terraform: pin module versions and update grafana-agent (#110)

* terraform: pin module versions and update grafana-agent * chore: terraform fmt * terraform: update GrafanaAgentConfigURL * thunderdome: update grafana-agent * gofmt --------- Co-authored-by: guillaumemichel <[email protected]> Co-authored-by: Guillaume Michel - guissou <[email protected]>
probe-lab · Feb 6, 2024 · f855683 · f855683
1 parent efae02d
commit f855683
Show file tree

Hide file tree

Showing 17 changed files with 168 additions and 168 deletions.
diff --git a/cmd/thunderdome/infra/dealgood.go b/cmd/thunderdome/infra/dealgood.go
@@ -299,7 +299,7 @@ func (d *Dealgood) createTaskDefinition() Task {
 					},
 					{
 						Name:  aws.String("grafana-agent"),
-						Image: aws.String("grafana/agent:v0.26.1"),
+						Image: aws.String("grafana/agent:v0.39.1"),
 						Command: []*string{
 							aws.String("-metrics.wal-directory=/data/grafana-agent"),
 							aws.String("-config.expand-env"),

diff --git a/cmd/thunderdome/infra/target.go b/cmd/thunderdome/infra/target.go
@@ -274,7 +274,7 @@ func (t *Target) createTaskDefinition() Task {
 					},
 					{
 						Name:  aws.String("grafana-agent"),
-						Image: aws.String("grafana/agent:v0.26.1"),
+						Image: aws.String("grafana/agent:v0.39.1"),
 						Command: []*string{
 							aws.String("-metrics.wal-directory=/data/grafana-agent"),
 							aws.String("-config.expand-env"),

diff --git a/tf/.terraform.lock.hcl b/tf/.terraform.lock.hcl
diff --git a/tf/.tool-versions b/tf/.tool-versions
@@ -1,2 +1,2 @@
-terraform 1.2.6
+terraform 1.7.0
 tflint 0.39.1
diff --git a/tf/dynamodb.tf b/tf/dynamodb.tf
@@ -1,7 +1,7 @@
 resource "aws_dynamodb_table" "experiments" {
-  name           = "experiments"
-  billing_mode   = "PROVISIONED"
-  hash_key       = "name"
+  name         = "experiments"
+  billing_mode = "PROVISIONED"
+  hash_key     = "name"
 
   read_capacity  = 1
   write_capacity = 1

diff --git a/tf/ecs-asg.tf b/tf/ecs-asg.tf
@@ -127,7 +127,7 @@ module "autoscaling" {
       instance_type = "i3en.2xlarge"
     }
 
-    io_medium  = {
+    io_medium = {
       # 32GB RAM, 4 CPU, Up to 25 Gigabit, $0.31 hourly
       instance_type = "i3en.xlarge"
     }

diff --git a/tf/grafana.tf b/tf/grafana.tf
@@ -78,6 +78,6 @@ module "grafana_agent_config" {
 
   file_source = "./files/grafana-agent-config/${each.key}.yaml"
   # ensure changes to local file are detected and then uploaded
-  etag        = "${filemd5("./files/grafana-agent-config/${each.key}.yaml")}"
+  etag = filemd5("./files/grafana-agent-config/${each.key}.yaml")
 }
 
diff --git a/tf/iam.tf b/tf/iam.tf
@@ -155,33 +155,33 @@ resource "aws_iam_role" "ironbar" {
   inline_policy {
     name = "ironbar_inline"
     policy = jsonencode({
-      "Version": "2012-10-17",
-      "Statement": [
-          {
-              "Sid": "ironbar",
-              "Effect": "Allow",
-              "Action": [
-                  "dynamodb:BatchGetItem",
-                  "dynamodb:BatchWriteItem",
-                  "dynamodb:PutItem",
-                  "dynamodb:DescribeTable",
-                  "dynamodb:DeleteItem",
-                  "dynamodb:GetItem",
-                  "dynamodb:Scan",
-                  "dynamodb:Query",
-                  "dynamodb:UpdateItem",
-                  "dynamodb:UpdateTable",
-                  "ecs:DescribeTasks",
-                  "ecs:DescribeTaskDefinition",
-                  "ecs:DeregisterTaskDefinition",
-                  "sns:GetSubscriptionAttributes",
-                  "ecs:StopTask",
-                  "sns:Unsubscribe",
-                  "sqs:DeleteQueue",
-                  "sqs:GetQueueAttributes"
-              ],
-              "Resource": "*"
-          }
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Sid" : "ironbar",
+          "Effect" : "Allow",
+          "Action" : [
+            "dynamodb:BatchGetItem",
+            "dynamodb:BatchWriteItem",
+            "dynamodb:PutItem",
+            "dynamodb:DescribeTable",
+            "dynamodb:DeleteItem",
+            "dynamodb:GetItem",
+            "dynamodb:Scan",
+            "dynamodb:Query",
+            "dynamodb:UpdateItem",
+            "dynamodb:UpdateTable",
+            "ecs:DescribeTasks",
+            "ecs:DescribeTaskDefinition",
+            "ecs:DeregisterTaskDefinition",
+            "sns:GetSubscriptionAttributes",
+            "ecs:StopTask",
+            "sns:Unsubscribe",
+            "sqs:DeleteQueue",
+            "sqs:GetQueueAttributes"
+          ],
+          "Resource" : "*"
+        }
       ]
     })
   }
@@ -220,50 +220,50 @@ resource "aws_iam_group" "deployers" {
 
