zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/factories
History
sruffilli 657cfa4130
Update main.tf 		2021-10-14 18:55:55 +02:00
..
example-environments nit changes 2021-10-14 18:33:14 +02:00
firewall-hierarchical-policies Update README.md 2021-10-14 18:38:34 +02:00
firewall-vpc-rules Update main.tf 2021-10-14 18:55:55 +02:00
subnets Resource factories 2021-10-14 17:00:04 +02:00
README.md nit changes 2021-10-14 18:30:01 +02:00

README.md

Resource Factories

This set of modules creates specialized resource factories, made of two distinct components:

  • a module, which implements the factory logic in Terraform syntax, and
  • a set of directories, which hold the configuration for the factory in YAML syntax.

Available modules

Example implementation

See Example environments

Using the modules

Each module is specialised for the type of resources it manages, and comes with a README.md file which describes the module interface, and the directory/file structure each module requires.

Rationale

This approach is based on modules implementing the factory logic using Terraform code, and a set of directories having a well-defined, semantic structure holding the configuration for the resources in YaML syntax.

Resource factories are designed to:

  • accelerate and rationalize the repetitive creation of common resources, such as firewall rules and subnets
  • enable teams without Terraform specific knowledge to leverage IaC via human-friendly and machine-parseable YAML files
  • make it simple to implement specific requirements and best practices (e.g. "always enable PGA for GCP subnets", or "only allow using regions europe-west1 and europe-west3")
  • codify and centralise business logics and policies (e.g. labels and naming conventions)
  • allow to easily parse and understand sets of specific resources, for documentation purposes

Terraform natively supports YaML, JSON and CSV parsing - however we've decided to embrace YaML for the following reasons:

  • YaML is easier to parse for a human, and allows for comments and nested, complex structures
  • JSON and CSV can't include comments, which can be used to document configurations, but are often useful to bridge from other systems in automated pipelines
  • JSON is more verbose (reads: longer) and harder to parse visually for humans
  • CSV isn't often expressive enough (e.g. dit oesn't allow for nested structures)

If needed, converting factories to consume JSON is a matter of switching from yamldecode() to jsondecode() in the right place on each module.