Add a first-time init script to initialize vars in shared cloud store#141
Add a first-time init script to initialize vars in shared cloud store#141
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
terraform/backend/configure.sh
Outdated
| set -e | ||
|
|
||
| # Find the tfvars blob. | ||
| STORAGE_ACCT=$(az storage account list --query "[?ends_with(name, 'rbctfvars')].name" --output tsv) |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| _CLEAN_PARTNER=$(echo $partner | sed 's/-//g' | awk '{print tolower($0)}') | ||
| STORAGE_ACCOUNT=$_CLEAN_PARTNER'rbctfvars' |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
|
||
| # Get the name of the current workspace. | ||
| # If the workspace is not default, we generate a suffix like `env:<workspace>`. | ||
| WORKSPACE=$(terraform workspace show) |
There was a problem hiding this comment.
Bug: The save-tfvars.sh script calls terraform workspace show before terraform init is run, which breaks the documented first-time setup workflow.
Severity: HIGH
Suggested Fix
Remove the WORKSPACE=$(terraform workspace show) command from save-tfvars.sh. The workspace name is already available from the filename of the tfvars file being processed, so this call is unnecessary for the script's logic.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: terraform/backend/save-tfvars.sh#L233
Potential issue: The `save-tfvars.sh` script is executed before `terraform init` during
the documented first-time setup workflow. However, the script calls `terraform workspace
show` on line 233. This command requires an initialized Terraform environment (a
`.terraform` directory), which is only created by `terraform init`. As a result, any
user following the setup instructions for the first time will encounter a runtime error,
breaking the onboarding process.
| VARS=$(echo "$CFG" | grep -E '^\s*(location|partner|subscription_id|tfvars_resource_group)\s*=' | sed 's/ *= */=/') | ||
| eval "$VARS" |
There was a problem hiding this comment.
Bug: The save-tfvars.sh script uses required variables like subscription_id and partner without first validating that they were present in the user's .tfvars file.
Severity: MEDIUM
Suggested Fix
Add validation checks for the subscription_id, partner, and location variables immediately after they are extracted from the .tfvars file. If any of these variables are empty, exit the script with an error message indicating which required variable is missing.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: terraform/backend/save-tfvars.sh#L55-L56
Potential issue: The `save-tfvars.sh` script extracts the `subscription_id`, `partner`,
and `location` variables from a user-provided `.tfvars` file but does not validate their
presence before using them. If a user omits these required variables from their file,
the script will proceed with empty bash variables, causing subsequent Azure CLI commands
like `az account set` and `az group create` to fail with unclear error messages. The
script should validate these variables immediately after they are parsed to provide
clear, actionable feedback to the user.
1 participant
Historically tfvars in a cloud environment needed to be configured ad-hoc and manually. Add some scripts to help streamline and standardize the process of putting tfvars in a cloud store, as it should be the default behavior.