Adjust properties further to only apply to spaces

The SES and SNS modules are strictly for services that are instantiated within a space, while the egress_space is creating a separate space. The shift of the recursive delete from being on a service to being at the space level means that the SES and SNS modules do not have to track it at all, it should only be handled at the space level. The same goes for the allow_ssh flag. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2025-12-20 15:31:15 -05:00 · 2024-03-13 10:05:02 -04:00
parent 15f8be7aee
commit 1484c2ffa0
6 changed files with 23 additions and 73 deletions
--- a/terraform/demo/main.tf
+++ b/terraform/demo/main.tf
@@ -58,22 +58,20 @@ module "egress-space" {
 module "ses_email" {
  source = "../shared/ses"

-  cf_org_name              = local.cf_org_name
-  cf_space_name            = local.cf_space_name
-  name                     = "${local.app_name}-ses-${local.env}"
-  aws_region               = "us-west-2"
-  email_domain             = "notify.sandbox.10x.gsa.gov"
-  email_receipt_error      = "notify-support@gsa.gov"
-  delete_recursive_allowed = local.delete_recursive_allowed
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-ses-${local.env}"
+  aws_region          = "us-west-2"
+  email_domain        = "notify.sandbox.10x.gsa.gov"
+  email_receipt_error = "notify-support@gsa.gov"
 }

 module "sns_sms" {
  source = "../shared/sns"

-  cf_org_name              = local.cf_org_name
-  cf_space_name            = local.cf_space_name
-  name                     = "${local.app_name}-sns-${local.env}"
-  aws_region               = "us-east-1"
-  monthly_spend_limit      = 25
-  delete_recursive_allowed = local.delete_recursive_allowed
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-sns-${local.env}"
+  aws_region          = "us-east-1"
+  monthly_spend_limit = 25
 }
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -60,27 +60,23 @@ module "egress-space" {
 module "ses_email" {
  source = "../shared/ses"

-  allow_ssh                = local.allow_ssh
-  cf_org_name              = local.cf_org_name
-  cf_space_name            = local.cf_space_name
-  name                     = "${local.app_name}-ses-${local.env}"
-  aws_region               = "us-gov-west-1"
-  email_domain             = "notify.gov"
-  mail_from_subdomain      = "mail"
-  email_receipt_error      = "notify-support@gsa.gov"
-  delete_recursive_allowed = local.delete_recursive_allowed
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-ses-${local.env}"
+  aws_region          = "us-gov-west-1"
+  email_domain        = "notify.gov"
+  mail_from_subdomain = "mail"
+  email_receipt_error = "notify-support@gsa.gov"
 }

 module "sns_sms" {
  source = "../shared/sns"

-  allow_ssh                = local.allow_ssh
-  cf_org_name              = local.cf_org_name
-  cf_space_name            = local.cf_space_name
-  name                     = "${local.app_name}-sns-${local.env}"
-  aws_region               = "us-gov-west-1"
-  monthly_spend_limit      = 1000
-  delete_recursive_allowed = local.delete_recursive_allowed
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-sns-${local.env}"
+  aws_region          = "us-gov-west-1"
+  monthly_spend_limit = 1000
 }

 ###########################################################################
--- a/terraform/shared/ses/main.tf
+++ b/terraform/shared/ses/main.tf
@@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" {
  name     = var.cf_space_name
 }

-###
-# SES Space
-###
-resource "cloudfoundry_space" "cf_ses_service_space" {
-  allow_ssh                = var.allow_ssh
-  delete_recursive_allowed = var.delete_recursive_allowed
-  name                     = data.cloudfoundry_space.space.name
-  org                      = data.cloudfoundry_org.org.id
-}
-
 ###
 # SES instance
 ###
--- a/terraform/shared/ses/variables.tf
+++ b/terraform/shared/ses/variables.tf
@@ -34,15 +34,3 @@ variable "mail_from_subdomain" {
  description = "Subdomain of email_domain to set as the mail-from header"
  default     = ""
 }
-
-variable "delete_recursive_allowed" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
-}
-
-variable "allow_ssh" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing SSH access in a space - not recommended in production environments"
-}
--- a/terraform/shared/sns/main.tf
+++ b/terraform/shared/sns/main.tf
@@ -11,16 +11,6 @@ data "cloudfoundry_space" "space" {
  name     = var.cf_space_name
 }

-###
-# SNS Space
-###
-resource "cloudfoundry_space" "cf_sns_service_space" {
-  allow_ssh                = var.allow_ssh
-  delete_recursive_allowed = var.delete_recursive_allowed
-  name                     = data.cloudfoundry_space.space.name
-  org                      = data.cloudfoundry_org.org.id
-}
-
 ###
 # SES instance
 ###
--- a/terraform/shared/sns/variables.tf
+++ b/terraform/shared/sns/variables.tf
@@ -22,15 +22,3 @@ variable "monthly_spend_limit" {
  type        = number
  description = "SMS budget limit in USD. Support request must be made before raising above 1"
 }
-
-variable "delete_recursive_allowed" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
-}
-
-variable "allow_ssh" {
-  type        = bool
-  default     = true
-  description = "Flag for allowing SSH access in a space - not recommended in production environments"
-}