-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude config vars from Heroku Addons in App config_vars
attribute
#25
Conversation
} | ||
|
||
// get addons, and grab any ENV vars that they add, to remove from the | ||
// configVarsValue map |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's quite clever 👍
Computed: true, | ||
Deprecated: "Please reference config_vars instead", | ||
Type: schema.TypeMap, | ||
Computed: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😭 but we're fortunate that the deprecation is not actually visible anywhere (b/c it's computed-only field) so this is practically no-op 😅
@catsby I've test this and it works! However there's one major change. Now, any additional config variables added outside of Terraform are removed. For instance, a Rails app with Sidekiq might change /cc @banks |
Hey @danp can you or @wchrisjohnson review this? I'm curious now if #17 was based on bad assumptions. Normally Terraform wants the configuration to be the source of truth but as this PR here demonstrates, that over steps some operational/features of Heroku such as adding env vars by Addons. What do you think? |
@justincampbell can you educate me a bit on when this happens? The Rail app does this while running? Maybe #17 should just be reverted 🤔 |
I have identified a few issues with this - environment variables created by addon attachments (from addons that are created on other apps) and labs features (like I like this code change otherwise, Terraform should manage all other environment variables (Rails apps can change environment variables, but it's debatable whether they should) |
There's not a way to make this work with attachments (type A possible workaround (I love this code and would rather have it than not) is to create a whitelist of variables that the user allows Heroku to manage. That would be better than the status quo of Terraform not "fixing" manually configured variables. EDIT: to be clear, as it currently stands we could not use this code since we use addon attachments between applications, and we also use labs features. It doesn't fix the broken functionality introduced in #17 for us. |
@catsby No, it's not the app changing the setting, it's an operator. I think these PRs are good, will just require a minor workflow change where we were treating some env vars as "runtime tuning" instead of "managed infrastructure settings". Another example would be Would love to see this merged/released. |
I like this. Maybe it could look like: config_vars {
FOO = "123"
BAR = "456"
}
ignored_config_vars = [
# runtime-dyno-metadata
"HEROKU_APP_ID",
"HEROKU_APP_NAME",
"HEROKU_DYNO_ID",
"HEROKU_RELEASE_CREATED_AT",
"HEROKU_RELEASE_VERSION",
"HEROKU_SLUG_COMMIT",
"HEROKU_SLUG_DESCRIPTION",
] |
Speaking purely from ignorance since I haven't contributed here yet (just a user), I wonder if this 'ignored_config_vars' idea will be useful upstream later? I'm sure Azure App Service/Elastic Beanstalk will auto-set DATABASE_URL etc in the future as they continue to polish their platforms. |
It's worth noting that I got in contact with Heroku support about this and they don't seem to recognise it as an issue, so we shouldn't expect these variables to be exposed any time soon. @catsby, we should probably go ahead with a whitelist in addition to your current work, do you have time to implement it? If not I'm happy to fork and continue your work, I'm not much of a developer but I really would like this feature! |
I'm currently on the fence about adding |
The ignored_vars list seems like a good way forward, but I'll think about it some more. Overall the handling of variables does seem better with this change. |
I did get some more out of Heroku - they pointed out that all Features create variables in the On Addon Attachments, there is a way of getting the |
I think there is some confusion here. The Haven't had a chance to read this over fully but not sure about having to list ignored config. |
I have not yet seen #17 made Terraform's handling of env vars relevant to the app more strict, but that caused a problem with add-ons like Heroku Postgres et. al. because they add @JamesBelchamber can you expand on this some?
I see this now.. this could be handled with an Thoughts? |
Turn on an app feature like The old way isn't great because it doesn't really manage the resource, it just applies some config to it and keeps that in check. So if, say, I had the Kafka addon, and someone added the It would be better for Heroku to tell us all the variables being created by things other than Terraform, but I don't know what the appetite is for Terraform to rely on unpublished API features and a built-in whitelist of the variables created by app features (or generally ignoring the |
@JamesBelchamber yeah, that makes a lot of sense now. I'll see what an |
Another thing that could be interesting is to allow Terraform to ensure that certain env vars are present on an app, ie. by allowing That would ensure that if someone accidentally or intentionally deletes an environment variable which is required for the app then Terraform would catch that and warn the developer about that. Otherwise I like the idea of |
@catsby Any progress on this? The current release is broken so it would be good to get this out there 😅 |
I spoke with @catsby and I'll be picking this up. I'll update this PR or open a new one with the |
I apologize for dropping the ball here. Thank you @justincampbell for picking it up! |
Reworking this
We're proposing to revert the changes instead, please see #36 and let us know what you think |
In #17 we modified
heroku_app
to read all config vars into it'sconfig_vars
attribute. Unfortunately this includes config vars added by external services such as Heroku Addons, and as a result users would see a diff onterraform plan
where Terraform wanted to remove config vars added by AddOns.Here we query the Heroku API for the app's attached addons and gather a list of the config vars added by them, and then filter those out from the map that we use to set
config_vars
on the app resource.Fixes https://github.com/terraform-providers/terraform-provider-heroku/issues/24 , includes regression test
TestAccHerokuApp_AllConfigVars
which will fail on current master branch.cc @justincampbell
Test runs: