixtures

The usage of "mock-environment" is confined to test fixture files (tests/fixtures/default/locals.tf and tests/fixtures/default/regional/locals.tf), ensuring that production configurations remain unaffected. Additionally, the removal of var.environment confirms that environment variables are no longer used outside test contexts.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining uses of var.environment and environment-related variables

# Test 1: Search for var.environment usage
echo "Searching for var.environment usage:"
rg --type terraform 'var\.environment'

# Test 2: Search for environment-related variable declarations
echo "Searching for environment-related variable declarations:"
rg --type terraform '(variable\s+"environment"|var\.env|local\.env)'

# Test 3: Search for other occurrences of "mock-environment"
echo "Searching for other occurrences of mock-environment:"
rg --type terraform '"mock-environment"'

Length of output: 577

---

Script:

#!/bin/bash
# Description: Check for any remaining uses of var.environment and environment-related variables in Terraform files

# Test 1: Search for var.environment usage
echo "Searching for var.environment usage in *.tf files:"
rg --glob "*.tf" 'var\.environment'

# Test 2: Search for environment-related variable declarations
echo "Searching for environment-related variable declarations in *.tf files:"
rg --glob "*.tf" '(variable\s+"environment"|var\.env|local\.env)'

# Test 3: Search for other occurrences of "mock-environment"
echo "Searching for other occurrences of mock-environment in *.tf files:"
rg --glob "*.tf" '"mock-environment"'

Length of output: 1407

regional/locals.tf (3)

78-78: Verify the components of multi_cluster_name

Ensure that local.region, local.zone, and local.env are correctly extracted and formatted. Confirm that var.cluster_prefix aligns with expected naming conventions to prevent issues with cluster identification.

---

21-23: Consistently use local.environment in labels and annotations

The updates replace var.environment with local.environment in various labels and annotations. This change promotes consistency across configurations.

Also applies to: 47-50

---

24-32: Validate the syntax in HEREDOC blocks for annotations

Ensure that the HEREDOC strings used in podAnnotations and proxyMetadata are correctly formatted. Improper JSON syntax or indentation can cause deployment failures.

Consider testing these configurations to confirm that the rendered templates are valid.

Also applies to: 67-74

regional/main.tf (6)

9-9: Variable reference updated correctly

The name attribute now uses local.region instead of var.region, which is consistent with the updated variable definitions. Ensure that local.region is properly defined and initialized.

---

49-54: Efficient use of dynamic blocks for Helm release configuration

Replacing static set blocks with a dynamic block iterating over local.istiod_helm_values enhances scalability and maintainability of the code.

---

76-81: Improved configurability with dynamic blocks in Helm release

The dynamic set block leveraging local.gateway_helm_values simplifies the configuration and reduces redundancy.

---

333-333: Verify the secretName reference in CA issuer

The secretName is updated to reference kubernetes_manifest.istio_gateway_ca_certificate[0].manifest.metadata.name. Confirm that the certificate resource is properly created and that this reference is accurate.

You can run the following script to verify that istio_gateway_ca_certificate is defined:

#!/bin/bash
# Description: Verify that 'istio_gateway_ca_certificate' is defined in the codebase.

# Search for the definition of the resource. Expect to find its declaration.
rg --type terraform 'resource "kubernetes_manifest" "istio_gateway_ca_certificate"' -A 10

---

357-357: Verify the issuerRef name in TLS certificate

The issuerRef now references kubernetes_manifest.istio_gateway_ca_issuer[0].manifest.metadata.name. Ensure that the issuer resource exists and that dependencies are correctly managed to prevent any runtime issues.

You can run the following script to verify that istio_gateway_ca_issuer is defined:

#!/bin/bash
# Description: Verify that 'istio_gateway_ca_issuer' is defined in the codebase.

# Search for the definition of the resource. Expect to find its declaration.
rg --type terraform 'resource "kubernetes_manifest" "istio_gateway_ca_issuer"' -A 10

---

306-306: Verify the issuerRef name for CA certificate

The issuerRef now references kubernetes_manifest.istio_gateway_selfsigned_issuer[0].manifest.metadata.name. Ensure that this resource exists and is correctly referenced to maintain proper dependency flow.

You can run the following script to verify that istio_gateway_selfsigned_issuer is defined:

✅ Verification successful

Verified the issuerRef name for CA certificate

The istio_gateway_selfsigned_issuer resource is correctly defined in regional/main.tf and properly referenced, ensuring proper dependency flow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that 'istio_gateway_selfsigned_issuer' is defined in the codebase.

# Search for the definition of the resource. Expect to find its declaration.
rg --type terraform 'resource "kubernetes_manifest" "istio_gateway_selfsigned_issuer"' -A 10

Length of output: 214

---

Script:

#!/bin/bash
# Description: Verify that 'istio_gateway_selfsigned_issuer' is defined in the codebase.

# Search for the definition of the resource. Expect to find its declaration.
rg 'resource "kubernetes_manifest" "istio_gateway_selfsigned_issuer"' -A 10 --glob "*.tf"

Length of output: 557