Generate terraform configs from workload templates

[zzaakiirr]

What does this PR do?

This PR:

1. Adds support for converting templates with kind: workload to terraform config format
2. Adds .terraform.lock.hcl file preservation in each application folder generated after cpflow terraform generate command is invoked
3. Removes cloud block from generated required_providers.tf config
4. Adds the possibility to define raw hash arguments using Terraform DSL

Terraform docs

https://registry.terraform.io/providers/controlplane-com/cpln/latest/docs/resources/workload

Generated configs

terraform.zip

Examples

CPLN configuration for workload with 3 containers:

kind: workload
name: main
description: main workload description
tags:
  tag1: tag1_value
  tag2: tag2_value
spec:
  type: standard
  containers:
  - name: rails
    cpu: 500m
    env:
    - name: RACK_ENV
      value: production
    - name: RAILS_ENV
      value: production
    - name: SECRET_KEY_BASE
      value: SECRET_VALUE
    image: "/org/org-name/image/rails:7"
    inheritEnv: false
    memory: 512Mi
    ports:
    - number: 3000
      protocol: http
  - name: redis
    cpu: 500m
    image: redis
    inheritEnv: true
    memory: 512Mi
  - name: postgres
    args:
    - "-c"
    - cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh
      && ./cpln-entrypoint.sh postgres
    command: "/bin/bash"
    cpu: 500m
    env:
    - name: POSTGRES_PASSWORD
      value: FAKE_PASSWORD
    - name: TZ
      value: UTC
    image: ubuntu/postgres:14-22.04_beta
    livenessProbe:
      failureThreshold: 1
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      tcpSocket:
        port: 5432
      timeoutSeconds: 1
    readinessProbe:
      failureThreshold: 1
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      tcpSocket:
        port: 5432
      timeoutSeconds: 1
    volumes:
    - path: "/var/lib/postgresql/data"
      recoveryPolicy: retain
      uri: cpln://volumeset/postgres-poc-vs
    - path: "/usr/local/bin/cpln-entrypoint.sh"
      recoveryPolicy: retain
      uri: cpln://secret/postgres-poc-entrypoint-script
    inheritEnv: false
    memory: 512Mi
  defaultOptions:
    autoscaling:
      maxConcurrency: 0
      maxScale: 1
      metric: cpu
      metricPercentile: 25
      minScale: 1
      scaleToZeroDelay: 300
      target: 95
    capacityAI: false
    debug: false
    suspend: true
    timeoutSeconds: 5
  localOptions:
    location: "//location/aws-us-west-2"
    autoscaling:
      maxConcurrency: 1
      maxScale: 1
      metric: disabled
      scaleToZeroDelay: 100
      target: 85
    capacityAI: true
    debug: true
    suspend: false
    timeoutSeconds: 15
  securityOptions:
    filesystemGroupId: 1
  rolloutOptions:
    minReadySeconds: 15
    maxUnavailableReplicas: '10'
    maxSurgeReplicas: '20'
    scalingPolicy: Parallel
  firewallConfig:
    external:
      inboundAllowCIDR:
      - 0.0.0.0/0
      outboundAllowCIDR: []
      outboundAllowHostname: []
      outboundAllowPort:
      - protocol: tcp
        number: 80
    internal:
      inboundAllowType: same-gvc
      inboundAllowWorkload: []
  identityLink: "//gvc/gvc-name/identity/identity-name"
  supportDynamicTags: true
  loadBalancer:
    direct:
      enabled: true
      ports:
      - externalPort: 8080
        protocol: tcp
        scheme: https
        containerPort: 443
      - externalPort: 443
        protocol: udp
        scheme: http
    geoLocation:
      enabled: true
      headers:
        asn: asn
        city: city
        country: country
        region: region

Will generate:

• main.tf config for workload

module "main" {
  source = "../workload"
  type = "standard"
  name = "main"
  gvc = cpln_gvc.my-app-other.name
  identity = cpln_identity.identity-name
  support_dynamic_tags = true
  containers = {
    rails: {
      image: "/org/org-name/image/rails:7",
      cpu: "500m",
      memory: "512Mi",
      inherit_env: false,
      envs: local.rails_envs,
      ports: [
        {
          number: 3000,
          protocol: "http"
        }
      ]
    }
    redis: {
      image: "redis",
      cpu: "500m",
      memory: "512Mi",
      inherit_env: true,
      envs: local.redis_envs
    }
    postgres: {
      args: [
        "-c",
        "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
      ],
      command: "/bin/bash",
      image: "ubuntu/postgres:14-22.04_beta",
      cpu: "500m",
      memory: "512Mi",
      inherit_env: false,
      envs: local.postgres_envs,
      readiness_probe: {
        tcp_socket: {
          port: 5432
        },
        failure_threshold: 1,
        initial_delay_seconds: 10,
        period_seconds: 10,
        success_threshold: 1,
        timeout_seconds: 1
      },
      liveness_probe: {
        tcp_socket: {
          port: 5432
        },
        failure_threshold: 1,
        initial_delay_seconds: 10,
        period_seconds: 10,
        success_threshold: 1,
        timeout_seconds: 1
      },
      volumes: [
        {
          uri: "cpln://volumeset/postgres-poc-vs",
          path: "/var/lib/postgresql/data"
        },
        {
          uri: "cpln://secret/postgres-poc-entrypoint-script",
          path: "/usr/local/bin/cpln-entrypoint.sh"
        }
      ]
    }
  }
  options = {
    autoscaling: {
      max_concurrency: 0,
      max_scale: 1,
      metric: "cpu",
      metric_percentile: 25,
      min_scale: 1,
      scale_to_zero_delay: 300,
      target: 95
    }
    capacity_ai: false
    suspend: true
    timeout_seconds: 5
  }
  local_options = {
    autoscaling: {
      max_concurrency: 1,
      max_scale: 1,
      metric: "disabled",
      scale_to_zero_delay: 100,
      target: 85
    }
    capacity_ai: true
    suspend: false
    timeout_seconds: 15
    location: "aws-us-west-2"
  }
  rollout_options = {
    max_surge_replicas: "20"
    min_ready_seconds: 15
  }
  security_options = {
    filesystem_group_id: 1
  }
  firewall_spec = {
    internal: {
      inbound_allow_type: "same-gvc"
    }
    external: {
      inbound_allow_cidr: [
        "0.0.0.0/0"
      ],
      outbound_allow_port: [
        {
          protocol: "tcp",
          number: 80
        }
      ]
    }
  }
  load_balancer = {
    direct: {
      enabled: true,
      ports: [
        {
          external_port: 8080,
          protocol: "tcp",
          scheme: "https",
          container_port: 443
        },
        {
          external_port: 443,
          protocol: "udp",
          scheme: "http"
        }
      ]
    }
    geo_location: {
      enabled: true,
      headers: {
        asn: "asn",
        city: "city",
        country: "country",
        region: "region"
      }
    }
  }
}

• rails_envs.tf (ENV variables for rails container):

locals {
  rails_envs = {
    RACK_ENV = "production"
    RAILS_ENV = "production"
    SECRET_KEY_BASE = "SECRET_VALUE"
  }
}

• postgres_envs.tf (ENV variables for postgres container):

locals {
  postgres_envs = {
    POSTGRES_PASSWORD = "FAKE_PASSWORD"
    TZ = "UTC"
  }
}

• redis_envs is not generated since redis container doesn't have any ENV variables

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced support for workload templates in Terraform configuration.
  • Added new methods for managing workload configurations and local variables.
  • Enhanced Terraform configuration files with dynamic blocks for containers and health checks.

• Bug Fixes

  • Improved error handling for invalid templates and configuration generation.

• Documentation

  • Updated tests to reflect changes in configuration generation and argument handling.

• Chores

  • Expanded .gitignore to include additional directories for better version control management.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes in this pull request primarily involve updates to the .gitignore file and enhancements to the Terraform configuration generation process. New entries have been added to the .gitignore to exclude specific directories. Additionally, several classes and methods related to Terraform configuration generation have been modified or introduced, improving modularity, error handling, and support for new workload templates. The test suite has also been expanded to cover these changes comprehensively.

Changes

File Path	Change Summary
.gitignore	Added entries for terraform/ and .controlplane/ to ignore specific directories.
lib/command/terraform/generate.rb	Updated Generate class methods for improved configuration generation and error handling.
lib/core/terraform_config/base.rb	Added locals method to Base class.
lib/core/terraform_config/dsl.rb	Renamed REFERENCE_PATTERN to EXPRESSION_PATTERN and modified argument handling methods.
lib/core/terraform_config/generator.rb	Updated Generator class to support new "workload" template kind and added related methods.
lib/core/terraform_config/local_variable.rb	Introduced LocalVariable class for managing local variables in Terraform configurations.
lib/core/terraform_config/required_provider.rb	Modified to_tf method to remove nested cloud block.
lib/core/terraform_config/workload.rb	Added Workload class with various constants and methods for managing workload configurations.
lib/core/terraform_config/workload/main.tf	Introduced cpln_workload resource definition for workload management in Terraform.
lib/core/terraform_config/workload/required_providers.tf	Added required providers block specifying the cpln provider.
lib/core/terraform_config/workload/variables.tf	Defined multiple variables for workload management, including containers and options.
lib/generator_templates/templates/postgres.yml	Updated PostgreSQL configuration with new resources and refined workload specifications.
lib/patches/array.rb	Added crush method to Array class for flexible element transformation.
lib/patches/hash.rb	Added crush method to Hash class for removing nil values from hash structures.
spec/command/terraform/generate_spec.rb	Enhanced tests for Terraform configuration generation, including new constants and error handling.
spec/core/terraform_config/dsl_spec.rb	Added tests for optional and raw hash arguments in DSL.
spec/core/terraform_config/generator_spec.rb	Updated tests to validate multiple configurations and new workload type.
spec/core/terraform_config/local_variable_spec.rb	Added tests for LocalVariable class methods.
spec/core/terraform_config/required_provider_spec.rb	Modified tests to reflect changes in to_tf method output.
spec/core/terraform_config/workload_spec.rb	Enhanced tests for Workload class, validating various configurations.
spec/patches/array_spec.rb	Introduced tests for the crush method in Array class.
spec/patches/hash_spec.rb	Introduced tests for the crush method in Hash class.

Possibly related PRs

• Create GVC and identity terraform configs from templates #230: Involves the generation of Terraform configuration files, related to the updates in the .gitignore.
• Support terraform config generation from secret template #235: Adds support for a new template kind, "secret", expanding Terraform configuration generation.
• Generate Terraform config from policy templates #236: Introduces support for generating Terraform configurations from policy templates.
• Generate Terraform config from volumeset templates #237: Adds functionality to generate Terraform configurations from volumeset templates.
• Put providers.tf & required_providers.tf to each app folder #238: Focuses on organizing Terraform configuration files into application-specific folders.

Suggested labels

approved for merge

Suggested reviewers

• borela
• rafaelgomesxyz

Poem

In the burrow where changes bloom,
New templates rise, dispelling gloom.
With Terraform's might, we craft and weave,
Ignoring the clutter, we dare to believe.
Workloads and variables, all in their place,
A hop towards progress, a joyful embrace! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[zzaakiirr]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 15

🧹 Outside diff range and nitpick comments (15)

lib/patches/object.rb (2)

4-6: Add documentation to explain the method's purpose and usage.

The crush method's purpose and use cases are not immediately clear from its name or implementation. Please add RDoc/YARD documentation to explain:

• What problem this method solves
• Why it's needed at the Object level
• Example usage scenarios

 class Object
+  # Returns self. Used in template processing to [explain specific use case].
+  #
+  # @example
+  #   obj.crush # => returns obj
+  #
   def crush
     self
   end

---

4-6: Consider a more descriptive method name.

The name crush doesn't clearly convey the method's purpose of returning self. Consider alternatives that better describe the intent:

• as_is
• identity
• to_self

lib/patches/array.rb (1)

4-7: Add documentation and improve error handling.

The crush method needs documentation to explain its purpose, usage, and behavior. Additionally, consider adding error handling for elements that don't respond to crush.

Apply this diff to improve the implementation:

 class Array
+  # Recursively transforms nested arrays by applying the crush method to each element
+  # and removing nil values from the result.
+  #
+  # @example
+  #   [[1, nil], [2, 3]].crush # => [1, 2, 3]
+  #
+  # @return [Array, nil] Returns the transformed array or nil if empty
   def crush
-    crushed = map(&:crush).compact
+    crushed = map do |element|
+      element.respond_to?(:crush) ? element.crush : element
+    end.compact
     crushed unless crushed.empty?
   end

spec/core/terraform_config/local_variable_spec.rb (2)

11-22: Consider adding tests for additional edge cases.

While the current test covers basic variable types, consider adding tests for:

• Empty hash variables
• Boolean values
• Array variables
• Null values
• Special characters in strings
• Numbers with decimals

Example addition:

let(:additional_variables) do
  {
    empty_hash: {},
    bool_var: true,
    array_var: ["item1", "item2"],
    null_var: nil,
    special_string: "string with \"quotes\" and spaces",
    float_var: 1.5
  }
end

---

1-41: Consider adding documentation for the test scenarios.

While the test is well-structured, adding comments to document the purpose of each test scenario would improve maintainability.

Example addition at the top of the describe block:

# Tests the LocalVariable class's ability to generate Terraform configuration
# for various variable types including:
# - Hash variables with nested structures
# - Primitive types (integers, strings)
# - Terraform-specific references (var.*, local.*)
describe TerraformConfig::LocalVariable do

spec/patches/hash_spec.rb (1)

107-108: Consider adding test for primitive values in arrays

The test suite would benefit from an additional test case verifying the behavior when arrays contain primitive values (numbers, strings, symbols, etc.). This ensures the crush method handles all possible array element types correctly.

it "preserves primitive values in arrays" do
  expect({ a: [1, "string", :symbol, nil], b: 2 }.crush)
    .to eq({ a: [1, "string", :symbol], b: 2 })
end

spec/core/terraform_config/dsl_spec.rb (2)

150-167: Consider adding a test case for provided optional arguments.

The test effectively verifies that optional arguments are omitted when nil. Consider adding another test case where optional_arg is provided with a value to ensure complete coverage of the feature.

Example addition:

it "generates correct config with optional argument" do
  block :optional_test do
    argument :optional_arg, "optional_value", optional: true
    argument :required_arg, "value"
  end

  expect(generated).to eq(
    <<~EXPECTED
      optional_test {
        optional_arg = "optional_value"
        required_arg = "value"
      }
    EXPECTED
  )
end

---

169-195: LGTM! Consider adding a comment explaining the raw hash syntax.

The test effectively verifies the raw hash argument feature, covering various value types and proper Terraform syntax generation. Consider adding a brief comment explaining when to use raw: true option, as it's a significant feature for Terraform HCL compatibility.

Example comment:

# The raw: true option generates Terraform native HCL syntax for maps,
# preserving colons and allowing direct variable references without quotes

lib/core/terraform_config/generator.rb (2)

107-128: Add validation for location format and consider method extraction.

A few suggestions for improvement:

1. The location splitting logic on line 124 assumes a specific format. Consider adding validation or error handling for malformed location strings.
2. The method is marked with rubocop:disable Metrics/MethodLength. Consider extracting the case statement for argument naming into a separate method.

Example refactoring:

def normalize_argument_name(key)
  case key
  when :default_options then :options
  when :firewall_config then :firewall_spec
  else key
  end
end

def process_local_options(value)
  return value unless value

  location = value[:location].to_s
  raise ArgumentError, "Invalid location format" unless location.include?("/")
  
  value.merge(location: location.split("/").last)
end

---

158-163: Consider adding validation for identity link format.

The split operation assumes the identity link contains a "/" character. Consider adding validation to ensure the link format is correct before processing.

Example:

def workload_identity
  identity_link = template.dig(:spec, :identity_link)
  return if identity_link.nil?
  
  raise ArgumentError, "Invalid identity link format" unless identity_link.include?("/")
  
  "cpln_identity.#{identity_link.split('/').last}"
end

spec/command/terraform/generate_spec.rb (1)

104-109: Consider using ensure for cleanup.

While the cleanup is handled in the after block, using ensure in critical test paths can provide additional safety against test pollution.

 context "when --dir option is outside of project dir" do
   let(:options) { ["-a", app, "--dir", dir.to_s] }
   let(:dir) { GEM_TEMP_PATH.join("path-outside-of-project") }
 
-  after do
+  after(:each) do
     FileUtils.rm_rf(dir)
+  rescue StandardError => e
+    puts "Warning: Failed to clean up test directory: #{e.message}"
   end

lib/generator_templates/templates/postgres.yml (1)

Line range hint 136-141: Simplify the container command execution.

The current command concatenation approach is complex and potentially fragile. Consider using the commented simpler version or creating a proper init container for setup tasks.

-      command: /bin/bash
-      args:
-        - "-c"
-        - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
+      command: "cpln-entrypoint.sh"
+      args:
+        - "postgres"

spec/core/terraform_config/workload_spec.rb (2)

6-153: Consider enhancing test coverage with edge cases

While the test setup is comprehensive for the happy path, consider adding test cases for:

• Invalid container configurations
• Empty or nil values for optional fields
• Maximum/minimum values for numeric fields
• Special characters in names and descriptions

This would help ensure robust error handling and validation.

---

315-349: Add test coverage for inherited environment variables

The test verifies environment variables for Rails and Postgres containers but doesn't verify the behavior of inherit_env: true for the Redis container. Consider adding test cases to verify:

1. Inherited environment variables are correctly handled
2. Environment variable name sanitization (especially for invalid characters)
3. Handling of duplicate environment variable names

lib/core/terraform_config/workload/variables.tf (1)

1-272: Consider adding description fields to variables for better documentation

Adding description attributes to your variable blocks can enhance code readability and maintainability by providing context and usage information for each variable. This is a recommended best practice in Terraform configurations.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 288046a and 77e6f2d.

📒 Files selected for processing (24)

• .gitignore (1 hunks)
• lib/command/terraform/generate.rb (2 hunks)
• lib/core/terraform_config/base.rb (1 hunks)
• lib/core/terraform_config/dsl.rb (3 hunks)
• lib/core/terraform_config/generator.rb (5 hunks)
• lib/core/terraform_config/local_variable.rb (1 hunks)
• lib/core/terraform_config/required_provider.rb (0 hunks)
• lib/core/terraform_config/workload.rb (1 hunks)
• lib/core/terraform_config/workload/main.tf (1 hunks)
• lib/core/terraform_config/workload/required_providers.tf (1 hunks)
• lib/core/terraform_config/workload/variables.tf (1 hunks)
• lib/generator_templates/templates/postgres.yml (1 hunks)
• lib/patches/array.rb (1 hunks)
• lib/patches/hash.rb (1 hunks)
• lib/patches/object.rb (1 hunks)
• spec/command/terraform/generate_spec.rb (6 hunks)
• spec/core/terraform_config/dsl_spec.rb (2 hunks)
• spec/core/terraform_config/generator_spec.rb (6 hunks)
• spec/core/terraform_config/local_variable_spec.rb (1 hunks)
• spec/core/terraform_config/required_provider_spec.rb (0 hunks)
• spec/core/terraform_config/workload_spec.rb (1 hunks)
• spec/patches/array_spec.rb (1 hunks)
• spec/patches/hash_spec.rb (1 hunks)
• spec/patches/object_spec.rb (1 hunks)

💤 Files with no reviewable changes (2)

• lib/core/terraform_config/required_provider.rb
• spec/core/terraform_config/required_provider_spec.rb

✅ Files skipped from review due to trivial changes (1)

• lib/core/terraform_config/workload/required_providers.tf

🧰 Additional context used

📓 Learnings (1)

.gitignore (2)

Learnt from: rafaelgomesxyz
PR: shakacode/control-plane-flow#183
File: examples/controlplane.yml:131-133
Timestamp: 2024-10-08T20:53:47.076Z
Learning: The `.controlplane` directory exists at `/spec/dummy/.controlplane`.

Learnt from: rafaelgomesxyz
PR: shakacode/control-plane-flow#183
File: examples/controlplane.yml:131-133
Timestamp: 2024-05-24T16:29:04.452Z
Learning: The `.controlplane` directory exists at `/spec/dummy/.controlplane`.

🔇 Additional comments (56)

lib/patches/object.rb (1)

3-7: Consider alternatives to monkey-patching Object class.

Monkey-patching Ruby's core Object class affects every object in the system and can lead to:

1. Name conflicts with other libraries
2. Unexpected behavior in third-party code
3. Maintenance challenges

Consider alternatives:

• Using a dedicated module/class for template processing
• Using Ruby's refinements feature for more controlled monkey-patching

Let's analyze how this method is being used to determine if a more targeted approach is possible:

lib/patches/array.rb (1)

4-7: Verify recursive behavior in the codebase.

The method appears to be designed for recursive transformation of nested structures. Let's verify its usage to ensure it won't cause infinite recursion.

✅ Verification successful

Let me gather more context about the container_args method to understand the full chain of transformations.

---

The recursive crush implementation is safe and well-controlled

The codebase shows a well-designed recursive pattern where:

• Object#crush returns self as the base case
• Array#crush maps crush over elements and compacts nil values
• Hash#crush processes key-value pairs and removes nil values
• Usage is limited to container argument processing in terraform config

The recursion is naturally bounded by the data structure depth and there's no risk of infinite recursion since:

1. Base types stop at Object#crush
2. Collections (Array/Hash) reduce in size through nil removal
3. Practical usage shows it's applied to container configuration processing

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for implementations of crush method to understand the recursive chain
rg -g '!spec/*' -A 5 'def crush'

# Search for usage of the crush method to understand the context
rg -g '!spec/*' '\.crush(\s|\(|$)'

Length of output: 874

---

Script:

#!/bin/bash
# Look for container_args implementation
ast-grep --pattern 'def container_args'

# Check the structure of containers being processed
rg -g '!spec/*' -B 3 -A 10 'containers\.reduce'

Length of output: 2019

lib/core/terraform_config/base.rb (1)

13-15: LGTM! Consider adding documentation.

