📊 Git Activity Report

Author: John Octubre (GitHub: johnoct-au) Period: 2025-01-06 to 2025-06-16 Generated: 2025-06-16 16:35:42

📁 platform-infra

✅ Merged Pull Requests

• jo/TMCCLDENG 2639 create vpc endpoint for sts in all envrionments (#5532)
  • Merged: 2025-06-16
  Description

  Changes - bootstrap(environment): enable sts endpoint in au-consolidated-dev-usw2 - WIP: add enable sts endpoint variable Why [TMCCLDENG-2639](https://ford.atlassian.net/browse/TMCCLDENG-2639) [TMCCLDENG-2639]: https://ford.atlassian.net/browse/TMCCLDENG-2639?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (5)

  - 2bbf668 WIP: add enable sts endpoint variable - 8c55b17 bootstrap(environment): enable sts endpoint in au-consolidated-dev-usw2 - c064b13 Merge branch 'main' into jo/TMCCLDENG-2639-create-vpc-endpoint-for-st… - db34e68 fix: point to fixed dns prefix to work with china - b39f210 Merge branch 'main' into jo/TMCCLDENG-2639-create-vpc-endpoint-for-st…
  Files changed (3)

  - bootstrap/environment/terraform/variables.tf: +6/-0 - bootstrap/environment/terraform/locals.tf: +3/-0 - bootstrap/environment/terraform/workspaces/au-consolidated-dev-usw2.tfvars.json: +1/-0
• bootstrap(environment): enable route53 for peering with data-lake-prod and tmc-prod-usw2 (#5469)
  • Merged: 2025-06-11
  Description

  Changes - bootstrap(environment): enable route53 for peering with data-lake-prod and tmc-prod-usw2 Why
  Commits (1)

  - 904205e bootstrap(environment): enable route53 for peering with data-lake-pro…
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-prod-data-lake-usw2.tfvars.json: +2/-0
• k8s(atlantis): remove atlantis planner cpu limit (#5442)
  • Merged: 2025-06-10
  Description

  Changes - k8s(atlantis): remove atlantis planner cpu limit Why - its getting throttled
  Commits (1)

  - 6b2321d k8s(atlantis): remove atlantis planner cpu limit
  Files changed (1)

  - k8s/atlantis/terraform/main.tf: +0/-1
• namespaces: add kafka pest cidrs to kafka cider range netpols (#5435)
  • Merged: 2025-06-10
  Description

  Changes - namespaces: add kafka pest cidrs to kafka cider range netpols Why [TMCCLDENG-2474](https://ford.atlassian.net/browse/TMCCLDENG-2474) [TMCCLDENG-2474]: https://ford.atlassian.net/browse/TMCCLDENG-2474?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - b386892 namespaces: add kafka pest cidrs to kafka cider range netpols
  Files changed (1)

  - k8s/namespaces/terraform/modules/namespace/locals-networkpolicies.tf: +5/-0
• bootstrap(environments): peer cicd-03-e1 and au-consolidated-prod-usw2 for messaging (#5372)
  • Merged: 2025-06-05
  Description

  Changes - bootstrap(environments): peer cicd-03-e1 and au-consolidated-prod-usw2 for messaging Why [TMCCLDENG-2473](https://ford.atlassian.net/browse/TMCCLDENG-2473) [TMCCLDENG-2473]: https://ford.atlassian.net/browse/TMCCLDENG-2473?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 553563f bootstrap(environments): peer cicd-03-e1 and au-consolidated-prod-usw…
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-consolidated-prod-usw2.tfvars.json: +2/-1
• bootstrap(environments): peer cicd-03-e1 with au-consolidated-pest-use1 (#5362)
  • Merged: 2025-06-05
  Description

  Changes - bootstrap(environments): peer cicd-03-e1 with au-consolidated-pest-use1 Plan

  Details

  ```hcl Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # aws_memorydb_subnet_group.memorydb[0] has changed ~ resource "aws_memorydb_subnet_group" "memorydb" { id = "memorydb-prod-subnet-group" name = "memorydb-prod-subnet-group" + tags = {} # (5 unchanged attributes hidden) } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ─────�... </details>

  Commits (2)

  - 332bf10 bootstrap(environments): peer cicd-03-e1 with au-consolidated-pest-use1 - f5fc18d Merge branch 'main' into TMCCLDENG-2473-msk-peer-cicd-03-e-1-with-pes…

  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-consolidated-pest-use1.tfvars.json: +3/-2

• jo/refactor iam roles team based (#5311)
  • Merged: 2025-06-03
  Description

  Changes - iam-roles: update docs to specify team workspace creation - iam-roles: migrate cicd-03-w2 to cicd-03-w2-dnd for initial team split - iam-roles: add cluster_name to each of the workspaces to prepare for team split - iam-roles: create cluster_name var to help with workspace env-team workspace split - iam-roles: set sre as the only provisioning role for iam role component Why - we decided that this should be split into team based workspaces to help with role management
  Commits (5)

  - 771b739 iam-roles: set sre as the only provisioning role for iam role component - f59768e iam-roles: create cluster_name var to help with workspace env-team wo… - 2d69464 iam-roles: add cluster_name to each of the workspaces to prepare for … - 7c95154 iam-roles: migrate cicd-03-w2 to cicd-03-w2-dnd for initial team split - 1132c07 iam-roles: update docs to specify team workspace creation
  Files changed (9)

  - iam/iam-roles/terraform/variables.tf: +6/-2 - iam/iam-roles/terraform/main.tf: +3/-3 - iam/iam-roles/terraform/workspaces/cicd-03-w2-dnd.tfvars.json: +3/-2 - iam/iam-roles/terraform/README.md: +2/-2 - iam/iam-roles/terraform/workspaces/au-tmc-staging-usw2.tfvars.json: +1/-0
• iam(iam-roles): import tekton-logs-sa role from aws-resources (#5281)
  • Merged: 2025-06-02
  Description

  Changes - iam(iam-roles): import tekton-logs-sa role from aws-resources Why - start-importing-resources Import Statements ```hcl autonomic-ai: ➜ terraform git:(jo/import-tekton-logs-iam) ✗ bt terraform --ws=cicd-03-w2 import 'module.iam-roles["tekton_logs_role"].aws_iam_role.role[0]' tekton-logs-operator-cicd.role 2025/06/02 17:14:13 cfg: terraform backend_config files: [~/admin.config.json], var files: [~/backend.config.json], workspaces enabled: true, ws dir: 'workspaces', pre_apply_checks: [tf-summarize] 2025/06/02 17:14:13 cfg: terraform backend_config files: [~/admin.config.json], var files: [~/backend.config.json], workspaces enabled: true, ws dir: 'workspaces', pre_apply_checks: [tf-summarize] 2025/06/02 17:14:13 ws: cicd-03-w2, glob: workspaces/cicd-03-w2.tfvars* 2025/06/02 17:14:13 file: workspaces/cicd-03-w2.tfvars.json 2025/06/02 17:14:13 export...
  Commits (3)

  - 81b1f28 iam(iam-roles): import tekton-logs-sa role from aws-resources - 5ccf837 iam(iam-roles): add assume role policy for tekton-logs service account - 6e57b48 fix: add trufflehawk pattern for irsa
  Files changed (4)

  - iam/iam-roles/terraform/custom_policies/assume_role_statements/tekton/tekton-logs-sa-assume-role: +28/-0 - iam/iam-roles/terraform/workspaces/cicd-03-w2.tfvars.json: +17/-0 - .trufflepatterns: +1/-0 - .trufflehawk: +1/-0
• bootstrap(provisioning-roles): add au-tmc-sandbox and au-tmc-staging messaging roles (#5250)
  • Merged: 2025-05-30
  Description

  Changes - bootstrap(provisioning-roles): add au-tmc-sandbox and au-tmc-staging messaging roles Why - these roles are required for messaging team to plan the various messaging components locally - these roles are read only
  Commits (1)

  - 03a20fa bootstrap(provisioning-roles): add au-tmc-sandbox and au-tmc-staging …
  Files changed (2)

  - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-staging-messaging.tfvars.json: +11/-0 - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-sandbox-messaging.tfvars.json: +11/-0
• atlantis: unsilence pr comments for automation sre instance (#5188)
  • Merged: 2025-05-28
  Description

  Changes - atlantis: unsilence pr comments for automation sre instance Why - its been difficult to see if a pr has been locked by another pr from the current pr view - this should help with the locking comments 
  Commits (1)

  - 0ccf036 atlantis: unsilence pr comments for automation sre instance
  Files changed (1)

  - generate_projects.sh: +0/-1
• iam-roles: fix and normalize roles variable input for flexibility and validation (#5170)
  • Merged: 2025-05-27
  Description

  Changes - iam-roles: fix and normalize roles variable input for flexibility and validation - iam(iam-roles): add example with multi role workspace Why - when adding multiple roles in the roles map, terraform is super strict and requires the values and keys to be in the same format (same number of custom policies for example) - this doesn't work for this workflow because each role can have different values (a diff number of custom policies) - this solution allows for some flexibilty and still allows us to check the inputs through the input normalization
  Commits (5)

  - 5973fd7 iam-roles: fix and normalize roles variable input for flexibility and… - e056e7b iam(iam-roles): add example with multi role workspace - 128c11b iam(iam-roles): add irsa-oidc-assume-role template - 185fb6c iam(iam-roles): add policy to prevent duplicate roles + tests - 883e837 iam(iam-roles): fix duplicate role name
  Files changed (6)

  - iam/iam-roles/terraform/main.tf: +60/-27 - iam/iam-roles/terraform/policy/default_test.rego: +56/-0 - iam/iam-roles/terraform/workspaces/au-consolidated-dev-usw2.tfvars.json: +48/-0 - iam/iam-roles/terraform/variables.tf: +14/-27 - iam/iam-roles/terraform/policy/default.rego: +24/-5
• Update au-tmc-dev-usw2-iam-thanos.tfvars.json (#5169)
  • Merged: 2025-05-26
  Description

  - empty space change to let atlantis plan/apply
  Commits (1)

  - efbf824 Update au-tmc-dev-usw2-iam-thanos.tfvars.json
  Files changed (1)

  - messaging/msk-iam/terraform/workspaces/au-tmc-dev-usw2-iam-thanos.tfvars.json: +0/-1
• fix: remove duplicate Environment tag (#5162)
  • Merged: 2025-05-23
  Description

  Changes - fix: remove duplicate Environment tag Why - `environment` is already a default tag that we provide and it is lowercase but tags are case insensitive
  Commits (1)

  - 6166846 fix: remove duplicate Environment tag
  Files changed (1)

  - iam/iam-roles/terraform/modules/terraform-aws-iam-role/main.tf: +0/-1
• jo/readme updates iam collection (#5142)
  • Merged: 2025-05-22
  Description

  Changes - fix: trufflehawk - fix: remove example - iam(iam-roles): docs - add read me updates - fix: set to any since statements action key can also be a list Why - give guidance to teams on how to use iam role component
  Commits (6)

  - e94cb55 fix: set to any since statements action key can also be a list - 228c6ce iam(iam-roles): docs - add read me updates - 746aa47 fix: remove example - a2f60f0 fix: trufflehawk - 125c41c fix: remove bucket action - bff7f5d fix: nit comments
  Files changed (3)

  - iam/iam-roles/terraform/README.md: +184/-37 - .trufflehawk: +1/-3 - iam/iam-roles/terraform/variables.tf: +1/-1
• fix: lowercase kafka permissions (#5121)
  • Merged: 2025-05-21
  Description

  Changes - fix: lowercase kafka permissions Why - correct casing is lowercase for kafka permissions Tests ``` autonomic-ai: ➜ terraform git:(jo/fix-kafka-policy) ✗ conftest verify -p ../../../shared-policies -p policy --report full policy/default_test.rego: data.main.test_non_kafka_cluster_iam_statement: PASS (751.625µs) data.main.test_only_kafka_cluster_iam_statement: PASS (458.542µs) data.main.test_non_kafka_cluster_iam_inline_policy: PASS (2.261417ms) data.main.test_only_kafka_cluster_iam_inline_policy: PASS (1.274ms) data.main.test_only_kafka_prefix_statement: PASS (622.791µs) data.main.test_only_kafka_prefix_inline_policy: PASS (728.458µs) data.main.test_mixed_permissions_statement: PASS (1.841ms) data.main.test_mixed_permissions_inline_policy: PASS (667.75µs) --------------------------------------------...
