feat: add dependency for the Gitlab variables and allow customization…

… for Gitlab Agent configuration file
sparkfabrik · Jul 4, 2024 · 6894b8e · 6894b8e
1 parent 47c729f
commit 6894b8e
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,13 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.2.0] - 2024-07-04
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/0.1.0...0.2.0)
+
+- Add dependency on the Gitlab variables to prevent their creation before the helm release.
+- Add the `gitlab_agent_append_to_config_file` variable to allow customizations to the agent configuration file keeping the access for the root namespace managed by the module.
+
 ## [0.1.0] - 2024-06-27
 
 - First release.
diff --git a/Makefile b/Makefile
@@ -1,3 +1,5 @@
+TERRAFORM_DOCS_VERSION ?= 0.18.0
+
 .PHONY: lint tfscan generate-docs
 
 lint:
@@ -10,4 +12,4 @@ generate-docs: lint
 	docker run --rm -u $$(id -u) \
 		--volume "$(PWD):/terraform-docs" \
 		-w /terraform-docs \
-		quay.io/terraform-docs/terraform-docs:0.16.0 markdown table --config .terraform-docs.yml --output-file README.md --output-mode inject .
+		quay.io/terraform-docs/terraform-docs:$(TERRAFORM_DOCS_VERSION) markdown table --config .terraform-docs.yml --output-file README.md --output-mode inject .
diff --git a/README.md b/README.md
@@ -50,6 +50,7 @@ provider "gitlab" {
 | <a name="input_agent_kas_address"></a> [agent\_kas\_address](#input\_agent\_kas\_address) | The address of the Gitlab Kubernetes Agent Server (KAS). | `string` | `"kas.gitlab.com"` | no |
 | <a name="input_agent_replicas"></a> [agent\_replicas](#input\_agent\_replicas) | The number of replicas of the Gitlab Agent. | `number` | `1` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Create namespace for the helm release. If false, the namespace must be created before using this module. | `bool` | `true` | no |
+| <a name="input_gitlab_agent_append_to_config_file"></a> [gitlab\_agent\_append\_to\_config\_file](#input\_gitlab\_agent\_append\_to\_config\_file) | Append the Gitlab Agent configuration to the configuration file created for the entire root namespace. This variable is only used when `gitlab_agent_grant_access_to_entire_root_namespace` is true. | `string` | `""` | no |
 | <a name="input_gitlab_agent_branch_name"></a> [gitlab\_agent\_branch\_name](#input\_gitlab\_agent\_branch\_name) | The branch name where the Gitlab Agent configuration will be stored. | `string` | `"main"` | no |
 | <a name="input_gitlab_agent_commmit_message"></a> [gitlab\_agent\_commmit\_message](#input\_gitlab\_agent\_commmit\_message) | The commit message to use when committing the Gitlab Agent configuration file. You can use the placeholder `{{gitlab_agent_name}}` to reference the Gitlab Agent name. | `string` | `"[CI] Add agent config file for {{gitlab_agent_name}}"` | no |
 | <a name="input_gitlab_agent_create_variables_in_root_namespace"></a> [gitlab\_agent\_create\_variables\_in\_root\_namespace](#input\_gitlab\_agent\_create\_variables\_in\_root\_namespace) | Create two Gitlab CI/CD variables in the root namespace useful to configure the Kubernetes context and use the Gitlab Agent. These variables are created in the root namespace of the project defined in `gitlab_project_path_with_namespace`, which is the project that hosts the Gitlab Agent configuration. | `bool` | `true` | no |
@@ -97,5 +98,4 @@ provider "gitlab" {
 
 No modules.
 
-
 <!-- END_TF_DOCS -->
diff --git a/files/config.yaml.tftpl b/files/config.yaml.tftpl
@@ -1,3 +1,7 @@
 ci_access:
   groups:
     - id: ${root_namespace}
+
+%{~ if trimspace(gitlab_agent_append_to_config_file) != "" }
+${gitlab_agent_append_to_config_file}
+%{~ endif ~}
diff --git a/main.tf b/main.tf
@@ -15,7 +15,7 @@ locals {
   k8s_gitlab_agent_token_secret_name_computed = replace(var.k8s_gitlab_agent_token_secret_name, "{{gitlab_agent_name}}", var.gitlab_agent_name)
 
   # Gitlab Agent configuration file
-  final_configuration_file_content = var.gitlab_agent_custom_config_file_content != "" ? var.gitlab_agent_custom_config_file_content : (var.gitlab_agent_grant_access_to_entire_root_namespace ? templatefile("${path.module}/files/config.yaml.tftpl", { root_namespace = data.gitlab_group.root_namespace.path }) : "")
+  final_configuration_file_content = var.gitlab_agent_custom_config_file_content != "" ? var.gitlab_agent_custom_config_file_content : (var.gitlab_agent_grant_access_to_entire_root_namespace ? templatefile("${path.module}/files/config.yaml.tftpl", { root_namespace = data.gitlab_group.root_namespace.path, gitlab_agent_append_to_config_file = var.gitlab_agent_append_to_config_file }) : "")
 
   # Gitlab Agent CI/CD variables
   gitlab_agent_kubernetes_context_variables = {
@@ -54,6 +54,12 @@ resource "gitlab_repository_file" "this" {
   file_path      = ".gitlab/agents/${gitlab_cluster_agent.this.name}/config.yaml"
   encoding       = "text"
   content        = local.final_configuration_file_content
+
+  # Force the creation of the file only after the creation of the helm release.
+  # This is to avoid the creation of the file before the creation of the agent.
+  depends_on = [
+    helm_release.this
+  ]
 }
 
 resource "gitlab_group_variable" "this" {
@@ -64,6 +70,12 @@ resource "gitlab_group_variable" "this" {
   value     = each.value
   protected = false
   masked    = false
+
+  # Force the creation of the variables only after the creation of the helm release.
+  # This is to avoid the use of the agent before the creation of the agent.
+  depends_on = [
+    helm_release.this
+  ]
 }
 
 # Kubernetes resources

diff --git a/variables.tf b/variables.tf
@@ -26,6 +26,13 @@ variable "gitlab_agent_grant_access_to_entire_root_namespace" {
   default     = true
 }
 
+variable "gitlab_agent_append_to_config_file" {
+  description = "Append the Gitlab Agent configuration to the configuration file created for the entire root namespace. This variable is only used when `gitlab_agent_grant_access_to_entire_root_namespace` is true."
+  type        = string
+  default     = ""
+
+}
+
 variable "gitlab_agent_custom_config_file_content" {
   description = "The content of the Gitlab Agent configuration file. If not provided and `gitlab_agent_grant_access_to_entire_root_namespace` is true, the default configuration file will be used and the root namespace will be granted access to the Gitlab Agent. If you set this variable, it takes precedence over `gitlab_agent_grant_access_to_entire_root_namespace`."
   type        = string