Ability to set a product's environments
sjblacknz opened this issue · 6 comments
Hey there - minor feature request:
When creating a product (apigee_product resource) there isn't an option to specify the environments it's for. This leads to a product being created with access to no environments.
I note that DinoChiesa/go-apigee-edge now has 'Environments' included in the product API but your fork doesn't have that yet.
Overall, this is an awesome library - such a good idea standing up Apigee resources via Terraform!
Was this a recent API change on Apigee's part? I could have sworn env wasn't an option for products before but it's been awhile. What issues are you seeing? I use this in our Apigee environment without any issues so I'd like to understand more about how this affects you.
Thanks!
I'm not sure how new it is - I'm relatively new to Apigee myself!
Where I work (a commercial bank), we have 'non-prod' products that can access the development and test environments, and then 'prod' products that can access production (I'm assuming for security reasons). This is just a policy and the way things are done. If I use this provider to create a product, it looks like this in Apigee (i.e. no environments set):
Can see environments are something you can set via the API: https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/apiproducts
I actually haven't tried to see what happens with our products if an environment isn't set - I'll try that now.
Cheers,
Simon
Ahhhh... this explains why it works. Not great from a security perspective though:
So my initial issue wasn't quite right - it's not that you get access to no environments, it's that you get access to all environments.
Got it. I saw that too when looking at the doc. This must be new-ish because when I initially set this up I implemented all of the fields that were available. Dino for some reason hasn't merged my PR and for some reason has re-implemented some of the same things.
Not sure what is going on there since I haven't had any feedback about the PR other than needing to sign some docs which I have done.
I will look to add envs to my branch and this repo. Thanks for the issue report!
Edit: Also where I work we have a different setup so that explains why I haven't seen this before.
That's great - thanks for your fast response. This is an interesting project!
Basically here I'm trying to remove as many manual steps as possible for setting up Apigee, i.e. if we lost everything, how easy/fast would it be to stand everything back up again. So far the combination of proxies/products/apps/developers covers the biggest part.
Other little manual things we currently do are adding caches and key-value maps/actual key-values. At some point in the future I may fork your repo and have a play with terraform for some of these other minor things. If it works well I'll send you a pull request :-)
Sounds good. My current proxies don't need those as they are pretty simple. Would love to see a PR or if you get into it and it is too much I may add these if you open an issue. I see that Dino has implemented these in his repo so it shouldn't take too much effort so let me know either way.
I use this as part of my infrastructure provisioning. We provision everything (everything-as-code) with terraform/ansible and it just felt wrong to have Apigee proxies be pushed some other way and be the only outlier. If you want to chat about what you are doing and compare notes send me your info.