Merge pull request #892 from GSA/main

Prod deploy - 4/3/24
GSA · Apr 3, 2024 · f1d190d · f1d190d
2 parents d9bb94f + 69c4066
commit f1d190d
Show file tree

Hide file tree

Showing 20 changed files with 123 additions and 124 deletions.
diff --git a/terraform/bootstrap/providers.tf b/terraform/bootstrap/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 }

diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf
@@ -1,53 +1,45 @@
 locals {
-  cf_org_name              = "gsa-tts-benefits-studio"
-  cf_space_name            = "notify-demo"
-  env                      = "demo"
-  app_name                 = "notify-api"
-  delete_recursive_allowed = false
-}
-
-data "cloudfoundry_org" "org" {
-  name = local.cf_org_name
-}
-
-resource "cloudfoundry_space" "notify-demo" {
-  delete_recursive_allowed = local.delete_recursive_allowed
-  name                     = local.cf_space_name
-  org                      = data.cloudfoundry_org.org.id
+  cf_org_name      = "gsa-tts-benefits-studio"
+  cf_space_name    = "notify-demo"
+  env              = "demo"
+  app_name         = "notify-api"
+  recursive_delete = false
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-rds-${local.env}"
-  rds_plan_name = "micro-psql"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-rds-${local.env}"
+  recursive_delete = local.recursive_delete
+  rds_plan_name    = "micro-psql"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name     = local.cf_org_name
-  cf_space_name   = local.cf_space_name
-  name            = "${local.app_name}-redis-${local.env}"
-  redis_plan_name = "redis-dev"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-redis-${local.env}"
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "redis-dev"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
   source = "../shared/egress_space"
 
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
-  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user,
     "[email protected]"
@@ -60,6 +52,7 @@ module "ses_email" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-west-2"
   email_domain        = "notify.sandbox.10x.gsa.gov"
   email_receipt_error = "[email protected]"
@@ -71,6 +64,7 @@ module "sns_sms" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-sns-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-east-1"
   monthly_spend_limit = 25
 }
diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 

diff --git a/terraform/development/main.tf b/terraform/development/main.tf
@@ -1,15 +1,17 @@
 locals {
-  cf_org_name   = "gsa-tts-benefits-studio"
-  cf_space_name = "notify-local-dev"
-  key_name      = "${var.username}-api-dev-key"
+  cf_org_name      = "gsa-tts-benefits-studio"
+  cf_space_name    = "notify-local-dev"
+  recursive_delete = true
+  key_name         = "${var.username}-api-dev-key"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${var.username}-csv-upload-bucket"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  name             = "${var.username}-csv-upload-bucket"
 }
 resource "cloudfoundry_service_key" "csv_key" {
   name             = local.key_name

diff --git a/terraform/development/providers.tf b/terraform/development/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 }

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
@@ -1,56 +1,45 @@
 locals {
-  cf_org_name              = "gsa-tts-benefits-studio"
-  cf_space_name            = "notify-production"
-  env                      = "production"
-  app_name                 = "notify-api"
-  delete_recursive_allowed = false
-  allow_ssh                = false
-}
-
-data "cloudfoundry_org" "org" {
-  name = local.cf_org_name
-}
-
-resource "cloudfoundry_space" "notify-production" {
-  allow_ssh                = local.allow_ssh
-  delete_recursive_allowed = local.delete_recursive_allowed
-  name                     = local.cf_space_name
-  org                      = data.cloudfoundry_org.org.id
+  cf_org_name      = "gsa-tts-benefits-studio"
+  cf_space_name    = "notify-production"
+  env              = "production"
+  app_name         = "notify-api"
+  recursive_delete = false
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-rds-${local.env}"
-  rds_plan_name = "small-psql-redundant"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-rds-${local.env}"
+  recursive_delete = local.recursive_delete
+  rds_plan_name    = "small-psql-redundant"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name     = local.cf_org_name
-  cf_space_name   = local.cf_space_name
-  name            = "${local.app_name}-redis-${local.env}"
-  redis_plan_name = "redis-3node-large"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-redis-${local.env}"
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "redis-3node-large"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
   source = "../shared/egress_space"
 
