From 2c0585488934e96ccf70df2ae1f2a7040ed06c1e Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:20:09 -0700 Subject: [PATCH 01/14] updating logic for plan action and adding module validation --- .github/workflows/terraform-plan.yml | 123 +++++++++++++++++---------- 1 file changed, 77 insertions(+), 46 deletions(-) diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index d6f0b96..9b56912 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -1,6 +1,10 @@ name: PR Terraform Plan -on: [pull_request] +on: + pull_request: + paths: + - 'terraform-incubator/**' + - 'terraform-modules/**' permissions: contents: read @@ -11,14 +15,17 @@ jobs: name: Get changed terraform directories runs-on: ubuntu-latest outputs: - module-change: ${{ steps.changed-files.outputs.module-change }} - project-change: ${{ steps.changed-files.outputs.project-change }} - environment-change: ${{ steps.changed-files.outputs.environment-change }} + module-directory: ${{ steps.module-directory.outputs.directory }} + project-directory: ${{ steps.project-directory.outputs.directory }} + environment-directory: ${{ steps.environment-directory.outputs.directory }} + has-environment-changes: ${{ steps.check-changes.outputs.has-environment-changes }} + has-project-changes: ${{ steps.check-changes.outputs.has-project-changes }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Get changed files id: changed-files uses: dorny/paths-filter@v2 @@ -31,59 +38,83 @@ jobs: environment-change: - 'terraform-incubator/*/!(project)/*.tf' list-files: json + - name: List all changed files - run: echo '${{ steps.changed-files.outputs.module-change_files }}'; echo '${{ steps.changed-files.outputs.project-change_files }}'; echo '${{ steps.changed-files.outputs.environment-change_files }}' - plan-all: - runs-on: ubuntu-latest - name: Terraform plan - all directories - needs: [changed-files] - if: ${{ needs.changed-files.outputs.module-change == 'true' }} - strategy: - matrix: - directory: ${{ needs.changed-files.outputs.environment-change }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - AWS_ACCESS_KEY_ID: ${{secrets.INCUBATOR_AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY}} - steps: - - name: Checkout - uses: actions/checkout@v3 + run: | + echo 'module-change: ${{ steps.changed-files.outputs.module-change_files }}' + echo 'project-change: ${{ steps.changed-files.outputs.project-change_files }}' + echo 'environment-change: ${{ steps.changed-files.outputs.environment-change_files }}' - - name: terraform plan - uses: dflook/terraform-plan@v1 - with: - path: ${{ matrix.directory }} - plan-project: + - name: Extract module directory + id: module-directory + if: ${{ steps.changed-files.outputs['module-change'] == 'true' }} + run: | + directory=$(dirname "${{ fromJson(steps.changed-files.outputs.module-change_files)[0] }}") + echo "Extracted Directory: $directory" + echo "::set-output name=directory::$directory" + + - name: Extract project directory + id: project-directory + if: ${{ steps.changed-files.outputs['project-change'] == 'true' }} + run: | + directory=$(dirname "${{ fromJson(steps.changed-files.outputs.project-change_files)[0] }}") + echo "Extracted Directory: $directory" + echo "::set-output name=directory::$directory" + + - name: Extract environment directory + id: environment-directory + if: ${{ steps.changed-files.outputs['environment-change'] == 'true' }} + run: | + directory=$(dirname "${{ fromJson(steps.changed-files.outputs.environment-change_files)[0] }}") + echo "Extracted Directory: $directory" + echo "::set-output name=directory::$directory" + + - name: Check for conflicting changes + id: check-changes + run: | + echo "::set-output name=has-environment-changes::${{ steps.changed-files.outputs.environment-change_files != '[]' }}" + echo "::set-output name=has-project-changes::${{ steps.changed-files.outputs.project-change_files != '[]' }}" + + plan: runs-on: ubuntu-latest - name: Terraform plan - Project changes + name: Terraform Plan needs: [changed-files] - if: ${{ needs.changed-files.outputs.project-change == 'true' && needs.changed-files.outputs.module-change == 'false'}} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - AWS_ACCESS_KEY_ID: ${{secrets.INCUBATOR_AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY}} + AWS_ACCESS_KEY_ID: ${{ secrets.INCUBATOR_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY }} steps: - name: Checkout uses: actions/checkout@v3 - - name: terraform plan + - name: Fail on multiple plans + if: ${{ needs.changed-files.outputs.has-environment-changes == 'true' && needs.changed-files.outputs.has-project-changes == 'true' }} + run: | + echo "Multiple plans detected: Please make changes to environments and projects in separate pull requests." + exit 1 + + - name: Terraform validate - Modules + if: ${{ needs.changed-files.outputs.module-directory != '' && needs.changed-files.outputs.environment-directory == '' && needs.changed-files.outputs.project-directory == '' }} + run: | + echo "Validating module changes..." + mkdir -p ./temp-validate + cat > ./temp-validate/main.tf < Date: Sat, 18 May 2024 15:35:47 -0700 Subject: [PATCH 02/14] adding a module to test --- terraform-modules/cognito/main.tf | 19 +++++++++++++++++++ terraform-modules/cognito/outputs.tf | 9 +++++++++ terraform-modules/cognito/variables.tf | 17 +++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 terraform-modules/cognito/main.tf create mode 100644 terraform-modules/cognito/outputs.tf create mode 100644 terraform-modules/cognito/variables.tf diff --git a/terraform-modules/cognito/main.tf b/terraform-modules/cognito/main.tf new file mode 100644 index 0000000..de781f6 --- /dev/null +++ b/terraform-modules/cognito/main.tf @@ -0,0 +1,19 @@ +resource "aws_cognito_user_pool" "main" { + name = var.user_pool_name + + // Add additional configurations here according to project needs +} + +resource "aws_cognito_user_pool_client" "main" { + name = var.client_name + user_pool_id = aws_cognito_user_pool.main.id + + // Configure client here + // For example: + generate_secret = false + allowed_oauth_flows = ["code", "implicit"] + allowed_oauth_scopes = ["email", "openid"] + allowed_oauth_flows_user_pool_client = true + + // Other configurations like callback URLs, logout URLs, etc. +} \ No newline at end of file diff --git a/terraform-modules/cognito/outputs.tf b/terraform-modules/cognito/outputs.tf new file mode 100644 index 0000000..d67416b --- /dev/null +++ b/terraform-modules/cognito/outputs.tf @@ -0,0 +1,9 @@ +output "user_pool_id" { + description = "The ID of the Cognito User Pool" + value = aws_cognito_user_pool.main.id +} + +output "user_pool_client_id" { + description = "The ID of the Cognito User Pool Client" + value = aws_cognito_user_pool_client.main.id +} \ No newline at end of file diff --git a/terraform-modules/cognito/variables.tf b/terraform-modules/cognito/variables.tf new file mode 100644 index 0000000..689dfc2 --- /dev/null +++ b/terraform-modules/cognito/variables.tf @@ -0,0 +1,17 @@ +variable "region" { + description = "AWS region" + type = string + default = "us-west-2" +} + +variable "user_pool_name" { + description = "Name of the Cognito User Pool" + type = string + default = "" +} + +variable "client_name" { + description = "Name of the Cognito User Pool Client" + type = string + default = "" +} \ No newline at end of file From e4aed67f0f52f860176c76035484210ab2ea74b7 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:39:32 -0700 Subject: [PATCH 03/14] using dflook to validate --- .github/workflows/terraform-plan.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index 9b56912..cf65850 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -95,18 +95,10 @@ jobs: - name: Terraform validate - Modules if: ${{ needs.changed-files.outputs.module-directory != '' && needs.changed-files.outputs.environment-directory == '' && needs.changed-files.outputs.project-directory == '' }} - run: | - echo "Validating module changes..." - mkdir -p ./temp-validate - cat > ./temp-validate/main.tf < Date: Sat, 18 May 2024 15:42:16 -0700 Subject: [PATCH 04/14] adding failure message --- .github/workflows/terraform-plan.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index cf65850..7a75eeb 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -98,6 +98,10 @@ jobs: uses: dflook/terraform-validate@v1 with: path: ${{ needs.changed-files.outputs.module-directory }} + + - name: Module validation failed + if: ${{ failure() && steps.validate.outputs.failure-reason == 'validate-failed' }} + run: echo "Module validation failed" - name: Terraform plan - Environment if: ${{ needs.changed-files.outputs.environment-directory != '' && (needs.changed-files.outputs.project-directory == '' || needs.changed-files.outputs.has-environment-changes == 'true') }} From b1301c841fb9b856a010d50c11630af5ea568853 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:44:30 -0700 Subject: [PATCH 05/14] causing module failure --- terraform-modules/cognito/variables.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/terraform-modules/cognito/variables.tf b/terraform-modules/cognito/variables.tf index 689dfc2..3729d92 100644 --- a/terraform-modules/cognito/variables.tf +++ b/terraform-modules/cognito/variables.tf @@ -9,9 +9,3 @@ variable "user_pool_name" { type = string default = "" } - -variable "client_name" { - description = "Name of the Cognito User Pool Client" - type = string - default = "" -} \ No newline at end of file From a14f9294946234844e6e23eb16d9315b99399a78 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:46:04 -0700 Subject: [PATCH 06/14] restoring variable to pass --- terraform-modules/cognito/variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform-modules/cognito/variables.tf b/terraform-modules/cognito/variables.tf index 3729d92..689dfc2 100644 --- a/terraform-modules/cognito/variables.tf +++ b/terraform-modules/cognito/variables.tf @@ -9,3 +9,9 @@ variable "user_pool_name" { type = string default = "" } + +variable "client_name" { + description = "Name of the Cognito User Pool Client" + type = string + default = "" +} \ No newline at end of file From 7af7038d588c8b762bedde7cf0d0cbc23e36b346 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:48:06 -0700 Subject: [PATCH 07/14] testing env change --- terraform-incubator/people-depot/dev/main.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/terraform-incubator/people-depot/dev/main.tf b/terraform-incubator/people-depot/dev/main.tf index 65f8812..7f74c43 100644 --- a/terraform-incubator/people-depot/dev/main.tf +++ b/terraform-incubator/people-depot/dev/main.tf @@ -15,10 +15,12 @@ provider "aws" { variable "root_db_password" { type = string description = "root database password" + default = "password" } variable "app_db_password" { type = string + default = "password" } module "dev" { @@ -29,6 +31,13 @@ module "dev" { container_image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:latest" } +module "cognito" { + source = "../../../terraform-modules/cognito" + + region = "us-west-2" + user_pool_name = "people-depot-user-pool" + client_name = "people-depot-client" +} moved { from = module.ecr.aws_ecr_repository.this to = module.dev.module.people_depot.module.ecr.aws_ecr_repository.this From 5dcd6dfd1e1047fd1dec78f0272ce4b61af85c4a Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:52:49 -0700 Subject: [PATCH 08/14] testing changes in two directories --- terraform-incubator/people-depot/dev/main.tf | 7 ------- terraform-incubator/people-depot/project/main.tf | 11 +++++++++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/terraform-incubator/people-depot/dev/main.tf b/terraform-incubator/people-depot/dev/main.tf index 7f74c43..d552c46 100644 --- a/terraform-incubator/people-depot/dev/main.tf +++ b/terraform-incubator/people-depot/dev/main.tf @@ -31,13 +31,6 @@ module "dev" { container_image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:latest" } -module "cognito" { - source = "../../../terraform-modules/cognito" - - region = "us-west-2" - user_pool_name = "people-depot-user-pool" - client_name = "people-depot-client" -} moved { from = module.ecr.aws_ecr_repository.this to = module.dev.module.people_depot.module.ecr.aws_ecr_repository.this diff --git a/terraform-incubator/people-depot/project/main.tf b/terraform-incubator/people-depot/project/main.tf index cc3c0c9..2424d10 100644 --- a/terraform-incubator/people-depot/project/main.tf +++ b/terraform-incubator/people-depot/project/main.tf @@ -64,15 +64,26 @@ module "people_depot" { root_db_password = var.root_db_password } +module "cognito" { + source = "../../../terraform-modules/cognito" + + region = "us-west-2" + user_pool_name = "people-depot-user-pool" + client_name = "people-depot-client" +} + variable "root_db_password" { type = string description = "root database password" + default = "password" } variable "app_db_password" { type = string + default = "password" } variable "container_image" { type = string + default = "ubuntu:latest" } From efa8e7050c300b701e83d3d35b6b293c258f3f46 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:54:26 -0700 Subject: [PATCH 09/14] testing changes to project --- terraform-incubator/people-depot/dev/main.tf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform-incubator/people-depot/dev/main.tf b/terraform-incubator/people-depot/dev/main.tf index d552c46..a091cd3 100644 --- a/terraform-incubator/people-depot/dev/main.tf +++ b/terraform-incubator/people-depot/dev/main.tf @@ -15,12 +15,10 @@ provider "aws" { variable "root_db_password" { type = string description = "root database password" - default = "password" } variable "app_db_password" { type = string - default = "password" } module "dev" { @@ -31,6 +29,14 @@ module "dev" { container_image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:latest" } +module "cognito" { + source = "../../../terraform-modules/cognito" + + region = "us-west-2" + user_pool_name = "people-depot-user-pool" + client_name = "people-depot-client" +} + moved { from = module.ecr.aws_ecr_repository.this to = module.dev.module.people_depot.module.ecr.aws_ecr_repository.this From 7f481c71f7a1edf17ed777fd32c293ded58e1608 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:55:24 -0700 Subject: [PATCH 10/14] testing project change --- terraform-incubator/people-depot/dev/main.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/terraform-incubator/people-depot/dev/main.tf b/terraform-incubator/people-depot/dev/main.tf index a091cd3..65f8812 100644 --- a/terraform-incubator/people-depot/dev/main.tf +++ b/terraform-incubator/people-depot/dev/main.tf @@ -29,14 +29,6 @@ module "dev" { container_image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:latest" } -module "cognito" { - source = "../../../terraform-modules/cognito" - - region = "us-west-2" - user_pool_name = "people-depot-user-pool" - client_name = "people-depot-client" -} - moved { from = module.ecr.aws_ecr_repository.this to = module.dev.module.people_depot.module.ecr.aws_ecr_repository.this From cf73687f10edfda6ef21f3129dbd0e821e230bda Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 15:59:59 -0700 Subject: [PATCH 11/14] removing project change --- terraform-incubator/people-depot/project/main.