You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 PR contains tests
🔒 Security concerns
Sensitive information exposure: The module processes environment variables and secrets that might contain sensitive information like AWS credentials. In modules/compose/tests/docker-compose.yaml, there are references to AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. While these appear to be placeholders in the test file, the module should ensure that these values are properly handled as sensitive data and not exposed in logs or outputs.
The port extraction from Docker Compose ports is incorrect. It attempts to get the host port by taking the first element after splitting by colon, but Docker Compose format is typically HOST:CONTAINER, so it should be the first element, not the second.
The code assumes Docker Compose files will always have certain keys like 'services', 'configs', and 'secrets'. If any of these keys are missing, the code might fail with unclear errors.
compose={
forcomponent_typein ["services", "configs", "secrets"] :component_type=> {
forname, servicein {
forname, serviceinlocal.docker_compose[component_type] :name=>serviceifcontains(keys(service), "labels")
} : name => service
if contains(keys(service.labels), "duplo.class")
}
}
The regex pattern for parsing environment variables doesn't handle all valid .env file formats, such as variables with spaces around equals sign or multi-line values.
The action failed because the Terraform formatting check (terraform fmt) failed. The log shows formatting differences in the variables.tf file (lines 1375-1386) where spacing in the type and default attributes needed to be adjusted. The specific error is shown on line 1387: "Terraform exited with code 3." Line 1448 confirms this with "FMT_OUTCOME: failure".
Relevant error logs:
1: ##[group]Operating System2: Ubuntu
...
952: �[36;1mMODULE=$(basename $WKDIR)�[0m953: �[36;1mDUPLO_TF_BUCKET=${PREFIX}-${DUPLO_ACCOUNT_ID}�[0m954: �[36;1mARGS=(�[0m955: �[36;1m -input=false�[0m956: �[36;1m)�[0m957: �[36;1m�[0m958: �[36;1mif [ "$AWS_ENABLED" == "true" ]; then�[0m959: �[36;1m echo "AWS enabled, setting up backend config for S3 and DynamoDB"�[0m960: �[36;1m ARGS+=(�[0m961: �[36;1m -backend-config=dynamodb_table=${DUPLO_TF_BUCKET}-lock�[0m962: �[36;1m -backend-config=region=$DUPLO_DEFAULT_REGION�[0m963: �[36;1m -backend-config=bucket=$DUPLO_TF_BUCKET�[0m964: �[36;1m )�[0m965: �[36;1melif [ "$AZURE_ENABLED" == "true" ]; then�[0m966: �[36;1m echo "Azure enabled, setting up backend config for Blob Storage"�[0m967: �[36;1m # if the RESOURCE_GROUP variable is not set, fail with error�[0m968: �[36;1m if [ -z "$RESOURCE_GROUP" ]; then�[0m
...
1372: secret_key.environment => lookup(1373: var.args, secret_key.environment, null1374: )1375: variables.tf1376: --- old/variables.tf1377: +++ new/variables.tf1378: @@ -12,6 +12,6 @@1379: description = <<EOF1380: These are the environment variable arguments for the compose file itself. For example if the image is something like $IMAGE:$TAG you can pass in IMAGE and TAG values to replace the variables in the compose file.1381: EOF1382: - type = map(string)1383: - default = {}1384: + type = map(string)1385: + default = {}1386: }1387: ##[error]Terraform exited with code 3.1388: ##[error]Process completed with exit code 1.1389: ##[group]Run function outcome() {
...
1433: ROOTDIR: 1434: WORKDIR: 1435: AWS_REGION: us-west-21436: AWS_ACCESS_KEY_ID: ***1437: AWS_SECRET_ACCESS_KEY: ***1438: AWS_SESSION_TOKEN: ***1439: TF_IN_AUTOMATION: true1440: TF_MODULES: 1441: TFLINT_FILE: /home/runner/work/terraform-duplocloud-components/terraform-duplocloud-components/.tflint.hcl1442: LINT_ENABLED: true1443: TF_VERSION: 1.10.51444: TERRAFORM_CLI_PATH: /home/runner/work/_temp/75d929da-6278-4fa9-beeb-4f254cd04ede1445: DUPLO_TF_BUCKET: duplo-tfstate-8135909391111446: MODULE_NAME: compose1447: MODULE_DIR: modules/compose1448: FMT_OUTCOME: failure1449: VALIDATE_OUTCOME: success
Fix the port assignment logic. Currently it's taking the left side of the colon which is the host port, but should take the right side which is the container port.
