-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure New Relic #1077
Configure New Relic #1077
Conversation
Terraform plan for management No changes. Your infrastructure matches the configuration.
✅ Plan applied in Deploy to the dev and management cloud.gov environments #74 |
Terraform plan for dev Plan: 1 to add, 2 to change, 0 to destroy.Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# module.dev.cloudfoundry_app.swagger will be updated in-place
~ resource "cloudfoundry_app" "swagger" {
~ docker_image = "swaggerapi/swagger-ui:latest" -> "swaggerapi/swagger-ui"
id = "9d37d378-b26e-44ca-9e53-994224c903b4"
~ id_bg = "************************************" -> (known after apply)
name = "swagger"
# (13 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# module.dev.cloudfoundry_user_provided_service.credentials will be created
+ resource "cloudfoundry_user_provided_service" "credentials" {
+ credentials = (sensitive value)
+ id = (known after apply)
+ name = "newrelic-creds"
+ space = "06525ba3-19c2-451b-96e9-ea4a9134e8b9"
}
# module.dev-egress.module.egress-proxy.cloudfoundry_app.egress_app will be updated in-place
~ resource "cloudfoundry_app" "egress_app" {
~ environment = (sensitive value)
id = "f90568e3-36de-4ba6-bd86-666b11429754"
~ id_bg = "************************************" -> (known after apply)
name = "egress"
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 1 to add, 2 to change, 0 to destroy. ❌ Error applying plan in Deploy to the dev and management cloud.gov environments #74 |
I put the |
3caca43
to
628288d
Compare
628288d
to
f665dc6
Compare
72ebe3e
to
5ea7631
Compare
df3af4f
to
d087525
Compare
You can run |
d087525
to
c44330c
Compare
Note that while the settings.py call to initialize() has no arguments, it will make use of the environment variables set in .profile.
The proxy's not in use yet, but we'll probably forget to add this later.
c44330c
to
435b7a7
Compare
It might help me. I have a hard time investing effort in installing and configuring a bunch of toolchain pieces locally that I only occasionally use! Also it would help keep everyone developing using the same versions of tools, and allow us to control updates explicitly. The devContainer spec is for addressing exactly these problems, but I haven't ever had time to invest in making one for any of my projects! |
@mogul There is something we may want to consider, and we should probably have a discussion about it with @ChrisB-16. We should assess the "sensitivity" level of the data being ingested via new relic, and we should probably consider adding the Something to noodle on for data security and submission. |
That looks like something we'd definitely want to turn on for staging and prod. Devs might want it off for their local work and the dev environment though, so we should look into how hard it would be to have a separate account set up just for that. Can you add a checklist item to the "Could" section of the main ATO issue? (Can't easily find it via the mobile client right now.) |
Got it, it's #725. (The tasklists don't show up in GitHub Mobile so I wasn't sure if I had the right one.) |
Another option we could do is just write it into the if [$NEW_RELIC_ENVIRONMENT = 'dev'] then
export NEW_RELIC_HIGH_SECURITY = false
else
export NEW_RELIC_HIGH_SECURITY = true
fi Just something to think about. It probably isnt a necessity now, but I think for our first implementation, it would be nice to set that value to The other side of the coin, if the NR account for FAC is accessible via the whole TTS org, even for dev, we may want to turn this on anyway. The other question, that perhaps @ChrisB-16 or @jadudm could answer, is exactly how sensitive the audit workflow is. If we are dealing with PII in any form, we should have this implemented anyway, because we probably don't want to be exposing PII to the NR telemetry for the entire org to see. |
We can do that easily, sure, but if the feature is turned on server-side, then everything would be rejected from the dev environment...
|
This PR should be ready to go btw, please review @JeanMarie-TTS! |
No description provided.