The locals method provides a good base implementation for subclasses. Consider adding YARD documentation to clarify its purpose and usage.

Add documentation above the method:

+    # Returns a hash of local variables for Terraform configuration.
+    # Subclasses can override this method to provide specific local variables.
+    # @return [Hash] Empty hash by default
     def locals
       {}
     end

Let's verify how this method is used in subclasses:

✅ Verification successful

LGTM! The locals method is well-implemented and actively used

The empty hash implementation in Base class serves as a proper default, with evidence showing:

• It's inherited by multiple Terraform config classes (Workload, VolumeSet, Secret, etc.)
• At least one subclass (Workload) overrides it with specific implementation to handle container environment variables

The suggested documentation would still be valuable:

# Returns a hash of local variables for Terraform configuration.
# Subclasses can override this method to provide specific local variables.
# @return [Hash] Empty hash by default
def locals
  {}
end

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find all classes that inherit from Base and override locals method
ast-grep --pattern 'class $_ < TerraformConfig::Base
  $$$
  def locals
    $$$
  end
  $$$
}'

Length of output: 96

---

Script:

#!/bin/bash
# Let's try a different approach to find classes inheriting from Base
# First, find the Base class definition to confirm the namespace
rg "class Base" --type ruby

# Then search for classes inheriting from Base or TerraformConfig::Base
rg "class .+ < (TerraformConfig::)?Base" --type ruby

# Also search for any usage of the locals method
rg "def locals" --type ruby -C 2

Length of output: 3367

spec/patches/object_spec.rb (2)

1-4: LGTM! Standard Ruby test file setup.

The file follows Ruby best practices with frozen string literal pragma and proper RSpec requirement.

---

5-12: Consider expanding test coverage and adding documentation.

While the basic test case is good, the test suite could benefit from:

1. Documentation explaining the purpose of #crush method and its role in Terraform config generation
2. Additional test cases to verify behavior with:
   • nil objects
   • frozen objects
   • custom objects with overridden methods

This is especially important since Array#crush and Hash#crush have more complex implementations that filter nil values.

Let's verify if there are any existing documentation or related tests:

.gitignore (2)

20-22: LGTM! Properly excluding generated configuration files.

The additions correctly prevent tracking of auto-generated Terraform and Control Plane configuration files, which aligns with version control best practices.

---

21-22: Verify the generated file locations.

Let's confirm that these paths match where the files are actually generated.

✅ Verification successful

The .gitignore entries for terraform/ and .controlplane/ directories are correctly placed

Based on the search results, these directories are indeed used by the application:

• .controlplane/ is confirmed as the directory where Control Plane configs are generated, as evidenced in multiple files:

  • lib/command/generate.rb creates this directory for Control Plane config and templates
  • examples/controlplane.yml and other files reference .controlplane/ as the base directory
  • Test files in spec/command/generate_spec.rb verify the creation of this directory

• While direct terraform directory creation wasn't visible in the output, the codebase has multiple references to Terraform configurations in lib/core/terraform_config/ and related spec files, indicating Terraform-related functionality that would generate files.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the paths where Terraform and Control Plane configs are generated

# Test 1: Check if Terraform configs are generated in the terraform/ directory
echo "Checking for Terraform config generation paths..."
rg -g '*.rb' -A 5 'terraform.*generate'

# Test 2: Check if Control Plane configs are generated in the .controlplane/ directory
echo "Checking for Control Plane config generation paths..."
rg -g '*.rb' -A 5 'controlplane.*generate'

Length of output: 312

---

Script:

#!/bin/bash
# Let's try a broader search to find references to these directories

echo "Searching for terraform directory references..."
rg -g '!*.md' -i "terraform.*dir|terraform.*path"

echo -e "\nSearching for controlplane directory references..."
rg -g '!*.md' -i "controlplane.*dir|controlplane.*path"

echo -e "\nChecking for actual files/directories..."
fd -t d "terraform$"
fd -t d "\.controlplane$"

echo -e "\nChecking build or configuration scripts..."
fd -e rb -e js -e ts -e yaml -e yml | xargs rg -l "terraform|controlplane"

Length of output: 4069

lib/core/terraform_config/local_variable.rb (2)

1-5: LGTM! Well-structured class definition.

The class follows Ruby best practices with proper namespace organization and clear inheritance structure.

---

13-19: Add documentation for the to_tf method.

The method would benefit from documentation explaining the expected format of variables and the resulting Terraform configuration.

Let's verify the Base class implementation:

Add documentation like this:

+    # Generates a Terraform locals block with the defined variables
+    # @example
+    #   local_var = LocalVariable.new(foo: "bar", baz: 123)
+    #   local_var.to_tf
+    #   # Generates:
+    #   # locals {
+    #   #   foo = "bar"
+    #   #   baz = 123
+    #   # }
+    # @return [String] Terraform configuration block
     def to_tf
       block :locals do
         variables.each do |var, value|

✅ Verification successful

Let me gather more information about the DSL module to better understand the implementation:

---

Let me check one final aspect - the actual implementation of the DSL methods to understand how the block and argument methods work:

---

Documentation request is valid, implementation is correct

The to_tf method correctly uses the DSL module's block and argument methods to generate Terraform configuration. The Base class includes the DSL module which provides the necessary implementation. The method generates a properly formatted locals block with indentation and value formatting handled by the DSL.

• The suggested documentation would indeed improve code clarity by showing the expected input and output format
• The implementation is verified to work correctly with the DSL module's capabilities

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the Base class implementation of block and argument methods

# Check Base class implementation
rg -A 5 "class Base" lib/core/terraform_config/
rg -A 2 "def block" lib/core/terraform_config/
rg -A 2 "def argument" lib/core/terraform_config/

Length of output: 1048

---

Script:

#!/bin/bash
# Check DSL module implementation and usage
rg -A 10 "module Dsl" lib/core/terraform_config/
rg -A 5 "include Dsl" lib/core/terraform_config/

Length of output: 1008

---

Script:

#!/bin/bash
# Check full DSL implementation
cat lib/core/terraform_config/dsl.rb

Length of output: 2357

spec/core/terraform_config/local_variable_spec.rb (3)

1-4: LGTM: Proper file setup with frozen string literal and spec helper.

The file follows Ruby best practices with proper requires and frozen string literal pragma.

---

5-7: LGTM: Clean test class setup with proper let block.

The test structure follows RSpec best practices using described_class for better maintainability.

---

24-39: Verify the generated Terraform configuration format.

The test verifies the basic structure, but let's ensure it follows Terraform best practices:

✅ Verification successful

The Terraform configuration format follows the established patterns

The generated Terraform configuration in the test follows the correct format and is consistent with other local variable declarations in the codebase. This is evidenced by similar patterns found in workload_spec.rb where:

• The locals block uses the same indentation style
• Hash variables follow the same key-value format without commas (HashiCorp HCL style)
• Mixed variable types (hash, primitive, and reference variables) are properly formatted

The test's expected output aligns with Terraform's HCL syntax and the project's established patterns.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the expected format matches HashiCorp's style guide
# and common patterns in the codebase.

# Test: Look for other locals block definitions in the codebase
rg -A 5 'locals\s+{'

# Test: Look for similar variable declarations to ensure consistency
ast-grep --pattern 'locals {
  $$$
}'

Length of output: 146

---

Script:

#!/bin/bash
# Let's fix the regex and try again with proper escaping
rg -A 5 'locals\s*\{'

# Also search for test files that might contain similar expectations
rg -A 5 'expect.*locals' spec/

Length of output: 1892

lib/patches/hash.rb (1)

18-25: Verify the impact on Terraform configuration generation.

