Dev to qa

[fpittelo]

Dev to qa

[gemini-code-assist]

Summary of Changes

Hello @fpittelo, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the Terraform infrastructure configuration to centralize environment-specific variables. It transitions from using separate .tfvars files for each environment to a single, consolidated environments map within variables.tf. This change enables dynamic loading of configuration based on an environment input, simplifying overall variable management and promoting a more scalable and maintainable infrastructure-as-code approach.

Highlights

• Environment Variable Consolidation: All environment-specific variables for dev, qa, and main have been moved from individual .tfvars files into a single environments map within infra/variables.tf.
• Dynamic Configuration Loading: The infra/main.tf file now utilizes a locals block to dynamically select the appropriate environment variables based on the environment input variable, streamlining configuration management.
• Simplified Variable Management: This refactoring centralizes environment configurations, reducing redundancy and making the infrastructure-as-code more maintainable and scalable.

Ignored Files

• Ignored by pattern: .github/workflows/** (2)
  • .github/workflows/deploy.yaml
  • .github/workflows/destroy.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the Terraform configuration to use a centralized variable map for different environments, which is a great improvement for managing multiple deployments. The deletion of separate .tfvars files and the consolidation into variables.tf simplifies the structure. My review focuses on a critical security issue regarding hardcoded secrets in the new variable map and a medium-severity inconsistency in how resources reference the resource group. Addressing these points will enhance the security and maintainability of the infrastructure code.

[gemini-code-assist]

Hardcoding default values for secrets and keys, even placeholder ones, is a critical security risk as they can be accidentally committed and exposed. These should be provided through a secure mechanism (like environment variables or a secrets manager) and not have default values in version control. I suggest replacing them with empty strings, similar to the qa and main environments, and providing the actual values for dev through a separate, non-versioned .tfvars file.

      appinsights_instrumentation_key = ""
      rbac_enabled = true
      kind = "OpenAI"
      sku_name_cog_acct = "S0"
      auth_enabled = true
      google_client_id = ""
      google_client_secret = ""
      microsoft_client_id = ""
      microsoft_client_secret = ""

[gemini-code-assist]

For consistency and to create a clear dependency, it's better to reference the azurerm_resource_group.rg resource's attributes for location and name, just as you've done for the key_vault module. This ensures all resources are deployed to the same resource group and location defined by the rg resource.

This comment also applies to the app_service_plan, linux_web_app, cosmos_db modules, and the azurerm_application_insights resource.

  az_location         = azurerm_resource_group.rg.location
  az_rg_name          = azurerm_resource_group.rg.name