Support for helpers

[brettcurtis]

Summary by CodeRabbit

• New Features

  • Introduced a new "helpers" module sourced from GitHub to enhance functionality.

• Bug Fixes

  • Updated Google provider version across multiple modules to improve compatibility and performance.

• Documentation

  • Enhanced README files with updated provider versions and added new module references.
  • Refined input formatting in documentation for better clarity.

• Chores

  • Updated pre-commit hook configurations to the latest versions.
  • Removed unnecessary variables and local definitions to streamline configuration.

[coderabbitai]

Walkthrough

This pull request introduces significant changes to a Terraform module for Google Cloud Platform networking. The modifications primarily involve updating the module's configuration to use a new helper module from osinfra-io/terraform-core-helpers. Multiple files across the project have been updated, including workflow configurations, pre-commit hooks, README files, and Terraform configuration files. The changes remove explicit region variables and replace them with references to the new helper module, streamlining the region configuration across different components of the infrastructure.

Changes

File	Change Summary
.github/workflows/test.yml	Updated service account email for Terraform tests
.pre-commit-config.yaml	Updated versions of pre-commit hooks and added new arguments to checkov hook
README.md	Updated Google provider version and added new helper module reference
helpers.tf	Added new helper module from osinfra-io/terraform-core-helpers
regional/README.md	Updated Google provider version and added helper module reference
regional/main.tf	Changed region source from variable to helper module output
regional/nat/*	Updated README, removed region variable, modified local and main configurations to use helper module
tests/fixtures/default/*	Removed locals.tf files, deleted environment and region variables
.gitignore	Removed comment about provider.tf file

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ff8637 and b880c98.

📒 Files selected for processing (1)

• .gitignore (0 hunks)

💤 Files with no reviewable changes (1)

• .gitignore

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[infracost]

💰 Infracost report

Monthly estimate increased by $18 📈

Changed project	Baseline cost	Usage cost*	Total change	New monthly cost
tests-fixtures-default-regional_nat	+$0	+$18	+$18	$18

*Usage costs were estimated using Infracost Cloud settings, see docs for other options.

Estimate details

Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: tests-fixtures-default-regional_nat
Module path: tests/fixtures/default/regional_nat

~ module.all_subnets_test.google_compute_router_nat.this
  +$9 ($0.00 → $9)

    ~ Assigned VMs (first 32)
      +$4 ($0.00 → $4), 0 VM-hours (2,920 → 2,920)*

    ~ Data processed
      +$5 ($0.00 → $5), 0 GB (111 → 111)*

~ module.list_of_subnets_test.google_compute_router_nat.this
  +$9 ($0.00 → $9)

    ~ Assigned VMs (first 32)
      +$4 ($0.00 → $4), 0 VM-hours (2,920 → 2,920)*

    ~ Data processed
      +$5 ($0.00 → $5), 0 GB (111 → 111)*

Monthly cost change for tests-fixtures-default-regional_nat (Module path: tests/fixtures/default/regional_nat)
Amount:  +$18 ($0.00 → $18)

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed
4 projects have no cost estimate changes.
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
*Usage costs were estimated using Infracost Cloud settings, see docs for other options.

14 cloud resources were detected:
∙ 4 were estimated
∙ 10 were free

Infracost estimate: Monthly estimate increased by $18 ↑
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Changed project                                    ┃ Baseline cost ┃ Usage cost* ┃ Total change ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━╋━━━━━━━━━━━━━━┫
┃ tests-fixtures-default-regional_nat                ┃           +$0 ┃        +$18 ┃         +$18 ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━┻━━━━━━━━━━━━━━┛

_{This comment will be updated when code changes.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.pre-commit-config.yaml (1)

37-39: Review checkov configuration changes

New checkov arguments have been added:

• --download-external-modules=true: This could impact CI performance and security
• Skipping CKV_TF_1 check: Please document why this check is being skipped

Consider:

1. The security implications of downloading external modules
2. Whether skipping CKV_TF_1 (Ensure Terraform module sources use git URL with version tags) is appropriate given the recent addition of the helper module

regional/nat/main.tf (1)

8-8: Consistent region handling refactor

The changes to both resources align with the architectural decision to centralize region handling through the helpers module. This improves maintainability by reducing configuration duplication.

