fix(notes:infra): fix note deployment and separate r/w endpoints #971

kschelonka · 2024-11-22T00:58:15Z

The notes deployment was failing because it was expecting a secret that was only created for mysql RDS instances.

This PR updates the module to create it for Postgres instances too.

It also updates the application code to have separate read/write connections, and changes all the existing connections to be read-only (since no mutations have been implemented).

github-actions · 2024-11-22T00:59:41Z

Plan Result (feature-flags-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 1 to add, 0 to change, 1 to destroy.

Replace
- aws_secretsmanager_secret_version.rds_rds_secret_version_11D8C2B1

Change Result (Click me)

  # aws_secretsmanager_secret_version.rds_rds_secret_version_11D8C2B1 must be replaced
-/+ resource "aws_secretsmanager_secret_version" "rds_rds_secret_version_11D8C2B1" {
      ~ arn            = "arn:aws:secretsmanager:us-east-1:996905175585:secret:FeatureFlags-Prod/featureflags-prod-auroradb-1tbz240e1m-auroradbapp-lva51ecuta8p-vdtnpc" -> (known after apply)
      ~ id             = "arn:aws:secretsmanager:us-east-1:996905175585:secret:FeatureFlags-Prod/featureflags-prod-auroradb-1tbz240e1m-auroradbapp-lva51ecuta8p-vdtnpc|terraform-20240924224927912700000001" -> (known after apply)
      ~ secret_string  = (sensitive value) # forces replacement
      ~ version_id     = "terraform-20240924224927912700000001" -> (known after apply)
      ~ version_stages = [
          - "AWSCURRENT",
        ] -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

github-actions · 2024-11-22T01:00:20Z

Plan Result (notes-api-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 0 to change, 2 to destroy.

Replace
- aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4
- aws_secretsmanager_secret_version.rds_rds_secret_version_11D8C2B1

Change Result (Click me)

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/NotesAPI-Prod:1" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/NotesAPI-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                    name                   = "app"
                  ~ secrets                = [
                      - {
                          - name      = "DATABASE_HOST"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU:host::"
                        },
                        {
                            name      = "DATABASE_NAME"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU:dbname::"
                        },
                        # (3 unchanged elements hidden)
                        {
                            name      = "DATABASE_USER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU:username::"
                        },
                      + {
                          + name      = "DB_READ_HOST"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU:host::"
                        },
                      + {
                          + name      = "DB_WRITE_HOST"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU:host::"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/NotesAPI/Prod/SENTRY_DSN"
                        },
                        # (2 unchanged elements hidden)
                    ]
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "NotesAPI-Prod" -> (known after apply)
      ~ revision                 = 1 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-notesapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "NotesAPI"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_secretsmanager_secret_version.rds_rds_secret_version_11D8C2B1 must be replaced
-/+ resource "aws_secretsmanager_secret_version" "rds_rds_secret_version_11D8C2B1" {
      ~ arn            = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU" -> (known after apply)
      ~ id             = "arn:aws:secretsmanager:us-east-1:996905175585:secret:NotesAPI-Prod/notesapi-prod20241120220808668200000001-MDKdJU|terraform-20241120220901853100000004" -> (known after apply)
      ~ secret_string  = (sensitive value) # forces replacement
      ~ version_id     = "terraform-20241120220901853100000004" -> (known after apply)
      ~ version_stages = [
          - "AWSCURRENT",
        ] -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/NotesAPI-Prod:1" -> (known after apply)

github-actions · 2024-11-22T01:06:36Z

🎉 This PR is included in version @pocket-tools/terraform-modules-v5.17.1 🎉

The release is available on:

@pocket-tools/terraform-modules-v5.17.1
GitHub release

Your semantic-release bot 📦🚀

fix(notes:infra): fix note deployment and separate r/w endpoints

e56fcc0

kschelonka requested a review from a team as a code owner November 22, 2024 00:58

kschelonka requested review from bassrock and removed request for a team November 22, 2024 00:58

bassrock approved these changes Nov 22, 2024

View reviewed changes

github-actions bot added the feature-flags-cdk-production/destroy label Nov 22, 2024

github-actions bot added the notes-api-cdk-production/destroy label Nov 22, 2024

kschelonka enabled auto-merge (squash) November 22, 2024 01:00

kschelonka merged commit 4acfad4 into main Nov 22, 2024
209 checks passed

kschelonka deleted the fix/notes-api-deployment branch November 22, 2024 01:04

github-actions bot added the released label Nov 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(notes:infra): fix note deployment and separate r/w endpoints #971

fix(notes:infra): fix note deployment and separate r/w endpoints #971

kschelonka commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

fix(notes:infra): fix note deployment and separate r/w endpoints #971

fix(notes:infra): fix note deployment and separate r/w endpoints #971

Conversation

kschelonka commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

Plan Result (feature-flags-cdk-production)

⚠️ Resource Deletion will happen ⚠️

github-actions bot commented Nov 22, 2024

Plan Result (notes-api-cdk-production)

⚠️ Resource Deletion will happen ⚠️

github-actions bot commented Nov 22, 2024