  Commits (1)

  - 21f1d61 fix: lowercase kafka permissions
  Files changed (2)

  - messaging/msk-iam/terraform/policy/default_test.rego: +12/-12 - messaging/msk-iam/terraform/policy/default.rego: +4/-4
• feat: allow Kafka and kafka-cluster policy operations + tests + fmting (#5110)
  • Merged: 2025-05-20
  Description

  Changes - feat: allow Kafka and kafka-cluster policy operations + tests + fmting Why - team is requesting to allow Kafka operations as well Tests ```hcl ➜ terraform git:(jo/allow-kafka-policy-msk) ✗ conftest verify -p ../../../shared-policies -p policy --report full policy/default_test.rego: data.main.test_non_kafka_cluster_iam_statement: PASS (2.240042ms) data.main.test_only_kafka_cluster_iam_statement: PASS (458.875µs) data.main.test_non_kafka_cluster_iam_inline_policy: PASS (1.192709ms) data.main.test_only_kafka_cluster_iam_inline_policy: PASS (2.458458ms) data.main.test_only_kafka_prefix_statement: PASS (549.083µs) data.main.test_only_kafka_prefix_inline_policy: PASS (533.958µs) data.main.test_mixed_permissions_statement: PASS (723.833µs) data.main.test_mixed_permissions_inline_policy: PASS (2.02725ms) --...
  Commits (1)

  - 2a8c009 feat: allow Kafka and kafka-cluster policy operations + tests + fmting
  Files changed (2)

  - messaging/msk-iam/terraform/policy/default_test.rego: +156/-90 - messaging/msk-iam/terraform/policy/default.rego: +25/-22
• jo dg/TMCCLDENG 2380 iam collection (#5014)
  • Merged: 2025-05-22
  Description

  Changes - fix: add au-tmc-dev-usw2 oidc - iam(iam-roles): WIP propsal on iam-role component Why [TMCCLDENG-2380](https://ford.atlassian.net/browse/TMCCLDENG-2380) [TMCCLDENG-2380]: https://ford.atlassian.net/browse/TMCCLDENG-2380?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (8)

  - 262f30a iam(iam-roles): WIP propsal on iam-role component - ac6f89e fix: add au-tmc-dev-usw2 oidc - aee6dd0 feat: add assume role policies and update IAM role configurations - 9da8c37 fix: remove au-tmc-dev-usw2 - 1e43483 feat: add iam to automation atlantis - 6dfa0c7 Merge branch 'main' into jo-dg/TMCCLDENG-2380-iam-collection - 272f34c feat: add module dir - c960efe Merge branch 'main' into jo-dg/TMCCLDENG-2380-iam-collection
  Files changed (18)

  - iam/iam-roles/terraform/main.tf: +175/-0 - iam/iam-roles/terraform/modules/terraform-aws-iam-role/variables.tf: +122/-0 - iam/iam-roles/terraform/modules/terraform-aws-iam-role/README.md: +77/-0 - iam/iam-roles/terraform/modules/terraform-aws-iam-role/main.tf: +76/-0 - iam/iam-roles/terraform/variables.tf: +65/-0
• messaging(msk-replicator): update iam rego policy to only allow kafka related operations (#4968)
  • Merged: 2025-05-08
  Description

  Changes - messaging(msk-replicator): update iam rego policy to only allow kafka related operations Why [TMCCLDENG-2470](https://ford.atlassian.net/browse/TMCCLDENG-2470) Test msk-replicator ```sh ➜ terraform git:(TMCCLDENG-2470-update-policy-iam-messaging-components) ✗ conftest verify -p ../../../shared-policies -p policy --report full policy/default_test.rego: data.main.test_non_kafka_cluster_iam_statement: PASS (790.708µs) data.main.test_only_kafka_cluster_iam_statement: PASS (1.641666ms) data.main.test_non_kafka_cluster_iam_inline_policy: PASS (690.125µs) data.main.test_only_kafka_cluster_iam_inline_policy: PASS (577.959µs) -------------------------------------------------------------------------------- PASS: 4/4 ``` [TMCCLDENG-2470]: https://ford.atlassian.net/browse/TMCCLDENG-2470?atlO...
  Commits (1)

  - 3231d5f messaging(msk-replicator): update iam rego policy to only allow kafka…
  Files changed (2)

  - messaging/msk-replicator/terraform/policy/default_test.rego: +124/-0 - messaging/msk-replicator/terraform/policy/default.rego: +24/-4
• messaging(msk-iam): add policy validation for non-Kafka IAM role changes and corresponding test cases (#4951)
  • Merged: 2025-05-08
  Description

  Changes - messaging(msk-iam): add policy validation for non-Kafka IAM role changes and corresponding test cases Why [TMCCLDENG-2470](https://ford.atlassian.net/browse/TMCCLDENG-2470) Tests ```sh ➜ terraform git:(TMCCLDENG-2470-update-policy-iam-messaging) ✗ conftest verify -p ../../../shared-policies -p policy --report full policy/default_test.rego: data.main.test_non_kafka_cluster_iam_statement: PASS (1.011167ms) data.main.test_only_kafka_cluster_iam_statement: PASS (647.5µs) data.main.test_non_kafka_cluster_iam_inline_policy: PASS (1.4585ms) data.main.test_only_kafka_cluster_iam_inline_policy: PASS (2.547334ms) -------------------------------------------------------------------------------- PASS: 4/4 ``` [TMCCLDENG-2470]: https://ford.atlassian.net/browse/TMCCLDENG-2470?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3M...
  Commits (3)

  - 77f2c2e messaging(msk-iam): add policy validation for non-Kafka IAM role chan… - 30d8711 messaging(msk-iam): update IAM role policy validation to disallow non… - e6071c7 fix: remove additional policy in msk topics
  Files changed (2)

  - messaging/msk-iam/terraform/policy/default_test.rego: +125/-0 - messaging/msk-iam/terraform/policy/default.rego: +26/-4
• bootstrap(environment): add a route to legacy environment for msk subnets (#4948)
  • Merged: 2025-05-07
  Description

  Changes - bootstrap(environment): add a route to legacy environment for msk subnets Why [TMCCLDENG-2469](https://ford.atlassian.net/browse/TMCCLDENG-2469) [TMCCLDENG-2469]: https://ford.atlassian.net/browse/TMCCLDENG-2469?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 2fd8385 bootstrap(environment): add a route to legacy environment for msk sub…
  Files changed (1)

  - bootstrap/environment/terraform/main.tf: +5/-0
• bootstrap(environment): add route table and association for MSK subnets (#4921)
  • Merged: 2025-05-05
  Description

  Changes - bootstrap(environment): add route table and association for MSK subnets Why [TMCCLDENG-2437](https://ford.atlassian.net/browse/TMCCLDENG-2437) [TMCCLDENG-2437]: https://ford.atlassian.net/browse/TMCCLDENG-2437?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - a672038 bootstrap(environment): add route table and association for MSK subnets - 19a2406 fix(terraform): update vpc peering connection and route table associa…
  Files changed (1)

  - bootstrap/environment/terraform/main.tf: +27/-0
• chore: allow sre engineers to approve messaging collection (#4917)
  • Merged: 2025-05-05
  Description

  - allow sre engineers to approve messaging collection
  Commits (1)

  - 97e3b00 chore: allow sre engineers to approve messaging collection
  Files changed (1)

  - CODEOWNERS: +1/-1
• TMCCLDENG 2425 update atlantis sre provisioning roles (#4904)
  • Merged: 2025-05-02
  Description

  Changes - bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-tmc-prod-sre - bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-tmc-sandbox-sre - bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-tmc-staging-sre Why [TMCCLDENG-2425](https://ford.atlassian.net/browse/TMCCLDENG-2425) [TMCCLDENG-2425]: https://ford.atlassian.net/browse/TMCCLDENG-2425?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (3)

  - b1de946 bootstrap(provisioning-roles): allow atlantis to assume sre provision… - b480c2a bootstrap(provisioning-roles): allow atlantis to assume sre provision… - f728fa3 bootstrap(provisioning-roles): allow atlantis to assume sre provision…
  Files changed (3)

  - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-staging-sre.tfvars.json: +3/-0 - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-sandbox-sre.tfvars.json: +3/-0 - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-prod-sre.tfvars.json: +3/-0
• bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-messaging-experiment-2-sre (#4900)
  • Merged: 2025-05-02
  Description

  Changes - bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-messaging-experiment-2-sre Why [TMCCLDENG-2425](https://ford.atlassian.net/browse/TMCCLDENG-2425) [TMCCLDENG-2425]: https://ford.atlassian.net/browse/TMCCLDENG-2425?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - c6886e9 bootstrap(provisioning-roles): allow atlantis to assume sre provision…
  Files changed (1)

  - bootstrap/provisioning-roles/terraform/workspaces/au-messaging-experiment-2-sre.tfvars.json: +3/-0
• bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-tmc-dev (#4899)
  • Merged: 2025-05-02
  Description

  Changes - bootstrap(provisioning-roles): allow atlantis to assume sre provisioning role au-tmc-dev Why [TMCCLDENG-2425](https://ford.atlassian.net/browse/TMCCLDENG-2425) [TMCCLDENG-2425]: https://ford.atlassian.net/browse/TMCCLDENG-2425?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - fc4cf1e bootstrap(provisioning-roles): allow atlantis to assume sre provision… - 33abf69 Merge branch 'main' into TMCCLDENG-2425-update-atlantis-sre-provision…
  Files changed (1)

  - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-dev-sre.tfvars.json: +3/-0
• TMCCLDENG 2414 create new subnets in prod (#4897)
  • Merged: 2025-05-02
  Description

  Changes - bootstrap(environment): create msk subnets au-tmc-prod-usw2 - bootstrap(environment): sort au-tmc-prod-usw2 workspace alpha num Why [TMCCLDENG-2414](https://ford.atlassian.net/browse/TMCCLDENG-2414) [TMCCLDENG-2414]: https://ford.atlassian.net/browse/TMCCLDENG-2414?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - 6a7d624 bootstrap(environment): sort au-tmc-prod-usw2 workspace alpha num - f41a77e bootstrap(environment): create msk subnets au-tmc-prod-usw2
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-tmc-prod-usw2.tfvars.json: +11/-10
• TMCCLDENG 2413 create new subnets in sb 1 (#4892)
  • Merged: 2025-05-01
  Description

  Changes - bootstrap(environment): create msk subnets au-tmc-sb1 - bootstrap(environment): sort au-tmc-sb1 workspace alpha num Why [TMCCLDENG-2413](https://ford.atlassian.net/browse/TMCCLDENG-2413) [TMCCLDENG-2413]: https://ford.atlassian.net/browse/TMCCLDENG-2413?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - ab1b60a bootstrap(environment): sort au-tmc-sb1 workspace alpha num - c5260ba bootstrap(environment): create msk subnets au-tmc-sb1
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-tmc-sb1-usw2.tfvars.json: +11/-10
• TMCCLDENG 2412 create new subnets in staging (#4883)
  • Merged: 2025-05-01
  Description

  Changes - bootstrap(environment): create msk subnets staging - bootstrap(environment): sort keys by alpha Why [TMCCLDENG-2412](https://ford.atlassian.net/browse/TMCCLDENG-2412) [TMCCLDENG-2412]: https://ford.atlassian.net/browse/TMCCLDENG-2412?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (3)

  - 10a989f bootstrap(environment): sort keys by alpha - eb33c54 bootstrap(environment): create msk subnets staging - 1ae1403 Merge branch 'main' into TMCCLDENG-2412-create-new-subnets-in-staging
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-tmc-staging-usw2.tfvars.json: +11/-10
• jo/fix msk topic provisioning roles (#4862)
  • Merged: 2025-04-30
  Description

  Changes - messaging(msk-topics): adjust spacing for consistency in locals and variables files - messaging(msk-topics): use messaging provisioning role when running locally and sre on machine Why
  Commits (3)

  - b7ceabe messaging(msk-topics): use messaging provisioning role when running l… - 1c21e49 messaging(msk-topics): adjust spacing for consistency in locals and v… - ee55142 Merge branch 'main' into jo/fix-msk-topic-provisioning-roles
  Files changed (3)

  - messaging/msk-topics/terraform/variables.tf: +3/-3 - messaging/msk-topics/terraform/provider.tf: +1/-1 - messaging/msk-topics/terraform/locals.tf: +1/-1
• bootstrap(provisioning-role): allow assume role atlantis au-tmc-dev-messaging (#4855)
  • Merged: 2025-04-30
  Description

  Changes - bootstrap(provisioning-role): allow assume role atlantis au-tmc-dev-messaging Why - this will allow the atlantis agent role to assume the provisioning role for messaging which gets used for the kafka provider to create topics
  Commits (1)

  - 552a2ef bootstrap(provisioning-role): allow assume role atlantis au-tmc-dev-m…
  Files changed (1)

  - bootstrap/provisioning-roles/terraform/workspaces/au-tmc-dev-messaging.tfvars.json: +5/-2
• Revert “test: use sasl_aws_role_arn without externalid” (#4849)
  • Merged: 2025-04-29
  Description

  Reverts autonomic-ai/platform-infra#4848
  Commits (1)

  - 482de02 Revert "test: use sasl_aws_role_arn without externalid"
  Files changed (2)

  - messaging/msk-topics/terraform/workspaces/au-messaging-experiment-2-usw2-feed.tfvars.json: +0/-7 - messaging/msk-topics/terraform/main.tf: +1/-1
• test: use sasl_aws_role_arn without externalid (#4848)
  • Merged: 2025-04-29
  Description

  Changes - test: use sasl_aws_role_arn without externalid Why
  Commits (1)

  - 2d35ece test: use sasl_aws_role_arn without externalid
  Files changed (2)

  - messaging/msk-topics/terraform/workspaces/au-messaging-experiment-2-usw2-feed.tfvars.json: +7/-0 - messaging/msk-topics/terraform/main.tf: +1/-1
• jo dg/update provisioning role statement (#4838)
  • Merged: 2025-04-29
  Description

  Changes - bootstrap(provisioning-roles): allow atlantis-agent-automation role to assume provisioning role + alphanum sort tfvars - bootstrap(provisioning-roles): add additional_trusted_roles to that can assume provisioning roles Why - we want to allow certain systems like atlantis to assume a provisioning role without requiring an externalID
  Commits (10)

  - 314f4b1 bootstrap(provisioning-roles): add additional_trusted_roles to that c… - 04b594a bootstrap(provisioning-roles): allow atlantis-agent-automation role t… - c977246 bootstrap(provisioning-roles): simplify provisioning role assume stat… - d504ffb bootstrap(provisioning-roles): remove redundant comment in assume rol… - a46e57d bootstrap(provisioning-roles): refactor provisioning role assume stat… - daaf55d bootstrap(provisioning-roles): update AWS principal format for identi… - c079817 bootstrap(provisioning-roles): sort the machine_accounts to remove drift - f7ea6ac bootstrap(provisioning-roles): update partition to be dynamic for ass… - 9bccace bootstrap(provisioning-roles): update AWS principal format to use dyn… - a475288 bootstrap(provisioning-roles): remove nonsensitive for externalid pw
  Files changed (4)

  - bootstrap/provisioning-roles/terraform/main.tf: +23/-11 - bootstrap/provisioning-roles/terraform/workspaces/au-messaging-experiment-2-messaging.tfvars.json: +5/-2 - bootstrap/provisioning-roles/terraform/variables.tf: +6/-0 - bootstrap/environment/terraform/main.tf: +1/-1
• messaging(msk-cluster): refactor subnet handling for msk cluster (#4835)
  • Merged: 2025-04-29
  Description

  Changes - messaging(msk-cluster): refactor subnet handling for msk cluster Why - we should use private subnets for the experiment account and use msk subnets for other environments
  Commits (2)

  - 89cc83f messaging(msk-cluster): refactor subnet handling for msk cluster - 5ee33dc messaging(msk-cluster): correct typo in msk_subnet_list variable name
  Files changed (2)

  - messaging/msk-cluster/terraform/locals.tf: +5/-0 - messaging/msk-cluster/terraform/main.tf: +1/-1
• bootstrap(environment): update default msk_subnet_additional_bits to 5 (#4834)
  • Merged: 2025-04-29
