Merge pull request #11 from masterpointio/fix/upstream-customizations

fix: support TF default workspace, more attributes + fix drift detection schedule

examples/complete/components/random-pet/stacks/common.yaml

@@ -1,3 +1,5 @@
 stack_settings:
   manage_state: true
   description: This stack generates random pet names
+  labels:
+    - common_label

examples/complete/components/random-pet/stacks/example.yaml

@@ -1,2 +1,5 @@
 stack_settings:
   manage_state: true
+  labels:
+    - stack_specific_label
+default_tf_workspace_enabled: true

examples/complete/components/spacelift-automation/stacks/example.yaml

@@ -2,3 +2,4 @@ stack_settings:
   description: This Automation stack is used for Masterpoint's testing purposes
   labels:
     - stack_specific_label
+  drift_detection_enabled: true

main.tf

@@ -102,7 +102,10 @@ locals {
       {
         "project_root"        = replace(format("%s/%s", var.root_modules_path, module), "../", "")
         "root_module"         = module,
-        "terraform_workspace" = trimsuffix(file, ".yaml"),
+        "terraform_workspace" = try(content.default_tf_workspace_enabled, var.default_tf_workspace_enabled) ? "default" : trimsuffix(file, ".yaml"),
+        # `yaml` is intentionally used here as we require Stack and `tfvars` config files to be named equally
+        # TODO: Add tests to ensure that the `tfvars` file is named the same as the Stack config file
+        "tfvars_file_name" = trimsuffix(file, ".yaml"),
       },
       content
     ) if file != var.common_config_file
@@ -183,7 +186,7 @@ locals {
 
   _folder_labels = {
     for stack in local.stacks : stack => [
-      "folder:${local.configs[stack].root_module}/${local.configs[stack].terraform_workspace}"
+      "folder:${local.configs[stack].root_module}/${local.configs[stack].tfvars_file_name}"
     ]
   }
 
@@ -214,7 +217,7 @@ locals {
       # This command is required for each stack.
       # It copies the tfvars file from the stack's workspace to the root module's directory
       # and renames it to `spacelift.auto.tfvars` to automatically load variable definitions for each run/task.
-      ["cp tfvars/${local.configs[stack].terraform_workspace}.tfvars spacelift.auto.tfvars"],
+      ["cp tfvars/${local.configs[stack].tfvars_file_name}.tfvars spacelift.auto.tfvars"],
     )) if try(local.configs[stack].tfvars.enabled, true)
   }
 }
@@ -234,43 +237,58 @@ module "deep" {
 resource "spacelift_stack" "default" {
   for_each = local.stacks
 
-  space_id                     = coalesce(try(local.stack_configs[each.key].space_id, null), var.space_id)
-  name                         = each.key
-  administrative               = coalesce(try(local.stack_configs[each.key].administrative, null), var.administrative)
-  after_apply                  = compact(concat(try(local.stack_configs[each.key].after_apply, []), var.after_apply))
-  after_destroy                = compact(concat(try(local.stack_configs[each.key].after_destroy, []), var.after_destroy))
-  after_init                   = compact(concat(try(local.stack_configs[each.key].after_init, []), var.after_init))
-  after_perform                = compact(concat(try(local.stack_configs[each.key].after_perform, []), var.after_perform))
-  after_plan                   = compact(concat(try(local.stack_configs[each.key].after_plan, []), var.after_plan))
-  autodeploy                   = coalesce(try(local.stack_configs[each.key].autodeploy, null), var.autodeploy)
-  autoretry                    = try(local.stack_configs[each.key].autoretry, var.autoretry)
-  before_apply                 = compact(coalesce(try(local.stack_configs[each.key].before_apply, []), var.before_apply))
-  before_destroy               = compact(coalesce(try(local.stack_configs[each.key].before_destroy, []), var.before_destroy))
-  before_init                  = compact(coalesce(try(local.before_init[each.key], []), var.before_init))
-  before_perform               = compact(coalesce(try(local.stack_configs[each.key].before_perform, []), var.before_perform))
-  before_plan                  = compact(coalesce(try(local.stack_configs[each.key].before_plan, []), var.before_plan))
-  description                  = coalesce(try(local.stack_configs[each.key].description, null), var.description)
-  repository                   = try(local.stack_configs[each.key].repository, var.repository)
-  branch                       = try(local.stack_configs[each.key].branch, var.branch)
-  project_root                 = local.configs[each.key].project_root
-  manage_state                 = try(local.stack_configs[each.key].manage_state, var.manage_state)
-  labels                       = local.labels[each.key]
-  enable_local_preview         = try(local.stack_configs[each.key].enable_local_preview, var.enable_local_preview)
-  terraform_smart_sanitization = try(local.stack_configs[each.key].terraform_smart_sanitization, var.terraform_smart_sanitization)
-  terraform_version            = try(local.stack_configs[each.key].terraform_version, var.terraform_version)
-  terraform_workflow_tool      = var.terraform_workflow_tool
-  terraform_workspace          = local.configs[each.key].terraform_workspace
-
-  protect_from_deletion = try(local.stack_configs[each.key].protect_from_deletion, var.protect_from_deletion)
-
-  worker_pool_id = try(local.stack_configs[each.key].worker_pool_id, var.worker_pool_id)
+  administrative                   = coalesce(try(local.stack_configs[each.key].administrative, null), var.administrative)
+  after_apply                      = compact(concat(try(local.stack_configs[each.key].after_apply, []), var.after_apply))
+  after_destroy                    = compact(concat(try(local.stack_configs[each.key].after_destroy, []), var.after_destroy))
+  after_init                       = compact(concat(try(local.stack_configs[each.key].after_init, []), var.after_init))
+  after_perform                    = compact(concat(try(local.stack_configs[each.key].after_perform, []), var.after_perform))
+  after_plan                       = compact(concat(try(local.stack_configs[each.key].after_plan, []), var.after_plan))
+  autodeploy                       = coalesce(try(local.stack_configs[each.key].autodeploy, null), var.autodeploy)
+  autoretry                        = try(local.stack_configs[each.key].autoretry, var.autoretry)
+  before_apply                     = compact(coalesce(try(local.stack_configs[each.key].before_apply, []), var.before_apply))
+  before_destroy                   = compact(coalesce(try(local.stack_configs[each.key].before_destroy, []), var.before_destroy))
+  before_init                      = compact(coalesce(try(local.before_init[each.key], []), var.before_init))
+  before_perform                   = compact(coalesce(try(local.stack_configs[each.key].before_perform, []), var.before_perform))
+  before_plan                      = compact(coalesce(try(local.stack_configs[each.key].before_plan, []), var.before_plan))
+  branch                           = try(local.stack_configs[each.key].branch, var.branch)
+  description                      = coalesce(try(local.stack_configs[each.key].description, null), var.description)
+  enable_local_preview             = try(local.stack_configs[each.key].enable_local_preview, var.enable_local_preview)
+  enable_well_known_secret_masking = try(local.stack_configs[each.key].enable_well_known_secret_masking, var.enable_well_known_secret_masking)
+  github_action_deploy             = try(local.stack_configs[each.key].github_action_deploy, var.github_action_deploy)
+  labels                           = local.labels[each.key]
+  manage_state                     = try(local.stack_configs[each.key].manage_state, var.manage_state)
+  name                             = each.key
+  project_root                     = local.configs[each.key].project_root
+  protect_from_deletion            = try(local.stack_configs[each.key].protect_from_deletion, var.protect_from_deletion)
+  repository                       = try(local.stack_configs[each.key].repository, var.repository)
+  space_id                         = coalesce(try(local.stack_configs[each.key].space_id, null), var.space_id)
+  terraform_smart_sanitization     = try(local.stack_configs[each.key].terraform_smart_sanitization, var.terraform_smart_sanitization)
+  terraform_version                = try(local.stack_configs[each.key].terraform_version, var.terraform_version)
+  terraform_workflow_tool          = var.terraform_workflow_tool
+  terraform_workspace              = local.configs[each.key].terraform_workspace
+  worker_pool_id                   = try(local.stack_configs[each.key].worker_pool_id, var.worker_pool_id)
 
   dynamic "github_enterprise" {
     for_each = var.github_enterprise != null ? [var.github_enterprise] : []
     content {
       namespace = github_enterprise.value["namespace"]
     }
   }
+
+  lifecycle {
+    # Expected `tfvars` file exists
+    precondition {
+      condition     = fileexists("${local.configs[each.key].project_root}/tfvars/${local.configs[each.key].tfvars_file_name}.tfvars")
+      error_message = <<-EOT
+      The required .tfvars file is missing for stack "${each.key}".
+
+      Expected location:
+      "${local.configs[each.key].project_root}/tfvars/${local.configs[each.key].tfvars_file_name}.tfvars"
+
+      Ensure that the specified .tfvars file exists in the expected path and try again.
+      EOT
+    }
+  }
 }
 
 # The Spacelift Destructor is a feature designed to automatically clean up the resources no longer managed by our IaC.
@@ -318,7 +336,7 @@ resource "spacelift_drift_detection" "default" {
 
   lifecycle {
     precondition {
-      condition     = can(regex("^([0-9,\\-\\*]+\\s+){4}[0-9,\\-\\*]+$", try(local.stack_configs[each.key].drift_detection_schedule, var.drift_detection_schedule)))
+      condition     = alltrue([for schedule in try(local.stack_configs[each.key].drift_detection_schedule, var.drift_detection_schedule) : can(regex("^([0-9,\\-\\*]+\\s+){4}[0-9,\\-\\*]+$", schedule))])
       error_message = "Invalid cron schedule format for drift detection"
     }
   }

outputs.tf

@@ -0,0 +1,14 @@
+output "spacelift_stacks" {
+  description = <<-EOT
+  A map of Spacelift stacks with selected attributes.
+  To reduce the risk of accidentally exporting sensitive data, only a subset of attributes is exported.
+  EOT
+  value = {
+    for name, stack in spacelift_stack.default : name => {
+      id             = stack.id
+      labels         = stack.labels
+      autodeploy     = stack.autodeploy
+      administrative = stack.administrative
+    }
+  }
+}

variables.tf

@@ -165,6 +165,18 @@ variable "before_plan" {
   default     = []
 }
 
+variable "default_tf_workspace_enabled" {
+  type        = bool
+  default     = false
+  description = <<-EOT
+  Enables the use of `default` Terraform workspace instead of managing multiple workspaces within a root module.
+
+  NOTE: We encourage the use of Terraform workspaces to manage multiple environments.
+  However, you will want to disable this behavior if you're utilizing different backends for each instance
+  of your root modules (we call this "Dynamic Backends").
+  EOT
+}
+
 variable "description" {
   type        = string
   description = "Description of the stack"
@@ -214,8 +226,20 @@ variable "enable_local_preview" {
   type        = bool
   description = "Indicates whether local preview runs can be triggered on this Stack."
   default     = false
+}
 
+variable "enable_well_known_secret_masking" {
+  type        = bool
+  description = "Indicates whether well-known secret masking is enabled."
+  default     = true
 }
+
+variable "github_action_deploy" {
+  type        = bool
+  description = "Indicates whether GitHub users can deploy from the Checks API."
+  default     = true
+}
+
 variable "manage_state" {
   type        = bool
   description = "Determines if Spacelift should manage state for this stack."