chore: implement different region for rosa (#50)

camunda · Aug 26, 2024 · 427bda0 · 427bda0
1 parent ccb173a
commit 427bda0
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 19 deletions.
diff --git a/.github/actions/rosa-cleanup-clusters/action.yml b/.github/actions/rosa-cleanup-clusters/action.yml
@@ -7,6 +7,8 @@ inputs:
   tf-bucket:
     description: 'Bucket containing the clusters states'
     required: true
+  tf-bucket-region:
+    description: 'Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION'
   max-age-hours-cluster:
     description: 'Maximum age of clusters in hours'
     required: false
@@ -19,4 +21,8 @@ runs:
       id: delete_clusters
       shell: bash
       run: |
+        if [ -n "${{ inputs.tf-bucket-region }}" ]; then
+          export AWS_S3_REGION="${{ inputs.tf-bucket-region }}"
+        fi
+
         ${{ github.action_path }}/scripts/destroy-clusters.sh "${{ inputs.tf-bucket }}" ${{ github.action_path }}/../../../modules/rosa-hcp/ /tmp/rosa/ ${{ inputs.max-age-hours-cluster }}
diff --git a/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh b/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh
@@ -48,6 +48,7 @@ MIN_AGE_IN_HOURS=$4
 HTPASSWD_PASSWORD="Fakepassword!!!3893948" # don't change it, it's a fake value for the destruction
 FAILED=0
 CURRENT_DIR=$(pwd)
+AWS_S3_REGION=${AWS_S3_REGION:-$AWS_REGION}
 
 # Function to perform terraform destroy
 destroy_cluster() {
@@ -66,7 +67,9 @@ destroy_cluster() {
 
   tree "." || return 1
 
-  if ! terraform init -backend-config="bucket=$BUCKET" -backend-config="key=${cluster_folder}/${cluster_id}.tfstate" -backend-config="region=$AWS_REGION"; then return 1; fi
+  echo "tf state: bucket=$BUCKET key=${cluster_folder}/${cluster_id}.tfstate region=$AWS_S3_REGION"
+
+  if ! terraform init -backend-config="bucket=$BUCKET" -backend-config="key=${cluster_folder}/${cluster_id}.tfstate" -backend-config="region=$AWS_S3_REGION"; then return 1; fi
 
 
   if ! terraform destroy -auto-approve -var "cluster_name=${cluster_id}" -var "htpasswd_password=$HTPASSWD_PASSWORD" -var "offline_access_token=$RH_TOKEN"; then return 1; fi
@@ -81,7 +84,21 @@ destroy_cluster() {
 }
 
 # List objects in the S3 bucket and parse the cluster IDs
-clusters=$(aws s3 ls "s3://$BUCKET/" | awk '{print $2}' | sed -n 's#^tfstate-\(.*\)/$#\1#p')
+all_objects=$(aws s3 ls "s3://$BUCKET/")
+aws_exit_code=$?
+
+if [ $aws_exit_code -ne 0 ]; then
+  echo "Error executing the aws s3 ls command (Exit Code: $aws_exit_code):" >&2
+  exit 1
+fi
+
+
+clusters=$(echo "$all_objects" | awk '{print $2}' | sed -n 's#^tfstate-\(.*\)/$#\1#p')
+if [ -z "$clusters" ]; then
+  echo "No objects found in the S3 bucket. Exiting script." >&2
+  exit 0
+fi
+
 current_timestamp=$(date +%s)
 
 for cluster_id in $clusters; do

diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md
@@ -16,6 +16,7 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service
 | `openshift-version` | Version of the OpenShift to install                          | false    | __see `action.yml`__        |
 | `replicas`          | Number of replicas for the ROSA cluster                      | false    | `2`              |
 | `s3-backend-bucket` | Name of the S3 bucket to store Terraform state               | true     |                  |
+| `s3-bucket-region`   | Region of the bucket containing the resources states, if not set, will fallback on `aws-region`                              | false    |                                |
 | `tf-modules-revision`| Git revision of the Terraform modules to use                | false    | `main`           |
 | `tf-modules-path`   | Path where the Terraform ROSA modules will be cloned         | false    | `./.action-tf-modules/rosa/` |
 | `login`             | Authenticate the current kube context on the created cluster | false    | `true`           |

diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml
@@ -43,6 +43,8 @@ inputs:
   s3-backend-bucket:
     description: 'Name of the S3 bucket to store Terraform state'
     required: true
+  s3-bucket-region:
+    description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region'
   tf-modules-revision:
     description: 'Git revision of the tf modules to use'
     default: 'main'
@@ -135,33 +137,39 @@ runs:
         sudo ./aws/install
         cd - && rm -Rf /tmp/awscli
 
