Skip to content

Add facets_default_providers/default/1.0 — legacy aws3tooling alias#336

Merged
unni-facets merged 4 commits intomainfrom
feat/facets-default-providers
Apr 27, 2026
Merged

Add facets_default_providers/default/1.0 — legacy aws3tooling alias#336
unni-facets merged 4 commits intomainfrom
feat/facets-default-providers

Conversation

@sanmesh-kakade
Copy link
Copy Markdown
Contributor

@sanmesh-kakade sanmesh-kakade commented Apr 22, 2026

Summary

Adds facets_default_providers/default/1.0, a foundational module that declares the legacy aws3tooling local provider name mapped to the spoofed hashicorp/aws3tooling source. Paired with iac-generator-releases PR #4, it lets capillary-cloud-tf envs migrate from the old Python IaC generator to the new iac-generator flow without any terraform state surgery.

  • outputs.default.providers.aws3toolingsource: hashicorp/aws3tooling, version: "= 3.74.0", skip_region_validation: true
  • Spec intentionally empty (properties: {}, sample.spec: {}). Aws provider reads region + creds from the pod's standard AWS_* env vars; rationale captured in the README under "Configuration: intentionally empty spec — env-var driven".
  • Resource name in the blueprint MUST be defaultIsDefaultResource=true is what makes the iac-generator emit an un-aliased provider "aws3tooling" {} block that matches the legacy un-aliased state binding.

Both PRs must land together.

Why this shape

Traced through iac-generator's actual behavior before picking this shape:

  • provider[registry.terraform.io/hashicorp/aws3tooling] in existing state is a distinct source (not hashicorp/aws with alias). Synthesized by the old Python generator because provider "aws3tooling" {} had no matching required_providers.
  • PR#76 dot convention (aws.aws3tooling) produces aliased state bindings like provider["hashicorp/aws"].alias. Would force per-resource terraform state mv migration on every legacy env. Rejected.
  • Declaring aws3tooling as a separate local-name in outputs.providers with its own source — code path exists in v2/internal/providers/{extractor,processor}.go, no tests cover it, but it's what the legacy pattern needs.

Consumer wiring

Any facets-modules-redesign module that references aws3tooling inside its terraform (e.g., tooling-VPC data lookups) declares in its facets.yaml:

inputs:
  default_providers:
    type: "@facets/aws_cloud_account"
    providers:
      - aws3tooling

processor.go:175-177 skips explicit providers = {} map entries for non-dotted providers wired to a default-named source; terraform implicitly inherits the un-aliased provider from level2. Matches state.

Validation

  • raptor create iac-module -f modules/facets_default_providers/default/1.0 --dry-run passes (all validations + output types)
  • terraform init against a minimal config with required_providers { aws3tooling = { source = "hashicorp/aws3tooling" version = "= 3.74.0" } } resolves the provider from the companion image's filesystem mirror (verified locally and on the pushed Docker Hub image — see iac-generator-releases PR Module-Testing-MCP-Instruction #4 test plan)
  • Lock file hash matches the renamed aws binary: h1:2t4ST6Mywf2agARErcQwYgWYOl7UqNalzqD03A1oGYg=

Test plan

  • Module validates via raptor … --dry-run
  • Companion Docker image (facetscloud/iac-generator:latest from iac-generator-releases PR Module-Testing-MCP-Instruction #4) resolves the provider successfully
  • Trigger a test release on a non-prod capillary-cloud-tf env using this module + the new image; confirm terraform init succeeds and terraform plan shows only expected schema diffs (3.74 → whatever version the resources were created under)
  • After merge: roll out the new image, add the module to one canary env's blueprint as resource name default, verify first release succeeds without cleanup_aws_tooling_v2.sh running

New Module Checklist (per CLAUDE.md)

Still open, can be follow-ups:

  • Icon at icons/facets_default_providers.svg
  • project-type/{aws,gcp,azure}/project-type.yml entries
  • index.html catalog entry
  • Top-level README.md cloud-section entry
  • Internal pages (app/internal/*)

Open to landing this without the checklist items if the migration timeline is tight — module itself is fully validated and doesn't need the catalog UI to function.

Out of scope

  • Spoofing other legacy locals (aws3, aws4, aws5, aws593, aws6, helm3, helm-release-pod, cloudflare4, cloudflare4a, mysql). Can be added to this module's outputs.providers + the Dockerfile's spoofing loop in later PRs.
  • Full consolidation to a single aws provider version. Separate roadmap.

🤖 Generated with Claude Code

sanmesh-kakade and others added 4 commits April 22, 2026 14:47
@sanmesh-kakade @claude
Add facets_default_providers/default/1.0 module
c42c514 
Declares the aws3tooling local provider name mapped to the spoofed
hashicorp/aws3tooling source, so legacy capillary-cloud-tf envs can
migrate to the new iac-generator flow without state surgery. State in
those envs is bound to registry.terraform.io/hashicorp/aws3tooling
(phantom path synthesized by the old Python generator); the companion
Docker image change in iac-generator-releases places the real
hashicorp/aws 3.74.0 binary under that path via terraform's implicit
filesystem-mirror discovery.

Blueprint resource name must be "default" — IsDefaultResource=true is
what triggers un-aliased emission matching the legacy state shape.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sanmesh-kakade @claude
Drop spec fields — config via pod env vars only
5ddbb27 
Removes aws_region from spec.properties, var.instance.spec, and locals.
The aws provider exposed by this module picks up region and credentials
from the pod's standard AWS env vars (AWS_REGION, AWS_ACCESS_KEY_ID,
etc.) via the provider's built-in env-var discovery. README expanded
to document why spec is intentionally empty.

Also removes "region: attributes.aws_region" from facets.yaml
outputs.default.providers.aws3tooling.attributes; skip_region_validation
stays (needed for tooling-VPC regions some envs use).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sanmesh-kakade @claude
Add dedicated @facets/facets_default_providers output type
de8452c 
Reusing @facets/aws_cloud_account was semantically wrong — this module
is not a cloud account, it's a bundle of legacy provider aliases. Using
aws_cloud_account would let consumers accidentally wire cloud-account
inputs here and imply a data contract (aws_iam_role, aws_region,
external_id, session_name) that doesn't apply.

New type outputs/facets_default_providers/outputs.yaml has intentionally
empty attributes/interfaces — consumers wire to it only for its aliased
providers list (aws3tooling today; cloudflare/acme/mysql/ovh/facets-cloud
follow-ups).

facets.yaml + README updated accordingly. Module dry-run passes against
this new type. Output type and module both uploaded to root profile
(module published).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sanmesh-kakade @claude
Broaden clouds to [kubernetes, aws, gcp, azure]
2e6959d 
clouds: [aws] only blocked the ovh (Kubernetes) project-type from
accepting the resource at raptor apply time. This module isn't cloud-
specific — it's a provider-alias shim consumed from any deployment
context, so all four project-type clouds should accept it. Same pattern
as cloud_account/aws_env_provider (clouds: [kubernetes]).

Re-published to root with this change; resource added to standalone-agent
blueprint (disabled) as a smoke test — apply succeeded.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@unni-facets unni-facets merged commit 8d6b11b into main Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unni-facets unni-facets unni-facets approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sanmesh-kakade @unni-facets