-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: expose idle timeout loadbalancer input #569
Conversation
/run pipeline |
/run pipeline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -298,6 +299,19 @@ variable "load_balancers" { | |||
)) == 0 | |||
} | |||
|
|||
validation { | |||
error_message = "Load balancer idle_connection_timeout must be between 50 and 7200." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest to mention that "idle_connection_timeout" is used only by application
load balancer.
Also, the unit test failed because of the auth policy conflict. Probably need to delete existing policy manually before re-running the pipeline. Separate to this task - we probably need to investigate ways to check the auth policy prior to creating it. This will avoid "auth policy conflict" issues. If you agree @vburckhardt I can create a task to look into this. |
The upgrade test failed with this, which seems expected, so I suggest skipping it:
|
@rajatagarwal-ibm The issue with clashing auth policies is a known issue. It happens because the block storage auth policy cannot be scoped to a specific resource group, and because we use a permanent HPCS instance, so it means such a policy may already exist in our account from a parallel test, or an old test that did not get cleaned up. |
/run pipeline |
tests/pr_test.go
Outdated
ResourceGroup: resourceGroup, | ||
Region: region, | ||
TerraformVars: map[string]interface{}{ | ||
"skip_iam_authorization_policy": true, // The test account already has got a s2s policy setup that would clash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of the time this auth policy will not exist actually, and this test will fail. The nuke nukes all global auth policies. We could add a feature to the nuke maybe to pass an ignore list of auth policies? Since policies don't have a name, we can't use the geretain
prefix to tell nuke to ignore them - we would have to add a new way to ignore policies.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually think this is a good feature to have with the nuke, so I have created an internal issue for it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to really review our testing approach here, I am spending 10x the time to get that pipeline to pass on unrelated aspects, than actually coding the change. We have a problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll comment it out, I think we need to invest in fresh account created for tests that touch account level resources like s2s policies. Once we have an enterprise account, we can create subaccounts for it for each new test run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, we have the enterprise account already, so we should deep dive on next steps
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's prioritize this in next sprint.
/run pipeline |
🎉 This PR is included in version 2.13.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Description
Expose https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_lb_listener#idle_connection_timeout in the lb inputs.
Part of terraform-ibm-modules/terraform-ibm-landing-zone#609
Release required?
x.x.X
)x.X.x
)X.x.x
)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers