Complex building block inputs for supporting inline Terraform objects
Felix
What I want to do:
The azurerm terraform provider allows to manage firewall_application_rule_collection (see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_application_rule_collection) with rules inlined.
It does not allow to manage rules outside of this single resource definition. This means managing firewall rules is not doable effectively with meshStack building blocks without the support for complex inputs. In this example, the input needs to be a list of firewall rules.
Jelle den Burger
I noticed some parallel feature requests in here that I have taken apart, feel free to add further insights to those :-)
https://meshcloud.canny.io/feature-requests/p/pick-display-name-for-options-in-single-select-building-block-input
https://meshcloud.canny.io/feature-requests/p/support-multi-select-for-building-block-inputs
J
Julia Rengshausen
I have a different but connected use case. I want users to be able to select tools that will be pre-installed into a VM. So I would need an option of "Select Multiple".
This might also be a solution for the firewall rules use case, at least if those firewall rules are pre-defined and the user only needs to select which one(s) they want.
Another thing that would be helpful with hiding some of the complexity from the user would be to not show the variable names and values directly (for single select and multiple select), but instead show a display name. So for example you pick the option "allow incoming traffic from port 22" and behind that the value of the variable is actually a terraform resource definition.
Felix
Julia Rengshausen: A similar use case to the "allow incoming traffic from port 22" example is making expected price behind different options transparent.
Example: VM T-shirt sizes:
- S (costs approximately 10€ per month)
- M (costs approximately 50€ per month)
- L (costs approximately 200€ per month)
So while it doesn't show prices on the catalog, this would help increase price transparency for app teams, which https://meshcloud.canny.io/feature-requests/p/show-cost-estimations-on-marketplace-catalog also aims for.
Jelle den Burger
I see the challenge at hand here indeed. One solution pattern we have discussed in the past is complex object inputs perhaps powered by a standard like JSON Schema. I will take this up with engineers and see what possibilities we have.
J
Johannes Rudolph
A few ideas here
- firewall ruleblocks as mentioned above can be created usingdynamicin TF, which opens a few possibilities for how to do model the input
- what will not go away that the "complex input" is effectively one or multiple objects of as specific format
- platform teams may want to restrict what rules are available to teams in self-service, so some limit of expressiveness is probably ok
- application teams will probably want to manage complex firewall rules outside of meshPanel UI using files checked in code, so maybe that's a use case better solved by the application team API (and TF provider) we are currently working on (see "Teams use IaC workflows with Building Blocks" on our public roadmap at https://www.meshcloud.io/en/product/)
Felix
Notice that in other cases, resources support both inline and standalone definitions. Example: Terraform currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet
This can be solved by modeling the standalone resource as a dedicated building block definition.