Consider documenting this architectural change in the module's README to explain the rationale behind using the helpers module for region determination.

Also applies to: 24-24

regional/nat/README.md (1)

18-20: Document helpers module usage

The addition of the helpers module is a significant architectural change. Consider adding:

1. A brief description of the module's purpose
2. Any configuration requirements
3. Migration instructions for existing users

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97cfdf4 and 3ff8637.

📒 Files selected for processing (22)

• .external_modules/github.com/osinfra-io/terraform-core-helpers/v0.1.2 (1 hunks)
• .github/workflows/test.yml (1 hunks)
• .pre-commit-config.yaml (2 hunks)
• README.md (1 hunks)
• helpers.tf (1 hunks)
• regional/README.md (3 hunks)
• regional/helpers.tf (1 hunks)
• regional/main.tf (1 hunks)
• regional/nat/README.md (3 hunks)
• regional/nat/helpers.tf (1 hunks)
• regional/nat/locals.tf (1 hunks)
• regional/nat/main.tf (2 hunks)
• regional/nat/variables.tf (0 hunks)
• regional/variables.tf (0 hunks)
• shared/helpers.tf (1 hunks)
• tests/fixtures/default/locals.tf (0 hunks)
• tests/fixtures/default/regional/locals.tf (0 hunks)
• tests/fixtures/default/regional/main.tf (0 hunks)
• tests/fixtures/default/regional_nat/locals.tf (0 hunks)
• tests/fixtures/default/regional_nat/main.tf (0 hunks)
• tests/fixtures/default/regional_nat/variables.tf (0 hunks)
• tests/fixtures/default/variables.tf (0 hunks)

💤 Files with no reviewable changes (9)

• tests/fixtures/default/variables.tf
• regional/variables.tf
• tests/fixtures/default/regional_nat/variables.tf
• regional/nat/variables.tf
• tests/fixtures/default/regional/main.tf
• tests/fixtures/default/regional/locals.tf
• tests/fixtures/default/regional_nat/locals.tf
• tests/fixtures/default/locals.tf
• tests/fixtures/default/regional_nat/main.tf

✅ Files skipped from review due to trivial changes (5)

• shared/helpers.tf
• helpers.tf
• regional/nat/helpers.tf
• regional/helpers.tf
• .external_modules/github.com/osinfra-io/terraform-core-helpers/v0.1.2

🔇 Additional comments (10)

regional/nat/locals.tf (1)

5-5: Verify helper module integration

The change to use module.helpers.region aligns with the PR objective of centralizing region management. However, let's verify the helper module integration.

✅ Verification successful

Helper module integration verified successfully

The changes are consistent and properly implemented:

• The helper module is correctly configured in shared/helpers.tf using the terraform-core-helpers source
• module.helpers.region is consistently used across the codebase in relevant files
• The region variable has been successfully removed from variables.tf
• All references to var.region have been replaced with module.helpers.region

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify helper module integration and consistent usage

# Check if helpers.tf exists and contains the correct module source
echo "Checking for helpers.tf configuration..."
rg -l "terraform-core-helpers" --type tf

# Verify consistent usage of module.helpers.region across the codebase
echo "Checking for any remaining var.region references that should be updated..."
rg "var\.region" --type tf

Length of output: 337

---

Script:

#!/bin/bash
# Let's verify the helper module configuration and its usage

# Check the content of shared/helpers.tf to verify the module configuration
echo "Content of shared/helpers.tf:"
cat shared/helpers.tf

# Check for module.helpers.region usage to ensure it's properly implemented
echo -e "\nChecking module.helpers.region usage:"
rg "module\.helpers\.region" --type tf

