Disable datadog integration in sandbox configuration

[brettcurtis]

Summary by CodeRabbit

• New Features

  • Updated the Google and Kubernetes provider versions to enhance functionality and compatibility.
  • Adjusted the source path for the helpers module to reflect a new directory structure.

• Bug Fixes

  • Commented out the datadog_enable variable in the sandbox configuration to prevent potential misconfigurations.

• Documentation

  • Updated README files across various modules to reflect new provider and module versions, ensuring accurate guidance for users.

[coderabbitai]

Walkthrough

The pull request includes updates to various Terraform configuration files, primarily focusing on version increments and hash replacements for the hashicorp/google and hashicorp/kubernetes providers across multiple .terraform.lock.hcl files. Additionally, the helpers module's source path has been modified to include a subdirectory, and its version has been updated. Documentation files such as README.md in several directories have also been updated to reflect these changes, ensuring consistency across the Terraform modules.

Changes

File Path	Change Summary
.terraform.lock.hcl	Updated hashicorp/google-beta provider version from 6.11.1 to 6.12.0, replaced hash entries.
README.md	Updated helpers module source from github.com/osinfra-io/terraform-core-helpers to //root, version updated from v0.1.1 to v0.1.2.
regional/README.md	Updated helpers module source and version similarly to above.
regional/cert-manager/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, replaced hash values; updated kubernetes from 2.33.0 to 2.34.0.
regional/cert-manager/README.md	Updated google provider version from 6.11.1 to 6.12.0 and helpers module source and version.
regional/cert-manager/istio-csr/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/cert-manager/istio-csr/README.md	Updated google provider version and helpers module source and version.
regional/datadog/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/datadog/README.md	Updated google provider version and helpers module source and version.
regional/datadog/manifests/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/datadog/manifests/README.md	Updated google provider version and helpers module source and version.
regional/istio/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/istio/README.md	Updated google provider version and helpers module source and version.
regional/opa-gatekeeper/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/opa-gatekeeper/README.md	Updated google provider version and helpers module source and version.
regional/opa-gatekeeper/manifests/.terraform.lock.hcl	Updated hashicorp/google version from 6.11.1 to 6.12.0, updated kubernetes from 2.33.0 to 2.34.0.
regional/opa-gatekeeper/manifests/README.md	Updated helpers module source and version.
shared/helpers.tf	Updated helpers module source path to include //root.
tfvars/sandbox.tfvars	Commented out the line defining datadog_enable.

Possibly related PRs

• Consume terraform-kubernetes-cert-manager Terraform child module #150: Related to updates in the .terraform.lock.hcl file for the hashicorp/google-beta provider version change, similar to changes in regional/cert-manager/.terraform.lock.hcl.
• Enable Datadog integration and update module references in manifests #275: Relevant to the Google provider version updates in the .terraform.lock.hcl file, similar to changes in regional/datadog/README.md.

Suggested labels

enhancement

Suggested reviewers

• osinfra-sa

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[infracost]

💰 Infracost report

Monthly estimate decreased by $25 📉

Changed project	Baseline cost	Usage cost*	Total change	New monthly cost
main-sandbox	+$0	-$25	-$25 (-67%)	$12

*Usage costs were estimated using Infracost Cloud settings, see docs for other options.

Estimate details (includes details of unsupported resources)

Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: main-sandbox

- module.datadog[0].google_logging_project_sink.integration
  -$5

    - Logging data
      -$5, -10 GB*

- module.datadog[0].google_pubsub_topic.integration
  -$5

    - Message ingestion data
      -$5, -0.125 TiB*

- module.datadog[0].google_pubsub_subscription.integration
  -$15

    - Message delivery data
      -$5, -0.125 TiB*

    - Retained acknowledged message storage
      -$5, -18 GiB*

    - Snapshot message backlog storage
      -$5, -18 GiB*

Monthly cost change for main-sandbox
Amount:  -$25 ($37 → $12)
Percent: -67%

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed
24 projects have no cost estimate changes.
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
*Usage costs were estimated using Infracost Cloud settings, see docs for other options.

