Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Cloud Functions with Cloud Run to avoid permadiffs #749

Closed
nacnudus opened this issue Feb 14, 2025 · 0 comments · Fixed by #753
Closed

Replace Cloud Functions with Cloud Run to avoid permadiffs #749

nacnudus opened this issue Feb 14, 2025 · 0 comments · Fixed by #753

Comments

@nacnudus
Copy link
Contributor

Permadiffs cause terraform apply to redeploy cloud functions unnecessarily, and it is currently also unbinding service accounts from IAM permissions, which has caused the overnight batch of publishing-api to fail. It also seems to interfere with the google_bigquery_job that registers the remote function in BigQuery.

The best I can do to prevent the permadiffs is to copy an MD5 hash from a terraform plan into hard-coded config, and then run terraform apply. Certain fields must also be ignored, which gives to rise to an incorrect warning. Besides being a pain, this is hardly any easier than manually redeploying a function.

resource "google_storage_bucket_object" "parse_html" {
  name   = "sourcecode.zip"
  bucket = google_storage_bucket.cloud_functions.name
  source = data.archive_file.parse_html.output_path # Add path to the zipped function source code
  detect_md5hash = "0TPZXY07IZeI84RrW+VH2w==" # Keep up to date https://support.hashicorp.com/hc/en-us/articles/28945898467347-How-to-Avoid-Terraform-Apply-from-Forcefully-Recreating-Google-Cloud-Storage-Object
  lifecycle {
    # To prevent unnecessary updates, which will trigger a replacement of the
    # cloud function, we must ignore changes to certain attributes. Terraform
    # will give the following warning, which is a lie.
    #
    #   "The attribute crc32c is decided by the provider alone and therefore
    #   there can be no configured value to compare with. Including this
    #   attribute in ignore_changes has no effect. Remove the attribute from
    #   ignore_changes to quiet this warning."
    #
    # Including these attributes in ignore_changes _does_ have an effect, which
    # is to prevent unnecessary updates.
    ignore_changes = [crc32c, generation, md5hash]
  }
}

Now that Cloud Functions are a wrapper around Cloud Run, there would be no functional difference if we were to refactor the Cloud Functions as Cloud Run instances directly. The Dockerfile would make testing easier, and would be offset by being able to delete the double-handling in Terraform of creating both a Cloud Run instance and a Cloud Function wrapper. An existing Cloud Run instance to use as a pattern is terraform/html-to-text.tf and the corresponding source code docker/html-to-text.
nacnudus added a commit that referenced this issue Feb 20, 2025
@nacnudus
refactor: migrate all cloud functions to Cloud Run
db21b6b 
Close #749

Permadiffs cause `terraform apply` to redeploy cloud functions
unnecessarily, and it is currently also unbinding service accounts from
IAM permissions, which has caused the overnight batch of
`publishing-api` to fail. It also seems to interfere with the
`google_bigquery_job` that registers the remote function in BigQuery.

Now that Cloud Functions are a wrapper around Cloud Run, there would be
no functional difference if we were to refactor the Cloud Functions as
Cloud Run instances directly. The Dockerfile would make testing easier,
and would be offset by being able to delete the double-handling in
Terraform of creating both a Cloud Run instance and a Cloud Function
wrapper. An existing Cloud Run instance to use as a pattern is
terraform/html-to-text.tf and the corresponding source code
docker/html-to-text.
@nacnudus nacnudus mentioned this issue Feb 20, 2025
Merged
nacnudus added a commit that referenced this issue Feb 20, 2025
@nacnudus
refactor: migrate all cloud functions to Cloud Run
0c05ae1 
Close #749

Permadiffs cause `terraform apply` to redeploy cloud functions
unnecessarily, and it is currently also unbinding service accounts from
IAM permissions, which has caused the overnight batch of
`publishing-api` to fail. It also seems to interfere with the
`google_bigquery_job` that registers the remote function in BigQuery.

Now that Cloud Functions are a wrapper around Cloud Run, there would be
no functional difference if we were to refactor the Cloud Functions as
Cloud Run instances directly. The Dockerfile would make testing easier,
and would be offset by being able to delete the double-handling in
Terraform of creating both a Cloud Run instance and a Cloud Function
wrapper. An existing Cloud Run instance to use as a pattern is
terraform/html-to-text.tf and the corresponding source code
docker/html-to-text.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor: migrate all cloud functions to Cloud Run alphagov/govuk-knowledge-graph-gcp
1 participant
@nacnudus