From ead7e381790c31000de713244ca099c5b51b8fb3 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 3 Apr 2024 12:57:56 -0400 Subject: [PATCH 1/2] Revert recent Terraform changes to prod and demo This changeset reverts a few of our recent changes to the production and demo Terraform files to re-enable deployments. We are working through fixing this and will re-introduce these changes once we figure out how to get the changes to properly work (which are tied to the infrastructure checks as well). Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 48 +++++++++++++---------------- terraform/demo/providers.tf | 2 +- terraform/production/main.tf | 51 +++++++++++++------------------ terraform/production/providers.tf | 2 +- 4 files changed, 44 insertions(+), 59 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index e594264c2..615f92670 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -1,45 +1,38 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-demo" - env = "demo" - app_name = "notify-api" - delete_recursive_allowed = false -} - -data "cloudfoundry_org" "org" { - name = local.cf_org_name -} - -resource "cloudfoundry_space" "notify-demo" { - delete_recursive_allowed = local.delete_recursive_allowed - name = local.cf_space_name - org = data.cloudfoundry_org.org.id + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-demo" + env = "demo" + app_name = "notify-api" + recursive_delete = false } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - rds_plan_name = "micro-psql" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + recursive_delete = local.recursive_delete + rds_plan_name = "micro-psql" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - redis_plan_name = "redis-dev" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + recursive_delete = local.recursive_delete + redis_plan_name = "redis-dev" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -47,7 +40,6 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name - delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user, "steven.reilly@gsa.gov" @@ -60,6 +52,7 @@ module "ses_email" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-ses-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-west-2" email_domain = "notify.sandbox.10x.gsa.gov" email_receipt_error = "notify-support@gsa.gov" @@ -71,6 +64,7 @@ module "sns_sms" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-sns-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-east-1" monthly_spend_limit = 25 } diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf index 34ba30a62..f13333d3e 100644 --- a/terraform/demo/providers.tf +++ b/terraform/demo/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } diff --git a/terraform/production/main.tf b/terraform/production/main.tf index ff1daad88..5a2c520b1 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -1,56 +1,45 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-production" - env = "production" - app_name = "notify-api" - delete_recursive_allowed = false - allow_ssh = false -} - -data "cloudfoundry_org" "org" { - name = local.cf_org_name -} - -resource "cloudfoundry_space" "notify-production" { - allow_ssh = local.allow_ssh - delete_recursive_allowed = local.delete_recursive_allowed - name = local.cf_space_name - org = data.cloudfoundry_org.org.id + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-production" + env = "production" + app_name = "notify-api" + recursive_delete = false } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - rds_plan_name = "small-psql-redundant" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + recursive_delete = local.recursive_delete + rds_plan_name = "small-psql-redundant" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - redis_plan_name = "redis-3node-large" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + recursive_delete = local.recursive_delete + redis_plan_name = "redis-3node-large" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { source = "../shared/egress_space" - allow_ssh = local.allow_ssh cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name - delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user ] @@ -62,6 +51,7 @@ module "ses_email" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-ses-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-gov-west-1" email_domain = "notify.gov" mail_from_subdomain = "mail" @@ -74,6 +64,7 @@ module "sns_sms" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-sns-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-gov-west-1" monthly_spend_limit = 1000 } diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf index b5c45f63e..499759f48 100644 --- a/terraform/production/providers.tf +++ b/terraform/production/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } From af877cae8dc18597ae6b0a2e8a3bf38285ca3ae3 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 3 Apr 2024 14:07:28 -0400 Subject: [PATCH 2/2] Revert the rest of our Terraform changes This changeset reverts the rest of our recent Terraform changes to make sure deployments are working properly. Again, these will be re-introduced once we figure out the resource management piece. Signed-off-by: Carlo Costino --- terraform/bootstrap/providers.tf | 2 +- terraform/development/main.tf | 14 +++++---- terraform/development/providers.tf | 2 +- terraform/sandbox/main.tf | 36 +++++++++++++--------- terraform/sandbox/providers.tf | 2 +- terraform/shared/egress_space/main.tf | 6 ++-- terraform/shared/egress_space/providers.tf | 2 +- terraform/shared/egress_space/variables.tf | 12 -------- terraform/shared/ses/main.tf | 7 +++-- terraform/shared/ses/providers.tf | 2 +- terraform/shared/ses/variables.tf | 6 ++++ terraform/shared/sns/main.tf | 7 +++-- terraform/shared/sns/providers.tf | 2 +- terraform/shared/sns/variables.tf | 6 ++++ terraform/staging/main.tf | 36 +++++++++++++--------- terraform/staging/providers.tf | 2 +- 16 files changed, 79 insertions(+), 65 deletions(-) diff --git a/terraform/bootstrap/providers.tf b/terraform/bootstrap/providers.tf index 3c699e728..5dcaece3e 100644 --- a/terraform/bootstrap/providers.tf +++ b/terraform/bootstrap/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } } diff --git a/terraform/development/main.tf b/terraform/development/main.tf index 4cc26b4d7..1f45b2b6a 100644 --- a/terraform/development/main.tf +++ b/terraform/development/main.tf @@ -1,15 +1,17 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-local-dev" - key_name = "${var.username}-api-dev-key" + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-local-dev" + recursive_delete = true + key_name = "${var.username}-api-dev-key" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${var.username}-csv-upload-bucket" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + name = "${var.username}-csv-upload-bucket" } resource "cloudfoundry_service_key" "csv_key" { name = local.key_name diff --git a/terraform/development/providers.tf b/terraform/development/providers.tf index 3c699e728..5dcaece3e 100644 --- a/terraform/development/providers.tf +++ b/terraform/development/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } } diff --git a/terraform/sandbox/main.tf b/terraform/sandbox/main.tf index 4c93f8a2c..fae30073c 100644 --- a/terraform/sandbox/main.tf +++ b/terraform/sandbox/main.tf @@ -1,34 +1,38 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-sandbox" - env = "sandbox" - app_name = "notify-api" + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-sandbox" + env = "sandbox" + app_name = "notify-api" + recursive_delete = true } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - rds_plan_name = "micro-psql" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + recursive_delete = local.recursive_delete + rds_plan_name = "micro-psql" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - redis_plan_name = "redis-dev" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + recursive_delete = local.recursive_delete + redis_plan_name = "redis-dev" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -49,6 +53,7 @@ module "ses_email" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-ses-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-west-2" email_receipt_error = "notify-support@gsa.gov" } @@ -59,6 +64,7 @@ module "sns_sms" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-sns-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-east-2" monthly_spend_limit = 1 } diff --git a/terraform/sandbox/providers.tf b/terraform/sandbox/providers.tf index 590be4e3d..d5a3313de 100644 --- a/terraform/sandbox/providers.tf +++ b/terraform/sandbox/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf index cc91e9c42..4b841ad14 100644 --- a/terraform/shared/egress_space/main.tf +++ b/terraform/shared/egress_space/main.tf @@ -11,10 +11,8 @@ data "cloudfoundry_org" "org" { ### resource "cloudfoundry_space" "public_egress" { - allow_ssh = var.allow_ssh - delete_recursive_allowed = var.delete_recursive_allowed - name = "${var.cf_restricted_space_name}-egress" - org = data.cloudfoundry_org.org.id + name = "${var.cf_restricted_space_name}-egress" + org = data.cloudfoundry_org.org.id } ### diff --git a/terraform/shared/egress_space/providers.tf b/terraform/shared/egress_space/providers.tf index 01ab1f803..21ac567a2 100644 --- a/terraform/shared/egress_space/providers.tf +++ b/terraform/shared/egress_space/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } } diff --git a/terraform/shared/egress_space/variables.tf b/terraform/shared/egress_space/variables.tf index 5bdff893f..45bcc717d 100644 --- a/terraform/shared/egress_space/variables.tf +++ b/terraform/shared/egress_space/variables.tf @@ -3,15 +3,3 @@ variable "cf_restricted_space_name" {} variable "deployers" { type = set(string) } - -variable "delete_recursive_allowed" { - type = bool - default = true - description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" -} - -variable "allow_ssh" { - type = bool - default = true - description = "Flag for allowing SSH access in a space - not recommended in production environments" -} diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 4c1bb54b9..a29a8ce10 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -16,9 +16,10 @@ data "cloudfoundry_service" "ses" { } resource "cloudfoundry_service_instance" "ses" { - name = var.name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.ses.service_plans["base"] + name = var.name + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.ses.service_plans["base"] + recursive_delete = var.recursive_delete json_params = jsonencode({ region = var.aws_region domain = var.email_domain diff --git a/terraform/shared/ses/providers.tf b/terraform/shared/ses/providers.tf index 01ab1f803..21ac567a2 100644 --- a/terraform/shared/ses/providers.tf +++ b/terraform/shared/ses/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } } diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index a92261656..74e852cf6 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -13,6 +13,12 @@ variable "name" { description = "name of the service instance" } +variable "recursive_delete" { + type = bool + description = "when true, deletes service bindings attached to the resource (not recommended for production)" + default = false +} + variable "aws_region" { type = string description = "AWS region the SES instance is in" diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index aa0079f92..a23c4e872 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -16,9 +16,10 @@ data "cloudfoundry_service" "sns" { } resource "cloudfoundry_service_instance" "sns" { - name = var.name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.sns.service_plans["base"] + name = var.name + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.sns.service_plans["base"] + recursive_delete = var.recursive_delete json_params = jsonencode({ region = var.aws_region monthly_spend_limit = var.monthly_spend_limit diff --git a/terraform/shared/sns/providers.tf b/terraform/shared/sns/providers.tf index 01ab1f803..21ac567a2 100644 --- a/terraform/shared/sns/providers.tf +++ b/terraform/shared/sns/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } } } diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index acf7c5010..611050337 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -13,6 +13,12 @@ variable "name" { description = "name of the service instance" } +variable "recursive_delete" { + type = bool + description = "when true, deletes service bindings attached to the resource (not recommended for production)" + default = false +} + variable "aws_region" { type = string description = "AWS region the SNS settings are set in" diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf index 8cae5a8da..c46e0d3fa 100644 --- a/terraform/staging/main.tf +++ b/terraform/staging/main.tf @@ -1,34 +1,38 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-staging" - env = "staging" - app_name = "notify-api" + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-staging" + env = "staging" + app_name = "notify-api" + recursive_delete = true } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - rds_plan_name = "micro-psql" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + recursive_delete = local.recursive_delete + rds_plan_name = "micro-psql" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - redis_plan_name = "redis-dev" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + recursive_delete = local.recursive_delete + redis_plan_name = "redis-dev" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -49,6 +53,7 @@ module "ses_email" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-ses-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-west-2" mail_from_subdomain = "mail" email_receipt_error = "notify-support@gsa.gov" @@ -60,6 +65,7 @@ module "sns_sms" { cf_org_name = local.cf_org_name cf_space_name = local.cf_space_name name = "${local.app_name}-sns-${local.env}" + recursive_delete = local.recursive_delete aws_region = "us-west-2" monthly_spend_limit = 25 } diff --git a/terraform/staging/providers.tf b/terraform/staging/providers.tf index 0f09460ef..11dceea7d 100644 --- a/terraform/staging/providers.tf +++ b/terraform/staging/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + version = "0.53.0" } }