# Check if variables.tf still contains region variable
echo -e "\nChecking for region variable definition:"
rg "variable\s+\"region\"" --type tf

Length of output: 844

.github/workflows/test.yml (1)

21-21: Verify GCP service account configuration

The service account has been updated to use a different project (tf00 instead of tf91). Please ensure:

1. The new service account exists and has the necessary permissions
2. The workload identity federation is properly configured for this account

✅ Verification successful

Service account configuration appears consistent

The verification shows that:

1. There are no remaining references to the old tf91 service account in the codebase
2. The new service account is properly configured with the workload identity provider in the same workflow file
3. This is the only service account reference in the GitHub workflows

The change appears to be a clean migration to the new project's service account.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify service account references consistency

# Check for any remaining references to the old service account
echo "Checking for any remaining references to the old service account..."
rg "tf91-sb\.iam\.gserviceaccount\.com" --type yml --type tf

# Verify workload identity provider configuration matches
echo "Verifying workload identity provider configuration..."
rg "workload.*identity.*provider" --type yml

Length of output: 427

---

Script:

#!/bin/bash
# Description: Verify service account references consistency with correct file type flags

# Check for any remaining references to the old service account
echo "Checking for any remaining references to the old service account..."
rg "tf91-sb\.iam\.gserviceaccount\.com" --type yaml

# Check for any references to the new service account
echo "Checking for references to the new service account..."
rg "tf00-sb\.iam\.gserviceaccount\.com" --type yaml

# Verify workload identity provider configuration matches
echo "Verifying workload identity provider configuration..."
rg "workload.*identity.*provider" --type yaml

# List all yaml/yml files to ensure we're not missing anything
echo "Listing all YAML files in the repository..."
fd -e yml -e yaml

Length of output: 651

---

Script:

#!/bin/bash
# Let's try a different approach to find all GitHub workflow files and their content

# List all workflow files
echo "Listing all workflow files..."
fd -t f . .github/workflows/

# Show content of the test.yml file
echo -e "\nContent of test.yml:"
cat .github/workflows/test.yml

# Search for any service account patterns in workflow files
echo -e "\nSearching for service account patterns..."
rg "service_account" .github/workflows/

Length of output: 1189

.pre-commit-config.yaml (1)

6-6: Verify compatibility with updated pre-commit hook versions

Significant version updates have been made:

• pre-commit-hooks: v4.6.0 → v5.0.0
• pre-commit-terraform: v1.95.0 → v1.96.2
• checkov: 3.2.254 → 3.2.344

Please ensure these updates are compatible with the new helper module and don't introduce breaking changes.

Also applies to: 14-14, 32-32

✅ Verification successful

Pre-commit hook version updates are safe to proceed

The version updates in .pre-commit-config.yaml are compatible with the codebase for the following reasons:

• The helper module (terraform-core-helpers) is pinned to a specific version (v0.1.2) and doesn't have direct dependencies on pre-commit versions
• The repository uses standard pre-commit hooks for common tasks (checkov, terraform-docs, etc.) which are backward compatible
• The README.md shows these tools are used for development purposes only and don't affect the core functionality of the module

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify pre-commit hooks compatibility

# Check for any version constraints in the repository
echo "Checking for version constraints..."
rg "version.*constraint" --type tf

Length of output: 117

---

Script:

#!/bin/bash
# Let's check for any helper module references and their version requirements
echo "Checking for helper module references..."
rg -l "helper" --type yaml --type tf

# Check for any pre-commit related files or documentation
echo -e "\nChecking for pre-commit related files..."
fd -e md -e yaml -e txt -X grep -l "pre-commit"

# Look for any version specifications or requirements
echo -e "\nChecking version specifications..."
rg "version|rev:" --type yaml

Length of output: 602

---

Script:

#!/bin/bash
# Let's check the README.md for any pre-commit setup instructions or version requirements
echo "Checking README.md for pre-commit information..."
cat README.md

# Check helper module implementation for any version dependencies
echo -e "\nChecking helper module implementation..."
cat shared/helpers.tf

Length of output: 7112

regional/main.tf (1)

15-15: Verify helpers module initialization

The change to use module.helpers.region aligns with the architectural goal of centralizing region handling. However, we should verify that the helpers module is properly initialized in this context.

