From 475ba6099e0003b511c852f8dcc40c3e01b99ca4 Mon Sep 17 00:00:00 2001 From: Gonzalo Rojas Date: Thu, 16 Apr 2026 11:45:38 -0300 Subject: [PATCH 1/2] fix(nullplatform): add dimensions variable and eks balancer improvements - Replace hardcoded dimensions = {} with var.dimensions in ecr, docker_server, code_repository, and cloud/aws/cloud - Add dimensions variable (default = {}) to ecr, docker_server, code_repository - Add alb_capacity_threshold, additional_public_balancer_names, additional_private_balancer_names to eks module - Refactor eks balancer local to use merge() for optional fields --- nullplatform/asset/docker_server/main.tf | 2 +- nullplatform/asset/docker_server/variables.tf | 6 ++++++ nullplatform/asset/ecr/main.tf | 2 +- nullplatform/asset/ecr/variables.tf | 6 ++++++ nullplatform/cloud/aws/cloud/main.tf | 5 ++--- nullplatform/code_repository/main.tf | 6 +++--- nullplatform/code_repository/variables.tf | 6 ++++++ .../container_orchestration/eks/main.tf | 13 +++++++++---- .../container_orchestration/eks/variables.tf | 19 +++++++++++++++++++ 9 files changed, 53 insertions(+), 12 deletions(-) diff --git a/nullplatform/asset/docker_server/main.tf b/nullplatform/asset/docker_server/main.tf index 2c78234e..f19ac1cd 100644 --- a/nullplatform/asset/docker_server/main.tf +++ b/nullplatform/asset/docker_server/main.tf @@ -1,7 +1,7 @@ resource "nullplatform_provider_config" "docker_server" { nrn = var.nrn type = "docker-server" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ "setup" : { "server" : var.login_server, diff --git a/nullplatform/asset/docker_server/variables.tf b/nullplatform/asset/docker_server/variables.tf index 87126a51..ad6dfb39 100644 --- a/nullplatform/asset/docker_server/variables.tf +++ b/nullplatform/asset/docker_server/variables.tf @@ -24,3 +24,9 @@ variable "password" { type = string sensitive = false } + +variable "dimensions" { + description = "Dimensions to segment the nullplatform provider config (e.g. by region, environment)" + type = map(string) + default = {} +} diff --git a/nullplatform/asset/ecr/main.tf b/nullplatform/asset/ecr/main.tf index e156c4ac..3896f64c 100644 --- a/nullplatform/asset/ecr/main.tf +++ b/nullplatform/asset/ecr/main.tf @@ -2,7 +2,7 @@ resource "nullplatform_provider_config" "ecr" { provider = nullplatform nrn = var.nrn type = "ecr" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ "ci" : { "region" : data.aws_region.current.region, diff --git a/nullplatform/asset/ecr/variables.tf b/nullplatform/asset/ecr/variables.tf index aaae4f15..8baf9858 100644 --- a/nullplatform/asset/ecr/variables.tf +++ b/nullplatform/asset/ecr/variables.tf @@ -13,3 +13,9 @@ variable "cluster_name" { description = "Name of the cluster where the policy runs" type = string } + +variable "dimensions" { + description = "Dimensions to segment the nullplatform provider config (e.g. by region, environment)" + type = map(string) + default = {} +} diff --git a/nullplatform/cloud/aws/cloud/main.tf b/nullplatform/cloud/aws/cloud/main.tf index 42ae37e7..5b0a15f8 100644 --- a/nullplatform/cloud/aws/cloud/main.tf +++ b/nullplatform/cloud/aws/cloud/main.tf @@ -2,7 +2,7 @@ resource "nullplatform_provider_config" "aws" { provider = nullplatform nrn = var.nrn type = "aws-configuration" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ iam = { #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn @@ -21,5 +21,4 @@ resource "nullplatform_provider_config" "aws" { lifecycle { ignore_changes = [attributes] } -} - +} \ No newline at end of file diff --git a/nullplatform/code_repository/main.tf b/nullplatform/code_repository/main.tf index 8d04b1dc..c797657b 100644 --- a/nullplatform/code_repository/main.tf +++ b/nullplatform/code_repository/main.tf @@ -3,7 +3,7 @@ resource "nullplatform_provider_config" "gitlab" { count = local.is_gitlab ? 1 : 0 nrn = try(regex("(.*):namespace.*", var.nrn)[0], var.nrn) type = "gitlab-configuration" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ "setup" : { "group_path" : var.gitlab_group_path, @@ -23,7 +23,7 @@ resource "nullplatform_provider_config" "github" { count = local.is_github ? 1 : 0 nrn = replace(var.nrn, ":namespace=.*$", "") type = "github-configuration" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ "setup" : { "organization" : var.github_organization, @@ -41,7 +41,7 @@ resource "nullplatform_provider_config" "azure" { count = local.is_azure ? 1 : 0 nrn = replace(var.nrn, ":namespace=.