Skip to content

[PLT-1445] Service module adoption for AB2D contracts, events and worker services #1663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jscott-nava wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[PLT-1445] Service module adoption for AB2D contracts, events and worker services #1663

jscott-nava wants to merge 4 commits into from
+276 −243

Conversation

@jscott-nava
Copy link
Contributor

@jscott-nava jscott-nava commented Dec 18, 2025
edited
Loading

🎫 Ticket

https://jira.cms.gov/browse/PLT-1445

🛠 Changes

This PR contains the changes required to migrate the AB2D contracts, events and worker services onto the CDAP service module.

The following two caveats should be noted:

  • Due to the use of a shared platform module the tags for the services are updated from either contracts or events to microservices. If this is not desired then microservice-specific platform modules could be passed in instead.
  • The events_service force_new_deployment flag is reverted from true to false which would indicate that during the previous tofu apply in the test environment this setting was overridden with an image tag which sets the flag to true.
  • This PR depends on the CDAP service module updates pending review in [PLT-1445] Service module updates for AB2D adoption cdap#360; prior to merging this PR, the CDAP PR must be merged and then the module references in this PR updated with the new commit hash.
  • The unit-integration-test/sonarqube/test check on this PR failed (https://github.com/CMSgov/ab2d/actions/runs/20345958599/job/58458189335?pr=1663) with errors that appear to be unrelated to these changes. Please advise whether this test is flaky or whether it indicates an issue introduced by these changes.

ℹ️ Context

With the AB2D api service having already been migrated to the CDAP service module, this PR addresses service module adoption for the remaining three AB2D services.

🧪 Validation

Tofu plan output for 20-microservices (AB2D-TEST) 
OpenTofu will perform the following actions:

  # module.contracts_service.aws_ecs_service.this will be updated in-place
  # (moved from aws_ecs_service.contracts)
  ~ resource "aws_ecs_service" "this" {
        id                                 = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:service/ab2d-test-microservices/ab2d-test-contracts"
        name                               = "ab2d-test-contracts"
      ~ tags                               = {
          - "service" = "contracts" -> null
        }
      ~ tags_all                           = {
          ~ "service"        = "contracts" -> "microservices"
            # (6 unchanged elements hidden)
        }
      ~ task_definition                    = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-contracts:30" -> (known after apply)
        # (16 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.contracts_service.aws_ecs_task_definition.this must be replaced
  # (moved from aws_ecs_task_definition.contracts)
-/+ resource "aws_ecs_task_definition" "this" {
      ~ arn                      = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-contracts:30" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-contracts" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - essential              = true
                  ~ logConfiguration       = {
                      ~ options   = {
                          ~ awslogs-group         = "/aws/ecs/fargate/ab2d-test/ab2d_contracts" -> "/aws/ecs/fargate/ab2d-test/contracts"
                            # (3 unchanged attributes hidden)
                        }
                        # (1 unchanged attribute hidden)
                    }
                  ~ name                   = "contracts-service-container" -> "contracts"
                  - systemControls         = []
                  - volumesFrom            = []
                    # (6 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "ab2d-test-contracts" -> (known after apply)
      ~ revision                 = 30 -> (known after apply)
      - tags                     = {} -> null
        # (10 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

  # module.events_service.aws_ecs_service.this will be updated in-place
  # (moved from aws_ecs_service.events)
  ~ resource "aws_ecs_service" "this" {
      ~ force_new_deployment               = true -> false
        id                                 = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:service/ab2d-test-microservices/ab2d-test-events"
        name                               = "ab2d-test-events"
      ~ tags                               = {
          - "service" = "events" -> null
        }
      ~ tags_all                           = {
          ~ "service"        = "events" -> "microservices"
            # (6 unchanged elements hidden)
        }
      ~ task_definition                    = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-events:18" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

  # module.events_service.aws_ecs_task_definition.this must be replaced
  # (moved from aws_ecs_task_definition.events)
-/+ resource "aws_ecs_task_definition" "this" {
      ~ arn                      = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-events:18" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task-definition/ab2d-test-events" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - essential              = true
                  ~ logConfiguration       = {
                      ~ options   = {
                          ~ awslogs-group         = "/aws/ecs/fargate/ab2d-test/ab2d_events" -> "/aws/ecs/fargate/ab2d-test/events"
                            # (3 unchanged attributes hidden)
                        }
                        # (1 unchanged attribute hidden)
                    }
                  ~ name                   = "events-service-container" -> "events"
                  - systemControls         = []
                  - volumesFrom            = []
                    # (6 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "ab2d-test-events" -> (known after apply)
      ~ revision                 = 18 -> (known after apply)
      - tags                     = {} -> null
        # (10 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

Plan: 2 to add, 2 to change, 2 to destroy.
Tofu plan output for 30-worker (AB2D-TEST) 
OpenTofu will perform the following actions:

  # module.service.aws_ecs_service.this will be updated in-place
  # (moved from aws_ecs_service.worker)
  ~ resource "aws_ecs_service" "this" {
        id                                 = "arn:aws:ecs:us-east-1:xxxxxxxxxxxx:service/ab2d-test-worker/ab2d-test-worker"
        name                               = "ab2d-test-worker"
        tags                               = {}
        # (18 unchanged attributes hidden)

      ~ network_configuration {
          ~ subnets          = (sensitive value) ### Test currently uses one subnet, the service module will use all three. ###
            # (2 unchanged attributes hidden)
        }

        # (2 unchanged blocks hidden)
    }

  # aws_ecs_task_definition.worker has moved to module.service.aws_ecs_task_definition.this
    resource "aws_ecs_task_definition" "this" {
        id                       = "ab2d-test-worker"
        tags                     = {}
        # (15 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@jscott-nava jscott-nava requested a review from a team December 18, 2025 17:46
@jscott-nava jscott-nava marked this pull request as ready for review December 18, 2025 18:52
@jscott-nava jscott-nava requested a review from a team as a code owner December 18, 2025 18:52
@jscott-nava jscott-nava requested a review from gsf December 18, 2025 18:53
bennavapbc
bennavapbc previously approved these changes Dec 31, 2025
View reviewed changes
Copy link
Collaborator

@bennavapbc bennavapbc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will likely want to merge #1666 first? cc @juliareynolds-nava

gsf
gsf reviewed Jan 9, 2026
View reviewed changes
ops/services/20-microservices/contracts.tf
image = local.contracts_image_uri
memory = 2048
platform = module.platform
platform_version = "1.4.0"
Copy link
Member

@gsf gsf Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If platform version matches the default could we drop it from the definition here? That way when it's updated in the module we only need to update the hash commit in the ref once it's been tested. This also applies to any other variables that match the default.

Same goes for health_check_grace_period_seconds. Leave it out instead of setting it to null.

Also it strikes me that platform_version sounds like it relates to the platform module being passed in. Could be worthwhile to rename the variable in the service module to fargate_version in CMSgov/cdap#360.

Copy link
Contributor Author

@jscott-nava jscott-nava Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gsf Great comments. Made the following changes:

  • Renamed platform_version to fargate_version to be clearer.
  • Omitted fargate_version when it matches the default.
  • Since the health_check_grace_period_seconds parameter only applies to services configured with a load balancer, it seems to be more intuitive to have the default be null and then (1) omit the parameter for non-load balanced services, and (2) explicitly set the value for services that do use a load balancer to whatever makes sense for that service's initialization time.

@jscott-nava
Copy link
Contributor Author

jscott-nava commented Jan 9, 2026

Changes have been made both to this PR and the related CDAP service module PR - see the updated Tofu plans in the description.

@jscott-nava jscott-nava requested review from bennavapbc and gsf January 9, 2026 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliareynolds-nava juliareynolds-nava juliareynolds-nava left review comments

@Sadibhatla Sadibhatla Awaiting requested review from Sadibhatla

@gsf gsf Awaiting requested review from gsf

@bennavapbc bennavapbc Awaiting requested review from bennavapbc

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jscott-nava @gsf @bennavapbc @juliareynolds-nava