[eks/argocd] Added ArgoCD notification configuration (cloudposse/terr…

…aform-aws-components#851) Co-authored-by: cloudpossebot <[email protected]> Co-authored-by: Andriy Knysh <[email protected]>
cloudposse-terraform-components · Sep 4, 2023 · 30938f1 · 30938f1
1 parent 89f52cb
commit 30938f1
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 70 deletions.
diff --git a/src/CHANGELOG.md b/src/CHANGELOG.md
@@ -0,0 +1,36 @@
+## Components PR [#851](https://github.com/cloudposse/terraform-aws-components/pull/851)
+
+This is a bug fix and feature enhancement update.
+There are few actions necessary to upgrade.
+
+## Upgrade actions
+
+1. Enable `github_default_notifications_enabled` (set `true`)
+```yaml
+components:
+  terraform:
+    argocd-repo-defaults:
+      metadata:
+        type: abstract
+      vars:
+        enabled: true
+        github_default_notifications_enabled: true
+```
+2. Apply changes with Atmos
+
+
+## Features
+* Support predefined GitHub commit status notifications for CD sync mode:
+  * `on-deploy-started`
+    * `app-repo-github-commit-status`
+    * `argocd-repo-github-commit-status`
+  * `on-deploy-succeded`
+    * `app-repo-github-commit-status`
+    * `argocd-repo-github-commit-status`
+  * `on-deploy-failed`
+    * `app-repo-github-commit-status`
+    * `argocd-repo-github-commit-status`
+
+### Bug Fixes
+
+* Remove legacy unnecessary helm values used in old ArgoCD versions (ex. `workflow auth` configs) and dropped notifications services
diff --git a/src/README.md b/src/README.md
@@ -133,9 +133,10 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| <a name="input_environments"></a> [environments](#input\_environments) | Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for.<br><br>`auto-sync` determines whether or not the ArgoCD application will be automatically synced.<br><br>`ignore-differences` determines whether or not the ArgoCD application will ignore the number of<br>replicas in the deployment. Read more on ignore differences here:<br>https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs<br><br>Example:<pre>tenant: plat<br>environment: use1<br>stage: sandbox<br>auto-sync: true<br>ignore-differences:<br>  - group: apps<br>    kind: Deployment<br>    json-pointers:<br>      - /spec/replicas</pre> | <pre>list(object({<br>    tenant      = string<br>    environment = string<br>    stage       = string<br>    auto-sync   = bool<br>    ignore-differences = list(object({<br>      group         = string,<br>      kind          = string,<br>      json-pointers = list(string)<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_environments"></a> [environments](#input\_environments) | Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for.<br><br>`auto-sync` determines whether or not the ArgoCD application will be automatically synced. | <pre>list(object({<br>    tenant      = string<br>    environment = string<br>    stage       = string<br>    auto-sync   = bool<br>  }))</pre> | `[]` | no |
 | <a name="input_github_base_url"></a> [github\_base\_url](#input\_github\_base\_url) | This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/` | `string` | `null` | no |
 | <a name="input_github_codeowner_teams"></a> [github\_codeowner\_teams](#input\_github\_codeowner\_teams) | List of teams to use when populating the CODEOWNERS file.<br><br>For example: `["@ACME/cloud-admins", "@ACME/cloud-developers"]`. | `list(string)` | n/a | yes |
+| <a name="input_github_default_notifications_enabled"></a> [github\_default\_notifications\_enabled](#input\_github\_default\_notifications\_enabled) | Enable default GitHub commit statuses notifications (required for CD sync mode) | `bool` | `true` | no |
 | <a name="input_github_organization"></a> [github\_organization](#input\_github\_organization) | GitHub Organization | `string` | n/a | yes |
 | <a name="input_github_token_override"></a> [github\_token\_override](#input\_github\_token\_override) | Use the value of this variable as the GitHub token instead of reading it from SSM | `string` | `null` | no |
 | <a name="input_github_user"></a> [github\_user](#input\_github\_user) | Github user | `string` | n/a | yes |
@@ -151,7 +152,6 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 | <a name="input_permissions"></a> [permissions](#input\_permissions) | A list of Repository Permission objects used to configure the team permissions of the repository<br><br>`team_slug` should be the name of the team without the `@{org}` e.g. `@cloudposse/team` => `team`<br>`permission` is just one of the available values listed below | <pre>list(object({<br>    team_slug  = string,<br>    permission = string<br>  }))</pre> | `[]` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_slack_channel"></a> [slack\_channel](#input\_slack\_channel) | The name of the slack channel to configure ArgoCD notifications for | `string` | `null` | no |
 | <a name="input_ssm_github_api_key"></a> [ssm\_github\_api\_key](#input\_ssm\_github\_api\_key) | SSM path to the GitHub API key | `string` | `"/argocd/github/api_key"` | no |
 | <a name="input_ssm_github_deploy_key_format"></a> [ssm\_github\_deploy\_key\_format](#input\_ssm\_github\_deploy\_key\_format) | Format string of the SSM parameter path to which the deploy keys will be written to (%s will be replaced with the environment name) | `string` | `"/argocd/deploy_keys/%s"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
@@ -173,7 +173,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 
 
