Track IaC Management and Source Metadata for Resources
Jelle den Burger
Introduce a native feature in meshStack to track whether a resource is managed via Infrastructure as Code (IaC), specifically Terraform, and identify its provenance.
On resource creation and updates, the TF provider should send this metadata to meshStack and should persist this metadata in its backend.
Expose this information via the meshStack UI and API to make it easily discoverable.
Goal:
Enable users to quickly determine whether a resource is managed via Terraform, the originating Git repository and location as the source of truth for resource definitions
Benefits:
Improved traceability of resources managed via IaC
Faster troubleshooting for administrators
Enhanced transparency and governance for platform users
Andreas Grub
This could be improved further if we detect that if a resource is created from Terraform using an ephemeral API key, we can even link that to the building block creating it (similar how we link dependencies at the moment). An example usecase would be our AKS/SKE Starter Kits (or more general any building block composition).
We should also design properly if we want to show that something's is managed by our own Terraform provider or "just" by public API only (with custom IaC tools or just curl's or whatever). Maybe just showing the User Agent request header (if any) somewhere in the resource details (creator and last update) would already be interesting.