search

hmcts / dtsse-shared-infrastructure

0 stars 0 forks source link

Test with new module changes #161

Closed reespozzi closed 2 months ago

reespozzi commented 2 months ago

Test module changes to see if the tfplan stops trying to destroy pg admins

hmcts-jenkins-d-to-i[bot] commented 2 months ago

Plan Result (aat)

Plan: 6 to add, 2 to change, 0 to destroy.
Change Result (Click me) ```hcl # azurerm_dashboard_grafana.dashboard-grafana10[0] will be created + resource "azurerm_dashboard_grafana" "dashboard-grafana10" { + api_key_enabled = true + auto_generated_domain_name_label_scope = "TenantReuse" + deterministic_outbound_ip_enabled = true + endpoint = (known after apply) + grafana_major_version = "10" + grafana_version = (known after apply) + id = (known after apply) + location = "uksouth" + name = "dtsse-grafana10-aat" + outbound_ip = (known after apply) + public_network_access_enabled = true + resource_group_name = "dtsse-aat" + sku = "Standard" + tags = { + "application" = "core" + "autoShutdown" = "true" + "builtFrom" = "https://github.com/HMCTS/dtsse-shared-infrastructure.git" + "businessArea" = "CFT" + "contactSlackChannel" = "#reform-swe" + "environment" = "staging" + "managedBy" = "DTS Software Engineering" } + zone_redundancy_enabled = true + identity { + principal_id = (known after apply) + tenant_id = (known after apply) + type = "SystemAssigned" } } # module.alert-action-group.azurerm_resource_group_template_deployment.action-group will be updated in-place ~ resource "azurerm_resource_group_template_deployment" "action-group" { id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-aat/providers/Microsoft.Resources/deployments/DTSSE_Alert" name = "DTSSE_Alert" tags = {} ~ template_content = jsonencode( ~ { ~ outputs = { ~ actionGroupId = { ~ type = "String" -> "string" # (1 unchanged attribute hidden) } } ~ parameters = { ~ actionGroupName = { ~ type = "String" -> "string" } ~ emailReceiverAddress = { ~ type = "String" -> "string" # (1 unchanged attribute hidden) } ~ emailReceiverName = { ~ type = "String" -> "string" # (1 unchanged attribute hidden) } ~ location = { ~ type = "String" -> "string" # (1 unchanged attribute hidden) } ~ shortName = { ~ type = "String" -> "string" } } # (3 unchanged attributes hidden) } ) # (6 unchanged attributes hidden) } # module.postgresql[0].data.azuread_group.db_admin will be read during apply # (depends on a resource or a module with changes pending) <= data "azuread_group" "db_admin" { + assignable_to_role = (known after apply) + auto_subscribe_new_members = (known after apply) + behaviors = (known after apply) + description = (known after apply) + display_name = "DTS Platform Operations" + dynamic_membership = (known after apply) + external_senders_allowed = (known after apply) + hide_from_address_lists = (known after apply) + hide_from_outlook_clients = (known after apply) + id = (known after apply) + mail = (known after apply) + mail_enabled = (known after apply) + mail_nickname = (known after apply) + members = (known after apply) + object_id = (known after apply) + onpremises_domain_name = (known after apply) + onpremises_group_type = (known after apply) + onpremises_netbios_name = (known after apply) + onpremises_sam_account_name = (known after apply) + onpremises_security_identifier = (known after apply) + onpremises_sync_enabled = (known after apply) + owners = (known after apply) + preferred_language = (known after apply) + provisioning_options = (known after apply) + proxy_addresses = (known after apply) + security_enabled = true + theme = (known after apply) + types = (known after apply) + visibility = (known after apply) + writeback_enabled = (known after apply) } # module.postgresql[0].data.azuread_service_principal.mi_name[0] will be read during apply # (depends on a resource or a module with changes pending) <= data "azuread_service_principal" "mi_name" { + account_enabled = (known after apply) + alternative_names = (known after apply) + app_role_assignment_required = (known after apply) + app_role_ids = (known after apply) + app_roles = (known after apply) + application_id = (known after apply) + application_tenant_id = (known after apply) + client_id = (known after apply) + description = (known after apply) + display_name = (known after apply) + feature_tags = (known after apply) + features = (known after apply) + homepage_url = (known after apply) + id = (known after apply) + login_url = (known after apply) + logout_url = (known after apply) + notes = (known after apply) + notification_email_addresses = (known after apply) + oauth2_permission_scope_ids = (known after apply) + oauth2_permission_scopes = (known after apply) + object_id = "ca6d5085-485a-417d-8480-c3cefa29df31" + preferred_single_sign_on_mode = (known after apply) + redirect_uris = (known after apply) + saml_metadata_url = (known after apply) + saml_single_sign_on = (known after apply) + service_principal_names = (known after apply) + sign_in_audience = (known after apply) + tags = (known after apply) + type = (known after apply) } # module.postgresql[0].data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgresql[0].data.azurerm_subnet.pg_subnet[0] will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_subnet" "pg_subnet" { + address_prefix = (known after apply) + address_prefixes = (known after apply) + default_outbound_access_enabled = (known after apply) + enforce_private_link_endpoint_network_policies = (known after apply) + enforce_private_link_service_network_policies = (known after apply) + id = (known after apply) + name = "postgresql" + network_security_group_id = (known after apply) + private_endpoint_network_policies = (known after apply) + private_endpoint_network_policies_enabled = (known after apply) + private_link_service_network_policies_enabled = (known after apply) + resource_group_name = "cft-aat-network-rg" + route_table_id = (known after apply) + service_endpoints = (known after apply) + virtual_network_name = "cft-aat-vnet" } # module.postgresql[0].data.azurerm_subscription.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_subscription" "current" { + display_name = (known after apply) + id = (known after apply) + location_placement_id = (known after apply) + quota_id = (known after apply) + spending_limit = (known after apply) + state = (known after apply) + subscription_id = (known after apply) + tags = (known after apply) + tenant_id = (known after apply) } # module.postgresql[0].azurerm_postgresql_flexible_server.pgsql_server will be updated in-place ~ resource "azurerm_postgresql_flexible_server" "pgsql_server" { id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-dashboard-flexdb-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/dtsse-dashboard-flexdb-aat" name = "dtsse-dashboard-flexdb-aat" tags = { "application" = "core" "autoShutdown" = "true" "builtFrom" = "https://github.com/HMCTS/dtsse-shared-infrastructure.git" "businessArea" = "CFT" "contactSlackChannel" = "#reform-swe" "environment" = "staging" "managedBy" = "DTS Software Engineering" } # (17 unchanged attributes hidden) ~ authentication { ~ tenant_id = "531ff96d-0ae9-462a-8d2d-bec7c0b42082" -> (known after apply) # (2 unchanged attributes hidden) } # (2 unchanged blocks hidden) } # module.postgresql[0].azurerm_postgresql_flexible_server_firewall_rule.pg_firewall_rules["grafana00"] will be created + resource "azurerm_postgresql_flexible_server_firewall_rule" "pg_firewall_rules" { + end_ip_address = "52.148.220.236" + id = (known after apply) + name = "grafana00" + server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-dashboard-flexdb-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/dtsse-dashboard-flexdb-aat" + start_ip_address = "52.148.220.236" } # module.postgresql[0].azurerm_postgresql_flexible_server_firewall_rule.pg_firewall_rules["grafana01"] will be created + resource "azurerm_postgresql_flexible_server_firewall_rule" "pg_firewall_rules" { + end_ip_address = "20.61.85.167" + id = (known after apply) + name = "grafana01" + server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-dashboard-flexdb-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/dtsse-dashboard-flexdb-aat" + start_ip_address = "20.61.85.167" } # module.postgresql[0].azurerm_postgresql_flexible_server_firewall_rule.pg_firewall_rules["grafana1000"] will be created + resource "azurerm_postgresql_flexible_server_firewall_rule" "pg_firewall_rules" { + end_ip_address = (known after apply) + id = (known after apply) + name = "grafana1000" + server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-dashboard-flexdb-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/dtsse-dashboard-flexdb-aat" + start_ip_address = (known after apply) } # module.postgresql[0].azurerm_postgresql_flexible_server_firewall_rule.pg_firewall_rules["grafana1001"] will be created + resource "azurerm_postgresql_flexible_server_firewall_rule" "pg_firewall_rules" { + end_ip_address = (known after apply) + id = (known after apply) + name = "grafana1001" + server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/dtsse-dashboard-flexdb-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/dtsse-dashboard-flexdb-aat" + start_ip_address = (known after apply) } # module.postgresql[0].terraform_data.trigger_password_reset will be created + resource "terraform_data" "trigger_password_reset" { + id = (known after apply) + input = "" + output = (known after apply) } Plan: 6 to add, 2 to change, 0 to destroy. ```
hmcts-jenkins-d-to-i[bot] commented 2 months ago