  Description

  Changes - bootstrap(environment): update default msk_subnet_additional_bits to 5 Why - they need more ips per az
  Commits (1)

  - f4ea942 bootstrap(environment): update default msk_subnet_additional_bits to 5
  Files changed (1)

  - bootstrap/environment/terraform/variables.tf: +1/-1
• jo dg/add subnets msk TMCCLDENG 2382 (#4829)
  • Merged: 2025-04-29
  Description

  Changes - bootstrap(environments): add a flag to create the msk aws subnets - bootstrap(environments): remove unused msk var - bootstrap(environments): add ability to create msk subnets Why [TMCCLDENG-2382](https://ford.atlassian.net/browse/TMCCLDENG-2382) [TMCCLDENG-2382]: https://ford.atlassian.net/browse/TMCCLDENG-2382?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (3)

  - 2b5a130 bootstrap(environments): add ability to create msk subnets - 2c361f2 bootstrap(environments): remove unused msk var - dea3172 bootstrap(environments): add a flag to create the msk aws subnets
  Files changed (5)

  - bootstrap/environment/terraform/main.tf: +16/-0 - bootstrap/environment/terraform/variables.tf: +12/-0 - bootstrap/environment/terraform/workspaces/au-tmc-dev-usw2.tfvars.json: +2/-1 - bootstrap/environment/terraform/workspaces/au-tmc-dev-use1.tfvars.json: +2/-1 - bootstrap/environment/terraform/locals.tf: +2/-0
• vpc-peering: enable private route53 for messaging account (#4817)
  • Merged: 2025-04-25
  Description

  Changes - vpc-peering: enable private route53 for messaging account Why - needed for vpc-peering to automation account
  Commits (1)

  - 29d6162 vpc-peering: enable private route53 for messaging account
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-messaging-experiment-2-usw2.tfvars.json: +1/-0
• vpc-peering: peer automation with messaging experiment account for atlantis ops (#4815)
  • Merged: 2025-04-25
  Description

  Changes - vpc-peering: peer automation with messaging experiment account for atlantis ops Why - atlantis automation cannot create kafka topics with the terraform provider because the vpc's aren't peerd - https://github.com/autonomic-ai/platform-infra/pull/4803
  Commits (1)

  - dd3a329 vpc-peering: peer automation with messaging experiment account for at…
  Files changed (1)

  - bootstrap/environment/terraform/workspaces/au-messaging-experiment-2-usw2.tfvars.json: +1/-1
• jo/TMCCLDENG 2364 enable workflow archiving settings (#4802)
  • Merged: 2025-04-24
  Description

  Changes - workflows: enable archiving - workflows: update archive params Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - 98883c0 workflows: update archive params - a4f5150 workflows: enable archiving
  Files changed (2)

  - argo/workflows/terraform/main.tf: +2/-0 - argo/workflows/terraform/workspaces/cicd-03-w2.tfvars.json: +1/-0
• rds: provison rds argo-workflows database (#4801)
  • Merged: 2025-04-24
  Description

  Changes - rds: provison rds argo-workflows database Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 66faa17 rds: provison rds argo-workflows database
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive.tfvars.json: +3/-1
• rds: add db to provisioning map to provision (#4799)
  • Merged: 2025-04-23
  Description

  Changes - rds: add db to provisioning map to provision Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 670d7c1 rds: add db to provisioning map to provision
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive-rc.tfvars.json: +3/-1
• fix: add sg for cicd to access argo workflows tools rc rds (#4798)
  • Merged: 2025-04-23
  Description

  Changes - fix: add sg for cicd to access argo workflows tools rc rds Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 8cc3a23 fix: add sg for cicd to access argo workflows tools rc rds
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive-rc.tfvars.json: +9/-0
• jo/TMCCLDENG 2364 enable ssl rds argo workflows (#4797)
  • Merged: 2025-04-23
  Description

  Changes - fix: point to rc rds - fix: enable ssl and parameterize secret path Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (4)

  - 361948c fix: enable ssl and parameterize secret path - 5287d56 fix: point to rc rds - 02a3591 fix: fmt + require secret path + add params cicd-03-w2 - 13d45d3 fix: default to null for postgresql_secret_name
  Files changed (4)

  - argo/workflows/terraform/main.tf: +7/-4 - argo/workflows/terraform/variables.tf: +6/-0 - argo/workflows/terraform/workspaces/cicd-03-w2.tfvars.json: +3/-1 - argo/workflows/terraform/workspaces/cicd-03-e1.tfvars.json: +2/-1
• fix: add sg peering for cicd clusters (#4793)
  • Merged: 2025-04-23
  Description

  Changes - fix: add sg peering for cicd clusters Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 0d2084f fix: add sg peering for cicd clusters
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive.tfvars.json: +9/-0
• chore: add replica regions for secret (#4791)
  • Merged: 2025-04-23
  Description

  Changes - chore: add replica regions for secret Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 55b069e chore: add replica regions for secret
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive-rc.tfvars.json: +3/-0
• chore: add replica regions for secret (#4790)
  • Merged: 2025-04-23
  Description

  Changes - chore: add replica regions for secret Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 2dd4da5 chore: add replica regions for secret
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive.tfvars.json: +3/-0
• fix: add mandatory param tableName (#4789)
  • Merged: 2025-04-23
  Description

  Changes - fix: add mandatory param tableName Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 7d9c428 fix: add mandatory param tableName
  Files changed (1)

  - argo/workflows/terraform/main.tf: +1/-0
• feat: add argo-workflows archive rc configuration for PostgreSQL (#4788)
  • Merged: 2025-04-23
  Description

  Changes - feat: add argo-workflows archive rc configuration for PostgreSQL Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 6247838 feat: add argo-workflows archive rc configuration for PostgreSQL
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive-rc.tfvars.json: +63/-0
• feat: add PostgreSQL configuration and workflow archiving support (#4787)
  • Merged: 2025-04-23
  Description

  Changes - feat: add PostgreSQL configuration and workflow archiving support Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - 8ee8dab feat: add PostgreSQL configuration and workflow archiving support - f3ebd80 fix: update provider hashes in .terraform.lock.hcl
  Files changed (4)

  - argo/workflows/terraform/variables.tf: +24/-0 - argo/workflows/terraform/main.tf: +17/-0 - argo/workflows/terraform/.terraform.lock.hcl: +5/-0 - argo/workflows/terraform/workspaces/cicd-03-e1.tfvars.json: +3/-1
• fix: use correct key path for secret manager (#4774)
  • Merged: 2025-04-23
  Description

  Changes - fix: use correct key path for secret manager Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 50d9d3a fix: use correct key path for secret manager
  Files changed (1)

  - argo/workflows/terraform/main.tf: +1/-1
• feat: add external secret for Argo Workflows RDS archive (#4772)
  • Merged: 2025-04-22
  Description

  Changes - feat: add external secret for Argo Workflows RDS archive Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 9f555fe feat: add external secret for Argo Workflows RDS archive
  Files changed (1)

  - argo/workflows/terraform/main.tf: +35/-0
• feat: add argo-workflows-tools-secret-store configuration to cicd workspaces (#4767)
  • Merged: 2025-04-22
  Description

  Changes - feat: add argo-workflows-tools-secret-store configuration to cicd workspaces Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - 9ab7277 feat: add argo-workflows-tools-secret-store configuration to cicd wor… - 8fe0c22 fix: update argo-workflows-tools-secret-store IAM role ARN in cicd wo…
