PLT-292 Test infra for opt-out-import #51

gsf · 2024-02-20T03:44:16Z

🎫 Ticket

https://jira.cms.gov/browse/PLT-292

🛠 Changes

Refactoring of shared terraform to support test infra for opt-out-import.

ℹ️ Context for reviewers

In adding the opt-out-import test infra I realized we could wrap resources like S3 buckets and KMS keys in modules to standardize configuration. I also updated handling of AWS account IDs to mask them in logs.

I've also dropped the reusable terraform-command workflow, which is both too powerful (allowing one-off infra changes without understanding context) and not flexible enough to enable updates like the ones mentioned in Acceptance Validation below.

Note that these changes will also require updates to roles and buckets in opt-out-import workflows in ab2d-lambdas and dpc-app, and roles in ab2d and ab2d-events.

✅ Acceptance Validation

All terraform plans should pass. I'm also temporarily updating some apply workflows to move resources in state (like tfstate buckets) to avoid deletion. These should be reviewed on merge, and I will follow up with a PR to return those apply workflows to their usual commands.

🔒 Security Implications

None.

gfreeman-navapbc

LGTM

gsf added 4 commits February 18, 2024 13:11

Add bucket module and reference it in opt-out-import

f417312

Pull key and table modules out of tfstate service

39d226b

Make access logs bucket more clear

a10474d

Remove dep on terraform-command from opt-out-import-plan

f1b50c6

gsf self-assigned this Feb 20, 2024

gsf requested a review from a team as a code owner February 20, 2024 03:44

gsf marked this pull request as draft February 20, 2024 03:44

gsf had a problem deploying to ab2d-dev February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to ab2d-test February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to ab2d-sbx February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to ab2d-prod February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to bcda-dev February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to bcda-test February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to bcda-sbx February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to bcda-prod February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to dpc-dev February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to dpc-test February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to dpc-sbx February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to dpc-prod February 20, 2024 03:44 — with GitHub Actions Failure

gsf had a problem deploying to bcda-mgmt February 20, 2024 03:44 — with GitHub Actions Failure

gsf added 10 commits February 19, 2024 22:58

Update tfstate-plan to pass app and env

36c4bae

Rename github-actions-deploy-role to github-actions-role

1cd2b0d

Add tfstate-object-copy script

92a8374

Specify repo access in github-actions-role

ec339fe

Add logic for account secret in opt-out-import-plan

476d44c

Use single quotes in github actions expressions

c70e51d

Add opt-out-import outputs back

f845a41

Update workflows to reference accounts

26f29e6

Remove terraform-command workflow

bc7cbdd

Drop matrix reference from github-actions-runner workflows

96020d8

gsf added 8 commits February 20, 2024 02:18

Update role for image build workflow

1dd54f0

Switch runner image build to new role

c5683c4

Use module for queue key

59a907d

Move state in opt-out-import due to module changes

cc5213b

Add terraform state mv commands to tfstate workflows

0c82029

Fix indent on tfstate workflows

98161c5

Add opt-out-test terraform service

adba9e7

Add workflows for opt-out-test

498809d

gsf marked this pull request as ready for review February 27, 2024 06:26

Add bucket notification resource

3f5893b

gfreeman-navapbc approved these changes Feb 27, 2024

View reviewed changes

gsf merged commit d1223ad into main Feb 27, 2024
63 checks passed

gsf deleted the plt-292-opt-out-import-test-infra branch February 27, 2024 15:47

gsf mentioned this pull request Feb 27, 2024

PLT-292 Opt-out-import apply fixes #54

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PLT-292 Test infra for opt-out-import #51

PLT-292 Test infra for opt-out-import #51

gsf commented Feb 20, 2024 •

edited

Loading

gfreeman-navapbc left a comment

PLT-292 Test infra for opt-out-import #51

PLT-292 Test infra for opt-out-import #51

Conversation

gsf commented Feb 20, 2024 • edited Loading

🎫 Ticket

🛠 Changes

ℹ️ Context for reviewers

✅ Acceptance Validation

🔒 Security Implications

gfreeman-navapbc left a comment

Choose a reason for hiding this comment

gsf commented Feb 20, 2024 •

edited

Loading