137 cloud resources were detected:
∙ 18 were estimated
∙ 106 were free
∙ 13 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 4 x google_gke_hub_feature
  ∙ 3 x google_gke_hub_membership
  ∙ 2 x google_billing_budget
  ∙ 2 x google_cloud_identity_group_membership
  ∙ 2 x google_compute_security_policy

Infracost estimate: Monthly estimate decreased by $25 ↓
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Changed project                                    ┃ Baseline cost ┃ Usage cost* ┃ Total change ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━╋━━━━━━━━━━━━━━┫
┃ main-sandbox                                       ┃           +$0 ┃        -$25 ┃  -$25 (-67%) ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━┻━━━━━━━━━━━━━━┛

_{This comment will be updated when code changes.}

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

regional/README.md (1)

⚠️ PR changes incomplete for disabling Datadog integration

The codebase contains several Datadog-related configurations that need attention to properly disable the integration:

• tfvars/sandbox.tfvars has a commented datadog_enable variable that needs to be explicitly set to false
• main.tf contains a Datadog module that's conditionally created based on var.datadog_enable
• regional/datadog/ directory contains Datadog operator configurations that may need to be removed or disabled

The PR currently only updates provider versions but doesn't address these Datadog-related configurations. Please either:

1. Set datadog_enable = false in tfvars/sandbox.tfvars
2. Consider removing the Datadog-related configurations if they're no longer needed

🔗 Analysis chain

Line range hint 1-24: ⚠️ PR changes don't align with its objective

The PR's objective is to disable datadog integration in sandbox configuration, but the changes only include:

1. Provider version updates in .terraform.lock.hcl files
2. Module source and version updates in README.md

Please verify if:

• Additional changes are needed to disable the datadog integration
• The PR title needs to be updated to reflect these maintenance changes

Let's verify if there are any datadog-related files that should be modified:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for datadog-related configuration files
echo "Searching for datadog-related files..."
fd -t f -e tf -e yaml -e yml datadog

# Search for datadog-related code
echo "Searching for datadog-related code..."
rg -i "datadog" -g '!{*.lock.hcl,*.md}'

Length of output: 3100

regional/istio/README.md (2)

Line range hint 1-67: Document Datadog integration changes

The README updates reflect provider version changes but don't include any documentation about the disabled Datadog integration. Consider adding a note about this architectural change if it affects this module.

---

Line range hint 1-67: Verify PR scope and implementation

The current changes appear to focus on provider version updates rather than disabling the Datadog integration. Please clarify:

1. Where and how is the Datadog integration being disabled?
2. Are the provider version updates related to this change?
3. Should there be additional changes to remove Datadog-related configurations?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0b1b1e0 and c4c5752.

📒 Files selected for processing (23)

• .terraform.lock.hcl (1 hunks)
• README.md (1 hunks)
• regional/README.md (1 hunks)
• regional/cert-manager/.terraform.lock.hcl (2 hunks)
• regional/cert-manager/README.md (1 hunks)
• regional/cert-manager/istio-csr/.terraform.lock.hcl (2 hunks)
• regional/cert-manager/istio-csr/README.md (1 hunks)
• regional/datadog/.terraform.lock.hcl (2 hunks)
• regional/datadog/README.md (1 hunks)
• regional/datadog/manifests/.terraform.lock.hcl (2 hunks)
• regional/datadog/manifests/README.md (1 hunks)
• regional/istio/.terraform.lock.hcl (2 hunks)
• regional/istio/README.md (1 hunks)
• regional/istio/manifests/.terraform.lock.hcl (2 hunks)
• regional/istio/manifests/README.md (1 hunks)
• regional/onboarding/.terraform.lock.hcl (2 hunks)
• regional/onboarding/README.md (1 hunks)
• regional/opa-gatekeeper/.terraform.lock.hcl (2 hunks)
• regional/opa-gatekeeper/README.md (1 hunks)
• regional/opa-gatekeeper/manifests/.terraform.lock.hcl (2 hunks)
• regional/opa-gatekeeper/manifests/README.md (1 hunks)
• shared/helpers.tf (1 hunks)
• tfvars/sandbox.tfvars (1 hunks)