module "services" {
for_each = {
for name, service in local.services : name => service
if service.labels["duplo.class"] == "service"
}
source = "../../modules/micro-service"
tenant = var.tenant
name = each.key
image = {
uri = each.value.image
}
- # if there is a port use regex to get the right side of the colon of the poirt- port = length(each.value.ports) > 0 ? split(":", each.value.ports[0])[0] : 80+ # if there is a port use regex to get the right side of the colon of the port+ port = length(each.value.ports) > 0 ? split(":", each.value.ports[0])[1] : 80
lb = {
enabled = (each.value.labels["duplo.lb.enabled"] == "true")
}
}
Apply this suggestion
Suggestion importance[1-10]: 9
__
Why: The current code incorrectly uses the host port (left side of colon) instead of the container port (right side). This is a critical bug that would cause services to be configured with incorrect port mappings, potentially breaking connectivity.
High
Add null check
Add null check for component_type in docker_compose to prevent errors when a component type is missing from the compose file.
locals {
docker_compose = yamldecode(templatefile(var.file, var.args))
compose = {
for component_type in ["services", "configs", "secrets"] : component_type => {
for name, service in {
- for name, service in local.docker_compose[component_type] : name => service+ for name, service in lookup(local.docker_compose, component_type, {}) : name => service
if contains(keys(service), "labels")
} : name => service
if contains(keys(service.labels), "duplo.class")
}
}
Apply this suggestion
Suggestion importance[1-10]: 8
__
Why: This suggestion addresses a potential runtime error when a component type is missing from the compose file. Using lookup() with a default empty map prevents the code from failing when a section is missing, making the module more robust.
Medium
General
Fix regex pattern
The regex pattern for parsing environment variables is too restrictive. It only allows alphanumeric characters and underscores in variable names, but environment variables can contain other characters like dots or hyphens.
# Pattern to capture key and value with or without quotes
-kv_pattern = "^(\\w+)=['\"]?(.*?)['\"]?$"+kv_pattern = "^([A-Za-z0-9_.-]+)=['\"]?(.*?)['\"]?$"
Apply this suggestion
Suggestion importance[1-10]: 7
__
Why: The current regex pattern is too restrictive and would fail to parse environment variables with hyphens or dots in their names. This improvement makes the module more compatible with common environment variable naming conventions.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Define your entire stack from docker compose file.
PR Type
Enhancement, Tests, Documentation
Description
Introduced a Terraform module for parsing
.envfiles.Added a new
composemodule to handle Docker Compose configurations.Enhanced configuration management with new schema definitions and support for AWS SSM parameters.
Added comprehensive tests for
.envparsing, Docker Compose handling, and AWS SSM configurations.Changes walkthrough 📝
16 files
Example for using the `.env` file parser modulePlaceholder for Docker Compose configs handlingCore logic for processing Docker Compose YAMLOutputs for processed services, configs, and secretsService module integration for Docker Compose servicesVariables for Docker Compose moduleEnhanced AWS SSM parameter handlingUpdated CSI class definitions for AWS secretsRefactored configuration logic with schema definitionsAdded new configuration classes for AWS SSMLogic for parsing `.env` files into key-value pairsOutputs for parsed `.env` dataVariables for `.env` file parser moduleUpdated tenant variable for Lambda moduleUpdated and added variables for Lambda moduleAdded validation and description for micro-service variables1 files
Lock file for Terraform dependencies in compose module6 files
Tests for Docker Compose module functionalityUpdated tests for configuration moduleNew tests for AWS SSM parameter configurationsTests for `.env` file parsing moduleSample Docker Compose YAML for testingSample `.env` file for testing2 files
Required providers and versions for compose moduleRequired providers and versions for `.env` file parser1 files
Documentation for `.env` file parser module1 files