The crush method appears to be used in transforming hash structures for Terraform configs. Let's verify its usage to ensure it handles all required cases.

✅ Verification successful

Based on the search results, I can now provide a final response:

The crush method implementation is safe and well-tested for Terraform configuration generation

The method is used in two critical places for Terraform config generation:

• lib/core/terraform_config/workload.rb: For processing container arguments
• lib/core/terraform_config/dsl.rb: For JSON generation with proper formatting

The extensive test coverage in spec/patches/hash_spec.rb and spec/patches/array_spec.rb verifies that it correctly handles:

• Nested hashes and arrays
• Mixed value types
• Nil value removal
• Empty structure cases

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usages of the crush method in the context of Terraform config generation
rg -A 5 '\.crush' --type ruby

Length of output: 5483

spec/patches/array_spec.rb (4)

1-4: LGTM! Proper test file setup

The file follows Ruby best practices with frozen_string_literal and proper spec_helper inclusion.

---

5-6: LGTM! Well-structured test suite

The test suite follows RSpec best practices with proper nesting and method description.

---

42-43: LGTM! Clean test suite closure

Proper closing of describe blocks maintains good code structure.

---

1-43: Verify implementation matches test cases

Let's verify the implementation of the crush method to ensure it aligns with the test cases.

✅ Verification successful

Implementation matches test cases and follows recursive pattern

The implementation in lib/patches/array.rb aligns perfectly with the test cases:

• It recursively calls crush on each element (map(&:crush))
• Removes nil values (compact)
• Returns nil for empty results (crushed unless crushed.empty?)

The implementation works in conjunction with Hash#crush and Object#crush (as seen in the specs), forming a complete recursive nil-cleaning system across different data types.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implementation of Array#crush method

# Test 1: Check if the implementation file exists and contains the crush method
echo "Checking for Array#crush implementation..."
ast-grep --pattern 'class Array
  $$$
  def crush
    $$$
  end
  $$$
end'

# Test 2: Look for any other uses of crush method in the codebase
echo "Checking for crush method usage..."
rg -A 5 '\.crush\b'

Length of output: 5724

---

Script:

#!/bin/bash
# Let's check for the implementation file in lib/patches/array.rb
echo "Checking for Array#crush implementation in lib/patches/array.rb..."
cat lib/patches/array.rb

# Let's also check for any other potential implementation locations
echo -e "\nChecking for other potential implementation files..."
fd array.rb

Length of output: 459

spec/patches/hash_spec.rb (1)

74-111: Well-structured test suite with comprehensive coverage

The test suite is well-organized with clear, focused test cases that progress logically from simple to complex scenarios. Each test case verifies a single behavior, making the tests easy to understand and maintain.

spec/core/terraform_config/dsl_spec.rb (1)

Line range hint 131-144: Correct usage of Terraform's local variable reference syntax.

The change from locals.local_var to local.local_var is correct as it aligns with Terraform's official syntax for referencing local variables.

lib/core/terraform_config/generator.rb (4)

29-30: LGTM! Clean implementation for handling multiple config files.

The method correctly merges locals with the main configuration, enabling support for multiple Terraform configuration files.

---

41-50: LGTM! Clear and consistent filename generation logic.

The method appropriately handles workload templates by using the template name, while maintaining consistency with other template types.

---

52-54: LGTM! Clean implementation using keyword arguments.

---

153-156: LGTM! Good improvement in data handling.

The change maintains data immutability by not modifying the input hash.

spec/command/terraform/generate_spec.rb (6)

11-26: LGTM! Well-structured constant definition.

The TEMPLATE_CONFIG_PATHS constant is well-organized, frozen for immutability, and provides a comprehensive list of supported templates.

---

38-42: LGTM! Clean setup for workload templates.

The setup ensures proper isolation by copying workload templates to a test directory.

---

Line range hint 51-60: LGTM! Enhanced shared example flexibility.

Good improvements to the shared example:

• Added status parameter with a sensible default
• Improved error message handling with nil checks
• Maintains proper test isolation

---

131-133: LGTM! Good error handling test.

The test properly verifies that workload modules are still generated even when provider config generation fails.

---

151-163: LGTM! Well-organized helper methods.

The helper methods are well-structured with:

• Clear separation of different path types
• Consistent path generation
• Good use of the TEMPLATE_CONFIG_PATHS constant

---

154-156: Verify test coverage for workload module paths.

While the implementation looks good, let's verify that all workload module path combinations are tested.

✅ Verification successful

Test coverage for workload module paths is adequate

The test coverage for workload module paths is comprehensive:

• The workload_module_config_paths method is used in multiple test scenarios through the shared examples
• All paths (required_providers.tf, main.tf, variables.tf) are verified in both success and failure cases
• The tests check file existence and non-existence appropriately
• Error cases are covered, including directory creation failures and template parsing errors

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check test coverage for workload module paths

# Test: Look for test cases covering workload module paths
rg -A 5 "workload_module_config_paths" spec/

Length of output: 44

---

Script:

#!/bin/bash
# Let's try a broader search to understand the test coverage
# First, let's find all test files related to terraform generation
fd "generate.*spec\.rb" spec/

# Then, let's look for any tests involving workload configurations
rg -l "workload.*\.tf" spec/

# Finally, let's check for any test assertions or expectations related to these paths
rg -A 5 "required_providers|variables\.tf|main\.tf" spec/

Length of output: 1711

---

Script:

#!/bin/bash
# Let's specifically look at the generate_spec.rb file where our method is defined
cat spec/command/terraform/generate_spec.rb

# Also search for any test cases involving the specific files we're concerned about
rg -A 10 "required_providers\.tf|variables\.tf" spec/command/terraform/generate_spec.rb

Length of output: 5600

lib/generator_templates/templates/postgres.yml (3)

Line range hint 169-175: Review outbound firewall rules.

The current configuration allows outbound traffic to any destination (0.0.0.0/0). Consider restricting this to only necessary destinations for better security.

#!/bin/bash
# Search for similar workload configurations to compare firewall rules
rg "outboundAllowCIDR.*0\.0\.0\.0/0" --type yaml -A 5 -B 5

---

Line range hint 114-124: Verify if commented permissions are required.

The policy has commented out use and view permissions. These might be necessary for proper operation of the PostgreSQL workload. Please verify if these permissions should be uncommented.

#!/bin/bash
# Search for similar policies in the codebase to verify standard permission sets
rg "permissions.*use.*view" --type yaml -A 5 -B 5

---

Line range hint 19-22: Replace placeholder credentials before deploying to production.

The current configuration uses placeholder values (the_password, the_user) for database credentials. These should be replaced with secure values before deployment.

✅ Verification successful

Replace placeholder credentials before deploying to production

The review comment is accurate. The file lib/generator_templates/templates/postgres.yml contains placeholder credentials (the_password, the_user) in the postgres-poc-credentials secret. These values are meant to be replaced with secure credentials before deployment, as indicated by the inline comment #Replace this with a real password. This is the only instance of these placeholder credentials in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for other instances of placeholder credentials in the codebase
rg -i "the_password|the_user" --type yaml

Length of output: 60

---

Script:

#!/bin/bash
# Let's try a more comprehensive search for the template file and its contents
fd "postgres.yml" --type f --exec cat {}

Length of output: 7496

spec/core/terraform_config/workload_spec.rb (1)

46-47: Verify sensitive data handling in test fixtures

The test includes sensitive-looking values like FAKE_PASSWORD. While these are test values, consider:

1. Using clearly marked test constants (e.g., TEST_PASSWORD_VALUE)
2. Adding test cases to verify sensitive values are properly handled (e.g., using Terraform variables instead of hardcoded values)

Also applies to: 341-342

✅ Verification successful

Let me analyze the test files further to understand the context and patterns of sensitive data handling.