Plan Result (prod)

Plan: 3 to add, 2 to change, 0 to destroy.
Change Result (Click me) ```hcl # azurerm_key_vault_secret.AZURE_APPINSIGHTS_KEY will be updated in-place ~ resource "azurerm_key_vault_secret" "AZURE_APPINSIGHTS_KEY" { id = "https://dtsse-prod.vault.azure.net/secrets/AppInsightsConnectionString/0fb3e252b72e49bba6cf385c3aefb2c1" name = "AppInsightsConnectionString" tags = {} ~ value = (sensitive value) # (6 unchanged attributes hidden) } # azurerm_key_vault_secret.alert_action_group_name will be created + resource "azurerm_key_vault_secret" "alert_action_group_name" { + id = (known after apply) + key_vault_id = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/dtsse-prod/providers/Microsoft.KeyVault/vaults/dtsse-prod" + name = "alert-action-group-name" + resource_id = (known after apply) + resource_versionless_id = (known after apply) + value = (sensitive value) + version = (known after apply) + versionless_id = (known after apply) } # module.alert-action-group.azurerm_resource_group_template_deployment.action-group will be created + resource "azurerm_resource_group_template_deployment" "action-group" { + deployment_mode = "Incremental" + id = (known after apply) + name = "DTSSE_Alert" + output_content = (known after apply) + parameters_content = (sensitive value) + resource_group_name = "dtsse-prod" + template_content = jsonencode( { + "$schema" = "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + contentVersion = "1.0.0.0" + outputs = { + actionGroupId = { + type = "string" + value = "[resourceId('microsoft.insights/actionGroups', parameters('actionGroupName'))]" } } + parameters = { + actionGroupName = { + type = "string" } + emailReceiverAddress = { + metadata = { + description = "Email address of the receiver" } + type = "string" } + emailReceiverName = { + metadata = { + description = "Name of the email receiver" } + type = "string" } + location = { + defaultValue = "global" + type = "string" } + shortName = { + type = "string" } } + resources = [ + { + apiVersion = "2017-04-01" + location = "[parameters('location')]" + name = "[parameters('actionGroupName')]" + properties = { + emailReceivers = [ + { + emailAddress = "[parameters('emailReceiverAddress')]" + name = "[parameters('emailReceiverName')]" }, ] + enabled = true + groupShortName = "[parameters('shortName')]" + smsReceivers = [] + webhookReceivers = [] } + tags = {} + type = "microsoft.insights/actionGroups" }, ] } ) } # module.application_insights.azurerm_application_insights.this will be updated in-place # (moved from azurerm_application_insights.appinsights) ~ resource "azurerm_application_insights" "this" { ~ daily_data_cap_in_gb = 100 -> 50 ~ daily_data_cap_notifications_disabled = false -> true id = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/dtsse-prod/providers/Microsoft.Insights/components/dtsse-appinsights-prod" name = "dtsse-appinsights-prod" tags = { "application" = "core" "builtFrom" = "https://github.com/HMCTS/dtsse-shared-infrastructure.git" "businessArea" = "CFT" "contactSlackChannel" = "#reform-swe" "environment" = "production" "managedBy" = "DTS Software Engineering" } # (14 unchanged attributes hidden) } # module.application_insights.azurerm_monitor_activity_log_alert.main[0] will be created + resource "azurerm_monitor_activity_log_alert" "main" { + description = "Monitors for application insight reaching it's daily cap." + enabled = true + id = (known after apply) + location = "global" + name = "Application Insights daily cap reached - dtsse-appinsights-prod" + resource_group_name = "dtsse-prod" + scopes = [ + "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/dtsse-prod/providers/Microsoft.Insights/components/dtsse-appinsights-prod", ] + tags = { + "application" = "core" + "builtFrom" = "https://github.com/HMCTS/dtsse-shared-infrastructure.git" + "businessArea" = "CFT" + "contactSlackChannel" = "#reform-swe" + "environment" = "production" + "managedBy" = "DTS Software Engineering" } + action { + action_group_id = "/subscriptions/1baf5470-1c3e-40d3-a6f7-74bfbce4b348/resourceGroups/cft-alerts-slack-ptl/providers/Microsoft.Insights/actionGroups/cft-alerts-slack-warning-alerts" + webhook_properties = { + "from" = "terraform" + "slackChannelId" = null } } + criteria { + category = "Administrative" + level = "Warning" + operation_name = "Microsoft.Insights/Components/DailyCapReached/Action" + resource_id = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/dtsse-prod/providers/Microsoft.Insights/components/dtsse-appinsights-prod" + resource_health (known after apply) + service_health (known after apply) } } Plan: 3 to add, 2 to change, 0 to destroy. ```
:information_source: Objects have changed outside of Terraform _This feature was introduced from [Terraform v0.15.4](https://github.com/hashicorp/terraform/releases/tag/v0.15.4)._ ```hcl Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # module.application_insights.azurerm_application_insights.this has changed # (moved from azurerm_application_insights.appinsights) ~ resource "azurerm_application_insights" "this" { ~ connection_string = (sensitive value) id = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/dtsse-prod/providers/Microsoft.Insights/components/dtsse-appinsights-prod" name = "dtsse-appinsights-prod" tags = { "application" = "core" "builtFrom" = "https://github.com/HMCTS/dtsse-shared-infrastructure.git" "businessArea" = "CFT" "contactSlackChannel" = "#reform-swe" "environment" = "production" "managedBy" = "DTS Software Engineering" } # (15 unchanged attributes hidden) } Unless you have made equivalent changes to your configuration, or ignored the ```