start upgrading terraform provider

.github/workflows/deploy.yml

@@ -36,6 +36,35 @@ jobs:
         AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
       run: terraform init
+
+
+    # Some excitement for later.  When we have a module we cannot just delete
+    # (db, csv_bucket) we need to modify the state in the tfstate file.
+    #
+    # Once both providers are defined in the providers.tf, the order of operations should be
+    #
+    # 1. Uncomment this command and let it run as part of CI/CD.  This alters the state,
+    #    but the module will be temporarily unusable
+    # 2. Go back to main.tf and update the module syntax and parameters for the new provider
+    # 3. Go through the CI/CD again, at this point it should work.
+    #
+    # - name: Terraform change provider
+    #   working-directory: terraform/staging
+    #   env:
+    #     AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
+    #     AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
+    #     TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
+    #     TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
+    #   run: |
+    #     terraform state pull | jq '
+    #       .resources |= map(select(.module == "module.csv_upload_bucket"))
+    #     ' > module-csv_upload_bucket.tfstate
+    #     terraform state replace-provider \
+    #       -state=module-csv_upload_bucket.tfstate \
+    #       'registry.terraform.io/cloudfoundry-community/cloudfoundry' \
+    #       'registry.terraform.io/cloudfoundry/cloudfoundry'
+    #     terraform state push module-csv_upload_bucket.tfstate
+
     - name: Terraform apply
       working-directory: terraform/staging
       env:

terraform/staging/main.tf

@@ -21,19 +21,21 @@ module "database" {
   rds_plan_name = "small-psql"
 }
 
-module "redis-v70" {
-  source = "github.com/GSA-TTS/terraform-cloudgov//redis?ref=v1.0.0"
-
-  cf_org_name     = local.cf_org_name
-  cf_space_name   = local.cf_space_name
-  name            = "${local.app_name}-redis-v70-${local.env}"
-  redis_plan_name = "redis-dev"
-  json_params = jsonencode(
-    {
-      "engineVersion" : "7.0",
-    }
-  )
-}
+# module "redis-v70" {
+# source = "github.com/GSA-TTS/terraform-cloudgov//redis?ref=v2.4.0"
+# Right now the default is cfcommunity, remove this when default is cloudfoundry
+# providers = {
+# cloudfoundry = cloudfoundry.official
+# }
+# cf_space_id     = data.cloudfoundry_space.space.id
+# name            = "${local.app_name}-redis-v70-${local.env}"
+# redis_plan_name = "redis-dev"
+# json_params = jsonencode(
+# {
+# "engineVersion" : "7.0",
+# }
+# )
+# }
 
 module "csv_upload_bucket" {
   source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v1.0.0"

terraform/staging/providers.tf

@@ -2,6 +2,10 @@ terraform {
   required_version = "~> 1.7"
   required_providers {
     cloudfoundry = {
+      source  = "cloudfoundry/cloudfoundry"
+      version = "1.9.0"
+    }
+    cfcommunity = {
       source  = "cloudfoundry-community/cloudfoundry"
       version = "0.53.1"
     }
@@ -9,14 +13,23 @@ terraform {
 
   backend "s3" {
     bucket       = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0"
-    key          = "api.tfstate.stage"
+    key          = "admin.tfstate.stage"
     encrypt      = "true"
     region       = "us-gov-west-1"
     use_lockfile = "true"
   }
 }
 
+# Official provider (should be default but aliased for now)
 provider "cloudfoundry" {
+  alias    = "official"
+  api_url  = "https://api.fr.cloud.gov"
+  user     = var.cf_user
+  password = var.cf_password
+}
+
+# Community provider (should be aliased but default for now)
+provider "cfcommunity" {
   api_url      = "https://api.fr.cloud.gov"
   user         = var.cf_user
   password     = var.cf_password