✅ Files skipped from review due to trivial changes (12)

• shared/helpers.tf
• tfvars/sandbox.tfvars
• regional/onboarding/README.md
• regional/datadog/.terraform.lock.hcl
• README.md
• regional/opa-gatekeeper/.terraform.lock.hcl
• regional/datadog/manifests/.terraform.lock.hcl
• regional/cert-manager/README.md
• regional/cert-manager/istio-csr/.terraform.lock.hcl
• regional/onboarding/.terraform.lock.hcl
• regional/cert-manager/.terraform.lock.hcl
• regional/opa-gatekeeper/manifests/.terraform.lock.hcl

🔇 Additional comments (9)

regional/opa-gatekeeper/manifests/README.md (1)

16-16: Verify the helpers module path change impact

The helpers module source path now includes //root and version is bumped to v0.1.2. Please ensure this change is compatible with existing module usage.

✅ Verification successful

The helpers module path and version are consistently used across the codebase

The search results show that all references to the terraform-core-helpers module consistently use the //root path and version v0.1.2 across the entire codebase, including in the actual module source reference in shared/helpers.tf. This confirms that the change in the reviewed file is aligned with the rest of the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the new module version and path are consistently used across the codebase
rg -l "terraform-core-helpers" | xargs rg "v0.1.[12]"

Length of output: 2578

regional/opa-gatekeeper/README.md (1)

12-12: Verify provider and module version compatibility

The changes include:

• Google provider version bump to 6.12.0
• Helpers module update to v0.1.2 with //root path

Please ensure these version updates have been tested in a non-production environment.

Also applies to: 18-18

✅ Verification successful

Let me gather more information about the provider versions and constraints.

---

Let me check the actual Terraform configuration files in the opa-gatekeeper directory to see the provider configurations.

---

Provider version update appears safe to proceed

The Google provider version update to 6.12.0 appears safe as:

• The provider configuration in the opa-gatekeeper module only specifies the source without pinning a specific version
• The version constraint is managed at the root level providers configuration
• The module only uses basic Google provider features (data sources for project and GKE cluster information)

The helpers module update to v0.1.2 is also consistent with the implementation in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any provider version constraints in the codebase
rg "required_providers" -A 5

Length of output: 820

---

Script:

#!/bin/bash
# Check for provider version constraints and configurations
rg "google\s*=\s*\{" -A 3 regional/providers.tf regional/shared/providers.tf
rg "version\s*=\s*" regional/opa-gatekeeper/

Length of output: 447

---

Script:

#!/bin/bash
# Check terraform configuration files in opa-gatekeeper
fd -e tf . regional/opa-gatekeeper/ --exec cat {}

Length of output: 4575

regional/datadog/README.md (1)

12-12: Verify version updates and PR objective alignment

The version updates seem unrelated to the PR objective of disabling Datadog integration in sandbox configuration.

Let's verify if there are related changes in other files:

Also applies to: 18-18

regional/datadog/manifests/README.md (1)

12-12: Version updates appear unrelated to PR objective

Similar to the previous file, these version updates don't seem to contribute to disabling Datadog integration.

Also applies to: 18-18

regional/istio/manifests/README.md (2)

Line range hint 1-1: Request: Clarification needed on PR objective

The PR title indicates this change is meant to disable Datadog integration in sandbox configuration, but the provided files only show version updates to the Google provider and helpers module. Could you please:

1. Clarify where the actual Datadog integration changes are located
2. Provide the relevant configuration files that disable Datadog in sandbox environment
3. Explain if these version updates are necessary prerequisites for the Datadog changes

This will help ensure the changes align with the PR objective and maintain clear change boundaries.