 resource "aws_iam_user_group_membership" "deployer" {
   for_each = aws_iam_user.deployer
-  user = each.value.name
+  user     = each.value.name
 
   groups = [
     aws_iam_group.deployers.name,
   ]
 }
 
 resource "aws_iam_group_policy" "deployers" {
-  name = "deployers"
+  name  = "deployers"
   group = aws_iam_group.deployers.name
   policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "ironbar",
-            "Effect": "Allow",
-            "Action": [
-                "ec2:DescribeInstances",
-                "ecr:BatchCheckLayerAvailability",
-                "ecr:CompleteLayerUpload",
-                "ecr:DescribeImages",
-                "ecr:GetAuthorizationToken",
-                "ecr:UploadLayerPart",
-                "ecr:InitiateLayerUpload",
-                "ecr:PutImage",
-                "ecs:DeregisterTaskDefinition",
-                "ecs:DescribeClusters",
-                "ecs:DescribeTasks",
-                "ecs:DescribeTaskDefinition",
-                "ecs:DescribeContainerInstances",
-                "ecs:RegisterTaskDefinition",
-                "ecs:RunTask",
-                "ecs:StopTask",
-                "s3:GetObject",
-                "sns:GetSubscriptionAttributes",
-                "sns:Subscribe",
-                "sns:Unsubscribe",
-                "sqs:CreateQueue",
-                "sqs:DeleteQueue",
-                "sqs:GetQueueAttributes",
-                "sqs:SetQueueAttributes"
-            ],
-            "Resource": "*"
-        }
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "ironbar",
+        "Effect" : "Allow",
+        "Action" : [
+          "ec2:DescribeInstances",
+          "ecr:BatchCheckLayerAvailability",
+          "ecr:CompleteLayerUpload",
+          "ecr:DescribeImages",
+          "ecr:GetAuthorizationToken",
+          "ecr:UploadLayerPart",
+          "ecr:InitiateLayerUpload",
+          "ecr:PutImage",
+          "ecs:DeregisterTaskDefinition",
+          "ecs:DescribeClusters",
+          "ecs:DescribeTasks",
+          "ecs:DescribeTaskDefinition",
+          "ecs:DescribeContainerInstances",
+          "ecs:RegisterTaskDefinition",
+          "ecs:RunTask",
+          "ecs:StopTask",
+          "s3:GetObject",
+          "sns:GetSubscriptionAttributes",
+          "sns:Subscribe",
+          "sns:Unsubscribe",
+          "sqs:CreateQueue",
+          "sqs:DeleteQueue",
+          "sqs:GetQueueAttributes",
+          "sqs:SetQueueAttributes"
+        ],
+        "Resource" : "*"
+      }
     ]
   })
 }
@@ -335,8 +335,8 @@ resource "aws_iam_role_policy_attachment" "testbox_sqs_subscribe" {
 }
 
 resource "aws_iam_instance_profile" "testbox_profile" {
-  name       = "testbox-profile"
-  role       = aws_iam_role.testbox_role.name
+  name = "testbox-profile"
+  role = aws_iam_role.testbox_role.name
 }
 
 

diff --git a/tf/ironbar.tf b/tf/ironbar.tf
@@ -12,9 +12,9 @@ resource "aws_ecs_service" "ironbar" {
   }
 
   load_balancer {
-    target_group_arn = "${aws_lb_target_group.ironbar.id}"
+    target_group_arn = aws_lb_target_group.ironbar.id
     container_name   = "ironbar"
-    container_port   = "${local.ironbar_port_number}"
+    container_port   = local.ironbar_port_number
   }
 
   capacity_provider_strategy {
@@ -25,7 +25,7 @@ resource "aws_ecs_service" "ironbar" {
 }
 
 resource "aws_service_discovery_service" "ironbar" {
-  name     = "ironbar"
+  name = "ironbar"
 
   dns_config {
     namespace_id = aws_service_discovery_private_dns_namespace.main.id
@@ -43,16 +43,16 @@ resource "aws_lb_target_group" "ironbar" {
   name        = "ironbar"
   port        = local.ironbar_port_number
   protocol    = "TCP"
-  vpc_id      = "${module.vpc.vpc_id}"
+  vpc_id      = module.vpc.vpc_id
   target_type = "ip"
 }
 