  Files changed (2)

  - data-stores/external-secrets-secret-store/terraform/workspaces/cicd-03-w2.tfvars.json: +5/-0 - data-stores/external-secrets-secret-store/terraform/workspaces/cicd-03-e1.tfvars.json: +5/-0
• TMCCLDENG 2364 create iam secret store argo workflows (#4766)
  • Merged: 2025-04-22
  Description

  Changes - feat: create argo-workflows iam role for tools in cicd env - chore: fix json format Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (3)

  - b21ca4c chore: fix json format - f8cf54d feat: create argo-workflows iam role for tools in cicd env - d8ecaf6 Merge branch 'main' into TMCCLDENG-2364-create-iam-secret-store-argo-…
  Files changed (1)

  - data-stores/aws-secrets-manager-iam/terraform/workspaces/consolidated.tfvars.json: +12/-11
• TMCCLDENG 2364 workflows deploy rds instance and enable archiving of workflows (#4764)
  • Merged: 2025-04-22
  Description

  Changes - rds: create argo-workflows-archive rds instance Why [TMCCLDENG-2364](https://ford.atlassian.net/browse/TMCCLDENG-2364) [TMCCLDENG-2364]: https://ford.atlassian.net/browse/TMCCLDENG-2364?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (7)

  - e97b58d WIP: add argo-workflows-archive rds db - b4a4851 rds: update argo-workflows rds instance - c585295 rds: update database host name - 8bf56d1 rds: fix naming - c5b74c9 fix: typo - 652a8b6 fix: update auto minor verison upgrade for policy - 907bf18 Merge branch 'main' into TMCCLDENG-2364-workflows-deploy-rds-instance…
  Files changed (1)

  - rds/terraform/workspaces/au-consolidated-tools-usw2-argo-workflows-archive.tfvars.json: +63/-0
• workflows(feat): enable pod garbage collection on workflow completion (#4744)
  • Merged: 2025-04-16
  Description

  Changes - workflows(feat): enable pod garbage collection on workflow completion Why [TMCCLDENG-2365](https://ford.atlassian.net/browse/TMCCLDENG-2365) [TMCCLDENG-2365]: https://ford.atlassian.net/browse/TMCCLDENG-2365?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 984959a workflows(feat): enable pod garbage collection on workflow completion
  Files changed (1)

  - argo/workflows/terraform/main.tf: +3/-0
• jo dg/update initial iam msk (#4733)
  • Merged: 2025-05-02
  Description

  Changes - update the folder structure - modules has its own directory - update workspaces - update the workspace name to reflect which account and app environment instance - get environment information from data sources - instead of passing it directly through the workspace file, grab it from data sources Commits - fix: update the workspace - fix: add updated tfvars and terraform lock - fix: add default streams_topics if not provided - fix: clean up msk variables input and workspace - fix: use cluster_uuid for msk cluster + reference as this - wip: add messaging refactor - chore(refactor): create modules dir and workspaces dir - messaging/msk-iam: Add top-level iteration - Initial check-in Why - updated @twildeboer's initial msk branch to conform with platform-infra patterns ...
  Commits (17)

  - 023e47d Initial check-in - 5a32cf4 messaging/msk-iam: Add top-level iteration - b8fd48a chore(refactor): create modules dir and workspaces dir - f96129e wip: add messaging refactor - eeab022 fix: use cluster_uuid for msk cluster + reference as this - 4c093ab fix: clean up msk variables input and workspace - b6b9417 fix: add default streams_topics if not provided - ad62897 fix: add updated tfvars and terraform lock - 4dbea1e fix: update the workspace - 5aaef16 fix: update test condition with app_environment - d18a39c chore: update fmting - 86664a3 msk-iam: change new role path pattern - ec2759b msk-iam: force team names to lowercase - a603d0f refinements (#4792) - 645f64d messaging/msk-iam - add ability to set custom permissions on roles (#… - bcf5590 messaging/msk-iam fixes: (#4877) - 22c6aa5 msk-iam: Skip services with no client role arn (#4884)
  Files changed (19)

  - messaging/msk-iam/terraform/modules/msk_client_specific_role/tests/msk_client_specific_role.tftest.hcl: +311/-0 - messaging/msk-iam/terraform/workspaces/au-messaging-experiment-2-usw2-dev.tfvars.json: +254/-0 - messaging/msk-iam/terraform/modules/msk_client_specific_role/locals.tf: +118/-0 - messaging/msk-iam/terraform/tests/policy.tftest.hcl: +88/-0 - messaging/msk-iam/terraform/modules/msk_client_specific_role/variables.tf: +75/-0
• fix: add executable name for plan only to fix atlantis confusion (#4705)
  • Merged: 2025-04-10
  Description

  Changes - fix: add executable name for plan only to fix atlantis confusion Why - recommended to give atlantis plan only a specific name since we have multiple instances running - https://www.runatlantis.io/docs/server-configuration.html#executable-name - it'll stop atlantis plan only instance from commenting this when other PRs for the automation-sre instance is processing `atlantis plan` 
  Commits (2)

  - 0d54f5d fix: add executable name for plan only to fix atlantis confusion - 104b768 Merge branch 'main' into jo/atlantis-plan-only-configs
  Files changed (1)

  - k8s/atlantis/terraform/main.tf: +2/-1
• Update CODEOWNERS to prioritize us for policies (#4651)
  • Merged: 2025-04-07
  Description

  - this ensures we have priority on policy dir https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#example-of-a-codeowners-file ``` # Order is important; the last matching pattern takes the most # precedence. When someone opens a pull request that only # modifies JS files, only @js-owner and not the global # owner(s) will be requested for a review. *.js @js-owner #This is an inline comment. ```
  Commits (1)

  - bb5bba5 Update CODEOWNERS to prioritize us for policies
  Files changed (1)

  - CODEOWNERS: +3/-1
• fix: generate projects for tfvar files and ignore empty ones (#4649)
  • Merged: 2025-04-07
  Description

  Changes - fix: generate projects for tfvar files and ignore empty ones Why - iteration in this for [loop](https://github.com/autonomic-ai/platform-infra/pull/4649/files#diff-7684dd553b8f67282539b56e6fa6498207e48694ce4d93a9db5a7bf1c4a32889L190) is resolving to `*.tfvars.json` as a literal when no tfvars.json is found and treats it as a file when generating the projects but it really means no file was found - we should skip it if this is the file because it will generate a project with `workspaces: *` like below (which is invalid for atlantis.yaml) ``` ... - branch: /main/ dir: messaging/msk-iam/terraform delete_source_branch_on_merge: true repo_locking: true plan_requirements: [undiverged] apply_requirements: [mergeable, approved, undiverged] import_requirements: [mergeable, approved, undiverged] silence_pr_comments: ["plan"] workflow: ...
  Commits (2)

  - 0aa2c99 fix: generate projects for tfvar files and ignore empty ones - c6d0f24 Merge branch 'main' into jo/fix-atlantis-sre-project-generator
  Files changed (1)

  - generate_projects.sh: +5/-0
• chore(codeowners): add messaging dir and restrict policy to sre (#4620)
  • Merged: 2025-04-03
  Description

  Changes - chore(codeowners): add messaging dir and restrict policy to sre Why
  Commits (4)

  - c757bf5 chore(codeowners): add messaging dir and restrict policy to sre - d6dff2f fix: make sure everything under messaging is owned by them - 3cb66d5 fix: also make sure everything under policy is sre - abeb0b9 fix: remove double astriks
  Files changed (1)

  - CODEOWNERS: +4/-0
• fix: add required annotation for service-account.name (#4573)
  • Merged: 2025-04-01
  Description

