AUT-4030: fix tfvars files #5819
Open
+1,865
−1,743
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Java Tests Not SkippedJava files were previously skipped in this pull request. Subsequent changes have caused the tests to be run. |
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
2 times, most recently
from
b442a10 to
2de628f
Compare
Previously, when a P1 alarm was not needed, this would deploy on top of module.account_interventions.aws_cloudwatch_metric_alarm.lambda_error_cloudwatch_alarm so the configuration of the alarm would be modified each time. Now, we only deploy the P1 alarm when required, and it will always be created with a specific name.
This resource should only be set once per account, so it should: - live in `shared`, so multiple components don't try to create it - only be created by the 'primary' environment in the account, so that it's only created once As the policy allows the api gateways to write any logs, it only needs to be created here, not in each component.
Some modules have empty sections in their documentation. This change hides those sections to make the documentation more concise.
As-was, this constantly attempted to change the policy resource to 'execute-api:/*', but AWS automatically replaced 'execute-api' with the execution arn. This caused this resource to update on every terraform run.
This replace function is, apparently, non-deterministic. This causes some attributes to be marked as 'known after apply' when they shouldn't. This change adds a new variable, `endpoint_name_sanitized`, which is required if `endpoint_name` contains a period. This variable is then used in place of `endpoint_name` in the resources that were using the `replace` function.
Also, check all of the modules, not just two of them!
If terraform validate fails, the deploy in CI will fail. therefore it makes sense to validate it here. As the validation is done at the same time as the java build, it will not slow down this workflow. The original terraform validate step in `pre-merge-checks-terraform.yml` has been moved to a `workflow_call` workflow - allowing the same logic to be run both in pre-merge-checks, and in the dev deploy workflow.
It's annoying to have to keep re-init'ing all the terraform modules
every time terraform is run. This change makes it so that the terraform
data dir is retained between runs of the same branch, so that the
`init` step takes less time on subsequent runs.
The data dirs can be removed by passing `-c` or `--clean` to the script.
These data dirs are stored in `${TMPDIR}/authentication-api-tf/${b64_branch_name}`,
where `${b64_branch_name}` is the base64 encoded branch name.
They will be removed on every reboot, so there's no need to worry about
regular cleanup.
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
7 times, most recently
from
a60eec3 to
48a32ef
Compare
And pre-commit configuration
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
from
48a32ef to
0cff5a2
Compare
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
from
0cff5a2 to
a83dfbe
Compare
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
from
a83dfbe to
989c75c
Compare
Previously, the `buildZip` tasks would build the zip into gradle's standard `build` directory. This is not the same location they are located when running in CI. This change updates the `buildZip` tasks to build the zip into the `ci/terraform/<service>/artifacts` directory when the `devDeployBuild` property is set. This property is set in the `deploy-dev.sh` script, and should never need to be set manually.
- Remove orphaned variables - Set defaults to the ones we want to use in dev environments
- Remove variables that set the variable to the default from variables.tf
Rather than having '*-overrides' and '*-sizing' files, instead just create one file, with comments for headers.
Set defaults to the ones for dev envs, override them for non-dev
- Don't set values that are provided from defaults
- Don't explicitly set the value to the default from variables.tf - Break up into sections
Merge sizing / overrides into main `.tfvars` files for each environment. Also, remove vestigial variables.
- remove unused variables - put variables into sections
- Set default lambda_min_concurrency to 0 (and set back to 1 where needed) - Remove unnecessary definitions from tfvars (ie. re-setting defaults) - Add tfvars into sections
whi-tw
force-pushed
the
whi-tw/AUT-4030/un-split-tfvars
branch
from
989c75c to
fe42dea
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
*.tfvarsandvariables.tffiles.artifactsdirs, where they're located in CI.How to review
Related PRs
Rebased onto #5823 and #5641