-  allow_ssh                = local.allow_ssh
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
-  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user
   ]
@@ -62,6 +51,7 @@ module "ses_email" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-gov-west-1"
   email_domain        = "notify.gov"
   mail_from_subdomain = "mail"
@@ -74,6 +64,7 @@ module "sns_sms" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-sns-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-gov-west-1"
   monthly_spend_limit = 1000
 }

diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 

diff --git a/terraform/sandbox/main.tf b/terraform/sandbox/main.tf
@@ -1,34 +1,38 @@
 locals {
-  cf_org_name   = "gsa-tts-benefits-studio"
-  cf_space_name = "notify-sandbox"
-  env           = "sandbox"
-  app_name      = "notify-api"
+  cf_org_name      = "gsa-tts-benefits-studio"
+  cf_space_name    = "notify-sandbox"
+  env              = "sandbox"
+  app_name         = "notify-api"
+  recursive_delete = true
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-rds-${local.env}"
-  rds_plan_name = "micro-psql"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-rds-${local.env}"
+  recursive_delete = local.recursive_delete
+  rds_plan_name    = "micro-psql"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name     = local.cf_org_name
-  cf_space_name   = local.cf_space_name
-  name            = "${local.app_name}-redis-${local.env}"
-  redis_plan_name = "redis-dev"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  name             = "${local.app_name}-redis-${local.env}"
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "redis-dev"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name   = local.cf_org_name
-  cf_space_name = local.cf_space_name
-  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
@@ -49,6 +53,7 @@ module "ses_email" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-west-2"
   email_receipt_error = "[email protected]"
 }
@@ -59,6 +64,7 @@ module "sns_sms" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-sns-${local.env}"
+  recursive_delete    = local.recursive_delete
   aws_region          = "us-east-2"
   monthly_spend_limit = 1
 }
diff --git a/terraform/sandbox/providers.tf b/terraform/sandbox/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 

diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf
@@ -11,10 +11,8 @@ data "cloudfoundry_org" "org" {
 ###
 
 resource "cloudfoundry_space" "public_egress" {
-  allow_ssh                = var.allow_ssh
-  delete_recursive_allowed = var.delete_recursive_allowed
-  name                     = "${var.cf_restricted_space_name}-egress"
-  org                      = data.cloudfoundry_org.org.id
+  name = "${var.cf_restricted_space_name}-egress"
+  org  = data.cloudfoundry_org.org.id
 }
 
 ###

diff --git a/terraform/shared/egress_space/providers.tf b/terraform/shared/egress_space/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 }
diff --git a/terraform/shared/egress_space/variables.tf b/terraform/shared/egress_space/variables.tf
@@ -3,15 +3,3 @@ variable "cf_restricted_space_name" {}
 variable "deployers" {
   type = set(string)
 }
-
-variable "delete_recursive_allowed" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
-}
-
-variable "allow_ssh" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing SSH access in a space - not recommended in production environments"
-}
diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf
@@ -16,9 +16,10 @@ data "cloudfoundry_service" "ses" {
 }
 
 resource "cloudfoundry_service_instance" "ses" {
-  name         = var.name
-  space        = data.cloudfoundry_space.space.id
-  service_plan = data.cloudfoundry_service.ses.service_plans["base"]
+  name             = var.name
+  space            = data.cloudfoundry_space.space.id
+  service_plan     = data.cloudfoundry_service.ses.service_plans["base"]
+  recursive_delete = var.recursive_delete
   json_params = jsonencode({
     region                        = var.aws_region
     domain                        = var.email_domain

diff --git a/terraform/shared/ses/providers.tf b/terraform/shared/ses/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
+      version = "0.53.0"
     }
   }
 }
diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf
@@ -13,6 +13,12 @@ variable "name" {
   description = "name of the service instance"
 }
 
+variable "recursive_delete" {
+  type        = bool
+  description = "when true, deletes service bindings attached to the resource (not recommended for production)"
+  default     = false
+}
+
 variable "aws_region" {
   type        = string
   description = "AWS region the SES instance is in"