From 1484c2ffa0b9253632fa5f0ae630b06860595360 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 13 Mar 2024 10:05:02 -0400 Subject: [PATCH] Adjust properties further to only apply to spaces The SES and SNS modules are strictly for services that are instantiated within a space, while the egress_space is creating a separate space. The shift of the recursive delete from being on a service to being at the space level means that the SES and SNS modules do not have to track it at all, it should only be handled at the space level. The same goes for the allow_ssh flag. Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 24 +++++++++++------------- terraform/production/main.tf | 28 ++++++++++++---------------- terraform/shared/ses/main.tf | 10 ---------- terraform/shared/ses/variables.tf | 12 ------------ terraform/shared/sns/main.tf | 10 ---------- terraform/shared/sns/variables.tf | 12 ------------ 6 files changed, 23 insertions(+), 73 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index 5f3f8525e..0ac491fc5 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -58,22 +58,20 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - aws_region = "us-west-2" - email_domain = "notify.sandbox.10x.gsa.gov" - email_receipt_error = "notify-support@gsa.gov" - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-west-2" + email_domain = "notify.sandbox.10x.gsa.gov" + email_receipt_error = "notify-support@gsa.gov" } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - aws_region = "us-east-1" - monthly_spend_limit = 25 - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-east-1" + monthly_spend_limit = 25 } diff --git a/terraform/production/main.tf b/terraform/production/main.tf index e2c321d37..f7fc93d68 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -60,27 +60,23 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - allow_ssh = local.allow_ssh - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - aws_region = "us-gov-west-1" - email_domain = "notify.gov" - mail_from_subdomain = "mail" - email_receipt_error = "notify-support@gsa.gov" - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-gov-west-1" + email_domain = "notify.gov" + mail_from_subdomain = "mail" + email_receipt_error = "notify-support@gsa.gov" } module "sns_sms" { source = "../shared/sns" - allow_ssh = local.allow_ssh - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - aws_region = "us-gov-west-1" - monthly_spend_limit = 1000 - delete_recursive_allowed = local.delete_recursive_allowed + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-gov-west-1" + monthly_spend_limit = 1000 } ########################################################################### diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 0661d1089..80c40042b 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } -### -# SES Space -### -resource "cloudfoundry_space" "cf_ses_service_space" { - allow_ssh = var.allow_ssh - delete_recursive_allowed = var.delete_recursive_allowed - name = data.cloudfoundry_space.space.name - org = data.cloudfoundry_org.org.id -} - ### # SES instance ### diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index e6a1b2b62..a92261656 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -34,15 +34,3 @@ variable "mail_from_subdomain" { description = "Subdomain of email_domain to set as the mail-from header" default = "" } - -variable "delete_recursive_allowed" { - type = bool - default = true - description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" -} - -variable "allow_ssh" { - type = bool - default = true - description = "Flag for allowing SSH access in a space - not recommended in production environments" -} diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index a00171a98..73cb8a815 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } -### -# SNS Space -### -resource "cloudfoundry_space" "cf_sns_service_space" { - allow_ssh = var.allow_ssh - delete_recursive_allowed = var.delete_recursive_allowed - name = data.cloudfoundry_space.space.name - org = data.cloudfoundry_org.org.id -} - ### # SES instance ### diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index d75ddeda3..acf7c5010 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -22,15 +22,3 @@ variable "monthly_spend_limit" { type = number description = "SMS budget limit in USD. Support request must be made before raising above 1" } - -variable "delete_recursive_allowed" { - type = bool - default = true - description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" -} - -variable "allow_ssh" { - type = bool - default = true - description = "Flag for allowing SSH access in a space - not recommended in production environments" -}