*$", "") type = "azure-devops-configuration" - dimensions = {} + dimensions = var.dimensions attributes = jsonencode({ "setup" : { "project" : var.azure_project, diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/code_repository/variables.tf index de9a15e4..0b1be05b 100644 --- a/nullplatform/code_repository/variables.tf +++ b/nullplatform/code_repository/variables.tf @@ -132,3 +132,9 @@ variable "nrn" { description = "Nullplatform Resource Name (NRN) — unique identifier for resources." type = string } + +variable "dimensions" { + description = "Dimensions to segment the nullplatform provider config (e.g. by region, environment)" + type = map(string) + default = {} +} diff --git a/nullplatform/container_orchestration/eks/main.tf b/nullplatform/container_orchestration/eks/main.tf index ca5c8a62..6a3842ca 100644 --- a/nullplatform/container_orchestration/eks/main.tf +++ b/nullplatform/container_orchestration/eks/main.tf @@ -7,10 +7,15 @@ locals { var.use_nullplatform_namespace ? { use_nullplatform_namespace = var.use_nullplatform_namespace } : {}, ) - balancer = { for k, v in { - public_name = var.public_balancer_name - private_name = var.private_balancer_name - } : k => v if v != "" } + balancer = merge( + { for k, v in { + public_name = var.public_balancer_name + private_name = var.private_balancer_name + } : k => v if v != "" }, + var.alb_capacity_threshold != null ? { alb_capacity_threshold = var.alb_capacity_threshold } : {}, + length(var.additional_public_balancer_names) > 0 ? { additional_public_names = var.additional_public_balancer_names } : {}, + length(var.additional_private_balancer_names) > 0 ? { additional_private_names = var.additional_private_balancer_names } : {}, + ) network = { for k, v in { balancer_group_suffix = var.balancer_group_suffix diff --git a/nullplatform/container_orchestration/eks/variables.tf b/nullplatform/container_orchestration/eks/variables.tf index e7711078..9400ed04 100644 --- a/nullplatform/container_orchestration/eks/variables.tf +++ b/nullplatform/container_orchestration/eks/variables.tf @@ -32,12 +32,31 @@ variable "public_balancer_name" { default = "" } +variable "additional_public_balancer_names" { + description = "Additional public-facing load balancers to support scope deployments beyond the 100-rule ALB limit" + type = list(string) + default = [] +} + variable "private_balancer_name" { description = "The name of the private load balancer for internal traffic routing" type = string default = "" } +variable "additional_private_balancer_names" { + description = "Additional private load balancers to support scope deployments beyond the 100-rule ALB limit" + type = list(string) + default = [] +} + +variable "alb_capacity_threshold" { + description = "Maximum ALB rule usage percentage (50-99). The remaining capacity reserves slots for concurrent deployments. Higher values maximize ALB utilization but increase the risk of hitting the rule limit" + type = number + default = null + nullable = true +} + variable "balancer_group_suffix" { description = "Suffix added to the ALB name, enabling management across multiple clusters in the same account" type = string From 13c32c1258770d6d225f965e337f5c15aa4c48b5 Mon Sep 17 00:00:00 2001 From: Gonzalo Rojas Date: Thu, 16 Apr 2026 12:02:21 -0300 Subject: [PATCH 2/2] fix(eks): add validation for alb_capacity_threshold and balancer name constraints - Add range validation (50-99) to alb_capacity_threshold - Add AWS ALB naming validation to additional_public_balancer_names and additional_private_balancer_names (1-32 chars, alphanumeric and hyphens, cannot start or end with a hyphen) --- .../container_orchestration/eks/variables.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nullplatform/container_orchestration/eks/variables.tf b/nullplatform/container_orchestration/eks/variables.tf index 9400ed04..61934b2c 100644 --- a/nullplatform/container_orchestration/eks/variables.tf +++ b/nullplatform/container_orchestration/eks/variables.tf @@ -36,6 +36,10 @@ variable "additional_public_balancer_names" { description = "Additional public-facing load balancers to support scope deployments beyond the 100-rule ALB limit" type = list(string) default = [] + validation { + condition = alltrue([for name in var.additional_public_balancer_names : can(regex("^[a-zA-Z0-9][a-zA-Z0-9-]{0,30}[a-zA-Z0-9]$|^[a-zA-Z0-9]$", name))]) + error_message = "ALB names must be 1-32 characters, only alphanumeric and hyphens, and cannot start or end with a hyphen." + } } variable "private_balancer_name" { @@ -48,6 +52,10 @@ variable "additional_private_balancer_names" { description = "Additional private load balancers to support scope deployments beyond the 100-rule ALB limit" type = list(string) default = [] + validation { + condition = alltrue([for name in var.additional_private_balancer_names : can(regex("^[a-zA-Z0-9][a-zA-Z0-9-]{0,30}[a-zA-Z0-9]$|^[a-zA-Z0-9]$", name))]) + error_message = "ALB names must be 1-32 characters, only alphanumeric and hyphens, and cannot start or end with a hyphen." + } } variable "alb_capacity_threshold" { @@ -55,6 +63,10 @@ variable "alb_capacity_threshold" { type = number default = null nullable = true + validation { + condition = var.alb_capacity_threshold == null || (var.alb_capacity_threshold >= 50 && var.alb_capacity_threshold <= 99) + error_message = "alb_capacity_threshold must be between 50 and 99." + } } variable "balancer_group_suffix" {