---

12-12: Question: Are these changes in scope?

These version updates in the Istio manifests directory appear to be:

1. Unrelated to the PR objective of disabling Datadog integration
2. Potentially out of scope for this PR

Consider splitting these version updates into a separate PR to maintain clear change boundaries and simplify review.

Let's check if these changes are part of a broader version update:

Also applies to: 18-18

regional/istio/manifests/.terraform.lock.hcl (1)

Line range hint 5-57: Similar provider version updates as in parent directory.

.terraform.lock.hcl (2)

Line range hint 4-33: Verify if Datadog provider should be removed

The PR objective is to disable Datadog integration in sandbox configuration, but the Datadog provider configuration remains unchanged. Please verify if this provider should be removed as part of disabling the integration.

✅ Verification successful

Datadog provider configuration is correctly maintained

The Datadog provider configuration in .terraform.lock.hcl should remain as the codebase uses a conditional deployment pattern:

1. The datadog_enable variable defaults to false, effectively disabling the integration
2. The Datadog module is conditionally created using count = var.datadog_enable ? 1 : 0
3. The provider and its configuration are required even when disabled, as they're referenced in the module definitions

The presence of the provider in the lock file is correct and necessary for the terraform configuration to be valid, even when the integration is disabled.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if Datadog provider is still being used
rg -l "provider\s+\"datadog\"" --type terraform

Length of output: 81

---

Script:

#!/bin/bash
# Search for Datadog provider usage in all files
rg -l "provider\s+\"datadog\""

# Also check for any Datadog resource or data source usage
rg -l "resource\s+\"datadog_" 
rg -l "data\s+\"datadog_"

Length of output: 101

---

Script:

#!/bin/bash
# Check the content of providers.tf to understand Datadog provider usage
cat providers.tf

# Also check for any .tf files that might contain Datadog configurations
fd '.*\.tf$' --exec grep -l "datadog"

Length of output: 793

---

Script:

#!/bin/bash
# Check the content of main.tf and variables.tf for Datadog usage
cat main.tf
cat variables.tf

# Check the content of regional Datadog configurations
cat regional/datadog/main.tf

Length of output: 4536

---

45-59: Verify the Google Beta provider version update impact

The Google Beta provider version has been updated from 6.11.1 to 6.12.0. Please ensure this update is intentional and won't affect the sandbox configuration changes.

✅ Verification successful

The previous command failed because the file type wasn't recognized. Let's try searching through files with terraform-related extensions and check for provider configurations.

---

The previous output showed configuration files but no provider configurations. Let's check the actual terraform files to find where and how the google-beta provider is being used.

---

After reviewing the terraform configurations, I can see that while the Google provider is used, there's no explicit configuration of the google-beta provider in any of the files. The provider configurations are managed through the modules being used, particularly the terraform-google-kubernetes-engine module.

The Google Beta provider version update is safe to proceed

The update from 6.11.1 to 6.12.0 is a minor version bump that should be backward compatible. Since the google-beta provider is not directly configured in this repository and is managed through external modules, the version update in the lock file is safe as it's being pulled in as a transitive dependency.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any breaking changes in provider usage
rg "google-beta" --type terraform -A 5

Length of output: 72

---

Script:

#!/bin/bash
# Search for terraform files and provider configurations
fd -e tf | xargs rg "google-beta" -A 5

# Also check for any terraform configuration files in different extensions
fd -e tfvars -e hcl | xargs cat

Length of output: 14064

---

Script:

#!/bin/bash
# Let's check for provider configurations in .tf files
fd -e tf | xargs cat

# Also check for any terraform version constraints
fd -g "*version*.tf" | xargs cat

Length of output: 46587