Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Replace deprecate aws_cloudwatch_event_rule.is_enabled, requires provide upgrade #3655

Merged
merged 20 commits into from
Dec 20, 2023
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
2f00719
fix: deprecate aws_cloudwatch_event_rule.is_enabled
officel Dec 7, 2023
ec93d75
docs: auto update terraform docs
github-actions[bot] Dec 7, 2023
595382a
fix: use variable for aws_cloudwatch_event_rule.ami_housekeeper.state
officel Dec 8, 2023
725c9e6
docs: auto update terraform docs
github-actions[bot] Dec 8, 2023
f88cbb4
fix: use state for aws_cloudwatch_event_rule.syncer
officel Dec 8, 2023
a107d48
docs: auto update terraform docs
github-actions[bot] Dec 8, 2023
5c7a8d0
fix: rename variable cloudwatch_event_rule_state to state_event_rule_…
officel Dec 11, 2023
67ad8a9
fix: use ssm_housekeeper.state instead of ssm_housekeeper.enable
officel Dec 11, 2023
751101e
docs: auto update terraform docs
github-actions[bot] Dec 11, 2023
096b711
Merge branch 'main' into fix/deprecate_aws_cloudwatch_event_rule.is_e…
npalm Dec 16, 2023
a6e1903
fix: DEPRECATED enable_event_rule_binaries_syncer on top-level module
officel Dec 16, 2023
4cfbe39
docs: auto update terraform docs
github-actions[bot] Dec 16, 2023
9cfd6ed
Merge branch 'main' into fix/deprecate_aws_cloudwatch_event_rule.is_e…
npalm Dec 18, 2023
a151167
fix: DEPRECATED enable_event_rule_binaries_syncer in modules/multi-ru…
officel Dec 19, 2023
5efee46
docs: auto update terraform docs
github-actions[bot] Dec 19, 2023
0e02155
Merge branch 'main' into fix/deprecate_aws_cloudwatch_event_rule.is_e…
npalm Dec 19, 2023
2206895
fix: require aws provider version ~>5.27.0
officel Dec 19, 2023
91ce04c
docs: auto update terraform docs
github-actions[bot] Dec 20, 2023
3345c99
Merge branch 'main' into fix/deprecate_aws_cloudwatch_event_rule.is_e…
npalm Dec 20, 2023
b3a533e
fix: terraform init -upgrade for .terraform.lock.hcl
officel Dec 20, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions modules/ami-housekeeper/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,13 @@ yarn run dist
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.2 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27.0 |

## Modules

Expand Down Expand Up @@ -119,6 +119,7 @@ No modules.
| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix used for naming resources | `string` | `"github-actions"` | no |
| <a name="input_role_path"></a> [role\_path](#input\_role\_path) | The path that will be added to the role, if not set the environment name will be used. | `string` | `null` | no |
| <a name="input_role_permissions_boundary"></a> [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | Permissions boundary that will be added to the created role for the lambda. | `string` | `null` | no |
| <a name="input_state_event_rule_ami_housekeeper"></a> [state\_event\_rule\_ami\_housekeeper](#input\_state\_event\_rule\_ami\_housekeeper) | State of the rule. | `string` | `"ENABLED"` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
| <a name="input_tracing_config"></a> [tracing\_config](#input\_tracing\_config) | Configuration for lambda tracing. | <pre>object({<br> mode = optional(string, null)<br> capture_http_requests = optional(bool, false)<br> capture_error = optional(bool, false)<br> })</pre> | `{}` | no |

Expand Down
2 changes: 1 addition & 1 deletion modules/ami-housekeeper/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ resource "aws_cloudwatch_event_rule" "ami_housekeeper" {
name = "${var.prefix}-ami-housekeeper-rule"
schedule_expression = var.lambda_schedule_expression
tags = var.tags
is_enabled = true
state = var.state_event_rule_ami_housekeeper
}

resource "aws_cloudwatch_event_target" "ami_housekeeper" {
Expand Down
11 changes: 11 additions & 0 deletions modules/ami-housekeeper/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,14 @@ variable "cleanup_config" {
})
default = {}
}

variable "state_event_rule_ami_housekeeper" {
type = string
description = "State of the rule."
default = "ENABLED"

validation {
condition = contains(["ENABLED", "DISABLED", "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS"], var.state_event_rule_ami_housekeeper)
error_message = "`state_event_rule_ami_housekeeper` value is not valid, valid values are: `ENABLED`, `DISABLED`, `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS`."
}
}
2 changes: 1 addition & 1 deletion modules/ami-housekeeper/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.2"
version = "~> 5.27.0"
}
}
}
6 changes: 3 additions & 3 deletions modules/runner-binaries-syncer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ yarn run dist
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.2 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27.0 |

