-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
provider/aws: Add aws_codedeploy_app #2783
Conversation
After a first skim this certainly looks plausible to me. At first I doubted that this object could really be this simple, but confirmed in the API documentation! :) Just one concern: AWS has several different, competing products that each have a separate "application" concept: CodeDeploy, Elastic Beanstalk, and OpsWorks. Thus to avoid confusion we should perhaps call this resource |
@apparentlymart -- That's a simple fix. I'll take care of it today. Sorry about that. Didn't realize there was a namespace collision. |
e7edcd1
to
cb6c647
Compare
@apparentlymart -- Updated the resource name to avoid a namespace collision. Here's the new test plan:
|
cb6c647
to
8c4b48d
Compare
@ctiwald Thanks for the test plan, it's just a convention I use to make reviewer's life easier. 👍 for the name change. On the first sight it looks ok. I don't have much experience with CodeDeploy, but reviewing this PR may be a good chance to learn more. 😸 I should have some time by the end of this week, so I may have a look at it (unless someone else jumps in). Sometimes it's ok to send a PR (yet multiple commits) which covers multiple resources. If you want to add some other resources that would make the CodeDeploy integration more useful, feel free. |
8c4b48d
to
2ece65b
Compare
@radeksimko -- sure. I'm about halfway done with the deployment group code and I can push it to this branch. At this point I think I can commit to delivering CodeDeploy in its entirety over the next week or so. It's simple, only a couple of resources, and really quite mundane as new resources go. |
2ece65b
to
9b1f8f1
Compare
I'm still committed to finishing this off. Work's been a bit of a beast lately but I've got the CodeDeploy DeploymentGroup logic almost done, and after that there's very little left to make this a full-fledged, ready-to-go resource set. Just wanted to post an update. I've not forgotten about this. |
Just an update on this. Code is done. I've been having trouble testing but it's related to CodeDeploy's somewhat irrational IAM requirement. Basically I just can't get the IAM permission right. As soon as I do I should have a complete PR here. Apologies for the long delay. |
cb88985
to
c836879
Compare
@ctiwald Do you need help with IAM permissions stuff for this? I've set up CodeDeploy on a few accounts now and have a pretty good understanding about what's required. |
@nwalke -- actually that'd be great. Sorry this has languished so long. Work's gotten in the way. I've got the code for the deployment group and application resources written. I just need a valid service_role IAM policy for my integration test. From there I can basically submit, quite quickly, those two resources, |
And that's basically the whole thing. DeploymentConfig should be trivial to create as a resource. |
Actually, @nwalke, I got it sorted here. I've got a minor test failure I need to correct but I'll see if I can get this PR up for real within the next two days. |
@ctiwald Awesome. Would be nice to have this. |
c836879
to
01c1d89
Compare
Alright @nwalke, this is all but done. I've got one minor issue to fix in the update of deployment groups but otherwise it's functional for both app resources and deployment groups. I am, however, having an irritating integration test problem. @radeksimko -- I'm hoping you can point me at some prior art or other advice. The problem is this: You can't create a deployment group without an IAM role ARN. It's a required API field. But there's a small, couple second propagation time when creating IAM roles. The API call will error if the role isn't in place. Is there any way for me to create the roll as part of a setup stage in the integration test, and tear it down at the end? I just need a couple seconds of delay to ensure the role propagates and CodeDeploy can use it. |
@ctiwald Good work, that was quick... I'm not sure if this is much help, but I've definitely seen that same problem reading through the changelog. Here's an example, not sure if it helps you or not: https://github.com/hashicorp/terraform/pull/3061/files |
This is a problem to be solved for users too, not only for tests. I remember solving this for ECS service: Since you're only using role by itself, that should solve the problem for you. In case you'd be using instance profile, which uses that policy though, then you have to define the relationship between the policy & the resource using the instance profile, see https://github.com/TimeIncOSS/terraform/commit/9c2a3e79f9396db9ba659c6bdc949a78f27226ee FYI: This is a general problem with IAM policies, which I have raised with AWS, but there's no ETA nor guarantee they will ever solve this. |
Thanks, @nwalke -- this was basically 95% done so it wasn't much to get it to 99%. @radeksimko -- that'll work. I'm incorporating it now. |
Just an update here: Got the retry working just fine. Grappling with one little hiccup in the updating logic. Will try to crank it out tonight and no later than tomorrow. |
@radeksimko -- I'm struggling a bit with the update logic here. Hoping you might know some similar resource. The problem is the unique identifier provided by CodeDeploy isn't used by any subsequent API call. To update a deployment group, you need to provide the app name and the deployment group name... but you can update the deployment group name. This means that, for example, we have to update the ID with every update (if it includes those two dimensions), or use the unique ID and ... somehow... avoid I do have a workaround but I want to run it by you before I submit it: I could just force new if the deployment_group_name updates. The API technically supports changing a deployment group name, but as far as I can tell, there's absolutely no harm whatsoever in simply recreating the resource rather than updating it. The ID passed back by the API is meaningless. You can't do anything with it. So I don't think recreating the resource would break any other custom tools written by terraform users. Thoughts? Let me know if this doesn't make sense. It's a rather obtuse problem. |
I'm just going to roll forward with the above suggestion. If it proves unsuitable it can always be patched. |
77d1507
to
0952505
Compare
@radeksimko -- I think this is ready for your review. We're missing the deployment configuration resource but this, as written, gets ASG users 99% of the way there. I'll try to add it later this week but there's really no reason at this point not to test this and get it merged. |
Thanks @ctiwald , I truly appreciate clean git log and used commit messages 👍 😃 |
Delete: resourceAwsCodeDeployDeploymentGroupDelete, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"application_name": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry this is a nit I should've spotted earlier, but since we renamed the resource to be app
this argument should probably now be called app_name
for consistency.
Missed these when merging #2783.
@ctiwald rather than sending you on another change/review iteration, I just made a new commit to address my |
Looks like there was a bug I didn't catch in the doc pages here that causes the pages to be mis-formatted. I'm looking at that now... |
Doc pages fixed up in 932f0dd. @phinze the doc pages for these resources are currently broken on the live Terraform site. Is it possible to re-render the docs based on this fixup commit, without doing another release? |
@apparentlymart yep - we maintain |
@phinze cool thanks. Sorry for the miss on that one... reviewed the content, but didn't test the rendering. Will be more diligent next time! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
This is (preliminary) support for CodeDeploy. It's sort of useless by itself but is a complete resource in its own right. I'd rather submit these for review and merge one at a time than dropping a giant patch that represents 3-4 distinct resources, even if they're most useful when used together.
I also haven't written the rest yet.
I saw @radeksimko post a test plan over in #2636, so in the interest of submitting a complete PR:
Test plan