Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BAU: Fix flip-flopping resources #5641

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

BAU: Fix flip-flopping resources #5641

wants to merge 7 commits into from

Conversation

whi-tw
Copy link
Contributor

@whi-tw whi-tw commented Dec 9, 2024

What

A number of our resources have changes in many runs, often unnecessarily.

This PR aims to fix a lot of these.

How to review

Deploy to a dev environment, ensure no weirdness happens

Checklist

  • Impact on orch and auth mutual dependencies has been checked.
  • A UCD review has been performed.

Related PRs

@whi-tw whi-tw requested review from a team as code owners December 9, 2024 14:06
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2024

Java Tests Skipped

No Java files were changed in this pull request. Java tests will be skipped1.

Any Java files that are changed in a subsequent commit will trigger the Java tests.

Footnotes

  1. These tests will still show as passing in the PR status check, but will not actually have run.

@whi-tw whi-tw force-pushed the whi-tw/BAU/fix-flip-flopping-resources branch 5 times, most recently from d2ef5e5 to e0d712a Compare December 9, 2024 17:08
@whi-tw
BAU: Make P1 alarm deploy only when required
4a0633b 
Previously, when a P1 alarm was not needed, this would deploy on top of
module.account_interventions.aws_cloudwatch_metric_alarm.lambda_error_cloudwatch_alarm
so the configuration of the alarm would be modified each time. Now, we
only deploy the P1 alarm when required, and it will always be created
with a specific name.
@whi-tw
BAU: Add missed cost tags
27682eb
@whi-tw
BAU: use aws_api_gateway_account properly
6735232 
This resource should only be set once per account, so it should:
- live in `shared`, so multiple components don't try to create it
- only be created by the 'primary' environment in the account, so that
  it's only created once

Move the configuration to shared, and then output the role name, so that
we can still attach the policies to the role in account-management and
oidc.
@whi-tw
BAU: Hide empty sections in terraform-docs
ea65215 
Some modules have empty sections in their documentation. This change
hides those sections to make the documentation more concise.
@whi-tw
BAU: attach a policy separately to creating api gw
7fa4299 
As-was, this constantly attempted to change the policy resource to
'execute-api:/*', but AWS automatically replaced 'execute-api' with the
execution arn. This caused this resource to update on every terraform
run.
@whi-tw
BAU: Remove need for replace statements in modules
96ce94c 
This replace function is, apparently, non-deterministic. This causes
some attributes to be marked as 'known after apply' when they shouldn't.

This change adds a new variable, `endpoint_name_sanitized`, which is
required if `endpoint_name` contains a period. This variable is then
used in place of `endpoint_name` in the resources that were using the
`replace` function.
@whi-tw whi-tw force-pushed the whi-tw/BAU/fix-flip-flopping-resources branch from e0d712a to a67758a Compare December 11, 2024 16:48
@whi-tw
BAU: Check terraform in a matrix, not sequentially
149f7b6 
Also, check all of the modules, not just two of them!
@whi-tw whi-tw force-pushed the whi-tw/BAU/fix-flip-flopping-resources branch from a67758a to 149f7b6 Compare December 11, 2024 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@whi-tw