✅ Verification successful

Helpers module initialization and usage verified

The helpers module is properly initialized in the codebase with a specific version (v0.1.2) from the osinfra-io repository. The module.helpers.region output is consistently used across multiple files:

• regional/main.tf
• regional/nat/main.tf (used in two resources)
• regional/nat/locals.tf (used in name construction)

While we couldn't verify the exact output definition from the remote module, the consistent usage pattern and proper module initialization indicate this is a valid architectural change for centralizing region handling.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if helpers module is properly initialized in this directory
fd --type f "helpers\.tf$" --exec cat {} \;

# Verify no direct region variable references remain
rg "var\.region" --type tf

Length of output: 281

---

Script:

#!/bin/bash
# Check if the helpers module output includes region
rg "output.*region" --type tf -A 3

# Check the actual usage of module.helpers.region
rg "module\.helpers\.region" --type tf -A 2

# Check if there are any other region-related variables or locals
rg "region\s*=|region\s*{" --type tf -A 2

Length of output: 940

---

Script:

#!/bin/bash
# Check the helpers module source content
curl -sL https://raw.githubusercontent.com/osinfra-io/terraform-core-helpers/v0.1.2/child/outputs.tf | grep -A 3 "output.*region"

# Check for any region variable definitions
rg "variable.*region" --type tf -A 3

Length of output: 170

regional/nat/README.md (2)

5-5: Update documentation format

The documentation format has been updated from pre-commit-terraform to tf_docs. Ensure this change is consistent across all module documentation.

Also applies to: 45-45

✅ Verification successful

Documentation format is consistent across modules

Based on the verification results, all markdown files in the repository are using the new BEGIN_TF_DOCS format consistently. No instances of the old PRE-COMMIT-TERRAFORM format were found. The documentation format has been successfully updated across all module documentation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any remaining pre-commit-terraform doc hooks
rg "PRE-COMMIT-TERRAFORM DOCS HOOK" --type md

Length of output: 47

---

Script:

#!/bin/bash
# Let's check for both old and new documentation formats across markdown files
echo "Files with BEGIN_TF_DOCS:"
rg "BEGIN_TF_DOCS" --type md -l

echo -e "\nFiles with PRE-COMMIT-TERRAFORM:"
rg "PRE-COMMIT-TERRAFORM" --type md -l

echo -e "\nChecking content between documentation markers in markdown files:"
fd -e md -x sh -c 'echo "=== $1 ==="; cat "$1"' _ {}

Length of output: 13246

---

14-14: Verify provider version compatibility

The Google provider has been updated to version 6.14.1. This is a major version bump from 5.x.x which may include breaking changes.

regional/README.md (3)

39-39: LGTM! Documentation formatting improvement

The HTML tag for line breaks has been properly fixed to use self-closing tags (<br/>), improving markdown rendering.

---

18-20: Consider using a more stable version of terraform-core-helpers

The module is depending on v0.1.2 of terraform-core-helpers which is an early version. Consider:

1. Evaluating if a more stable version is available
2. Adding a comment explaining why this specific version was chosen
3. Setting up version constraint strategy (e.g., ~> 0.1.2 for patch updates)

---

14-14: Verify compatibility with major provider version upgrade

The Google provider has been upgraded from 5.x to 6.14.1. While this documentation is informational, ensure the parent module's provider configuration is compatible with this major version upgrade to avoid potential breaking changes.

README.md (1)

75-81: LGTM! Consistent documentation updates

The changes to the provider version and helpers module are consistent with the regional module documentation. The documentation structure remains well-organized and complete.