-    - name: Check if S3 bucket exists
-      id: create-s3-bucket
-      shell: bash
-      run: |
-        if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} 2>/dev/null; then
-          echo "Bucket already exists"
-        else
-          echo "Bucket does not exist, creating..."
-          aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} --create-bucket-configuration LocationConstraint=${{ inputs.aws-region }}
-        fi
-
-        aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
-
     - name: Set Terraform variables
       shell: bash
       id: set-terraform-variables
       run: |
         export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
-        export TFSTATE_REGION="${{ inputs.aws-region }}"
         export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
+
+        if [ -z "${{ inputs.s3-bucket-region }}" ]; then
+          export TFSTATE_REGION="${{ inputs.aws-region }}"
+        else
+          export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
+        fi
+
         echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
         echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
         echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
 
         terraform_state_url="s3://${TFSTATE_BUCKET}/${TFSTATE_KEY}"
         echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT"
 
+    - name: Check if S3 bucket exists
+      id: create-s3-bucket
+      shell: bash
+      run: |
+        if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} 2>/dev/null; then
+          echo "Bucket already exists"
+        else
+          echo "Bucket does not exist, creating..."
+          aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --create-bucket-configuration LocationConstraint=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}
+        fi
+
+        aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
+
     - name: Checkout Repository rosa modules
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       with:

diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md
@@ -10,6 +10,7 @@ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service o
 | `cluster-name`       | Name of the ROSA cluster to delete                       | true     |                                |
 | `aws-region`         | AWS region where the ROSA cluster is deployed            | true     |                                |
 | `s3-backend-bucket`  | Name of the S3 bucket where the Terraform state is stored| true     |                                |
+| `s3-bucket-region`   | Region of the bucket containing the resources states, if not set, will fallback on `aws-region`                              | false    |                                |
 | `awscli-version`     | Version of the aws cli to use                            | false    | __see `action.yml`__                      |
 | `tf-modules-revision`| Git revision of the tf modules to use                    | false    | `main`                         |
 | `tf-modules-path`    | Path where the tf rosa modules will be cloned            | false    | `./.action-tf-modules/rosa/`   |

diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml
@@ -17,6 +17,8 @@ inputs:
   s3-backend-bucket:
     description: 'Name of the S3 bucket where the Terraform state is stored'
     required: true
+  s3-bucket-region:
+    description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region'
   awscli-version:
     description: 'Version of the aws cli to use'
     required: true
@@ -74,8 +76,14 @@ runs:
       id: set-terraform-variables
       run: |
         export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
-        export TFSTATE_REGION="${{ inputs.aws-region }}"
         export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
+
+        if [ -z "${{ inputs.s3-bucket-region }}" ]; then
+          export TFSTATE_REGION="${{ inputs.aws-region }}"
+        else
+          export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
+        fi
+
         echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
         echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
         echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"

diff --git a/.github/workflows/daily-cleanup.yml b/.github/workflows/daily-cleanup.yml
@@ -23,7 +23,8 @@ env:
 
   # please keep those variables synced with tests.yml
   TESTS_AWS_REGION: "eu-west-2"
-  TF_S3_BUCKET: "camunda-tf-rosa"
+  TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1"
+  TF_S3_REGION: "eu-central-1"
 
 jobs:
 
@@ -72,6 +73,7 @@ jobs:
           AWS_REGION: "${{ env.TESTS_AWS_REGION }}"
         with:
           tf-bucket: "${{ env.TF_S3_BUCKET }}"
+          tf-bucket-region: "${{ env.TF_S3_REGION }}"
           max-age-hours-cluster: "${{ env.MAX_AGE_HOURS_CLUSTER }}"
 
       - name: Notify in Slack in case of failure

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -37,7 +37,8 @@ env:
 
   # please keep those variables synced with daily-cleanup.yml
   TESTS_AWS_REGION: "eu-west-2"
-  TF_S3_BUCKET: "camunda-tf-rosa"
+  TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1"
+  TF_S3_REGION: "eu-central-1"
 
   OCP_ADMIN_USERNAME: "kube-admin"
   OCP_NAMESPACE: "myns"
@@ -100,6 +101,7 @@ jobs:
           admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
           aws-region: ${{ env.TESTS_AWS_REGION }}
           s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
+          s3-bucket-region: ${{ env.TF_S3_REGION }}
 
       - name: Create namespace if not exists
         shell: bash
@@ -119,6 +121,7 @@ jobs:
           cluster-name: "${{ steps.commit_info.outputs.cluster_name }}"
           aws-region: ${{ env.TESTS_AWS_REGION }}
           s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
+          s3-bucket-region: ${{ env.TF_S3_REGION }}
 
       - name: Notify in Slack in case of failure
         id: slack-notification