-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
r/synthetics_canary - new resource #13140
r/synthetics_canary - new resource #13140
Conversation
basic use case test now passing need to add the following:
|
When a canary is deleted, the Lambda that is created by it is not deleted... a work around is to delete the function as well but it requires calling the lambda from the canary resource for a resource thats not managed by terraform (albeit it is a byproduct) @bflad / @ewbankkit , thoughts? edit: according to the docs, none of the resources created by the canary are destroyed automatically. so there is more junk from other services as well |
@DrFaust92 sounds less than ideal. I think first things first we should split this PR into the service client and tagging parts (which we can merge immediately) versus the problematic resource implementation (which I'm not sure when we'll have more time to look into this issue). |
Will split these |
opened for only service and tag implementation #13186 |
9760c52
to
dc743ef
Compare
@DrFaust92 This sounds similar - although admittedly, more complex - to eg. a CloudWatch log group being created the first time a Lambda is run and not being deleted when the Lambda is deleted. The general workaround for that with Terraform is to also define the log group, and ensure it's created before the function runs for the first time; the function then uses that log group and if you delete everything from Terraform, everything is deleted. I haven't played around with Synthetics in anger yet so I'm not sure if a similar workflow would work (particularly given you probably wouldn't want to manage the entire Lambda from within Terraform... unless the code can be easily referenced from an S3 object? 🤔) but perhaps that workflow ^^ can offer inspiration towards a solution here. |
I've used the temporary provider based on this pull request with good results. I'd be keen to see this merged ASAP because the temporary provider will not pass the security review before production release, being considered SOUP (software of unknown provenance). Any idea when it might happen? |
hey @immo-huneke-zuhlke, i wasn't looking at this lately but at the time i was having issues with canary resource deletion as there are resource that are implicitly created by canary and create annoying dependencies. if you are satisfied with a fork of this branch im guessing some changes were made to it. i'll be happy receive a review of what changes are required to make this work or merge change from the fork. |
Hi Ilia,
Thanks for getting back to me so quickly.
The truth is that I don’t yet know if there are any resources left behind that have to be cleaned up manually – maybe there are some that I have not noticed.
I create the Lambda execution role and the associated policy explicitly, so those get deleted when the canary is destroyed. However, the role has permission to create Cloudwatch log groups and log streams, so any that it creates on the fly will not be deleted automatically. I think that’s ok, because logs should be accessible even after their originator has been deleted.
Similarly the outputs generated by the synthetic (HAR files, screenshots and stdout/stderr) are placed in the S3 bucket created for the synthetic canary by the Terraform script – but since this bucket is deleted when the canary is destroyed, the outputs disappear with it.
I think the documentation should warn users about these behaviours, but they are quite acceptable.
Best regards,
Immo
From: Ilia Lazebnik <notifications@github.com>
Reply to: terraform-providers/terraform-provider-aws <reply@reply.github.com>
Date: Thursday, 16 July 2020 at 11:33
To: terraform-providers/terraform-provider-aws <terraform-provider-aws@noreply.github.com>
Cc: Immo Huneke <immo.huneke@zuhlke.com>, Mention <mention@noreply.github.com>
Subject: Re: [terraform-providers/terraform-provider-aws] [WIP]r/synthetics_canary - new resource (#13140)
hey @immo-huneke-zuhlke<https://github.com/immo-huneke-zuhlke>, i wasn't looking at this lately but at the time i was having issues with canary resource deletion as there are resource that are implicitly created by canary and create annoying dependencies. if you are satisfied with a fork of this branch im guessing some changes were made to it.
i'll be happy receive a review of what changes are required to make this work or merge change from the fork.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#13140 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACHOGYF2U22VFUQMA2MLENLR33JRHANCNFSM4MYIXA5Q>.
|
@DrFaust92 I have been testing with what we have in this PR 👏 and it seems like once the Synthetics Canary has been created I can manually delete the Lambda that was implicitly created in the console. A |
dc743ef
to
ca031c6
Compare
Added some docs regarding implicit resources + some added tests (disappears) still experimenting with lambda deletion but all else seems to be working after a few tweaks. |
I think that canary start option is missing here. |
@MaksymBilenko, not sure i want to mix canary execution and canary start in a single resource. id split it it of to a different data source maybe, like lambda execution. |
@DrFaust92 Looking at the PR, this looks mostly done...? I'm happy to beta test or contribute if that moves things forward. Let me know how I can assist. Thanks for your effort here. |
29f4daa
to
c357b30
Compare
* `vpc_config` - (Optional) Configuration block. Detailed below. | ||
* `zip_file` - (Optional) ZIP file that contains the script, if you input your canary script directly into the canary instead of referring to an S3 location. It can be up to 5 MB. **Conflicts with `s3_bucket`, `s3_key`, and `s3_version`.** | ||
|
||
### schedule |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the modern documentation has links on the right side of the page to all the sections, internal links to the subsections aren't needed.
9dbc827
to
b235e19
Compare
b235e19
to
5dfe396
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! 🎉
GovCloud:
--- PASS: TestAccAWSSyntheticsCanary_disappears (36.45s)
--- PASS: TestAccAWSSyntheticsCanary_s3 (58.41s)
--- PASS: TestAccAWSSyntheticsCanary_runConfigTracing (86.62s)
--- PASS: TestAccAWSSyntheticsCanary_basic (92.23s)
--- PASS: TestAccAWSSyntheticsCanary_runtimeVersion (92.29s)
--- PASS: TestAccAWSSyntheticsCanary_tags (97.04s)
--- PASS: TestAccAWSSyntheticsCanary_runConfig (98.37s)
--- PASS: TestAccAWSSyntheticsCanary_startCanary (101.86s)
--- PASS: TestAccAWSSyntheticsCanary_vpc (477.29s)
us-west-2
:
--- PASS: TestAccAWSSyntheticsCanary_basic (86.26s)
--- PASS: TestAccAWSSyntheticsCanary_disappears (40.82s)
--- PASS: TestAccAWSSyntheticsCanary_runConfig (80.27s)
--- PASS: TestAccAWSSyntheticsCanary_runConfigTracing (78.04s)
--- PASS: TestAccAWSSyntheticsCanary_runConfigTracing (80.96s)
--- PASS: TestAccAWSSyntheticsCanary_runtimeVersion (75.07s)
--- PASS: TestAccAWSSyntheticsCanary_s3 (45.80s)
--- PASS: TestAccAWSSyntheticsCanary_startCanary (92.94s)
--- PASS: TestAccAWSSyntheticsCanary_tags (76.34s)
--- PASS: TestAccAWSSyntheticsCanary_vpc (655.78s)
c803ffe
to
7e034ea
Compare
7e034ea
to
6568886
Compare
This has been released in version 3.28.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Closes #11145
Release note for CHANGELOG:
Output from acceptance testing: