feat: sqs options (#18)

* feat: sqs options

* feat: bump versions of submodules

Author: TheOutdoorProgrammer

main.tf

@@ -14,7 +14,7 @@ locals {
 }
 
 module "spacelift" {
-  source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted?ref=v1.1.0"
+  source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted?ref=v1.10.0"
 
   unique_suffix = local.unique_suffix
   region        = var.aws_region
@@ -46,6 +46,8 @@ module "spacelift" {
   rds_preferred_backup_window            = var.rds_preferred_backup_window
   rds_backup_retention_period            = var.rds_backup_retention_period
 
+  create_sqs = var.create_sqs
+
   website_endpoint = "https://${var.server_domain}"
 
   s3_retain_on_destroy       = var.s3_retain_on_destroy
@@ -59,7 +61,6 @@ module "iam" {
   unique_suffix                        = module.spacelift.unique_suffix
   aws_account_id                       = data.aws_caller_identity.current.account_id
   aws_partition                        = data.aws_partition.current.partition
-  aws_dns_suffix                       = data.aws_partition.current.dns_suffix
   kms_key_arn                          = module.spacelift.kms_key_arn
   kms_encryption_key_arn               = module.spacelift.kms_encryption_key_arn
   kms_signing_key_arn                  = module.spacelift.kms_signing_key_arn
@@ -78,6 +79,8 @@ module "iam" {
   server_service_account_name          = var.server_service_account_name
   drain_service_account_name           = var.drain_service_account_name
   scheduler_service_account_name       = var.scheduler_service_account_name
+  create_sqs                           = var.create_sqs
+  queue_arns                           = module.spacelift.sqs_queue_arns
 }
 
 module "kube_outputs" {
@@ -113,8 +116,10 @@ module "kube_outputs" {
   ecr_backend_repository_url           = module.spacelift.ecr_backend_repository_url
   server_service_account_name          = var.server_service_account_name
   drain_service_account_name           = var.drain_service_account_name
-  scheduler_service_account_name       = var.drain_service_account_name
+  scheduler_service_account_name       = var.scheduler_service_account_name
   server_role_arn                      = module.iam.server_role_arn
   drain_role_arn                       = module.iam.drain_role_arn
   scheduler_role_arn                   = module.iam.scheduler_role_arn
+  create_sqs                           = var.create_sqs
+  queue_urls                           = module.spacelift.sqs_queue_urls
 }

modules/iam/iam_submodule.tf

@@ -1,18 +1,18 @@
 module "iam_roles_and_policies" {
-  source = "github.com/spacelift-io/terraform-aws-iam-spacelift-selfhosted?ref=v1.1.0"
+  source = "github.com/spacelift-io/terraform-aws-iam-spacelift-selfhosted?ref=v1.3.1"
 
   write_as_files = false
   kubernetes_role_assumption_config = {
-    aws_account_id                 = var.aws_account_id
-    oidc_provider                  = var.oidc_provider
-    namespace                      = var.namespace
-    server_service_account_name    = var.server_service_account_name
-    drain_service_account_name     = var.drain_service_account_name
-    scheduler_service_account_name = var.scheduler_service_account_name
+    aws_account_id                   = var.aws_account_id
+    oidc_provider                    = var.oidc_provider
+    namespace                        = var.namespace
+    server_service_account_name      = var.server_service_account_name
+    drain_service_account_name       = var.drain_service_account_name
+    scheduler_service_account_name   = var.scheduler_service_account_name
+    vcs_gateway_service_account_name = "unsupported-today-but-required-for-future-compatibility"
   }
 
-  aws_partition  = var.aws_partition
-  aws_dns_suffix = var.aws_dns_suffix
+  aws_partition = var.aws_partition
 
   kms_encryption_key_arn = var.kms_encryption_key_arn
   kms_signing_key_arn    = var.kms_signing_key_arn
@@ -28,4 +28,15 @@ module "iam_roles_and_policies" {
   uploads_bucket_name                  = var.uploads_bucket_name
   user_uploaded_workspaces_bucket_name = var.user_uploaded_workspaces_bucket_name
   workspace_bucket_name                = var.workspace_bucket_name
+
+  sqs_queues = var.create_sqs ? {
+    deadletter      = local.deadletter_queue_arn
+    deadletter_fifo = local.deadletter_fifo_queue_arn
+    async_jobs      = local.async_jobs_queue_arn
+    async_jobs_fifo = local.async_jobs_fifo_queue_arn
+    events_inbox    = local.events_inbox_queue_arn
+    cronjobs        = local.cronjobs_queue_arn
+    webhooks        = local.webhooks_queue_arn
+    iot             = local.iot_queue_arn
+  } : null
 }

