breaking: solve bug where 'notification_configuration' can not contai…

…n sensitive values or values known after apply
schubergphilis · Aug 5, 2024 · d6602e9 · d6602e9
1 parent 3e83deb
commit d6602e9
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -5,10 +5,18 @@
 ### Variables (v4.0.0)
 - The variable `assessments_enabled` has been introduced with default set to `true`.
 - The default `auth_method` has been modified from `iam_user` to `iam_role_oidc`.
+- The variable `notification_configuration` has been modified from a `list(object)` to a `map(object)`. They key should be the name of the notification configuration as it will be displayed in Terraform Cloud.
 
 ### Outputs (v4.0.0)
 - `additional_tfe_workspace` has been renamed to `additional_tfe_workspaces`.
 
+### Behaviour (v4.0.0)
+
+The variables `account`, `environment`, and `workload_permissions_boundary_arn` are now consolidated into a single variable set per account. 
+This change reduces the total number of Terraform resources needed by allowing this set to be linked to workspaces, rather than duplicating variables for each one. 
+Upgrading to this version will recreate these variables.
+To add more account-specific variables, use the `account_variable_set` resource.
+
 ## Upgrading to v3.0.0
 
 3.0.0 introduces new optional variables and removes existing optional variables. Upgrading requires changes if you currently use the `slack_notification_triggers` or `slack_notification_url` variables.

diff --git a/main.tf b/main.tf
@@ -163,12 +163,12 @@ resource "tfe_variable" "account_variable_set_clear_text_terraform_variables" {
 ################################################################################
 
 module "tfe_workspace" {
-  count     = var.create_default_workspace ? 1 : 0
+  count = var.create_default_workspace ? 1 : 0
 
   providers = { aws = aws.account }
 
   source  = "schubergphilis/mcaf-workspace/aws"
-  version = "~> 1.3.0"
+  version = "~> 2.0.0"
 
   agent_pool_id                  = var.tfe_workspace.agent_pool_id
   agent_role_arns                = var.tfe_workspace.agent_role_arns
@@ -215,12 +215,12 @@ module "tfe_workspace" {
 }
 
 module "additional_tfe_workspaces" {
-  for_each  = var.additional_tfe_workspaces
-  
+  for_each = var.additional_tfe_workspaces
+
   providers = { aws = aws.account }
 
   source  = "schubergphilis/mcaf-workspace/aws"
-  version = "~> 1.3.0"
+  version = "~> 2.0.0"
 
   agent_pool_id                  = each.value.agent_pool_id != null ? each.value.agent_pool_id : var.tfe_workspace.agent_pool_id
   agent_role_arns                = each.value.agent_role_arns != null ? each.value.agent_role_arns : var.tfe_workspace.agent_role_arns

diff --git a/variables.tf b/variables.tf
@@ -82,7 +82,7 @@ variable "additional_tfe_workspaces" {
     working_directory              = optional(string)
     workspace_tags                 = optional(list(string))
 
-    notification_configuration = optional(list(object({
+    notification_configuration = optional(map(object({
       destination_type = string
       enabled          = optional(bool, true)
       url              = string
@@ -94,7 +94,7 @@ variable "additional_tfe_workspaces" {
         "run:completed",
         "run:errored",
       ])
-    })), [])
+    })), {})
 
     team_access = optional(map(object({
       access = optional(string, null),
@@ -187,7 +187,7 @@ variable "tfe_workspace" {
     working_directory              = optional(string)
     workspace_tags                 = optional(list(string))
 
-    notification_configuration = optional(list(object({
+    notification_configuration = optional(map(object({
       destination_type = string
       enabled          = optional(bool, true)
       url              = string
@@ -199,7 +199,7 @@ variable "tfe_workspace" {
         "run:completed",
         "run:errored",
       ])
-    })), [])
+    })), {})
 
     team_access = optional(map(object({
       access = optional(string, null),