## Modules

Expand Down Expand Up @@ -90,7 +90,6 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no |
| <a name="input_distribution_bucket_name"></a> [distribution\_bucket\_name](#input\_distribution\_bucket\_name) | Bucket for storing the action runner distribution. | `string` | n/a | yes |
| <a name="input_enable_event_rule_binaries_syncer"></a> [enable\_event\_rule\_binaries\_syncer](#input\_enable\_event\_rule\_binaries\_syncer) | Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution | `bool` | `true` | no |
| <a name="input_lambda_architecture"></a> [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"arm64"` | no |
| <a name="input_lambda_principals"></a> [lambda\_principals](#input\_lambda\_principals) | (Optional) add extra principals to the role created for execution of the lambda, e.g. for local testing. | <pre>list(object({<br> type = string<br> identifiers = list(string)<br> }))</pre> | `[]` | no |
| <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs18.x"` | no |
Expand All @@ -112,6 +111,7 @@ No modules.
| <a name="input_s3_logging_bucket_prefix"></a> [s3\_logging\_bucket\_prefix](#input\_s3\_logging\_bucket\_prefix) | Bucket prefix for action runner distribution bucket access logging. | `string` | `null` | no |
| <a name="input_s3_versioning"></a> [s3\_versioning](#input\_s3\_versioning) | Status of S3 versioning for runner-binaries S3 bucket. | `string` | `"Disabled"` | no |
| <a name="input_server_side_encryption_configuration"></a> [server\_side\_encryption\_configuration](#input\_server\_side\_encryption\_configuration) | Map containing server-side encryption configuration for runner-binaries S3 bucket. | `any` | <pre>{<br> "rule": {<br> "apply_server_side_encryption_by_default": {<br> "sse_algorithm": "AES256"<br> }<br> }<br>}</pre> | no |
| <a name="input_state_event_rule_binaries_syncer"></a> [state\_event\_rule\_binaries\_syncer](#input\_state\_event\_rule\_binaries\_syncer) | Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution | `string` | `"ENABLED"` | no |
| <a name="input_syncer_lambda_s3_key"></a> [syncer\_lambda\_s3\_key](#input\_syncer\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
| <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/runner-binaries-syncer/runner-binaries-syncer.tf
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ resource "aws_cloudwatch_event_rule" "syncer" {
name = "${var.prefix}-syncer-rule"
schedule_expression = var.lambda_schedule_expression
tags = var.tags
is_enabled = var.enable_event_rule_binaries_syncer
state = var.state_event_rule_binaries_syncer
}

resource "aws_cloudwatch_event_target" "syncer" {
Expand Down
11 changes: 8 additions & 3 deletions modules/runner-binaries-syncer/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,15 @@ variable "s3_logging_bucket_prefix" {
}
}

variable "enable_event_rule_binaries_syncer" {
type = bool
default = true
variable "state_event_rule_binaries_syncer" {
npalm marked this conversation as resolved.
Show resolved Hide resolved
type = string
description = "Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution"
default = "ENABLED"

validation {
condition = contains(["ENABLED", "DISABLED", "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS"], var.state_event_rule_binaries_syncer)
error_message = "`state_event_rule_binaries_syncer` value is not valid, valid values are: `ENABLED`, `DISABLED`, `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS`."
}
}

variable "lambda_schedule_expression" {
Expand Down
2 changes: 1 addition & 1 deletion modules/runner-binaries-syncer/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.2"
version = "~> 5.27.0"
}
}
}
6 changes: 3 additions & 3 deletions modules/runners/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,13 @@ yarn run dist
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.2 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27.0 |

