zoe/autojanet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
autojanet/skills/terrashark/references/examples-good.md
Zoë cfec11bb46
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
fix: convert skill submodules to plain directories 
stop-slop, taste-skill, terrashark had embedded .git dirs causing
Woodpecker clone to fail on submodule update.
2026-05-30 15:44:44 -07:00

3.2 KiB
Raw Blame History

Good Examples

1) Stable identity map for service accounts

variable "service_accounts" {
  type = map(object({
    display_name = string
    roles        = set(string)
  }))
}

resource "google_service_account" "app" {
  for_each     = var.service_accounts
  account_id   = each.key
  display_name = each.value.display_name
}

Why this works:

  • key-based identity survives insertion/removal changes
  • contract is strict and predictable

2) Cross-variable validation for safe combinations

variable "public_endpoint" {
  type    = bool
  default = false
}

variable "allowed_cidrs" {
  type    = list(string)
  default = []

  validation {
    condition     = var.public_endpoint || length(var.allowed_cidrs) == 0
    error_message = "allowed_cidrs must be empty unless public_endpoint is true."
  }
}

Why this works:

  • invalid combinations fail early
  • intent is encoded directly in module interface

3) Strong object typing with optional fields

variable "node_pool" {
  type = object({
    size          = string
    min_replicas  = number
    max_replicas  = number
    spot_instances = optional(bool, false)
  })
}

Why this works:

  • flexible without sacrificing schema clarity
  • avoids ad-hoc maps and runtime surprises

4) Narrow, useful outputs

output "app_subnet_ids" {
  description = "Subnet ids for application workloads"
  value       = values(aws_subnet.app)[*].id
}

Why this works:

  • downstream modules get exactly what they need
  • avoids leaking full provider objects

5) Controlled provider pinning

terraform {
  required_version = ">= 1.6.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.40.0, < 6.0.0"
    }
  }
}

Why this works:

  • controlled upgrade window
  • avoids accidental major-version breakage

6) Dynamic block with typed variable

variable "ingress_rules" {
  type = list(object({
    port        = number
    protocol    = string
    cidr_blocks = list(string)
  }))
}

resource "aws_security_group" "app" {
  name   = "app-sg"
  vpc_id = var.vpc_id

  dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      from_port   = ingress.value.port
      to_port     = ingress.value.port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    }
  }
}

Why this works:

  • iterator uses ingress.value (named after the block label)
  • typed input prevents runtime shape errors
  • each dynamic block maps to exactly one nested block type

7) Provider alias for multi-region

provider "aws" {
  region = "us-east-1"
}

provider "aws" {
  alias  = "eu"
  region = "eu-west-1"
}

resource "aws_s3_bucket" "replica" {
  provider = aws.eu
  bucket   = "my-replica-bucket"
}

module "eu_network" {
  source = "./modules/network"
  providers = {
    aws = aws.eu
  }
}

Why this works:

  • explicit alias keeps region intent clear
  • modules receive providers via providers map, not implicit inheritance

8) moved block for safe rename

moved {
  from = aws_kms_key.logs
  to   = aws_kms_key.audit
}

Why this works:

  • keeps state continuity during naming refactors
  • prevents unnecessary replacement