Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update PE spec to work with Azure Policy #537

Merged
merged 10 commits into from
Feb 16, 2024
Merged

fix: update PE spec to work with Azure Policy #537

merged 10 commits into from
Feb 16, 2024

Conversation

matt-FFFFFF
Copy link
Member

@matt-FFFFFF matt-FFFFFF commented Jan 17, 2024
edited
Loading

Ref: Azure/terraform-azurerm-avm-res-keyvault-vault#32

Also incorporates minor changes to tags, rbac, mi to set nullable to false

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Triage 🔍 Maintainers need to triage still label Jan 17, 2024
@matt-FFFFFF matt-FFFFFF mentioned this pull request Jan 17, 2024
Closed
jaredfholgate
jaredfholgate reviewed Jan 22, 2024
View reviewed changes
Copy link
Member

@jaredfholgate jaredfholgate left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not fully versed with the context of this change. My only suggestion (and this may be a personal preference) is to shift complex logic to the left.

By that I mean:

  • Do as much as you can with variables and optional() to shift logic there.
  • Do other complex logic in locals and output a map where relevant (or a boolean if it is just a resource exists or does not exist). For dynamic blocks it can also be a list.
  • Then the resource itself just accepts the relevant and validated local in for_each, count and and dynamic blocks.

For me this makes the code easier to read as mixing complex logic in resource and data source declarations can be difficult to read. It also make debugging a bit easier sometimes as you just output the local to see if it looks right. It can also help to eliminate repetitive code, such as in the MI example, which could be a single dynamic block following this approach.

@matt-FFFFFF
Copy link
Member Author

I am not fully versed with the context of this change. My only suggestion (and this may be a personal preference) is to shift complex logic to the left.

By that I mean:

  • Do as much as you can with variables and optional() to shift logic there.
  • Do other complex logic in locals and output a map where relevant (or a boolean if it is just a resource exists or does not exist). For dynamic blocks it can also be a list.
  • Then the resource itself just accepts the relevant and validated local in for_each, count and and dynamic blocks.

For me this makes the code easier to read as mixing complex logic in resource and data source declarations can be difficult to read. It also make debugging a bit easier sometimes as you just output the local to see if it looks right. It can also help to eliminate repetitive code, such as in the MI example, which could be a single dynamic block following this approach.

Thanks Jared,

I'll look to include more locals in the identity examples. Appreciate the review.

@matt-FFFFFF matt-FFFFFF mentioned this pull request Feb 2, 2024
Closed
1 task
@matt-FFFFFF matt-FFFFFF linked an issue Feb 2, 2024 that may be closed by this pull request
[Question/Feedback]: Make private-endpoints play well with Azure policies #445
Closed
1 task
@matebarabas matebarabas added Type: Documentation 📄 Improvements or additions to documentation and removed Needs: Triage 🔍 Maintainers need to triage still labels Feb 14, 2024
@matt-FFFFFF matt-FFFFFF requested a review from a team as a code owner February 16, 2024 13:56
@matt-FFFFFF matt-FFFFFF merged commit 74191b0 into main Feb 16, 2024
4 checks passed
@matt-FFFFFF matt-FFFFFF deleted the matt-FFFFFF/fixpe branch February 16, 2024 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaredfholgate jaredfholgate jaredfholgate left review comments

@OmnipotentOwl OmnipotentOwl OmnipotentOwl left review comments

@jtracey93 jtracey93 jtracey93 approved these changes

Assignees
No one assigned
Labels
Type: Documentation 📄 Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Question/Feedback]: Make private-endpoints play well with Azure policies
5 participants
@matt-FFFFFF @jaredfholgate @OmnipotentOwl @jtracey93 @matebarabas