 resource "aws_lb_listener" "front_end" {
-  load_balancer_arn = "${aws_lb.ecs.id}"
-  port              = "${local.ironbar_port_number}"
+  load_balancer_arn = aws_lb.ecs.id
+  port              = local.ironbar_port_number
   protocol          = "TCP"
   default_action {
-    target_group_arn = "${aws_lb_target_group.ironbar.id}"
+    target_group_arn = aws_lb_target_group.ironbar.id
     type             = "forward"
   }
 }
@@ -118,12 +118,12 @@ resource "aws_ecs_task_definition" "ironbar" {
     {
       name  = "grafana-agent"
       cpu   = 0
-      image = "grafana/agent:v0.26.1"
+      image = "grafana/agent:v0.39.1"
       command = [
         "-metrics.wal-directory=/data/grafana-agent",
         "-config.expand-env",
         "-enable-features=remote-configs",
-        "-config.file=http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["ironbar"].s3_object_id}"
+        "-config.file=https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["ironbar"].s3_object_id}"
       ]
       environment = [
       ]
@@ -143,12 +143,12 @@ resource "aws_ecs_task_definition" "ironbar" {
         },
       ]
       portMappings = []
-      secrets      = [
+      secrets = [
         { name = "PROMETHEUS_URL", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:url::" },
         { name = "PROMETHEUS_USER", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:username::" },
         { name = "PROMETHEUS_PASS", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:password::" }
       ]
-      volumesFrom  = []
+      volumesFrom = []
     }
   ])
 }

diff --git a/tf/locals.tf b/tf/locals.tf
@@ -3,26 +3,26 @@ locals {
 
   skyfish_image_tag = "2023-12-13-60b3d1f"
 
-  ironbar_image_tag = "2023-02-27-c7b617d"
+  ironbar_image_tag   = "2023-02-27-c7b617d"
   ironbar_port_number = 8321
 
   infra_json = jsonencode({
-    AwsRegion                       = data.aws_region.current.name
-    DealgoodGrafanaAgentConfigURL   = "http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["dealgood"].s3_object_id}"
-    DealgoodImage                   = "${aws_ecr_repository.dealgood.repository_url}:${local.dealgood_image_tag}"
-    DealgoodSecurityGroup           = aws_security_group.dealgood.id
-    DealgoodTaskRoleArn             = aws_iam_role.dealgood.arn
-    EcrBaseURL                      = aws_ecr_repository.thunderdome.repository_url
-    EcsClusterArn                   = module.ecs-asg.cluster_id
-    EcsExecutionRoleArn             = aws_iam_role.ecsTaskExecutionRole.arn
-    EfsFileSystemID                 = aws_efs_file_system.thunderdome.id
-    ExperimentsTableName            = aws_dynamodb_table.experiments.name
-    PrometheusSecretArn             = data.aws_secretsmanager_secret.prometheus-secret.arn
-    IronbarAddr                     = "${aws_eip.ecs[0].public_ip}:${local.ironbar_port_number}"
-    LogGroupName                    = aws_cloudwatch_log_group.logs.name
-    RequestSNSTopicArn              = aws_sns_topic.gateway_requests.arn
-    TargetGrafanaAgentConfigURL     = "http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["target"].s3_object_id}"
-    TargetTaskRoleArn               = aws_iam_role.target.arn
-    VpcPublicSubnet                 = module.vpc.public_subnets[0]
+    AwsRegion                     = data.aws_region.current.name
+    DealgoodGrafanaAgentConfigURL = "https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["dealgood"].s3_object_id}"
+    DealgoodImage                 = "${aws_ecr_repository.dealgood.repository_url}:${local.dealgood_image_tag}"
+    DealgoodSecurityGroup         = aws_security_group.dealgood.id
+    DealgoodTaskRoleArn           = aws_iam_role.dealgood.arn
+    EcrBaseURL                    = aws_ecr_repository.thunderdome.repository_url
+    EcsClusterArn                 = module.ecs-asg.cluster_id
+    EcsExecutionRoleArn           = aws_iam_role.ecsTaskExecutionRole.arn
+    EfsFileSystemID               = aws_efs_file_system.thunderdome.id
+    ExperimentsTableName          = aws_dynamodb_table.experiments.name
+    PrometheusSecretArn           = data.aws_secretsmanager_secret.prometheus-secret.arn
+    IronbarAddr                   = "${aws_eip.ecs[0].public_ip}:${local.ironbar_port_number}"
+    LogGroupName                  = aws_cloudwatch_log_group.logs.name
+    RequestSNSTopicArn            = aws_sns_topic.gateway_requests.arn
+    TargetGrafanaAgentConfigURL   = "https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["target"].s3_object_id}"
+    TargetTaskRoleArn             = aws_iam_role.target.arn
+    VpcPublicSubnet               = module.vpc.public_subnets[0]
   })
 }