From 846c7611c8ad3b0551ebd772c972d411a1b5fa95 Mon Sep 17 00:00:00 2001 From: d33bs Date: Wed, 10 Apr 2024 16:45:46 -0600 Subject: [PATCH 1/2] use variable slice to limit svc account chars --- .../terraform/operations/accounts.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf index 2b16f60..398e083 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf @@ -1,7 +1,10 @@ # tf account creation and related work # Create a new service account resource "google_service_account" "service_account" { - account_id = "${var.initiative_label}-svc-account" + # note: template may have truncated the project name due to character limits + # for Google service accounts. See the following for more information: + # https://cloud.google.com/iam/docs/service-accounts-create#creating + account_id = "{{ cookiecutter.project_name[:21] }}-svc-acct" } #Create a service-account key for the associated service account From 4581607d9964faf6c932d690cdde8e2b3c6b81ed Mon Sep 17 00:00:00 2001 From: d33bs Date: Thu, 11 Apr 2024 12:39:04 -0600 Subject: [PATCH 2/2] add cookiecutter and tf input validation Co-Authored-By: Faisal Alquaddoomi --- hooks/pre_gen_project.py | 30 +++++++++++++++++++ .../terraform/operations/accounts.tf | 5 +--- .../terraform/operations/variables.tf | 12 ++++++++ .../terraform/state-management/variables.tf | 12 ++++++++ 4 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 hooks/pre_gen_project.py diff --git a/hooks/pre_gen_project.py b/hooks/pre_gen_project.py new file mode 100644 index 0000000..f7f1ffe --- /dev/null +++ b/hooks/pre_gen_project.py @@ -0,0 +1,30 @@ +""" +Hook for checking values from cookiecutter variables before generating the project. +See the following for more information: +https://cookiecutter.readthedocs.io/en/1.7.0/advanced/hooks.html +""" + +import sys + +project_name = "{{ cookiecutter.project_name }}" +project_gc_project = "{{ cookiecutter.project_gc_project }}" + +# checking for proper length of the project name +# note: we provide the limitation here based on constraints +# for Google service accounts and how the variable is used within template. +# See the following for more information: +# https://cloud.google.com/iam/docs/service-accounts-create#creating +if not 6 <= len(project_name) <= 21: + print( + "ERROR: %s Please use a project name of length 6-21 characters!" % project_name + ) + sys.exit(1) + +# limitation for google project names +# see the following for more information: +# https://cloud.google.com/resource-manager/docs/creating-managing-projects +if not 4 <= len(project_gc_project) <= 30: + print( + "ERROR: %s Please use a Google project name of length 4-30 characters!" % project_name + ) + sys.exit(1) diff --git a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf index 398e083..7b0dadc 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf @@ -1,10 +1,7 @@ # tf account creation and related work # Create a new service account resource "google_service_account" "service_account" { - # note: template may have truncated the project name due to character limits - # for Google service accounts. See the following for more information: - # https://cloud.google.com/iam/docs/service-accounts-create#creating - account_id = "{{ cookiecutter.project_name[:21] }}-svc-acct" + account_id = "${var.initiative_label}-svc-acct" } #Create a service-account key for the associated service account diff --git a/{{ cookiecutter.project_name }}/terraform/operations/variables.tf b/{{ cookiecutter.project_name }}/terraform/operations/variables.tf index 3e8e9b1..61894ca 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/variables.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/variables.tf @@ -2,6 +2,10 @@ variable "project" { description = "Google Cloud project to create the related resources in." type = string + validation { + condition = length(var.project) >= 4 && length(var.project) <= 30 + error_message = "Project name must be between 4 and 30 characters." + } } variable "region" { @@ -12,9 +16,17 @@ variable "region" { variable "bucket_name" { description = "Name for the bucket being created." type = string + validation { + condition = length(var.bucket_name) >= 3 && length(var.bucket_name) <= 63 + error_message = "Bucket name must be between 3 and 63 characters." + } } variable "initiative_label" { description = "Label for specific initiative useful for differentiating between various resources." type = string + validation { + condition = length(var.initiative_label) >= 6 && length(var.initiative_label) <= 21 + error_message = "Initiative label must be between 6 and 23 characters." + } } diff --git a/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf b/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf index 3e8e9b1..61894ca 100644 --- a/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf +++ b/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf @@ -2,6 +2,10 @@ variable "project" { description = "Google Cloud project to create the related resources in." type = string + validation { + condition = length(var.project) >= 4 && length(var.project) <= 30 + error_message = "Project name must be between 4 and 30 characters." + } } variable "region" { @@ -12,9 +16,17 @@ variable "region" { variable "bucket_name" { description = "Name for the bucket being created." type = string + validation { + condition = length(var.bucket_name) >= 3 && length(var.bucket_name) <= 63 + error_message = "Bucket name must be between 3 and 63 characters." + } } variable "initiative_label" { description = "Label for specific initiative useful for differentiating between various resources." type = string + validation { + condition = length(var.initiative_label) >= 6 && length(var.initiative_label) <= 21 + error_message = "Initiative label must be between 6 and 23 characters." + } }