  Changes - fix: add required annotation for service-account.name Why ```hcl kubernetes_manifest.production-eng-operate-workflow-sa-token: Creating... ╷ │ Error: API response status: Failure │ │ with kubernetes_manifest.production-eng-operate-workflow-sa-token, │ on sa.tf line 221, in resource "kubernetes_manifest" "production-eng-operate-workflow-sa-token": │ 221: resource "kubernetes_manifest" "production-eng-operate-workflow-sa-token" { │ │ Secret "production-eng-operate-workflow-sa.service-account-token" is │ invalid: metadata.annotations[kubernetes.io/service-account.name]: Required │ value ╵ ╷ │ Error: Kubernetes API Error: Invalid Secret [production-eng-operate-workflow-sa.service-account-token] │ │ with kubernetes_manifest.production-eng-operate-workflow-sa-toke...
  Commits (1)

  - caa5d22 fix: add required annotation for service-account.name
  Files changed (1)

  - argo/workflows/terraform/sa.tf: +3/-0
• jo/generate sa token secret workflows (#4572)
  • Merged: 2025-04-01
  Description

  Changes - fix: remove secret from workflow-configs - fix: update comment - fix: create secret sa token with workflows Why - needed to create the secret in terraform because argocd doesn't sync secrets
  Commits (3)

  - f27ba53 fix: create secret sa token with workflows - f958179 fix: update comment - 88f0870 fix: remove secret from workflow-configs
  Files changed (5)

  - argo/workflows/terraform/sa.tf: +14/-0 - argo/workflows-config/cue/render/tools/render.yaml: +0/-11 - argo/workflows-config/cue/render/cicd-03-w2/render.yaml: +0/-11 - argo/workflows-config/cue/render/cicd-03-e1/render.yaml: +0/-11 - argo/workflows-config/cue/rbac_prodeng.cue: +1/-5
• feat: give production-eng access to generate workflows (#4566)
  • Merged: 2025-04-01
  Description

  Changes - feat: give production-eng access to generate workflows - this generates a serviceaccount that has higher precedence than the user-default-login serviceaccount that the team currently gets associated with. - it gives them edit permissions via rbac and also grants the readall permissions to the generated serviceaccount Why - production-eng requested access to generate their own workflows in support
  Commits (2)

  - efb2195 feat: give production-eng access to generate workflows - 9a4626e Merge branch 'main' into jo/grant-prod-eng-workflow-rbac
  Files changed (5)

  - argo/workflows-config/cue/rbac_prodeng.cue: +83/-0 - argo/workflows-config/cue/render/tools/render.yaml: +62/-0 - argo/workflows-config/cue/render/cicd-03-w2/render.yaml: +62/-0 - argo/workflows-config/cue/render/cicd-03-e1/render.yaml: +62/-0 - argo/workflows-config/cue/README.adoc: +2/-2
• fix: remove the flags causing infinte pending status for plans (#4526)
  • Merged: 2025-03-28
  Description

  Changes - fix: remove the flags causing infinte pending status for plans Why - with these flags, it removes the additional status checks but there's a bug where the plan stays pending forever. I think its better to have the successful status checks than an infinite pending check.
  Commits (1)

  - 2def0a7 fix: remove the flags causing infinte pending status for plans
  Files changed (1)

  - k8s/atlantis/terraform/main.tf: +0/-2
• feat: replace skip_components with include_collections and add IS_CHINA support (#4463)
  • Merged: 2025-03-27
  Description

  Changes - feat: replace skip_components with include_collections and add IS_CHINA support Why [TMCCLDENG-2296](https://ford.atlassian.net/browse/TMCCLDENG-2296) Plan ```hcl 2025/03/27 13:39:20 cfg: terraform backend_config files: [~/admin.config.json], var files: [~/backend.config.json], workspaces enabled: true, ws dir: 'workspaces', pre_apply_checks: [tf-summarize] 2025/03/27 13:39:20 ws: au-automation-usw2, glob: workspaces/au-automation-usw2.tfvars* 2025/03/27 13:39:20 file: workspaces/au-automation-usw2.tfvars.json 2025/03/27 13:39:20 remote module: record, git@github.com:autonomic-ai/terraform-aws-route53-alias-recordset.git?ref=v0.2.2 2025/03/27 13:39:20 modified: [variables.tf] 2025/03/27 13:39:20 export TF_DATA_DIR=.terraform 2025/03/27 13:39:20 export TF_WORKSPACE=au-automation-usw2 2025/03/27 13:39:20 run [terraform plan -...
  Commits (7)

  - f4b7abb feat: replace skip_components with include_collections and add IS_CHI… - 1a4f284 feat: update IS_CHINA default value and enhance context filtering logic - 608a65b Merge branch 'main' into TMCCLDENG-2296-change-atlantis-plan-exclussi… - 760d4af Merge branch 'main' into TMCCLDENG-2296-change-atlantis-plan-exclussi… - f521a41 fix: change map inputs for varibale - 9629958 fix: remove tmp path - ba0ab79 refactor: rename include_collections to include_collections_skip_comp…
  Files changed (4)

  - k8s/atlantis/scripts/gen-atlantis.py: +37/-6 - k8s/atlantis/terraform/workspaces/au-automation-usw2.tfvars.json: +23/-16 - k8s/atlantis/terraform/variables.tf: +10/-4 - k8s/atlantis/terraform/main.tf: +4/-3
• feat: add vcs-status-name to identify atlantis instance (#4435)
  • Merged: 2025-03-24
  Description

  Changes - feat: add vcs-status-name to identify atlantis instance Why [TMCCLDENG-2318](https://ford.atlassian.net/browse/TMCCLDENG-2318) Atlantis Plan ```hcl Terraform will perform the following actions: # helm_release.this will be updated in-place ~ resource "helm_release" "this" { id = "atlantis-plan-au-automation-usw2" ~ metadata = [ - { - app_version = "v0.33.0" - chart = "atlantis" - first_deployed = 1710868979 - last_deployed = 1742841941 - name = "atlantis-plan-au-automation-usw2" - namespace = "atlantis" - notes = <<-EOT 1. Get the application URL by running these commands: 2. Atlantis will not start successfully unless at least one of the following sets of credentials are specified (see values.yaml for detailed usage): - github - githubApp ...
  Commits (2)

  - b6af743 feat: add vcs-status-name to identify atlantis instance - ce90bb5 feat: silence vcs status no projects
  Files changed (1)

  - k8s/atlantis/terraform/main.tf: +3/-1
• chore(deps): bump atlantis-plan to latest v0.33.0 + 5.16.0 charts (#4426)
  • Merged: 2025-03-24
  Description

  Changes - chore(deps): bump atlantis-plan to latest v0.33.0 + 5.16.0 charts Latest Versions https://github.com/runatlantis/atlantis/releases/tag/v0.33.0 https://github.com/runatlantis/helm-charts/releases/tag/atlantis-5.16.0 Why [TMCCLDENG-2317](https://ford.atlassian.net/browse/TMCCLDENG-2317) [TMCCLDENG-2317]: https://ford.atlassian.net/browse/TMCCLDENG-2317?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - 6508a27 chore(deps): bump atlantis-plan to latest v0.33.0 + 5.16.0 charts - 9a06f62 Merge branch 'main' into jo/TMCCLDENG-2317-upgrade-to-latest-atlantis…
  Files changed (2)

  - k8s/atlantis/terraform/workspaces/au-automation-usw2.tfvars.json: +1/-1 - k8s/atlantis/ci/pipeline.yml: +1/-1
• fix: add argocd-user to sase-admins (#4023)
  • Merged: 2025-02-13
  Description

  Changes - fix: add argocd-user to sase-admins Why - sase-admins (prod-eng) need access to new argocd instance Plan ```hcl teleport_oidc_connector.okta: Refreshing state... [id=okta] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # teleport_oidc_connector.okta will be updated in-place ~ resource "teleport_oidc_connector" "okta" { id = "okta" ~ spec = { ~ claims_to_roles = [ ~ { ~ roles = [ # (4 unchanged elements hidden) "tekton-user", + "argocd-user", "bakery-user", # (3 unchanged elements hidden) ] # (2 unchanged attributes hidden) }, # (11 unchanged ele...
  Commits (1)

  - dccf427 fix: add argocd-user to sase-admins
  Files changed (1)

  - teleport/admin/terraform/workspaces/teleport-cloud.tfvars.json: +1/-0
• chore(docs): clarify policy on iam kms changes (#3925)
  • Merged: 2025-02-06
  Description

  Changes - chore(docs): clarify policy on iam kms changes Why - was unclear why we were failing iam kms policy changes
  Commits (1)

  - 00b1446 chore(docs): clarify policy on iam kms changes
  Files changed (1)

  - data-stores/aws-secrets-manager-iam/terraform/policy/default.rego: +2/-2
• fix: copy all annotations and labels + fix ignoredifferences drift (#3796)
  • Merged: 2025-01-22
  Description

