Update validation scripts

- To reflect modularized and multiple ecs services

Author: TheOneFromNorway

terraform/scripts/check_task_definition.sh

@@ -5,36 +5,54 @@ if [ "$#" -ne 1 ]; then
     exit 1
 fi
 
+valid_resources=(
+  "aws_ecs_task_definition\.task_definition" #TODO: Remove after release
+  "aws_s3_object\.appspec_object"
+  "module\.web_service\.aws_ecs_task_definition"
+  "module\.good_job_service\.aws_ecs_task_definition"
+)
+
 tf_stdout=$1
-# Check task definition is replaced
 if [[ $(grep -ce "No changes.*Your infrastructure matches the configuration" "$tf_stdout") -eq 1 ]]; then
   echo "No changes detected, continuing."
   exit 0
 fi
-if [[ $(grep -cE "aws_ecs_task_definition\.task_definition.*(replaced|created)" "$tf_stdout") -eq 1 ]]; then
-  echo "Task definition is being replaced or created"
-else
-  echo "Task definition is not being replaced, aborting."
-  exit 1
-fi
-if [[ $(grep -cE "aws_s3_object\.appspec_object.*(updated in-place|created)" "$tf_stdout") -eq 1 ]]; then
-  echo "S3 bucket object is being replaced or created"
-else
-  echo "S3 bucket object is not being replaced, aborting."
-  exit 1
-fi
+
 MODIFICATIONS=$(grep -E "[0-9]+ to add, [0-9]+ to change, [0-9]+ to destroy." "$tf_stdout") || exit 1
 ADDITIONS=$(echo "$MODIFICATIONS" | sed -E 's/.*([0-9]+) to add.*/\1/')  || exit 1
-CHANGES=$(echo "$MODIFICATIONS" | sed -E 's/.*([0-9]+) to change.*/\1/')  || exit 1
 DELETIONS=$(echo "$MODIFICATIONS" | sed -E 's/.*([0-9]+) to destroy.*/\1/') || exit 1
 if [[ $DELETIONS -gt $ADDITIONS ]]; then
-  echo "More resources are being destroyed than created."
-  echo "Other resources than task definition and s3 bucket object are being deleted, aborting."
+  echo "ERROR: More resources are being destroyed than created, run infrastructure deploy first."
   exit 1
+else
+  echo "CHECK_PASSED: No resources are being destroyed without replacement."
 fi
-if [[ $((CHANGES + ADDITIONS)) -gt 2 ]]; then
-  echo "More than 2 resources are being changed."
-  echo "Other changes than task definition and s3 bucket object are being made, aborting."
+
+mapfile -t PLANNED_CHANGES < <(grep -E "#.+(replaced|created|updated in-place|destroyed)" "$tf_stdout" || exit 1)
+
+invalid_modifications=()
+for change in "${PLANNED_CHANGES[@]}"; do
+  valid=0
+  for resource in "${valid_resources[@]}"; do
+    if [[ "$change" =~ $resource ]]; then
+      valid=1
+      break
+    fi
+  done
+  if [ $valid -eq 0 ]; then
+    invalid_modifications+=("$change")
+  fi
+done
+
+if [ ! ${#invalid_modifications[@]} -eq 0 ]; then
+  echo "FAILED_CHECK: Invalid resources modified"
+  for item in "${invalid_modifications[@]}"; do
+    echo "  $item"
+  done
+  echo "Please run an infrastructure deployment."
   exit 1
+else
+  echo "CHECK_PASSED: All modified resources are expected."
 fi
-echo "Basic checks passed, only task definition and S3 bucket changes observed."
+
+echo "Basic checks passed, if production please evaluate the plan before applying."

terraform/scripts/validate_plan.sh

@@ -23,8 +23,10 @@ down_time_if_destroyed=(
 "aws_security_group\.rds_security_group"
 "aws_db_subnet_group\.aurora_subnet_group"
 "aws_ecs_cluster\.cluster"
-"aws_ecs_service\.service"
-"aws_security_group\.ecs_service_sg"
+"aws_ecs_service\.service" #TODO: Remove after release
+"aws_security_group\.ecs_service_sg" #TODO: Remove after release
+"module\.ecs_service\.aws_ecs_service\.service"
+"module\.ecs_service\.aws_security_group"
 )
 
 if [ "$#" -ne 1 ]; then