 ## References
-  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/argocd-repo) - Cloud Posse's upstream component
+  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/TODO) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/src/applicationset.tf b/src/applicationset.tf
@@ -5,13 +5,12 @@ resource "github_repository_file" "application_set" {
   branch     = join("", github_repository.default.*.default_branch)
   file       = "${each.value.tenant != null ? format("%s/", each.value.tenant) : ""}${each.value.environment}-${each.value.stage}/${local.manifest_kubernetes_namespace}/applicationset.yaml"
   content = templatefile("${path.module}/templates/applicationset.yaml.tpl", {
-    environment        = each.key
-    auto-sync          = each.value.auto-sync
-    ignore-differences = each.value.ignore-differences
-    name               = module.this.namespace
-    namespace          = local.manifest_kubernetes_namespace
-    ssh_url            = join("", github_repository.default.*.ssh_clone_url)
-    slack_channel      = var.slack_channel
+    environment   = each.key
+    auto-sync     = each.value.auto-sync
+    name          = module.this.namespace
+    namespace     = local.manifest_kubernetes_namespace
+    ssh_url       = join("", github_repository.default.*.ssh_clone_url)
+    notifications = var.github_default_notifications_enabled
   })
   commit_message      = "Initialize environment: `${each.key}`."
   commit_author       = var.github_user

diff --git a/src/providers.tf b/src/providers.tf
@@ -8,7 +8,7 @@ provider "aws" {
     # module.iam_roles.terraform_role_arn may be null, in which case do not assume a role.
     for_each = compact([module.iam_roles.terraform_role_arn])
     content {
-      role_arn = assume_role.value
+      role_arn = module.iam_roles.terraform_role_arn
     }
   }
 }

diff --git a/src/templates/applicationset.yaml.tpl b/src/templates/applicationset.yaml.tpl
@@ -8,24 +8,6 @@ metadata:
     argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc
     argocd.argoproj.io/sync-options: PruneLast=true
     argocd.argoproj.io/sync-wave: "-2"
-%{if slack_channel != "" && slack_channel != null ~}
-    notifications.argoproj.io/subscribe.on-deployed.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-health-degraded.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-sync-failed.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-sync-running.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-sync-status-unknown.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ${slack_channel}
-    notifications.argoproj.io/subscribe.on-deleted.slack: ${slack_channel}
-%{ endif ~}
-    notifications.argoproj.io/subscribe.on-deployed.datadog: ""
-    notifications.argoproj.io/subscribe.on-health-degraded.datadog: ""
-    notifications.argoproj.io/subscribe.on-sync-failed.datadog: ""
-    notifications.argoproj.io/subscribe.on-sync-running.datadog: ""
-    notifications.argoproj.io/subscribe.on-sync-status-unknown.datadog: ""
-    notifications.argoproj.io/subscribe.on-sync-succeeded.datadog: ""
-    notifications.argoproj.io/subscribe.on-deployed.github-deployment: ""
-    notifications.argoproj.io/subscribe.on-deployed.github-commit-status: ""
-    notifications.argoproj.io/subscribe.on-deleted.github-deployment: ""
   name: ${name}
   namespace: ${namespace}
 spec:
@@ -49,6 +31,7 @@ kind: ApplicationSet
 metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "0"
+  creationTimestamp: null
   name: ${name}
   namespace: ${namespace}
 spec:
@@ -61,11 +44,18 @@ spec:
   template:
     metadata:
       annotations:
+        deployment_id: '{{deployment_id}}'
         app_repository: '{{app_repository}}'
         app_commit: '{{app_commit}}'
-        app_hostname: '{{app_hostname}}'
-        notifications.argoproj.io/subscribe.on-deployed.github: ""
-        notifications.argoproj.io/subscribe.on-deployed.github-commit-status: ""
+        app_hostname: 'https://{{app_hostname}}'
+%{if notifications ~}
+        notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: ""
+        notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: ""
+        notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: ""
+        notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: ""
+        notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: ""
+        notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: ""
+%{ endif ~}
       name: '{{name}}'
     spec:
       project: ${name}
@@ -84,15 +74,3 @@ spec:
 %{ endif ~}
         syncOptions:
           - CreateNamespace=true
-%{if length(ignore-differences) > 0 ~}
-          - RespectIgnoreDifferences=true
-      ignoreDifferences:
-%{for item in ignore-differences ~}
-        - group: "${item.group}"
-          kind: "${item.kind}"
-          jsonPointers:
-%{for pointer in item.json-pointers ~}
-            - ${pointer}
-%{ endfor ~}
-%{ endfor ~}
-%{ endif ~}
diff --git a/src/variables.tf b/src/variables.tf
@@ -15,33 +15,11 @@ variable "environments" {
     environment = string
     stage       = string
     auto-sync   = bool
-    ignore-differences = list(object({
-      group         = string,
-      kind          = string,
-      json-pointers = list(string)
-    }))
   }))
   description = <<-EOT
   Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for.
 
   `auto-sync` determines whether or not the ArgoCD application will be automatically synced.
-
-  `ignore-differences` determines whether or not the ArgoCD application will ignore the number of
-  replicas in the deployment. Read more on ignore differences here:
-  https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs
-
-  Example:
-  ```
-  tenant: plat
-  environment: use1
-  stage: sandbox
-  auto-sync: true
-  ignore-differences:
-    - group: apps
-      kind: Deployment
-      json-pointers:
-        - /spec/replicas
-  ```
   EOT
   default     = []
 }
@@ -126,8 +104,8 @@ variable "permissions" {
   }
 }
 
-variable "slack_channel" {
-  type        = string
-  description = "The name of the slack channel to configure ArgoCD notifications for"
-  default     = null
+variable "github_default_notifications_enabled" {
+  type        = bool
+  default     = true
+  description = "Enable default GitHub commit statuses notifications (required for CD sync mode)"
 }