search

aztfmod / terraform-provider-azurecaf

Terraform provider for the Terraform platform engineering for Azure
MIT License
176 stars 94 forks source link

Postfix value missing on name exceeding max length #24

Open bmaltais opened 4 years ago

bmaltais commented 4 years ago

I noticed the current provider will not include the postfix value when the resulting name is exceeding the maximum length allowed.

Sample code:

resource azurecaf_naming_convention Project-kv {  
  name    = "${var.env}CKV-${var.group}-${local.project_short}-${local.unique_Keyvault}" # Result into ScScCKV-CIO-ESLZ-4fs98gnd
  resource_type    = "kv"
  postfix = "kv"
  convention  = "passthrough"
}

Resulting name: scdcckv-cio-eslz-4fs98gnd

Expected result: scdcckv-cio-eslz-4fs98-kv

Expected behavior logic:

Provider shrink the name to the required length minus the postfix length + 1 then happen the postfix at the end.

Postfix should always be present in the name when used. Fixing this can have a significant issue on anyone who deployed with the current behavior as new resources will need to be created as a result of a fix.

The logic should be:

unvalidatedName = <prefix always present if set>.<substr(<part that can be trimmed to reach max length>,0, (max_length - prefix_length - postfix_length - 2))>.<postfix always present if set>
validatedName = applyNamingRule(unvalidatedName)

Might need to consider adding a provider resource parameter to enforce the postfix value at the end of the name as a solution.

Example code with proposed fix:

resource azurecaf_naming_convention Project-kv {  
  name    = "${var.env}CKV-${var.group}-${local.project_short}-${local.unique_Keyvault}" # Result into ScScCKV-CIO-ESLZ-Template-4fs98gnd
  resource_type    = "kv"
  postfix = "kv"
  enforcePostfix = true
  convention  = "passthrough"
}
AAkindele commented 3 years ago

This also happens with prefixes when using azurecaf_name. When the generated name is past the allowed limit, the prefix is removed. For resources like Key Vault, this can lead to an error when the name is not unique in Azure.

The example below shows the behavior when resource_type = "azurerm_key_vault". Then the generated name is longer than 24 characters, the generated name is kv-secrets. Ideally, the entire generated name is truncated. Or, the azurecaf_name returns an error when the generated name is longer than the max length defined for the resource_type field.

terraform {
  required_providers {
    azurecaf = {
      source  = "aztfmod/azurecaf"
      version = "~> 1.2.0"
    }
  }
  required_version = ">= 0.13"
}

resource "azurecaf_name" "keyvault-14-char-prefix" {
  name          = "secrets"
  resource_type = "azurerm_key_vault"
  prefixes      = ["aaaaaaaaaaaaaa"]
}

resource "azurecaf_name" "keyvault-13-char-prefix" {
  name          = "secrets"
  resource_type = "azurerm_key_vault"
  prefixes      = ["aaaaaaaaaaaaa"]
}

# ouput is kv-secrets
output "keyvault_name-14-char-prefix" {
  value = azurecaf_name.keyvault-14-char-prefix.result
}

# output is aaaaaaaaaaaaa-kv-secrets
output "keyvault_name-13-char-prefix" {
  value = azurecaf_name.keyvault-13-char-prefix.result
}