Updates made on NSIDC Fork (#193)

* Fixed bug where report_granules_sns_topic_arn output was not referencing the correct Cumulus output resource * Added ecs_include_docker_cleanup_cronjob variable, defaulting to false * Added DAR="YES" to thin-egress module * Added optional urs_tea_client_id and urs_tea_client_password in case these are different from their Cumulus counterparts * Added the bucket map deployment as optional, not deploying if there's a bucket_map_key present * Removed DAR = "YES" tag from TEA stack Updated ChangeLog * Moved urs_tea variables to the TEA section Updated comment for the bucket map resorce to be clearer * Fixed typo in locals.tf
asfadmin · Jun 17, 2024 · 832167e · 832167e
1 parent 52ed7be
commit 832167e
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # CHANGELOG
 
-## unreleased
+## Unreleased
+* Added separate urs_tea_client_id and urs_tea_client_password that can be specified if these are different from the non-tea versions of the variables.
+* Added optional ecs_include_docker_cleanup_cronjob variable, defaulting to False.
+* Fixed the value of the output report_granules_sns_topic_arn to point to module.cumulus.report_granules_sns_topic_arn instead of report_executions_sns_topic_arn.
+* Updated aws_s3_object.bucket_map_yaml so we only deploy this TEA bucket map when we don't provide a bucket_map_key from the daac module.
 * add a Makefile target to import tea lambda cloudwatch group if getting an "The
 specified log group already exists" error: `make import-thin-egress-log`
 * add .gitconfig file to Docker image to mark /CIRRUS-core and /CIRRUS-DAAC as safe

diff --git a/cumulus/locals.tf b/cumulus/locals.tf
@@ -42,4 +42,7 @@ locals {
   default_tags = {
     Deployment = local.prefix
   }
+
+  urs_tea_client_id = var.urs_tea_client_id != null ? var.urs_tea_client_id : var.urs_client_id
+  urs_tea_client_password = var.urs_tea_client_password != null ? var.urs_tea_client_password : var.urs_client_password
 }
diff --git a/cumulus/main.tf b/cumulus/main.tf
@@ -115,6 +115,8 @@ module "cumulus" {
     execution_limit = var.thottled_queue_execution_limit
   }]
 
+  ecs_include_docker_cleanup_cronjob = var.ecs_include_docker_cleanup_cronjob
+
   tags = local.default_tags
 }
 

diff --git a/cumulus/outputs.tf b/cumulus/outputs.tf
@@ -116,7 +116,7 @@ output "report_executions_sns_topic_arn" {
   value = module.cumulus.report_executions_sns_topic_arn
 }
 output "report_granules_sns_topic_arn" {
-  value = module.cumulus.report_executions_sns_topic_arn
+  value = module.cumulus.report_granules_sns_topic_arn
 }
 output "report_pdrs_sns_topic_arn" {
   value = module.cumulus.report_pdrs_sns_topic_arn

diff --git a/cumulus/thin-egress.tf b/cumulus/thin-egress.tf
@@ -2,7 +2,7 @@ module "thin_egress_app" {
   source = "s3::https://s3.amazonaws.com/asf.public.code/thin-egress-app/tea-terraform-build.1.3.5.zip"
 
   auth_base_url                      = var.urs_url
-  bucket_map_file                    = local.bucket_map_key == null ? aws_s3_object.bucket_map_yaml.id : local.bucket_map_key
+  bucket_map_file                    = local.bucket_map_key == null ? aws_s3_object.bucket_map_yaml[0].id : local.bucket_map_key
   bucketname_prefix                  = ""
   config_bucket                      = local.system_bucket
   cookie_domain                      = var.thin_egress_cookie_domain
@@ -35,12 +35,14 @@ resource "aws_secretsmanager_secret" "thin_egress_urs_creds" {
 resource "aws_secretsmanager_secret_version" "thin_egress_urs_creds" {
   secret_id = aws_secretsmanager_secret.thin_egress_urs_creds.id
   secret_string = jsonencode({
-    UrsId   = var.urs_client_id
-    UrsAuth = base64encode("${var.urs_client_id}:${var.urs_client_password}")
+    UrsId   = local.urs_tea_client_id
+    UrsAuth = base64encode("${local.urs_tea_client_id}:${local.urs_tea_client_password}")
   })
 }
 
 resource "aws_s3_object" "bucket_map_yaml" {
+  # If bucket_map_key is set, the daac module already created one and we can skip creation here
+  count = local.bucket_map_key == null ? 1 : 0
   bucket = local.system_bucket
   key    = "${local.prefix}/thin-egress-app/${local.prefix}-bucket_map.yaml"
   content = templatefile("./thin-egress-app/bucket_map.yaml.tmpl", {

diff --git a/cumulus/variables.tf b/cumulus/variables.tf
@@ -356,6 +356,12 @@ variable "ecs_cluster_instance_docker_volume_size" {
   default     = 50
 }
 
+variable "ecs_include_docker_cleanup_cronjob" {
+  description = "*Experimental* flag to configure a cron to run fstrim on all active container root filesystems"
+  type        = bool
+  default     = false
+}
+
 variable "bucket_map" {
   type    = map(object({ name = string, type = string }))
   default = {}
@@ -414,6 +420,18 @@ variable "egress_lambda_log_retention_days" {
   description = "Number of days to retain TEA logs"
 }
 
+variable "urs_tea_client_id" {
+  type = string
+  default = null
+  description = "The EarthData ID passed into the TEA module for URS authentication. If not provided, the value of urs_client_id will be used."
+}
+
+variable "urs_tea_client_password" {
+  type = string
+  default = null
+  description = "The EarthData password passed into the TEA module for URS authentication. If not provided, the value of urs_client_password will be used."
+}
+
 variable "cmr_acl_based_credentials" {
   type        = bool
   default     = false