---

Based on the analysis of the codebase, I can now provide a final response regarding the handling of sensitive data in test fixtures.

Test values are appropriately handled with clear test markers

The codebase already follows good practices for handling sensitive data in tests:

1. Test values are clearly marked with prefixes like FAKE_ (e.g., FAKE_PASSWORD, FAKE_AWS_ACCESS_KEY)
2. Sensitive values are consistently handled through Terraform configurations and Control Plane secrets
3. The test fixtures are isolated from production configurations and are only used for validating the secret handling logic

The test values in question are:

• Used only in test specs (spec/ directory)
• Clearly marked as non-production data
• Part of testing the proper handling of sensitive data through Control Plane's secret management

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential sensitive data patterns in test files
rg -i '(password|secret|key|token|credential).*=.*[^test_]' spec/

Length of output: 5265

---

Script:

#!/bin/bash
# Check for test constants and helper methods related to sensitive data
rg -A 5 "^(\s*(let|const|def)\s+|[A-Z_]+\s*=\s*)(test_|fake_|mock_)?(password|secret|key|token|credential)" spec/

# Check for terraform variable usage patterns
rg -A 3 "variable\s+.*password|secret|key|token|credential" .

Length of output: 108888

lib/core/terraform_config/dsl.rb (5)

22-22: Add raw parameter to argument method for enhanced flexibility

The addition of the raw parameter to the argument method allows for finer control over how hash arguments are formatted, accommodating raw hash arguments using Terraform DSL.

Ensure that existing calls to argument are reviewed to confirm they pass the correct value for the new raw parameter, preventing unintended formatting changes.

---

27-28: Conditional operator selection based on raw parameter

The operator between keys and values in a hash now depends on the raw parameter, using ": " when raw is true and " = " when false. This change ensures that hashes are formatted correctly according to the desired output.

---

38-49: Refactor tf_value method for improved value handling

Refactoring tf_value to delegate processing based on the value type enhances readability and maintainability. This change simplifies how different value types (strings, hashes, others) are handled.

---

65-65: Update expression? method to utilize EXPRESSION_PATTERN

Adjusting the expression? method to use the updated EXPRESSION_PATTERN ensures consistent and accurate detection of Terraform expressions within the DSL.

---

7-7: ⚠️ Potential issue

Ensure all references to locals are updated to local

The change from locals to local in EXPRESSION_PATTERN aligns with Terraform's syntax where local variables are accessed using local.<variable_name>. Please verify that any existing code using locals is updated accordingly to prevent any regressions.

You can run the following script to search for any occurrences of locals. in the codebase:

lib/command/terraform/generate.rb (4)

42-47: copy_workload_module method correctly copies the workload module

The copy_workload_module method properly copies the workload module from the source path to the Terraform directory, ensuring that all necessary Terraform modules are available for the configuration generation.

---

65-72: Refactoring provider configuration into required_cpln_provider enhances clarity

By encapsulating the creation of the required provider into the required_cpln_provider method, the code becomes cleaner and more maintainable. This improves readability and makes future modifications to the provider configuration easier to manage.

---

74-85: cleaned_terraform_app_dir method effectively manages the Terraform app directory

The cleaned_terraform_app_dir method correctly handles the creation and cleaning of the Terraform application directory. It ensures that the directory is within the allowed path and appropriately cleans existing directories before generating new configurations.

---

90-96: clean_terraform_app_dir correctly preserves .terraform.lock.hcl

The implementation of clean_terraform_app_dir ensures that the .terraform.lock.hcl file is preserved while other contents of the Terraform application directory are removed. This aligns with the requirement to maintain the lock file for consistent Terraform deployments.

lib/core/terraform_config/workload.rb (3)

117-122: Dynamic method definition for RAW_ARGS

The dynamic definition of methods for each spec in RAW_ARGS (excluding :containers) is a clever way to handle argument processing generically. This approach reduces code duplication and enhances maintainability.

---

1-124: Overall code structure is well-organized

The class Workload is well-structured, and the use of constants for key arrays improves code readability and maintainability. The methods are logically organized, and the code follows Ruby conventions.

---

94-94: ⚠️ Potential issue

Potential undefined method crush

The method crush is called on a Hash, but Hash does not have a built-in crush method in standard Ruby. If crush is not defined elsewhere in the codebase or provided by a gem, this will result in a NoMethodError.

Run the following script to verify whether the crush method is defined in the codebase:

✅ Verification successful

Let me gather more information about the implementation of the crush method in Hash class since that's what's being used in the code.

---

The crush method is properly defined and safe to use

The crush method is defined in lib/patches/hash.rb as a Hash extension. It's designed to recursively process hash values, removing nil values and creating a new hash with non-nil results. The method is properly implemented and available for use on Hash objects.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for the definition of the `crush` method.

# Test: Search for method definitions named `crush`. Expect: At least one definition.
rg --type ruby --pcre2 -A 2 -B 2 'def\s+crush'

Length of output: 616

---

Script:

#!/bin/bash
# Get the full implementation of crush method in Hash class
cat lib/patches/hash.rb

Length of output: 1142

lib/core/terraform_config/workload/main.tf (2)

37-37: Review the command execution logic in 'post_start' lifecycle hook.

The command at line 37 checks if ${container.value.post_start_command} is a file before executing it. If post_start_command is expected to be a command string rather than a file path, this check may not be appropriate.

Please ensure that the post_start_command variable is correctly handled. If it's a command, you might want to execute it directly without checking for file existence.

---

49-49: Review the command execution logic in 'pre_stop' lifecycle hook.

Similar to the previous comment, the command at line 49 checks for file existence before executing it. Verify that pre_stop_command is properly used.

Consider whether the file existence check is necessary, and adjust the command accordingly.

spec/core/terraform_config/generator_spec.rb (9)

53-62: Test Update for Multiple Terraform Configurations

The test now correctly reflects the generation of multiple Terraform configurations by using tf_configs instead of tf_config. The assertions for the count and filenames are appropriately updated.

---

93-102: Consistent Test Modification for Identity Templates

The identity template test is updated to handle multiple configurations using tf_configs. The changes are consistent with the updates in other template tests.

---

124-132: Secret Template Test Adjusted for tf_configs

The test for the secret template now utilizes tf_configs and checks for the correct filename and count, aligning with the new structure.

---

167-176: Policy Template Test Reflects Multiple Config Generation

The policy template test is updated to use tf_configs, ensuring it correctly handles and verifies multiple configuration files.

---

225-233: VolumeSet Template Test Updated for New Config Structure

Adjustments to the volumeset template test accommodate the shift to multiple configurations, using tf_configs and validating the expected filename.

---

256-531: Addition of Comprehensive Workload Template Test

A new context for the workload template is introduced, including a detailed template with multiple containers and specifications. The test thoroughly validates all aspects of the generated configurations.

