ghost
commented
1 year ago Alternatively, just make it so that Yor won't tag S3 objects?
EDIT: Or count tags before trying to apply them to S3 objects.
Closed ghost closed 1 year ago
ghost
commented
1 year ago Alternatively, just make it so that Yor won't tag S3 objects?
EDIT: Or count tags before trying to apply them to S3 objects.
lonegunmanb
commented
1 year ago Hi @jfechner-foxo, I don't know how to implement your feature request by using yor only, but I have a personal tools named yorbox which can solve your issue.
By using yorbox along with yor, your generated tags would be like this:
tags = (/*<box>*/(var.yor_toggle ? /*</box>*/{
git_commit = "898d5beaec7ffdef6df0d7abecff407362e2a74e"
git_file = "terraform/azure/aks.tf"
git_last_modified_at = "2020-06-17 12:59:55"
git_last_modified_by = "nimrodkor@gmail.com"
git_modifiers = "nimrodkor"
git_org = "bridgecrewio"
git_repo = "terragoat"
yor_trace = "6103d111-864e-42e5-899c-1864de281fd1"
}/*<box>*/ : {})/*</box>*/)The code between /*<box>*/ and /*</box>*/ is defined by an argument named boxTemplate. By using yorbox in the following way we can change the box code:
$ yorbox -dir <directory path> -boxTemplate '/*<box>*/(var.{{ .toggleName }} ? { for k,v in /*</box>*/ { yor_trace = 123 } /*<box>*/ : "my_prefix_${k}"=> v} : {})/*</box>*/'The generated code would be:
tags = (/*<box>*/(var.yor_toggle ? { for k,v in /*</box>*/{
git_commit = "898d5beaec7ffdef6df0d7abecff407362e2a74e"
git_file = "terraform/azure/aks.tf"
git_last_modified_at = "2020-06-17 12:59:55"
git_last_modified_by = "nimrodkor@gmail.com"
git_modifiers = "nimrodkor"
git_org = "bridgecrewio"
git_repo = "terragoat"
yor_trace = "6103d111-864e-42e5-899c-1864de281fd1"
}/*<box>*/:"my_prefix_${k}"=>v } : {})/*</box>*/)In your case:
skip:yor=${tag_key_to_skip}
You can store the keys that you'd like to skip in a local expression like:
locals {
skipped_tag_keys= [
"git_commit",
"git_modifiers",
]
}Then you can call yorbox like:
$ yorbox -dir "$(pwd)" -toggleName tracing_tags_enabled --boxTemplate '/*<box>*/ (var.{{ .toggleName }} ? { for k,v in /*</box>*/ { yor_trace = 123 } /*<box>*/ : k => v if !contains(local.skipped_tag_keys, k) } : {} ) /*</box>*/'The generated tags look like this:
tags = merge(each.value.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
git_commit = "bc0c9fab9ee53296a64c7a682d2ed7e0726c6547"
git_file = "main.tf"
git_last_modified_at = "2023-05-04 05:02:32"
git_org = "Azure"
git_repo = "terraform-azurerm-aks"
yor_trace = "bf37a2e4-4478-4f5a-8f43-b48ee0fcd9cc"
} /*<box>*/ : k => v if !contains(local.skipped_tag_keys, k) } : {}) /*</box>*/))You can turn all tags off by setting var.tracing_tags_enabled to false, or skip keys in local.skipped_tag_keys
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Is your feature request related to a problem? Please describe. S3 objects have a 10 tag limit. Yor writes
8 tags9 tags. If I havedefault_tagsset with > 1 more tag, Terraform will throw an error on apply, and fail. Normally I would just ignore this and remove thedefault_tags, but sometimes, I WANT ALL the tags, but not necessarily on S3 objects.Describe the solution you'd like I would like it if Yor would parse IaC (Terraform) comments, and if it finds a comment like
# skip:yor=${tag_key_to_skip}:comment about why we're skipping this tag(i.e. like Checkov) it would just skip adding a specific tag or ALL tags to that resource.Describe alternatives you've considered Since we've started using Yor, when we implement it, the general guidance is to remove any
default_tagsin the AWS provider, to avoid hitting the tag limit on S3 objects.Additional context N/A