Alternative to DM Actions

[sangram-pawar]

Hi, Currently I use an action to add an instance to an instance group. Since actions are not supported in DM anymore, how can I accomplish the same result in DM itself?

        resources.append({
            'name': resource_name,
            'action': 'gcp-types/compute-v1:compute.instanceGroups.addInstances',
            'properties': {
                'instanceGroup': instance_group_names['instancegroup1'],
                'zone': vm1_zone,
                'instances': [
                    {
                        'instance': '$(ref.' + vm1_name + '.selfLink)'
                    }
                ]
            }
        })

Thanks!

[sangram-pawar]

@akedin and @AlexBulankou - Since you recently removed the DM examples with actions, tagging you both to get a response sooner. Could you provide some input here?

Thanks in advance!

[roman-parkhunovskyi]

My apology, but has this been communicated in any ways? Neither DM release notes state anything, nor I had received any emails about this change or advised for a replacement solution. The examples you just had and which were incorporated were just cut out and this became a fact which I've noticed only during the regular deployment in production. At minimum, this is not serious if not irresponsible all.

[sangram-pawar]

My apology, but has this been communicated in any ways? Neither DM release notes state anything, nor I had received any emails about this change or advised for a replacement solution. The examples you just had and which were incorporated were just cut out and this became a fact which I've noticed only during the regular deployment in production. At minimum, this is not serious if not irresponsible all.

Deployments created using DM templates with "Actions" started throwing the warning below since last 2 weeks - "The deployment uses actions, which are an unsupported feature. We recommend that you avoid using actions."

[taraslayshchuk]

@sangram-pawar Let's imagine I didn't deploy any changes for the last 2 weeks, can it be a case? I have never had such issues with AWS, they always keep me up to date about API changes on their side and not only via release notes but via personal email as well. They track which resources I use in my account and sincerely ask me to take steps long before the changes take place. Here are a few examples from AWS:

1)

Hello,

Please act before October 31, 2019 to address an upcoming interruption of your applications using RDS and Aurora database instances.

To protect your communications with RDS database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by your database client software to authenticate any RDS database instance(s) before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure RDS customer connections are properly protected for years to come. The current CA expires on March 5, 2020, requiring updates to existing RDS database instances with certificates referencing the current CA.

You are receiving this message because you have an Amazon RDS database instance(s) in the US-EAST-1 or US-EAST-2 Region(s). If your applications connect to those instances using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol please follow the detailed instructions in the link below to complete your update(s). If not completed, your applications will fail to connect to your DB instances using SSL/TLS after March 5, 2020.

We encourage you to test these steps within a development or staging environment before implementing them in your production environments. Beginning today, you can start testing and updating your existing RDS database instances. For detailed instructions, please visit: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

Any new RDS instances created after November 1, 2019 will default to using the new certificates. If you wish to temporarily modify new instances manually to use the old (rds-ca-2015) certificates, you can do so using the AWS console or the AWS CLI. Any instances created prior to November 1, 2019 will have the rds-ca-2015 certificates until you update them to the rds-ca-2019 version.

If you have questions or issues, please contact AWS Support at: https://aws.amazon.com/support

Sincerely, Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210

2)

Hello, On April 4, we announced via a Developer Forum post, that CloudFront will deprecate the oldest versions of the CloudFront API, specifically those dated prior to 2016, on Thursday, June 6, 2019. As CloudFront has evolved, new features and concepts (such as origin groups and support for SNI certificates) have been introduced that can't be represented in the older APIs. To improve overall support and consistency for CloudFront developers we're reducing the number of API versions we need to maintain. Beginning on June 6, 2019 the listed versions of the CloudFront APIs will stop working and will instead return a “410: Gone” response code. To prevent disruption to any calling applications, we recommend that you upgrade applications that invoke these APIs as quickly as possible. If you have questions about this notice, please contact AWS Support. For information about the current CloudFront API, see the CloudFront API Reference: https://docs.aws.amazon.com/cloudfront/latest/APIReference/Welcome.html Full list of versions to be deprecated on June 6, 2019: 2008-06-30, 2009-04-02, 2009-09-09, 2009-12-01, 2010-03-01, 2010-05-01, 2010-06-01, 2010-07-15, 2010-08-01, 2010-11-01, 2012-03-15, 2012-05-05, 2012-07-01, 2013-05-12, 2013-08-26, 2013-09-27, 2013-11-11, 2013-11-22, 2014-01-31, 2014-05-31, 2014-08-31, 2014-10-21, 2014-11-06, 2015-04-17, 2015-07-27, 2015-09-17, 2015-12-22 For more information regarding this deprecation and the actions you should take, refer to our Developer Forum post here: https://forums.aws.amazon.com/ann.jspa?annID=669

