Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix "invalid count argument" error #66

Closed
wants to merge 6 commits into from
Closed

Fix "invalid count argument" error #66

wants to merge 6 commits into from

Conversation

lorenyu
Copy link
Collaborator

@lorenyu lorenyu commented Nov 20, 2023
edited
Loading

Ticket

Work for navapbc/template-infra#475

Changes

  • Fix "invalid count argument" error

Additional changes

  • Remove "password_ts" event from role manager lambda
  • Merge redundant IAM policies for role manager ssm access
  • Clean up DEBUG log level configuration in role manager

Context for reviewers

In navapbc/template-infra#475, @rocketnova discovered a bug that prevents terraform from creating a plan for the database layer. The module sets the count for the db password secret to be length(aws_rds_cluster.db.master_user_secret), but this is unnecessary since aws_rds_cluster.db.master_user_secret will always be available as long as the rds_cluster's manage_master_user_password is set to true which will always be the case since it is hardcoded to true (see https://github.com/navapbc/template-infra/blob/6b3588c9356a8134d64d145981c386df1bc09b7b/infra/modules/database/main.tf#L31).

This changeset removes the unnecessary count which fixes the terraform plan.

This changeset also includes a number of minor cleanup changes:

  • Remove the "password_ts" event from the role manager lambda that was introduced in PR 461 and isn't needed.
  • Merge the IAM policy that was newly created in PR 469 with the existing one that is conceptually identical.
  • Clean up the DEBUG log level configuration in the role manager that was introduced in PR 469

Testing

  1. created new workspace lyfxcnt ("lorenyu fix count")
    image
  2. in new workspace, create db layer. screenshots of plan and results below
    image
    image
  3. Created db roles with make infra-update-app-database-roles APP_NAME=app ENVIRONMENT=dev
    image
  4. Checked roles (checking that we can connect with IAM auth and that the roles have proper permissions) with make infra-check-app-database-roles APP_NAME=app ENVIRONMENT=dev
    image
  5. Cleaned up by remove deletion protection, deleting the db cluster and workspace
    image
    image
    image
    image
    image
    image

Migration notes

If the rds database cluster already exists and has manage_master_user_password set to false, the terraform plan will fail with the following error:

image

thus, in order to migrate, we'll need to follow the following steps:

  1. first do a targeted apply of the aws_rds_cluster by running the following command (replace ENVIRONMENT_NAME with the correct environment)

    TF_CLI_ARGS_apply='-target="module.database.aws_rds_cluster.db"' make infra-update-app-database APP_NAME=app ENVIRONMENT=<ENVIRONMENT_NAME>
    image image image

  2. Then you can apply the rest of the changes normally with make infra-update-app-database APP_NAME=app ENVIRONMENT=<ENVIRONMENT_NAME>

    image image

@lorenyu lorenyu changed the title WIP Lorenyu/fixdbpass Fix "invalid count argument" error Nov 20, 2023
@lorenyu lorenyu mentioned this pull request Nov 20, 2023
Merged
@lorenyu
Copy link
Collaborator Author

lorenyu commented Nov 21, 2023

Done in navapbc/template-infra#476

@lorenyu lorenyu closed this Nov 21, 2023
@lorenyu lorenyu deleted the lorenyu/fixdbpass branch November 21, 2023 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lorenyu