106 - Advanced

So what else do you guys do?

Read The Docs

If you want to get a better idea about the object that we will be working with in this module, you can review the docs here:

• Virtual Machine Variables

• Presets

• Secrets

For a more general discussion about each concept, take a look here and here.

Objectives

In this module we'll take a look at some of the advanced concepts like advanced variables - minimum/maximum values, etc. - presets and secrets. At a high level, these are all types of variables and it's here that you can really expand the flexibility of your Blueprints. If you want re-usability, then look no further.

The training wheels are off here. We'll be describing the functionality, but we won't be doing a step-by-step guide. You can refer to the earlier steps if needed, but you'll likely be just moving forward with this one without needing a reference anyway.

Reminder:

• Create an Environment

• Add the Blueprints

• Set venue and Credentials

• Set the variables, presets and secrets

• Apply

Advanced Terminology

This section deals mostly Tuono Terms and some have no cognate in Azure or AWS.

Variables

A variable is an end-user supplied value, that can be used to make your Blueprints more reusable. You might for example want a variable that allows you to arbitrarily define your resource group, network, range and a host of other useful fields. It is best practice to variablize those things where a hard-coded value is not required this allows the same Blueprint to be used for multiple use cases.

Presets

A preset is a drop down field, where you can set a value which implies (a) certain configuration(s). An example of this might be a preset that defines the amount of CPU and memory assigned to a virtual machine based on it's use case, e.g. "prod" or "dev".

Secrets

A Secret is a static variable that can be leveraged within a Blueprint, but rather than typing the value, you select the Secret you want to use from your dedicated Secret Vault. This means that the value is not know to the user, but it can be used by any user with correct permissions. The key difference here is that the value is not injected in to the API call until the last possible second (late-binding), this ensures that the value itself is not leaked anywhere and is not reflected anywhere in our logs.

AWS

AWS Secrets Manager

The AWS Secret Manager is a native method to store secrets of all types. Using a well documented series of Secrets Manager APIs, stored secrets can be programmatically recalled from the vault and used by a Virtual Machine, for example to access other resources, such as a database, or to make a further authenticated API call to another resource.

Azure

Key Vault

Azure Key Vault Enables applications to access secret configuration values without storing the secrets with in your configuration or in source control.

Advanced Concepts

Most of the content in this Blueprint is well understood from the previous modules, but let's take a look at some of the specific bits of advanced functionality. Up until now we have worked with simple variables, that is, basic string and integer types. There is also the ability to define certain limits on the variables, i.e.

• Integers

  • Min/Max

  • Preset

• Strings

  • Regex

  • Presets

Min/Max allows you define an upper and lower bounds for your deployment, as in this example, we have locked the number of instances to be deployed to a number between 1 and 5. You could just as easily set an upper bound on the CPU or memory.

In the case of regex, you can define a specific naming-schema that must be adhered to. This obviously has implication for enforcing compliance to internal policies in this regard.

  num_instances:
    description: Count of number of instances
    type: integer
    min: 1
    max: 5

As above, you can see that presets can be used for both Integers and Strings. This is implemented below to force adherence to the free tiers for both Azure and AWS. This is obviously applicable to the this tutorial, but in the real world, you might want to force an exact CPU and memory count dependent on whether you wish to deploy to PROD or DEV. Another example might be a preset that will set num_instances, based on whether you are deploying to PROD or DEV.

  number_of_cores:
    type: integer
    preset: true
  memory_in_gb:
    type: integer
    preset: true

presets:
  venue:
    azure:
      number_of_cores: 1
      memory_in_gb: 2
    aws:
      number_of_cores: 1
      memory_in_gb: 1

Finally, we have Secrets. Secrets are values that are defined within the Secret Vault, scoped either to the whole Organization, or to the Environment and then leveraged within Blueprints. They are in many respects just variables, that rather that being typed in, are pulled from a store. This ensures that the actual value for the Secret is kept exactly that... secret. Using late-binding, we ensure that it is not leaked anywhere and the actual Secret value is injected in to the API call at deployment time at the last possible opportunity.

  container_password:
    description: The password for the Docker container
    type: secret