Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed pinned provider version & increased max_retries for Secure Baselines #6598

Merged
merged 5 commits into from
Mar 26, 2024
Merged

Removed pinned provider version & increased max_retries for Secure Baselines #6598

merged 5 commits into from
Mar 26, 2024

Conversation

richgreen-moj
Copy link
Contributor

@richgreen-moj richgreen-moj commented Mar 25, 2024
edited
Loading

A reference to the issue / Description of it

#6486

How does this PR fix the problem?

I've reverted the code that was pinning the version of the AWS TF provider back to v5.38.0

The jobs are now picking up the latest version v5.42.0 which has had an update that stops client side rate limiting which stops you getting the original error we encountered e.g.
failed to get rate limit token, retry quota exceeded, 3 available, 5 requested

But we were still encountering this error e.g.
ListTagsForResource, exceeded maximum number of attempts, 25, https response error StatusCode: 400, RequestID: c17f1153-756e-4968-bd57-e38a51792366, api error ThrottlingException: Rate exceeded

There is an optional max_retries setting that can be applied to the provider so you can raise it from the default of 25.
In this PR I have set it to 100 which has been tested successfully on two subsequent runs of the scheduled baseline job.

How has this been tested?

It worked ... https://github.com/ministryofjustice/modernisation-platform/actions/runs/8422101284

twice... https://github.com/ministryofjustice/modernisation-platform/actions/runs/8422873826

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed

Additional comments (if any)

This might just be a setting we keep our eye on over time as with all the scheduled baseline code which is growing as the platform grows.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

@richgreen-moj richgreen-moj marked this pull request as ready for review March 26, 2024 08:46
@richgreen-moj richgreen-moj requested a review from a team as a code owner March 26, 2024 08:46
@richgreen-moj richgreen-moj changed the title rmv pinned provider version Removed pinned provider version & increased max_retries for Secure Baselines Mar 26, 2024
mikereiddigital
mikereiddigital approved these changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@mikereiddigital mikereiddigital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lg2m

@richgreen-moj richgreen-moj merged commit d4e49ed into main Mar 26, 2024
1505 checks passed
@richgreen-moj richgreen-moj deleted the fix/remove-pinned-provider-in-secure-baselines branch March 26, 2024 11:47
@richgreen-moj richgreen-moj mentioned this pull request Mar 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikereiddigital mikereiddigital mikereiddigital approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@richgreen-moj @mikereiddigital