  Changes - fix: copy all annotations and labels + fix ignoredifferences drift Why [TMCCLDENG-2135](https://ford.atlassian.net/browse/TMCCLDENG-2135) [TMCCLDENG-2135]: https://ford.atlassian.net/browse/TMCCLDENG-2135?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 9f05489 fix: copy all annotations and labels + fix ignoredifferences drift
  Files changed (2)

  - argo/cd-config/terraform/locals.tf: +6/-10 - argo/cd-config/terraform/workspaces/prod.tfvars.json: +1/-0
• chore(docs): add README documentation for argo-cd-connect and argo-cd-connect-legacy components (#3780)
  • Merged: 2025-01-20
  Description

  Changes - chore(docs): add README documentation for argo-cd-connect and argo-cd-connect-legacy components Why
  Commits (1)

  - a847b01 chore(docs): add README documentation for argo-cd-connect and argo-cd…
  Files changed (4)

  - k8s/argo-cd-connect/docs/README.md: +34/-0 - k8s/argo-cd-connect-legacy/docs/README.md: +33/-0 - k8s/argo-cd-connect/docs/image.png: +0/-0 - k8s/argo-cd-connect-legacy/docs/image-1.png: +0/-0
• feat:grant cicd-03-w2 argo-cd-manager permissions when deploying to cicd-03-e1 (#3778)
  • Merged: 2025-01-17
  Description

  Changes - feat:grant cicd-03-w2 argo-cd-manager permissions when deploying to cicd-03-e1 Why - when cicd-03-w2 argocd connects to cicd-03-e1 for the argocd_cluster resource (which is a secret in k8s), it uses the aws access entry path. we need to create the argo-cd-manager group which has permissions to deploy everything and grant cicd-03-w2 to this group. [TMCCLDENG-2133](https://ford.atlassian.net/browse/TMCCLDENG-2133) Plan ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # argocd_cluster.prod[0] will be updated in-place ~ resource "argocd_cluster" "prod" { id = "https://9854A34491B01791249AC700C93781FF.gr7.us-east-1.eks.amazonaws.com/cicd-03-e1" name =...
  Commits (1)

  - 564461e feat:grant cicd-03-w2 argo-cd-manager permissions when deploying to c…
  Files changed (2)

  - k8s/argo-cd-connect/terraform/main.tf: +7/-1 - k8s/argo-cd-connect/terraform/locals.tf: +3/-1
• argocd: add deny_sync_clusters and enable deploy_root_app_applications_tekton (#3766)
  • Merged: 2025-01-16
  Description

  Changes - argocd: add deny_sync_clusters and enable deploy_root_app_applications_tekton Why - add root app for applications-tekton to test syncing against cicd-03-xx clusters - deny the same list as staging and only allow syncing to the following clusters: ``` au-tmc-dev-use1 au-tmc-dev-usw2 cicd-03-e1 cicd-03-w2 dev2.k8s.au-infrastructure.com ``` [TMCCLDENG-2110](https://ford.atlassian.net/browse/TMCCLDENG-2110) Tests ```hcl data.kubernetes_resources.apps: Read complete after 4s Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # argocd_application.root_tekton[0] will be created ...
  Commits (1)

  - d026108 argocd: add deny_sync_clusters and enable deploy_root_app_application…
  Files changed (1)

  - argo/cd-config/terraform/workspaces/prod.tfvars.json: +16/-1
• jo/TMCCLDENG 2129 split out argocd root apps into its own app dirs (#3762)
  • Merged: 2025-01-15
  Description

  Changes - refactor: split out deploy root apps for modularity - chore: remove decomissioned cicd-eks-02 cluster from sync cluster list Why [TMCCLDENG-2129](https://ford.atlassian.net/browse/TMCCLDENG-2129) Plan ```hcl cicd-03-w2:bakery-staging:bakery-staging ➜ terraform git:(jo/TMCCLDENG-2129-split-out-argocd-root-apps-into-its-own-app-dirs) ✗ bt terraform build --ws=staging --ic 2025/01/15 16:33:00 cfg: backend_config files: [~/admin.config.json], var files: [~/backend.config.json], workspaces enabled: true, ws dir: 'workspaces' 2025/01/15 16:33:00 Running Task build:init 2025/01/15 16:33:00 Completed Task build:init in 00m:00s 2025/01/15 16:33:00 Running Task build:plan 2025/01/15 16:33:00 cfg: backend_config files: [~/admin.config.json], var files: [~/backend.config.json], workspaces enabled: true, ws dir: 'workspaces' 2025/01/15 16:33...
  Commits (2)

  - bb02e18 chore: remove decomissioned cicd-eks-02 cluster from sync cluster list - 384a798 refactor: split out deploy root apps for modularity
  Files changed (3)

  - argo/cd-config/terraform/variables.tf: +7/-3 - argo/cd-config/terraform/main.tf: +4/-4 - argo/cd-config/terraform/workspaces/staging.tfvars.json: +2/-1
• feat: add ui banner for argocd prod (#3757)
  • Merged: 2025-01-15
  Description

  Changes - feat: add ui banner for argocd prod Why - need to add a banner for the new argocd - this will also force a new deployment to help us look into whats going on with the disappearing cluster roles
  Commits (1)

  - e640e2b feat: add ui banner for argocd prod
  Files changed (1)

  - argo/cd/terraform/workspaces/prod.tfvars.json: +6/-1
• feat: add optional banner for notifications (#3747)
  • Merged: 2025-01-13
  Description

  Changes - feat: add optional banner for notifications Why [TMCCLDENG-2127](https://ford.atlassian.net/browse/TMCCLDENG-2127) [TMCCLDENG-2127]: https://ford.atlassian.net/browse/TMCCLDENG-2127?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (2)

  - cb501ad feat: add optional banner for notifications - 1825e9a feat: add configurable UI banner support
  Files changed (3)

  - argo/cd/terraform/variables.tf: +30/-0 - argo/cd/terraform/main.tf: +8/-2 - argo/cd/terraform/workspaces/staging.tfvars.json: +6/-1
• jo nh/fix sync policy snake case settings (#3745)
  • Merged: 2025-01-13
  Description

  Changes - fix: convert argocd_application resource value ignore_differences to camlCase from snake_case for kubectl_manifest resource - chore: update target test app for sync script - fix: enhance syncPolicy structure in terraform locals.tf for Argo CD Why - the syncoptions and ignoredifferences were being picked up as snake case when we were copying it directly from the data source with the [argocd_application provider](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs/data-sources/application#nested-schema-for-specignore_differences) - we had to update these to yaml syntax (camlCase) inorder for the kubectl_manifest resource to apply the actual value correctly - https://ford.atlassian.net/browse/TMCCLDENG-2117
  Commits (3)

  - a7801f1 fix: enhance syncPolicy structure in terraform locals.tf for Argo CD - 8012ab4 chore: update target test app for sync script - 32d4028 fix: convert argocd_application resource value ignore_differences to …
  Files changed (3)

  - argo/cd-config/terraform/locals.tf: +23/-2 - argo/cd-config/terraform/outputs.tf: +0/-4 - argo/cd-config/terraform/data.tf: +1/-1
• config: remove cicd-03-e1 from global-deny project (#3726)
  • Merged: 2025-01-08
  Description

  Changes - config: remove cicd-03-e1 from global-deny project Why - we want to start testing against cicd-03-e1
  Commits (1)

  - b0ccf55 config: remove cicd-03-e1 from global-deny project
  Files changed (1)

  - argo/cd-config/terraform/workspaces/staging.tfvars.json: +0/-1
• feat: enable prometheus scraping annotations for argocd (#3706)
  • Merged: 2025-01-07
  Description

  Changes - feat: enable prometheus scraping annotations for argocd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd#global-configs Why [TMCCLDENG-2091](https://ford.atlassian.net/browse/TMCCLDENG-2091) [TMCCLDENG-2091]: https://ford.atlassian.net/browse/TMCCLDENG-2091?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
  Commits (1)

  - 747238c feat: enable prometheus scraping annotations for argocd
  Files changed (1)

  - argo/cd/terraform/main.tf: +1/-0

🔄 Open Pull Requests

• trigger: pipeline (#3740)
  • Created: 2025-01-10
  Description

  Changes - trigger: pipeline Why
  Files changed (1)

  - argo/cd/terraform/locals.tf: +1/-0

📈 Summary

This report includes all commits by John Octubre and pull requests by johnoct-au between 2025-01-06 and 2025-06-16.

Generated with git-pr-standup