Terraform provider update

[asteel-gsa]

• Adds delete_recursive_allowed = false to to ensure the default true value does not get applied

  resource "cloudfoundry_space" "space" {
  name                     = var.name
  org                      = data.cloudfoundry_org.org.id
  allow_ssh                = var.allow_ssh
  delete_recursive_allowed = false
  }

• Brings all module versions to v1.0.0, bringing us up to date with https://github.com/GSA-TTS/terraform-cloudgov
• Brings terraform provider to ~>0.53.1 for compatability with v1.0.0 above

  required_providers {
  cloudfoundry = {
    source  = "cloudfoundry-community/cloudfoundry"
    version = "~>0.53.1"
  }
  }

• removes recursive_delete = true from modules as it has been depreciated

[github-actions[bot]]

Terraform plan for dev

Plan: 1 to add, 0 to change, 1 to destroy.

```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # module.dev.module.cors.null_resource.cors_header must be replaced -/+ resource "null_resource" "cors_header" { !~ id = "*******************" -> (known after apply) !~ triggers = { # forces replacement !~ "always_run" = "2024-09-12T20:19:12Z" -> (known after apply) } } Plan: 1 to add, 0 to change, 1 to destroy. ```

:memo: Plan generated in Pull Request Checks #3643

[github-actions[bot]]

Terraform plan for meta

Plan: 4 to add, 0 to change, 0 to destroy.

```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.environments["dev"].local_file.providers-tf will be created + resource "local_file" "providers-tf" { + content = <<-EOT # The content of this file is managed by Terraform. If you modify it, it may # be reverted the next time Terraform runs. If you want to make changes, do it # in ../meta/bootstrap-env/templates. terraform { required_version = "~> 1.0" required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" version = "~>0.53.1" } } backend "s3" { # The rest of the backend parameters must be supplied when you initialize: # terraform init --backend-config=../shared/config/backend.tfvars \ # --backend-config=key=terraform.tfstate.$(basename $(pwd)) # # For more info, see: # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration encrypt = "true" } } provider "cloudfoundry" { api_url = "https://api.fr.cloud.gov" user = var.cf_user password = var.cf_password delete_recursive_allowed = false } EOT + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0644" + filename = "./../dev/providers-managed.tf" + id = (known after apply) } # module.environments["preview"].local_file.providers-tf will be created + resource "local_file" "providers-tf" { + content = <<-EOT # The content of this file is managed by Terraform. If you modify it, it may # be reverted the next time Terraform runs. If you want to make changes, do it # in ../meta/bootstrap-env/templates. terraform { required_version = "~> 1.0" required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" version = "~>0.53.1" } } backend "s3" { # The rest of the backend parameters must be supplied when you initialize: # terraform init --backend-config=../shared/config/backend.tfvars \ # --backend-config=key=terraform.tfstate.$(basename $(pwd)) # # For more info, see: # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration encrypt = "true" } } provider "cloudfoundry" { api_url = "https://api.fr.cloud.gov" user = var.cf_user password = var.cf_password delete_recursive_allowed = false } EOT + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0644" + filename = "./../preview/providers-managed.tf" + id = (known after apply) } # module.environments["production"].local_file.providers-tf will be created + resource "local_file" "providers-tf" { + content = <<-EOT # The content of this file is managed by Terraform. If you modify it, it may # be reverted the next time Terraform runs. If you want to make changes, do it # in ../meta/bootstrap-env/templates. terraform { required_version = "~> 1.0" required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" version = "~>0.53.1" } } backend "s3" { # The rest of the backend parameters must be supplied when you initialize: # terraform init --backend-config=../shared/config/backend.tfvars \ # --backend-config=key=terraform.tfstate.$(basename $(pwd)) # # For more info, see: # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration encrypt = "true" } } provider "cloudfoundry" { api_url = "https://api.fr.cloud.gov" user = var.cf_user password = var.cf_password delete_recursive_allowed = false } EOT + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0644" + filename = "./../production/providers-managed.tf" + id = (known after apply) } # module.environments["staging"].local_file.providers-tf will be created + resource "local_file" "providers-tf" { + content = <<-EOT # The content of this file is managed by Terraform. If you modify it, it may # be reverted the next time Terraform runs. If you want to make changes, do it # in ../meta/bootstrap-env/templates. terraform { required_version = "~> 1.0" required_providers { cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" version = "~>0.53.1" } } backend "s3" { # The rest of the backend parameters must be supplied when you initialize: # terraform init --backend-config=../shared/config/backend.tfvars \ # --backend-config=key=terraform.tfstate.$(basename $(pwd)) # # For more info, see: # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration encrypt = "true" } } provider "cloudfoundry" { api_url = "https://api.fr.cloud.gov" user = var.cf_user password = var.cf_password delete_recursive_allowed = false } EOT + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0644" + filename = "./../staging/providers-managed.tf" + id = (known after apply) } Plan: 4 to add, 0 to change, 0 to destroy. ```

:memo: Plan generated in Pull Request Checks #3643

[asteel-gsa]

So... basically what is being done here, and im not entirely sure this is the correct way of doing this, but due to me being unable to bootstrap things locally, I had to rely on grabbing specific things from cgov..

• created a space deployer account
• grabbed the production s3 state credentials
• forced the version upgrade to ~>0.53.1 in providers-managed.tf files
• ran terraform init -upgrade in preview, staging, production, dev, meta
• forced the lock files to be upgraded
• version bumped all modules we import from https://github.com/GSA-TTS/terraform-cloudgov to v1.0.0 from v0.9.1
• removed recursive_delete as its no longer used in the modules
• applied to preview -> no configuration changes found
• created pr
• dev plan -> no configuration changes found
• meta plan -> _recognized the new template version of ~>0.53.1 and is attempting to overwrite the resources with it, which is okay, because they are checked in the same version for the providers.

I am a little hesistant on this and would like to get mogul's opinion on how we should do this, if there is a better way. We are unable to upgrade from v0.9.1 to v.1.0.0 otherwise, due to our locks being ~>0.51.3, where this was accessible in v0.9.1 release, however, no longer available in v1.0.0 release.

[github-actions[bot]]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
18378	16736	91%	0%	🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: 76d567a by action🐍

[asteel-gsa]

This appears to be operational, however, we should proceed with caution and discuss if we want to fully update everything at some point

[asteel-gsa]

@mogul if you by chance have a moment, I would greatly appreciate your 👀 on this, as I would like to ensure the terraform upgrade was done in a safe and secure way, to avoid any possible system breakage.