From b42c22d9da137f823d035990b1dcaa96b7a5b97b Mon Sep 17 00:00:00 2001 From: Diego Lagos <92735530+diegolagospagopa@users.noreply.github.com> Date: Tue, 17 Jan 2023 12:15:11 +0100 Subject: [PATCH] feat: Cosmosdb migrated from v2 (#32) * updated with v2 version * chore docs * fix outputs deprecated * updated from v2 * default_ttl_seconds must be not equal to 0 --- cosmosdb_account/README.md | 10 ++++ cosmosdb_account/main.tf | 58 ++++++++++++++++++++++++ cosmosdb_account/output.tf | 15 ++++-- cosmosdb_account/variables.tf | 33 ++++++++++++++ cosmosdb_mongodb_collection/main.tf | 10 +++- cosmosdb_mongodb_collection/variables.tf | 2 +- cosmosdb_sql_container/main.tf | 14 +++--- cosmosdb_sql_database/main.tf | 2 +- docs/MIGRATION_FROM_V2.md | 15 +++--- 9 files changed, 139 insertions(+), 20 deletions(-) diff --git a/cosmosdb_account/README.md b/cosmosdb_account/README.md index 973aec75..70b43018 100644 --- a/cosmosdb_account/README.md +++ b/cosmosdb_account/README.md @@ -106,6 +106,16 @@ module "cgn_cosmosdb_containers" { } ``` +## Migration from v2 + +1️⃣ Arguments changed: + +* The field `capabilities` will no longer accept the value `EnableAnalyticalStorage`. +* `primary_master_key` -> `primary_key`. +* `secondary_master_key` -> `secondary_key`. +* `primary_readonly_master_key` -> `primary_readonly_key`. +* `secondary_readonly_master_key` -> `secondary_readonly_key`. + ## Requirements diff --git a/cosmosdb_account/main.tf b/cosmosdb_account/main.tf index 61c4b166..62204b79 100644 --- a/cosmosdb_account/main.tf +++ b/cosmosdb_account/main.tf @@ -167,3 +167,61 @@ resource "azurerm_management_lock" "this" { lock_level = "CanNotDelete" notes = "This items can't be deleted in this subscription!" } + + +# ----------------------------------------------- +# Alerts +# ----------------------------------------------- + +resource "azurerm_monitor_metric_alert" "cosmos_db_provisioned_throughput_exceeded" { + count = var.enable_provisioned_throughput_exceeded_alert ? 1 : 0 + + name = "[${var.domain != null ? "${var.domain} | " : ""}${azurerm_cosmosdb_account.this.name}] Provisioned Throughput Exceeded" + resource_group_name = var.resource_group_name + scopes = [azurerm_cosmosdb_account.this.id] + description = "A collection throughput (RU/s) exceed provisioned throughput, and it's raising 429 errors. Please, consider to increase RU. Runbook: not needed." + severity = 0 + window_size = "PT5M" + frequency = "PT5M" + auto_mitigate = false + + + # Metric info + # https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftdocumentdbdatabaseaccounts + criteria { + metric_namespace = "Microsoft.DocumentDB/databaseAccounts" + metric_name = "TotalRequestUnits" + aggregation = "Total" + operator = "GreaterThan" + threshold = var.provisioned_throughput_exceeded_threshold + skip_metric_validation = false + + + dimension { + name = "Region" + operator = "Include" + values = [var.main_geo_location_location] + } + dimension { + name = "StatusCode" + operator = "Include" + values = ["429"] + } + dimension { + name = "CollectionName" + operator = "Include" + values = ["*"] + } + + } + + dynamic "action" { + for_each = var.action + content { + action_group_id = action.value["action_group_id"] + webhook_properties = action.value["webhook_properties"] + } + } + + tags = var.tags +} diff --git a/cosmosdb_account/output.tf b/cosmosdb_account/output.tf index b9626024..16994909 100644 --- a/cosmosdb_account/output.tf +++ b/cosmosdb_account/output.tf @@ -23,23 +23,30 @@ output "read_endpoints" { value = azurerm_cosmosdb_account.this.read_endpoints } +# @deprecated output "primary_master_key" { - value = azurerm_cosmosdb_account.this.primary_master_key + value = azurerm_cosmosdb_account.this.primary_key sensitive = true } output "primary_key" { - value = azurerm_cosmosdb_account.this.primary_master_key + value = azurerm_cosmosdb_account.this.primary_key sensitive = true } output "secondary_key" { - value = azurerm_cosmosdb_account.this.secondary_master_key + value = azurerm_cosmosdb_account.this.secondary_key sensitive = true } +# @deprecated output "primary_readonly_master_key" { - value = azurerm_cosmosdb_account.this.primary_readonly_master_key + value = azurerm_cosmosdb_account.this.primary_readonly_key + sensitive = true +} + +output "primary_readonly_key" { + value = azurerm_cosmosdb_account.this.primary_readonly_key sensitive = true } diff --git a/cosmosdb_account/variables.tf b/cosmosdb_account/variables.tf index 318ebb5b..69b26cc7 100644 --- a/cosmosdb_account/variables.tf +++ b/cosmosdb_account/variables.tf @@ -9,6 +9,11 @@ variable "name" { description = "(Required) Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created." } +variable "domain" { + type = string + description = "(Optional) Specifies the domain of the CosmosDB Account." +} + // Resource Group variable "resource_group_name" { type = string @@ -172,3 +177,31 @@ variable "lock_enable" { variable "tags" { type = map(any) } + + +# ------------------- +# Alerts variables +# ------------------- + +variable "enable_provisioned_throughput_exceeded_alert" { + type = bool + description = "Enable the Provisioned Throughput Exceeded alert. Default is true" + default = true +} + +variable "provisioned_throughput_exceeded_threshold" { + type = number + description = "The Provisioned Throughput Exceeded threshold. If metric average is over this value, the alert will be triggered. Default is 0, we want to act as soon as possible." + default = 0 +} + +variable "action" { + description = "The ID of the Action Group and optional map of custom string properties to include with the post webhook operation." + type = set(object( + { + action_group_id = string + webhook_properties = map(string) + } + )) + default = [] +} diff --git a/cosmosdb_mongodb_collection/main.tf b/cosmosdb_mongodb_collection/main.tf index ce8c03d0..0f6df1c8 100644 --- a/cosmosdb_mongodb_collection/main.tf +++ b/cosmosdb_mongodb_collection/main.tf @@ -20,6 +20,13 @@ resource "azurerm_cosmosdb_mongo_collection" "this" { } } + lifecycle { + ignore_changes = [ + # ignore changes to autoscale_settings due to this operation is done manually + autoscale_settings, + ] + } + dynamic "autoscale_settings" { for_each = var.max_throughput == null ? [] : ["dummy"] content { @@ -33,6 +40,7 @@ resource "azurerm_cosmosdb_mongo_collection" "this" { read = var.timeout_read delete = var.timeout_delete } + } resource "azurerm_management_lock" "this" { @@ -41,4 +49,4 @@ resource "azurerm_management_lock" "this" { scope = azurerm_cosmosdb_mongo_collection.this.id lock_level = "CanNotDelete" notes = "This items can't be deleted in this subscription!" -} \ No newline at end of file +} diff --git a/cosmosdb_mongodb_collection/variables.tf b/cosmosdb_mongodb_collection/variables.tf index 9a9e80b6..12b71ddf 100644 --- a/cosmosdb_mongodb_collection/variables.tf +++ b/cosmosdb_mongodb_collection/variables.tf @@ -29,7 +29,7 @@ variable "cosmosdb_mongo_database_name" { variable "default_ttl_seconds" { type = number - default = 0 + default = null #https://github.com/hashicorp/terraform-provider-azurerm/pull/16405 description = "The default Time To Live in seconds. If the value is -1 or 0, items are not automatically expired." } diff --git a/cosmosdb_sql_container/main.tf b/cosmosdb_sql_container/main.tf index 29563228..e0761f92 100644 --- a/cosmosdb_sql_container/main.tf +++ b/cosmosdb_sql_container/main.tf @@ -15,17 +15,17 @@ resource "azurerm_cosmosdb_sql_container" "this" { } } + # this is a temp workaournd until azurerm 3.0 because azurerm 2.99 minimum value is 4000 + lifecycle { + ignore_changes = [ + autoscale_settings, + ] + } + dynamic "autoscale_settings" { for_each = var.autoscale_settings != null ? [var.autoscale_settings] : [] content { max_throughput = autoscale_settings.value.max_throughput } } - - # this is a temp workaournd until azurerm 3.0 because azurerm 2.99 minimum value is 4000 - lifecycle { - ignore_changes = [ - autoscale_settings[0].max_throughput, - ] - } } diff --git a/cosmosdb_sql_database/main.tf b/cosmosdb_sql_database/main.tf index f672c6f4..d3eb99d1 100644 --- a/cosmosdb_sql_database/main.tf +++ b/cosmosdb_sql_database/main.tf @@ -3,4 +3,4 @@ resource "azurerm_cosmosdb_sql_database" "this" { resource_group_name = var.resource_group_name account_name = var.account_name throughput = var.throughput -} \ No newline at end of file +} diff --git a/docs/MIGRATION_FROM_V2.md b/docs/MIGRATION_FROM_V2.md index 622b6c64..61cc8dbe 100644 --- a/docs/MIGRATION_FROM_V2.md +++ b/docs/MIGRATION_FROM_V2.md @@ -1,9 +1,12 @@ # Migration from azurerm v2 -| module | status | note | -|--------|--------|-------| -| storage| ok | read migration guide | -| subnet | ok | read migration guide | -| vnet | ok | read migration guide | -| vpn | ok | read migration guide | + + +| module | status | note | +|-------- |--------|-------| +| storage | ok | read migration guide | +| cosmosdb | ok | read migration guide | +| subnet | ok | read migration guide | +| vnet | ok | read migration guide | +| vpn | ok | read migration guide | | kubernetes_cluster | ok | state import mandatory + read migration guide |