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/terraform-incubator/people-depot/project/main.tf b/terraform-incubator/people-depot/project/main.tf index 2424d10..6a2d399 100644 --- a/terraform-incubator/people-depot/project/main.tf +++ b/terraform-incubator/people-depot/project/main.tf @@ -64,14 +64,6 @@ module "people_depot" { root_db_password = var.root_db_password } -module "cognito" { - source = "../../../terraform-modules/cognito" - - region = "us-west-2" - user_pool_name = "people-depot-user-pool" - client_name = "people-depot-client" -} - variable "root_db_password" { type = string description = "root database password" From aeceda5099c7d0f659d4d1070aada896eab859ec Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 16:00:34 -0700 Subject: [PATCH 12/14] removing project --- terraform-incubator/people-depot/project/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform-incubator/people-depot/project/main.tf b/terraform-incubator/people-depot/project/main.tf index 6a2d399..ee1434c 100644 --- a/terraform-incubator/people-depot/project/main.tf +++ b/terraform-incubator/people-depot/project/main.tf @@ -64,6 +64,7 @@ module "people_depot" { root_db_password = var.root_db_password } + variable "root_db_password" { type = string description = "root database password" From d78937209a5c4e2730cba582aefc50bc91ea67a8 Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Sat, 18 May 2024 16:01:17 -0700 Subject: [PATCH 13/14] removing project changes --- terraform-incubator/people-depot/project/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform-incubator/people-depot/project/main.tf b/terraform-incubator/people-depot/project/main.tf index ee1434c..cc3c0c9 100644 --- a/terraform-incubator/people-depot/project/main.tf +++ b/terraform-incubator/people-depot/project/main.tf @@ -64,19 +64,15 @@ module "people_depot" { root_db_password = var.root_db_password } - variable "root_db_password" { type = string description = "root database password" - default = "password" } variable "app_db_password" { type = string - default = "password" } variable "container_image" { type = string - default = "ubuntu:latest" } From 61195a027e86082ba2663579ef852a2ea989ee7c Mon Sep 17 00:00:00 2001 From: Chelsey Beck Date: Wed, 29 May 2024 18:26:11 -0700 Subject: [PATCH 14/14] removing cognito module --- terraform-modules/cognito/main.tf | 19 ------------------- terraform-modules/cognito/outputs.tf | 9 --------- terraform-modules/cognito/variables.tf | 17 ----------------- 3 files changed, 45 deletions(-) delete mode 100644 terraform-modules/cognito/main.tf delete mode 100644 terraform-modules/cognito/outputs.tf delete mode 100644 terraform-modules/cognito/variables.tf diff --git a/terraform-modules/cognito/main.tf b/terraform-modules/cognito/main.tf deleted file mode 100644 index de781f6..0000000 --- a/terraform-modules/cognito/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "aws_cognito_user_pool" "main" { - name = var.user_pool_name - - // Add additional configurations here according to project needs -} - -resource "aws_cognito_user_pool_client" "main" { - name = var.client_name - user_pool_id = aws_cognito_user_pool.main.id - - // Configure client here - // For example: - generate_secret = false - allowed_oauth_flows = ["code", "implicit"] - allowed_oauth_scopes = ["email", "openid"] - allowed_oauth_flows_user_pool_client = true - - // Other configurations like callback URLs, logout URLs, etc. -} \ No newline at end of file diff --git a/terraform-modules/cognito/outputs.tf b/terraform-modules/cognito/outputs.tf deleted file mode 100644 index d67416b..0000000 --- a/terraform-modules/cognito/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "user_pool_id" { - description = "The ID of the Cognito User Pool" - value = aws_cognito_user_pool.main.id -} - -output "user_pool_client_id" { - description = "The ID of the Cognito User Pool Client" - value = aws_cognito_user_pool_client.main.id -} \ No newline at end of file diff --git a/terraform-modules/cognito/variables.tf b/terraform-modules/cognito/variables.tf deleted file mode 100644 index 689dfc2..0000000 --- a/terraform-modules/cognito/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "region" { - description = "AWS region" - type = string - default = "us-west-2" -} - -variable "user_pool_name" { - description = "Name of the Cognito User Pool" - type = string - default = "" -} - -variable "client_name" { - description = "Name of the Cognito User Pool Client" - type = string - default = "" -} \ No newline at end of file