Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewall rules excessive changes on terraform plan #5431

Closed
4 tasks done
markgov opened this issue Nov 9, 2023 · 4 comments
Closed
4 tasks done

Firewall rules excessive changes on terraform plan #5431

markgov opened this issue Nov 9, 2023 · 4 comments
Assignees
@markgov
Labels
firebreak Mod Platform skunk works terraform Pull requests that update Terraform code

Comments

@markgov
Copy link
Contributor

markgov commented Nov 9, 2023
edited
Loading

User Story

As a Modernisation platform engineer
I want to explore a better way of merging all the firewall json file together
So that when a plan is run it only shows the new rule that is added and dose not change the position of existing firewall rules

Value / Purpose

This was noticed by one of our account holders when he put a new PR in for new firewall rules when he looked at the plan he noticed a lot of changes happening and could not tell if his changes where going though, it was only after investigation that we found out that this was expected behaviour due to the random nature of how merge works in terraform. That it recreates the main firewall file and current firewall positions are not guaranteed.

Useful Contacts

Mark Roberts

Additional Information

No response

Proposal / Unknowns

Definition of Done

  • Alternative options explored
  • Potentially implement new option
  • Another team member has reviewed
  • Firewall rules can be applied without significant churn
@dms1981
Copy link
Contributor

dms1981 commented Jan 22, 2024

I don't think there's a better way on this; because the rules.json files are merged and passed in as an object - aws_networkfirewall_rule_group - there will be changes to that resource, and those will be output into the Terraform plan.

@dms1981 dms1981 added terraform Pull requests that update Terraform code firewall firebreak Mod Platform skunk works and removed needs refining labels May 9, 2024
@markgov markgov self-assigned this Dec 12, 2024
@markgov markgov mentioned this issue Dec 16, 2024
Merged
4 tasks
@markgov
Copy link
Contributor Author

markgov commented Dec 16, 2024

potenial change
https://github.com/ministryofjustice/modernisation-platform/pull/8774/files
adds a sort before the merge

@markgov markgov moved this from To Do to In Progress in Modernisation Platform Dec 16, 2024
@markgov markgov moved this from In Progress to For Review in Modernisation Platform Jan 14, 2025
@markgov
Copy link
Contributor Author

markgov commented Jan 14, 2025

Adding a sort function seems to have done the job so moving this to review

@Khatraf
Copy link
Contributor

Khatraf commented Jan 16, 2025

DoD has been ticked off, and the solution works as expected so moving it to done.

@Khatraf Khatraf closed this as completed Jan 16, 2025
@github-project-automation github-project-automation bot moved this from For Review to Done in Modernisation Platform Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markgov markgov

Labels
firebreak Mod Platform skunk works terraform Pull requests that update Terraform code
Projects
Modernisation Platform
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dms1981 @markgov @Khatraf