## Modules

Expand Down Expand Up @@ -210,7 +210,7 @@ yarn run dist
| <a name="input_scale_down_schedule_expression"></a> [scale\_down\_schedule\_expression](#input\_scale\_down\_schedule\_expression) | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no |
| <a name="input_scale_up_reserved_concurrent_executions"></a> [scale\_up\_reserved\_concurrent\_executions](#input\_scale\_up\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the scale-up lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `number` | `1` | no |
| <a name="input_sqs_build_queue"></a> [sqs\_build\_queue](#input\_sqs\_build\_queue) | SQS queue to consume accepted build events. | <pre>object({<br> arn = string<br> })</pre> | n/a | yes |
| <a name="input_ssm_housekeeper"></a> [ssm\_housekeeper](#input\_ssm\_housekeeper) | Configuration for the SSM housekeeper lambda. This lambda deletes token / JIT config from SSM.<br><br> `schedule_expression`: is used to configure the schedule for the lambda.<br> `enabled`: enable or disable the lambda trigger via the EventBridge.<br> `lambda_timeout`: timeout for the lambda in seconds.<br> `config`: configuration for the lambda function. Token path will be read by default from the module. | <pre>object({<br> schedule_expression = optional(string, "rate(1 day)")<br> enabled = optional(bool, true)<br> lambda_timeout = optional(number, 60)<br> config = object({<br> tokenPath = optional(string)<br> minimumDaysOld = optional(number, 1)<br> dryRun = optional(bool, false)<br> })<br> })</pre> | <pre>{<br> "config": {}<br>}</pre> | no |
| <a name="input_ssm_housekeeper"></a> [ssm\_housekeeper](#input\_ssm\_housekeeper) | Configuration for the SSM housekeeper lambda. This lambda deletes token / JIT config from SSM.<br><br> `schedule_expression`: is used to configure the schedule for the lambda.<br> `state`: state of the cloudwatch event rule. Valid values are `DISABLED`, `ENABLED`, and `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS`.<br> `lambda_timeout`: timeout for the lambda in seconds.<br> `config`: configuration for the lambda function. Token path will be read by default from the module. | <pre>object({<br> schedule_expression = optional(string, "rate(1 day)")<br> state = optional(string, "ENABLED")<br> lambda_timeout = optional(number, 60)<br> config = object({<br> tokenPath = optional(string)<br> minimumDaysOld = optional(number, 1)<br> dryRun = optional(bool, false)<br> })<br> })</pre> | <pre>{<br> "config": {}<br>}</pre> | no |
| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br> root = string<br> tokens = string<br> config = string<br> })</pre> | n/a | yes |
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name. | `map(string)` | `{}` | no |
Expand Down
4 changes: 2 additions & 2 deletions modules/runners/ssm-housekeeper.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
ssm_housekeeper = {
schedule_expression = var.ssm_housekeeper.schedule_expression
enabled = var.ssm_housekeeper.enabled
state = var.ssm_housekeeper.state
lambda_timeout = var.ssm_housekeeper.lambda_timeout
config = {
tokenPath = var.ssm_housekeeper.config.tokenPath == null ? local.token_path : var.ssm_housekeeper.config.tokenPath
Expand Down Expand Up @@ -65,7 +65,7 @@ resource "aws_cloudwatch_event_rule" "ssm_housekeeper" {
name = "${var.prefix}-ssm-housekeeper"
schedule_expression = local.ssm_housekeeper.schedule_expression
tags = var.tags
is_enabled = local.ssm_housekeeper.enabled
state = local.ssm_housekeeper.state
}

resource "aws_cloudwatch_event_target" "ssm_housekeeper" {
Expand Down
4 changes: 2 additions & 2 deletions modules/runners/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -613,13 +613,13 @@ variable "ssm_housekeeper" {
Configuration for the SSM housekeeper lambda. This lambda deletes token / JIT config from SSM.

`schedule_expression`: is used to configure the schedule for the lambda.
`enabled`: enable or disable the lambda trigger via the EventBridge.
`state`: state of the cloudwatch event rule. Valid values are `DISABLED`, `ENABLED`, and `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS`.
`lambda_timeout`: timeout for the lambda in seconds.
`config`: configuration for the lambda function. Token path will be read by default from the module.
EOF
type = object({
schedule_expression = optional(string, "rate(1 day)")
enabled = optional(bool, true)
state = optional(string, "ENABLED")
lambda_timeout = optional(number, 60)
config = object({
tokenPath = optional(string)
Expand Down
2 changes: 1 addition & 1 deletion modules/runners/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.2"
version = "~> 5.27.0"
}
}
}
Loading