---

427-432: Correct Verification of Multiple Generated Filenames

The test accurately expects and verifies the generation of multiple Terraform configuration files (main.tf, rails_envs.tf, postgres_envs.tf), ensuring the filenames match the expected list.

---

433-451: Local Variables for Environment Variables are Properly Tested

Local variables for rails_envs and postgres_envs are correctly generated and validated, ensuring environment variables are accurately captured.

---

452-531: Thorough Validation of Workload Configuration Properties

All properties of the main_tf_config, including options, local options, rollout options, security options, and load balancer settings, are comprehensively tested and validated in the workload template test.

[zzaakiirr]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 8

🧹 Outside diff range and nitpick comments (9)

lib/patches/hash.rb (1)

18-25: Add method documentation as previously suggested.

While the implementation is clean and includes type checking via respond_to?, it's still missing documentation that explains the method's purpose, behavior, and examples.

Add documentation block:

+  # Recursively removes nil and empty values from a hash structure.
+  # @example
+  #   { a: nil, b: { c: [], d: 1 } }.crush
+  #   # => { b: { d: 1 } }
+  # @return [Hash, nil] Returns nil if the resulting hash would be empty
   def crush

spec/core/terraform_config/local_variable_spec.rb (2)

8-43: Consider adding more edge cases to strengthen test coverage.

The current test cases effectively cover basic validation scenarios. Consider adding tests for:

• Variables with special characters (besides hyphens)
• Variables starting with numbers
• Reserved Terraform keywords
• Very long variable names

Example additional test case:

context "when variable names contain special characters" do
  let(:variables) do
    {
      "valid_var": 1,
      "invalid@var": 2,
      "invalid$var": 3
    }
  end

  it "raises an ArgumentError with invalid names" do
    expect { config }.to raise_error(ArgumentError, /Invalid variable names: invalid@var, invalid\$var/)
  end
end

---

44-78: Consider adding tests for more complex Terraform configurations.

The current test effectively covers basic variable types and formatting. Consider adding tests for:

• Nested hash structures
• Arrays/lists
• Boolean values
• Null values
• Terraform functions (e.g., templatefile(), concat())
• Escape sequences in strings

Example additional test case:

context "with complex variable types" do
  let(:variables) do
    {
      nested_hash: {
        level1: {
          level2: "value",
          array: ["item1", "item2"]
        }
      },
      bool_var: true,
      null_var: nil,
      func_var: 'templatefile("${path.module}/template.tpl", { name = var.name })'
    }
  end

  it "generates correct complex config" do
    expect(generated).to include('nested_hash = {')
    expect(generated).to include('bool_var = true')
    expect(generated).to include('null_var = null')
    expect(generated).to include('func_var = templatefile(')
  end
end

spec/patches/hash_spec.rb (2)

74-111: Consider adding tests for additional edge cases.

The test coverage is good but could be enhanced by adding tests for:

1. Deep nested structures (to verify stack safety)
2. Large data structures (to verify performance)
3. Custom objects that respond to crush

Example test case for deep nesting:

it "handles deeply nested structures without stack overflow" do
  deep_hash = 100.times.reduce({}) { |h, i| { "key#{i}": h } }
  expect { deep_hash.crush }.not_to raise_error
end

---

100-102: Consider using more descriptive variable names in complex test cases.

While the test is correct, readability could be improved by using more descriptive variable names that indicate the structure being tested.

-  expect({ a: [{ b: nil, c: 2 }, { d: nil }], e: 4 }.crush).to eq({ a: [{ c: 2 }], e: 4 })
+  nested_array_hash = {
+    items: [
+      { empty_value: nil, valid_value: 2 },
+      { another_empty: nil }
+    ],
+    total: 4
+  }
+  expected_result = {
+    items: [{ valid_value: 2 }],
+    total: 4
+  }
+  expect(nested_array_hash.crush).to eq(expected_result)

lib/core/terraform_config/generator.rb (1)

107-136: Consider extracting transformation logic for better clarity.

While the implementation is solid, the location and filesystem_group_id transformations could be made more explicit by extracting them into helper methods.

Example refactor:

 def workload_spec_params # rubocop:disable Metrics/MethodLength
   WORKLOAD_SPEC_KEYS.to_h do |key|
     arg_name =
       case key
       when :default_options then :options
       when :firewall_config then :firewall_spec
       else key
       end

     value = template.dig(:spec, key)

     if value
       case key
-      when :local_options
-        value[:location] = value.delete(:location).split("/").last
-      when :security_options
-        value[:file_system_group_id] = value.delete(:filesystem_group_id)
+      when :local_options then transform_local_options(value)
+      when :security_options then transform_security_options(value)
       end
     end

     [arg_name, value]
   end
 end

+private
+
+def transform_local_options(options)
+  options[:location] = options.delete(:location).split("/").last
+end
+
+def transform_security_options(options)
+  options[:file_system_group_id] = options.delete(:filesystem_group_id)
+end

spec/core/terraform_config/workload_spec.rb (2)

24-409: Add test coverage for error scenarios

The test suite lacks coverage for error scenarios. Consider adding tests for:

• Invalid configuration values
• Missing required fields
• Type mismatches

Example:

context "with invalid configuration" do
  let(:type) { "invalid_type" }
  
  it "raises an error" do
    expect { generated }.to raise_error(
      TerraformConfig::InvalidWorkloadType,
      /Invalid workload type: invalid_type/
    )
  end
end

---

1-522: Extract common values into constants

Consider extracting frequently used values into constants for better maintainability and to avoid magic numbers/strings.

Example:

# At the top of the file
module TestConstants
  CPU_LIMIT = "500m"
  MEMORY_LIMIT = "512Mi"
  PROBE_DEFAULTS = {
    failure_threshold: 1,
    initial_delay_seconds: 10,
    period_seconds: 10,
    success_threshold: 1,
    timeout_seconds: 1
  }.freeze
end

spec/core/terraform_config/generator_spec.rb (1)

424-531: Consider adding test cases for error scenarios.

The test suite thoroughly covers the happy path but lacks tests for error scenarios. Consider adding test cases for:

• Invalid container configurations
• Missing required fields
• Invalid autoscaling values
• Conflicting load balancer configurations

Would you like me to help generate test cases for these error scenarios?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 77e6f2d and 210453a.

📒 Files selected for processing (12)

• lib/core/terraform_config/generator.rb (5 hunks)
• lib/core/terraform_config/local_variable.rb (1 hunks)
• lib/core/terraform_config/workload.rb (1 hunks)
• lib/core/terraform_config/workload/main.tf (1 hunks)
• lib/core/terraform_config/workload/variables.tf (1 hunks)
• lib/patches/array.rb (1 hunks)
• lib/patches/hash.rb (1 hunks)
• spec/core/terraform_config/generator_spec.rb (6 hunks)
• spec/core/terraform_config/local_variable_spec.rb (1 hunks)
• spec/core/terraform_config/workload_spec.rb (1 hunks)
• spec/patches/array_spec.rb (1 hunks)
• spec/patches/hash_spec.rb (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• lib/core/terraform_config/workload/main.tf
• lib/patches/array.rb
• spec/patches/array_spec.rb

🧰 Additional context used

📓 Learnings (3)

lib/core/terraform_config/generator.rb (3)

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#240
File: lib/core/terraform_config/generator.rb:4-17
Timestamp: 2024-11-01T13:11:40.060Z
Learning: In the `control-plane-flow` project, it's acceptable to disable RuboCop rules such as `Metrics/ClassLength` when necessary.

