search

navapbc / template-infra

A template to set up foundational infrastructure for your application in AWS
Apache License 2.0
11 stars 2 forks source link

Make targets to configure a layer should not return errors if they have already been run #712

Open rocketnova opened 2 months ago

rocketnova commented 2 months ago

Issue

All of the following make targets call /bin/create-tfbackend:

If you run any of these commands again accidentally after the layer has already been configured, you get a confusing terraform message without clear instructions about what's wrong.

For example, if you have already previously run make infra-configure-app-build-repository and you run it again, you will receive the following error:

./bin/create-tfbackend "infra/app-rails/build-repository" shared
╷
│ Error: Backend initialization required, please run "terraform init"
│ 
│ Reason: Initial configuration of the requested backend "s3"
│ 
│ The "backend" is the interface that Terraform uses to store state,
│ perform operations, etc. If this message is showing up, it means that the
│ Terraform configuration you're using is using a custom configuration for
│ the Terraform backend.
│ 
│ Changes to backend configurations require reinitialization. This allows
│ Terraform to set up the new configuration, copy existing state, etc. Please run
│ "terraform init" with either the "-reconfigure" or "-migrate-state" flags to
│ use the current configuration.
│ 
│ If the change reason above is incorrect, please verify your configuration
│ hasn't changed and try again. At this point, no changes to your existing
│ configuration or state have been made.
╵
make: *** [infra-configure-app-build-repository] Error 1

What's actually happening is that this line is causing an error: https://github.com/navapbc/template-infra/blob/71f2cd419a36e296ca9799d3c4b329625affc486/bin/create-tfbackend.sh#L29

The message is confusing and doesn't provide helpful advice to the user. Running terraform init in the root dir or in the build-repository dir, and then trying to re-run make infra-configure-app-build-repository is incorrect, even if it seems intuitive based on the error message.

The correct next step for the user is actually to move on to run make infra-update-app-build-repository OR to run something like terraform -chdir=infra/accounts init -backend-config=$(./bin/current-account-config-name).s3.tfbackend to re-initialize the account before re-running make infra-configure-app-build-repository.

Resolution Ideas

Perhaps we can:

  1. add a check in /bin/create-tfbackend to check to check to see if the account needs to be re-initialized
  2. automatically re-initialize
rocketnova commented 2 months ago

@lorenyu @doshitan Thoughts on approach?

lorenyu commented 2 months ago

If we come up with a solution to this sentence from this ticket:

it would be nice if the script checked .terraform/terraform.tfstate | jq .backend.config to see if it is already the correct backend config and skip initialization if so to speed up terraform commands.

then that might work here too

unfortunately I'm not sure if the jq .backend.config solution I proposed works. may need to dig into it more.