modules/iam/locals.tf

@@ -0,0 +1,10 @@
+locals {
+  async_jobs_queue_arn      = var.create_sqs ? var.queue_arns["async_jobs"] : ""
+  async_jobs_fifo_queue_arn = var.create_sqs ? var.queue_arns["async_jobs_fifo"] : ""
+  events_inbox_queue_arn    = var.create_sqs ? var.queue_arns["events_inbox"] : ""
+  cronjobs_queue_arn        = var.create_sqs ? var.queue_arns["cronjobs"] : ""
+  deadletter_queue_arn      = var.create_sqs ? var.queue_arns["deadletter"] : ""
+  deadletter_fifo_queue_arn = var.create_sqs ? var.queue_arns["deadletter_fifo"] : ""
+  webhooks_queue_arn        = var.create_sqs ? var.queue_arns["webhooks"] : ""
+  iot_queue_arn             = var.create_sqs ? var.queue_arns["iot"] : ""
+}

modules/iam/variables.tf

@@ -13,11 +13,6 @@ variable "aws_partition" {
   description = "The AWS partition the services are being run in."
 }
 
-variable "aws_dns_suffix" {
-  type        = string
-  description = "The AWS DNS suffix for the region."
-}
-
 variable "kms_key_arn" {
   type        = string
   description = "The ARN of the KMS key used for encrypting AWS resources (ECR, S3, etc.)."
@@ -107,3 +102,15 @@ variable "scheduler_service_account_name" {
   type        = string
   description = "The name of the Kubernetes service account used by the server."
 }
+
+variable "create_sqs" {
+  type        = bool
+  description = "Whether to create the SQS queues for Spacelift."
+  default     = false
+}
+
+variable "queue_arns" {
+  type        = map(string)
+  default     = null
+  description = "A map of SQS queue names to arns. Only required if create_sqs is false."
+}

modules/kube-outputs/kubernetes-secrets.tftpl

@@ -15,7 +15,7 @@ stringData:
   ENCRYPTION_TYPE: "${ENCRYPTION_TYPE}"
   ENCRYPTION_KMS_ENCRYPTION_KEY_ID: "${ENCRYPTION_KMS_ENCRYPTION_KEY_ID}"
   ENCRYPTION_KMS_SIGNING_KEY_ID: "${ENCRYPTION_KMS_SIGNING_KEY_ID}"
-  MESSAGE_QUEUE_TYPE: "postgres"
+  MESSAGE_QUEUE_TYPE: "${MESSAGE_QUEUE_TYPE}"
   OBJECT_STORAGE_TYPE: "aws"
   OBJECT_STORAGE_BUCKET_DELIVERIES: "${OBJECT_STORAGE_BUCKET_DELIVERIES}"
   OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES: "${OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES}"
@@ -34,6 +34,20 @@ stringData:
   LICENSE_TOKEN: "${LICENSE_TOKEN}"
   OBSERVABILITY_VENDOR: "Disabled"
   SPACELIFT_PUBLIC_API: "${SPACELIFT_PUBLIC_API}"
+  %{ if MESSAGE_QUEUE_TYPE == "sqs" ~}
+
+  # The above line must be blank for the templating to work correctly.
+  MESSAGE_QUEUE_SQS_ASYNC_URL: "${MESSAGE_QUEUE_SQS_ASYNC_URL}"
+  MESSAGE_QUEUE_SQS_ASYNC_FIFO_URL: "${MESSAGE_QUEUE_SQS_ASYNC_FIFO_URL}"
+  MESSAGE_QUEUE_SQS_CRONJOBS_URL: "${MESSAGE_QUEUE_SQS_CRONJOBS_URL}"
+  MESSAGE_QUEUE_SQS_DLQ_URL: "${MESSAGE_QUEUE_SQS_DLQ_URL}"
+  MESSAGE_QUEUE_SQS_DLQ_FIFO_URL: "${MESSAGE_QUEUE_SQS_DLQ_FIFO_URL}"
+  MESSAGE_QUEUE_SQS_EVENTS_INBOX_URL: "${MESSAGE_QUEUE_SQS_EVENTS_INBOX_URL}"
+  MESSAGE_QUEUE_SQS_IOT_URL: "${MESSAGE_QUEUE_SQS_IOT_URL}"
+  MESSAGE_QUEUE_SQS_WEBHOOKS_URL: "${MESSAGE_QUEUE_SQS_WEBHOOKS_URL}"
+  %{ endif ~}
+
+  # The above line must be blank for the templating to work correctly.
 ---
 apiVersion: v1
 kind: Secret

