Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ticket
n/a
Changes
Context for reviewers
A number of people were confused by the fact that the terraform plan is never clean due to the triggers_replace = timestamp(). There were also concerns about the dependency on pip3. This change adds the role manager dependency to the source code, which eliminates the need for the local-exec provisioner step and also removes the dependency on pip3. The cost is that there is now some vendor code in the /modules/database/role_manager/vendor folder.
Testing
Ran
make infra-update-app-database
Ran it again to show that terraform plans now will show up as clean without the force trigger to replace
Ran
make infra-update-app-database-roles
Ran
make infra-check-app-database-roles
Preview environment
♻️ Environment destroyed ♻️