Add Building Block schedule for regularly re-running BB instances
M
Martin Meszaros
Hey,
it would be really useful to have a schedule feature that allows re-running building block instances. For example this would allow automatic, recurring rotations of secrets that are deployed by a BB without any additional infrastructure. Or this would make it possible to have BB instances automatically updated to the latest Terraform definition without further user interaction.
I could imagine an extra option in the BB definition to allow running BB instances on a schedule by defining a Cron schedule or something like that. This should apply to all existing BB instances.
Kind regards
Martin
Jelle den Burger
Thanks a lot for your feature request, Martin Meszaros! I would like to ask a follow-up question:
If we would support Workload Identity Federation for Building Blocks, would that eliminate your need for secret rotation? Or would you still require that?
M
Martin Meszaros
Hey Jelle den Burger,
this is more related to custom logic. Imagine am BB creating a service user for accessing an external service and storing those credentials in the scope of the ordering project (eg. Secrets Manager, Key Vault, Azure DevOps...). If those credentials are created and managed via a BB it would be easy to solve the rotation of those credentials by regularly re-running the BB instance. So the secrets don't necessarily have to do anything with MeshStack.
Maximilian Wipplinger
Jelle den Burger This would also be relevant for Building Blocks that sync rights and roles of users. To ensure that the state gets reconciled and roles adjusted if manual intervention changed them (which is possible for most tools sadly)(fixing state drift periodically)