modules/kube-outputs/locals.tf

@@ -0,0 +1,10 @@
+locals {
+  async_jobs_queue_url      = var.create_sqs ? var.queue_urls["async_jobs"] : ""
+  async_jobs_fifo_queue_url = var.create_sqs ? var.queue_urls["async_jobs_fifo"] : ""
+  events_inbox_queue_url    = var.create_sqs ? var.queue_urls["events_inbox"] : ""
+  cronjobs_queue_url        = var.create_sqs ? var.queue_urls["cronjobs"] : ""
+  deadletter_queue_url      = var.create_sqs ? var.queue_urls["deadletter"] : ""
+  deadletter_fifo_queue_url = var.create_sqs ? var.queue_urls["deadletter_fifo"] : ""
+  webhooks_queue_url        = var.create_sqs ? var.queue_urls["webhooks"] : ""
+  iot_queue_url             = var.create_sqs ? var.queue_urls["iot"] : ""
+}

modules/kube-outputs/outputs.tf

@@ -40,6 +40,16 @@ output "kubernetes_secrets" {
     SPACELIFT_VERSION                              = var.spacelift_version != null ? var.spacelift_version : ""
     ADMIN_USERNAME                                 = var.admin_username != null ? var.admin_username : ""
     ADMIN_PASSWORD                                 = var.admin_password != null ? var.admin_password : ""
+
+    MESSAGE_QUEUE_TYPE                 = var.create_sqs ? "sqs" : "postgres"
+    MESSAGE_QUEUE_SQS_ASYNC_URL        = local.async_jobs_queue_url
+    MESSAGE_QUEUE_SQS_ASYNC_FIFO_URL   = local.async_jobs_fifo_queue_url
+    MESSAGE_QUEUE_SQS_CRONJOBS_URL     = local.cronjobs_queue_url
+    MESSAGE_QUEUE_SQS_DLQ_URL          = local.deadletter_queue_url
+    MESSAGE_QUEUE_SQS_DLQ_FIFO_URL     = local.deadletter_fifo_queue_url
+    MESSAGE_QUEUE_SQS_EVENTS_INBOX_URL = local.events_inbox_queue_url
+    MESSAGE_QUEUE_SQS_IOT_URL          = local.iot_queue_url
+    MESSAGE_QUEUE_SQS_WEBHOOKS_URL     = local.webhooks_queue_url
   })
 }
 

modules/kube-outputs/variables.tf

@@ -183,3 +183,15 @@ variable "scheduler_role_arn" {
   type        = string
   description = "The ARN of the IAM role to use for the scheduler service account."
 }
+
+variable "create_sqs" {
+  type        = bool
+  description = "Whether to create the SQS queues for Spacelift."
+  default     = false
+}
+
+variable "queue_urls" {
+  type        = map(string)
+  default     = null
+  description = "A map of SQS queue names to urls. Only required if create_sqs is false."
+}

outputs.tf

@@ -157,11 +157,6 @@ output "vpc_id" {
   description = "ID of the VPC. It will be null if create_vpc is false."
 }
 
-output "rds_global_cluster_id" {
-  description = "ID of the global Aurora cluster. Will be null if create_database is false."
-  value       = var.create_database ? module.spacelift.rds_global_cluster_id : null
-}
-
 output "rds_cluster_endpoint" {
   description = "Endpoint of the RDS cluster. Will be null if create_database is false."
   value       = var.create_database ? module.spacelift.rds_cluster_endpoint : null

variables.tf

@@ -9,6 +9,12 @@ variable "kms_arn" {
   default     = null
 }
 
+variable "create_sqs" {
+  type        = bool
+  description = "Whether to create the SQS queues for Spacelift."
+  default     = false
+}
+
 variable "create_vpc" {
   type        = bool
   description = "Whether to create a VPC for the Spacelift resources. Default is true. Note: if this is false, and create_database is true, you must provide rds_subnet_ids and rds_security_group_ids."