CC: @andrei-scripniciuc

[andrei-scripniciuc]

Apologies for the confusion this is causing - We're actively working on alternatives for cases where actions were used, including the case that was mentioned in this issue, and will update this thread if an alternative is identified. We will also share a broader guide on alternatives to DM Actions in early 2021.

[andytheapedemontague]

Can I add a vote for project_creation as a rewrite-without-actions candidate? I'm about to start working on a enterprise-wide DM solution for project creation and it would be good to have a best-practices baseline to start from.

[sangram-pawar]

Apologies for the confusion this is causing - We're actively working on alternatives for cases where actions were used, including the case that was mentioned in this issue, and will update this thread if an alternative is identified. We will also share a broader guide on alternatives to DM Actions in early 2021.

@andrei-scripniciuc - while the alternative is being decided, is it ok to continue production deployments with actions and ignore the warnings? Will this particular action ever return an error instead of a warning (and fail the deployment)?

[AlexBulankou]

while the alternative is being decided, is it ok to continue production deployments with actions and ignore the warnings? Will this particular action ever return an error instead of a warning (and fail the deployment)?

We don't recommend to increase your usage of Actions, since it is an undocumented and not officially supported Alpha feature. This was the reason we removed the few unofficial examples from this repo, to prevent customers from increasing their usage of this feature. However you can safely continue existing usage, until further guidance - and at this point we'll update this thread and will provide sufficient time for the customers to replace their usage of Actions with alternatives.

[sangram-pawar]

while the alternative is being decided, is it ok to continue production deployments with actions and ignore the warnings? Will this particular action ever return an error instead of a warning (and fail the deployment)?

We don't recommend to increase your usage of Actions, since it is an undocumented and not officially supported Alpha feature. This was the reason we removed the few unofficial examples from this repo, to prevent customers from increasing their usage of this feature. However you can safely continue existing usage, until further guidance - and at this point we'll update this thread and will provide sufficient time for the customers to replace their usage of Actions with alternatives.

Thanks @AlexBulankou. I'll keep the existing usage for actions until an alternative is provided. I'll also ensure no new actions are introduced.

[roman-parkhunovskyi]

This document should have been linked by someone responsible for the actions decommissioning for tracking, even though it is Alpha: https://cloud.google.com/deployment-manager/docs/migrations/actions

[AlexBulankou]

Thank you, @rparkhunovskyi , for linking it here. Indeed https://cloud.google.com/deployment-manager/docs/migrations/actions is our migration guide that we are asking all customers to follow to remove the usage of this unsupported feature. If you have a question about a specific action type, please open a GitHub issue in this repo or if you are working with a GCP customer engineer, you can ask them to reach our to DM team directly.

[sangram-pawar]

Thanks @AlexBulankou for the details. I'm interested in migration for 'gcp-types/compute-v1:compute.instanceGroups.addInstances' action equivalent. I'll reach out to our GCP customer engineer.

[roman-parkhunovskyi]

@AlexBulankou, the one we used was 'action': 'gcp-types/cloudbuild-v1:cloudbuild.projects.builds.create' once borrowed from deploymentmanager-samples examples. It is still not mentioned in the migration doc.

[AlexBulankou]

@rparkhunovskyi , automating CloudBuild initiation is not well supported with DM today. Can you please describe your scenario? Are you looking to create a new build job or manually start a job (Create Manual Triggers) ?

[roman-parkhunovskyi]

@AlexBulankou The goal was to contain create/build/deploy steps for a Cloud Function within the DM configuration and be fully managed by DM itself. The approach was derived from the examples/v2/cloud_functions/python/cloud_function.py, which has been deprecated with no suitable replacement. What would be the recommended way now?