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#236
File: lib/core/terraform_config/policy.rb:4-4
Timestamp: 2024-10-16T09:35:47.327Z
Learning: Disabling Rubocop rules is acceptable when refactoring can be done later.

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#236
File: lib/core/terraform_config/generator.rb:0-0
Timestamp: 2024-10-16T10:22:35.973Z
Learning: In `lib/core/terraform_config/generator.rb`, prefer to keep methods like `gvc_config` as-is even if they exceed RuboCop's `Metrics/MethodLength` limit, rather than extracting separate methods that simply gather attributes to initialize an object. It's acceptable to disable the RuboCop rule in such cases.

lib/core/terraform_config/workload.rb (2)

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#240
File: lib/core/terraform_config/workload.rb:27-43
Timestamp: 2024-11-01T11:40:18.033Z
Learning: In `lib/core/terraform_config/workload.rb`, the `initialize` method in the `TerraformConfig::Workload` class needs to support all parameters to build any workload type. Refactoring to reduce the number of parameters is not desired.

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#240
File: lib/core/terraform_config/workload.rb:83-83
Timestamp: 2024-11-01T11:41:55.770Z
Learning: In Ruby 3.2.2, `nil.to_h` returns `{}`, so it's safe to call `to_h` on `nil` without using safe navigation operators, as seen in `lib/core/terraform_config/workload.rb`.

lib/core/terraform_config/workload/variables.tf (1)

Learnt from: zzaakiirr
PR: shakacode/control-plane-flow#240
File: lib/core/terraform_config/workload/variables.tf:5-5
Timestamp: 2024-11-01T11:44:15.154Z
Learning: In the Terraform configuration for the ControlPlane provider, specifically in the file `lib/core/terraform_config/workload/variables.tf`, the `command` field in the `containers` variable should be of type `string`, not `list(string)`, as per the ControlPlane Terraform provider documentation.

🔇 Additional comments (20)

lib/core/terraform_config/local_variable.rb (3)

1-6: LGTM! Well-structured class definition with proper constant.

The class is correctly defined with appropriate inheritance and a well-crafted regex constant for variable name validation.

---

7-14: LGTM! Constructor implements suggested input validation.

The constructor is well-implemented with proper variable handling and validation as suggested in the previous review.

---

16-22: Verify value types for Terraform compatibility.

While the generation logic is correct, consider validating that the values are compatible with Terraform's type system to prevent runtime errors.

lib/patches/hash.rb (1)

18-25: Consider handling circular references.

The current implementation might enter an infinite loop when processing circular references in nested structures. This could be relevant when processing complex Terraform configurations.

Let's verify if circular references are possible in the codebase:

Consider adding cycle detection:

   def crush
+    @visited ||= Set.new
+    return nil if @visited.include?(self.object_id)
+    @visited.add(self.object_id)
     crushed = each_with_object({}) do |(key, value), hash|
       crushed_value = value.respond_to?(:crush) ? value.crush : value
       hash[key] = crushed_value unless crushed_value.nil?
     end
+    @visited.delete(self.object_id)
     crushed unless crushed.empty?
   end

spec/core/terraform_config/local_variable_spec.rb (1)

1-7: LGTM! Well-structured test setup.

The file follows Ruby and RSpec best practices with proper requires and test structure setup.

spec/patches/hash_spec.rb (2)

74-111: Well-structured test suite!

The test suite is well-organized with a logical progression from simple to complex scenarios, providing comprehensive coverage of the crush functionality.

---

74-111: Verify test coverage and consistency.

Let's ensure comprehensive test coverage and consistent testing patterns across the codebase.

✅ Verification successful

Tests are well-structured and consistent with implementation

The test coverage is comprehensive and aligns perfectly with both Hash and Array implementations:

• Hash and Array both implement crush with consistent behavior
• Tests cover all edge cases: empty collections, nil values, nested structures
• Implementation and test patterns are consistent across both classes
• The test suite demonstrates proper handling of recursive crushing through nested structures

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check test coverage and similar test patterns

# Test 1: Find the implementation file
echo "Looking for the implementation file..."
fd --type f --glob "**/patches/hash.rb"

# Test 2: Check for similar test patterns in other spec files
echo -e "\nChecking for similar test patterns..."
rg -l "describe.*#crush" "spec/"

# Test 3: Look for other hash extension tests
echo -e "\nChecking for other hash extension tests..."
rg "describe Hash do" "spec/"

Length of output: 479

---

Script:

#!/bin/bash
# Let's check the implementation and array crush implementation for consistency

# Check the hash implementation
echo "Hash implementation:"
rg -A 10 "def crush" --type ruby

# Check array implementation and its tests
echo -e "\nArray implementation and tests:"
rg -C 5 "crush" spec/patches/array_spec.rb

Length of output: 2333

lib/core/terraform_config/generator.rb (5)

4-17: LGTM! Well-structured constants for workload support.

The new WORKLOAD_SPEC_KEYS constant provides a clear contract for workload configurations, and the addition of 'workload' to SUPPORTED_TEMPLATE_KINDS is appropriate.

---

29-30: LGTM! Clear implementation for multiple config files.

---

41-50: LGTM! Clear and consistent filename generation strategy.

The method appropriately handles workload-specific naming while maintaining backward compatibility for other types.

---

52-54: LGTM! Good use of memoization.

The implementation optimizes performance by caching the config instance.

---

166-171: LGTM! Consistent identity link processing.

The method follows the established pattern for link processing and properly handles the optional nature of the identity link.

lib/core/terraform_config/workload/variables.tf (4)

1-104: LGTM! Well-structured container configuration.

The container variable definition is comprehensive and follows best practices:

• Appropriate use of optional fields with defaults where needed
• Correct type for command field as per ControlPlane provider requirements
• Well-structured health check probe configurations

---

106-138: LGTM! Appropriate configuration for basic workload properties.

The basic workload properties are well-defined with:

• Required fields (type, gvc, name) correctly marked as required
• Optional fields with appropriate defaults
• Proper type definitions

---

183-272: LGTM! Well-structured deployment configurations.

The deployment-related configurations (rollout, security, firewall, load balancer, and job) are well-defined with:

• Appropriate optional fields and defaults
• Comprehensive firewall specifications
• Well-structured load balancer configuration
• Proper job scheduling parameters

---

232-232: ⚠️ Potential issue

Change enabled type to bool in load_balancer.direct

This issue was previously identified and acknowledged. The enabled field should be of type bool instead of number to properly represent a boolean value.

Apply this diff to fix the type:

-            enabled = number
+            enabled = bool

spec/core/terraform_config/generator_spec.rb (2)

Line range hint 53-254: LGTM! Well-structured test refactoring.

The changes consistently update the test cases to handle multiple configurations while maintaining good test practices:

• Clear expectations for configuration count
• Explicit filename verification
• Strong type checking

---

256-531: LGTM! Comprehensive test coverage for workload configurations.

The new workload test case provides thorough coverage of:

• Multiple container configurations
• Environment variables handling
• Security and firewall settings
• Load balancer configurations
• Autoscaling options

lib/core/terraform_config/workload.rb (2)

81-89: Efficient handling of container environment variables

The locals method effectively processes container environment variables into Terraform local variables. This approach enhances modularity and keeps the Terraform configuration clean.

---

67-79: Well-structured to_tf method for Terraform module generation

The to_tf method cleanly constructs the Terraform module block, utilizing dynamic argument handling. The use of RAW_ARGS.each streamlines the code and maintains flexibility.

[rafaelgomesxyz]

LGTM