From 61703471bbad855c972a9e9062a8977cab59db4f Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Tue, 12 Mar 2024 13:59:08 -0400 Subject: [PATCH] Fix remaining Terraform for production and demo This changeset adjusts our Terraform for the production and demo environments so that the new delete_recursive_allowed with the Cloud Foundry Cloud Controller is set to false. It also updates the shared modules to all explicitly account for this property so that we can set the flag easily. Signed-off-by: Carlo Costino --- terraform/demo/main.tf | 73 ++++++++++++++------------ terraform/demo/providers.tf | 2 +- terraform/production/main.tf | 75 +++++++++++++++------------ terraform/production/providers.tf | 2 +- terraform/shared/egress_space/main.tf | 2 +- terraform/shared/ses/main.tf | 9 ++++ terraform/shared/ses/variables.tf | 6 +++ terraform/shared/sns/main.tf | 9 ++++ terraform/shared/sns/variables.tf | 6 +++ 9 files changed, 116 insertions(+), 68 deletions(-) diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf index 615f92670..5f3f8525e 100644 --- a/terraform/demo/main.tf +++ b/terraform/demo/main.tf @@ -1,38 +1,46 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-demo" - env = "demo" - app_name = "notify-api" - recursive_delete = false + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-demo" + env = "demo" + app_name = "notify-api" + delete_recursive_allowed = false +} + +data "cloudfoundry_space" "demo" { + org_name = local.cf_org_name + name = local.cf_space_name +} + +resource "cloudfoundry_space" "notify-demo" { + delete_recursive_allowed = local.delete_recursive_allowed + name = local.cf_space_name + org = data.cloudfoundry_org.org.id } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - recursive_delete = local.recursive_delete - rds_plan_name = "micro-psql" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "micro-psql" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - recursive_delete = local.recursive_delete - redis_plan_name = "redis-dev" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "redis-dev" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - recursive_delete = local.recursive_delete - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -40,6 +48,7 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name + delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user, "steven.reilly@gsa.gov" @@ -49,22 +58,22 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-west-2" - email_domain = "notify.sandbox.10x.gsa.gov" - email_receipt_error = "notify-support@gsa.gov" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-west-2" + email_domain = "notify.sandbox.10x.gsa.gov" + email_receipt_error = "notify-support@gsa.gov" + delete_recursive_allowed = local.delete_recursive_allowed } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-east-1" - monthly_spend_limit = 25 + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-east-1" + monthly_spend_limit = 25 + delete_recursive_allowed = local.delete_recursive_allowed } diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf index f13333d3e..34ba30a62 100644 --- a/terraform/demo/providers.tf +++ b/terraform/demo/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.0" + version = "0.53.1" } } diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 5a2c520b1..c4ca005f5 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -1,38 +1,46 @@ locals { - cf_org_name = "gsa-tts-benefits-studio" - cf_space_name = "notify-production" - env = "production" - app_name = "notify-api" - recursive_delete = false + cf_org_name = "gsa-tts-benefits-studio" + cf_space_name = "notify-production" + env = "production" + app_name = "notify-api" + delete_recursive_allowed = false +} + +data "cloudfoundry_space" "production" { + org_name = local.cf_org_name + name = local.cf_space_name +} + +resource "cloudfoundry_space" "notify-production" { + delete_recursive_allowed = local.delete_recursive_allowed + name = local.cf_space_name + org = data.cloudfoundry_org.org.id } module "database" { source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-rds-${local.env}" - recursive_delete = local.recursive_delete - rds_plan_name = "small-psql-redundant" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "small-psql-redundant" } module "redis" { source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-redis-${local.env}" - recursive_delete = local.recursive_delete - redis_plan_name = "redis-3node-large" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "redis-3node-large" } module "csv_upload_bucket" { source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - recursive_delete = local.recursive_delete - name = "${local.app_name}-csv-upload-bucket-${local.env}" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-csv-upload-bucket-${local.env}" } module "egress-space" { @@ -40,6 +48,7 @@ module "egress-space" { cf_org_name = local.cf_org_name cf_restricted_space_name = local.cf_space_name + delete_recursive_allowed = local.delete_recursive_allowed deployers = [ var.cf_user ] @@ -48,25 +57,25 @@ module "egress-space" { module "ses_email" { source = "../shared/ses" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-ses-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-gov-west-1" - email_domain = "notify.gov" - mail_from_subdomain = "mail" - email_receipt_error = "notify-support@gsa.gov" + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-ses-${local.env}" + aws_region = "us-gov-west-1" + email_domain = "notify.gov" + mail_from_subdomain = "mail" + email_receipt_error = "notify-support@gsa.gov" + delete_recursive_allowed = local.delete_recursive_allowed } module "sns_sms" { source = "../shared/sns" - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - name = "${local.app_name}-sns-${local.env}" - recursive_delete = local.recursive_delete - aws_region = "us-gov-west-1" - monthly_spend_limit = 1000 + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-sns-${local.env}" + aws_region = "us-gov-west-1" + monthly_spend_limit = 1000 + delete_recursive_allowed = local.delete_recursive_allowed } ########################################################################### diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf index 499759f48..b5c45f63e 100644 --- a/terraform/production/providers.tf +++ b/terraform/production/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" - version = "0.53.0" + version = "0.53.1" } } diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf index 5d4b53354..066f0ba58 100644 --- a/terraform/shared/egress_space/main.tf +++ b/terraform/shared/egress_space/main.tf @@ -11,7 +11,7 @@ data "cloudfoundry_org" "org" { ### resource "cloudfoundry_space" "public_egress" { - delete_recursive_allowed = false + delete_recursive_allowed = var.delete_recursive_allowed name = "${var.cf_restricted_space_name}-egress" org = data.cloudfoundry_org.org.id } diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf index 4c1bb54b9..1bee9a74a 100644 --- a/terraform/shared/ses/main.tf +++ b/terraform/shared/ses/main.tf @@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } +### +# SES Space +### +resource "cloudfoundry_space" "cf_ses_service_space" { + delete_recursive_allowed = var.delete_recursive_allowed + name = data.cloudfoundry_space.space.name + org = data.cloudfoundry_org.org.id +} + ### # SES instance ### diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf index a92261656..35e8cad8c 100644 --- a/terraform/shared/ses/variables.tf +++ b/terraform/shared/ses/variables.tf @@ -34,3 +34,9 @@ variable "mail_from_subdomain" { description = "Subdomain of email_domain to set as the mail-from header" default = "" } + +variable "delete_recursive_allowed" { + type = bool + default = true + description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" +} diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf index aa0079f92..2df89907d 100644 --- a/terraform/shared/sns/main.tf +++ b/terraform/shared/sns/main.tf @@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" { name = var.cf_space_name } +### +# SNS Space +### +resource "cloudfoundry_space" "cf_sns_service_space" { + delete_recursive_allowed = var.delete_recursive_allowed + name = data.cloudfoundry_space.space.name + org = data.cloudfoundry_org.org.id +} + ### # SES instance ### diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf index acf7c5010..801e41504 100644 --- a/terraform/shared/sns/variables.tf +++ b/terraform/shared/sns/variables.tf @@ -22,3 +22,9 @@ variable "monthly_spend_limit" { type = number description = "SMS budget limit in USD. Support request must be made before raising above 1" } + +variable "delete_recursive_allowed" { + type = bool + default = true + description = "Flag for allowing resources to be recursively deleted - not recommended in production environments" +}