Merge pull request asfadmin#191 from asfadmin/cjl/fix-cwl-exists-problem

Allow importing of egress_lambda_log_group if getting an "already exists" error

.gitconfig

@@ -0,0 +1,3 @@
+[safe]
+	directory = /CIRRUS-core
+	directory = /CIRRUS-DAAC

CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## unreleased
+* add a Makefile target to import tea lambda cloudwatch group if getting an "The
+specified log group already exists" error: `make import-thin-egress-log`
+* add .gitconfig file to Docker image to mark /CIRRUS-core and /CIRRUS-DAAC as safe
+
 ## v18.2.0.0
 
 * Upgrade to [Cumulus v18.2.0](https://github.com/nasa/cumulus/releases/tag/v18.2.0)

Dockerfile

@@ -47,6 +47,8 @@ ARG USER
 RUN \
         echo "user:x:${USER}:0:root:/:/bin/bash" >> /etc/passwd
 
+COPY .gitconfig /.gitconfig
+
 WORKDIR /CIRRUS-core
 
 # Python38 target

Makefile

@@ -27,6 +27,7 @@ PYTHON_VER ?= python3
 
 CIRRUS_CORE_VERSION := $(or $(shell git tag --points-at HEAD | head -n1),$(shell git rev-parse --short HEAD))
 CIRRUS_DAAC_VERSION := $(or $(shell git -C $(DAAC_DIR) tag --points-at HEAD | head -n1),$(shell git -C $(DAAC_DIR) rev-parse --short HEAD))
+THIN_EGRESS_LOG_EXIST := "0"
 
 # ---------------------------
 SELF_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
@@ -246,6 +247,36 @@ plan-cumulus: cumulus-init
 		eval $$TF_CMD
 	fi
 
+# ---------------------------
+.PHONY: import-thin-egress-log
+import-thin-egress-log: cumulus-init
+	$(banner)
+	if [ -f "${DAAC_DIR}/cumulus/secrets/${MATURITY}.tfvars" ]
+	then
+		echo "***************************************************************"
+		export SECRETS_OPT="-var-file=${DAAC_DIR}/cumulus/secrets/${MATURITY}.tfvars"
+		echo "Found maturity-specific secrets: $$SECRETS_OPT"
+		echo "***************************************************************"
+	fi
+	cd cumulus
+	if [ -f "${DAAC_DIR}/cumulus/variables/${MATURITY}.tfvars" ]
+	then
+		echo "***************************************************************"
+		export VARIABLES_OPT="-var-file=${DAAC_DIR}/cumulus/variables/${MATURITY}.tfvars"
+		echo "Found maturity-specific variables: $$VARIABLES_OPT"
+		echo "***************************************************************"
+	fi
+	export TF_CMD="terraform import \
+				-var-file=${DAAC_DIR}/cumulus/terraform.tfvars \
+				$$VARIABLES_OPT \
+				$$SECRETS_OPT \
+				-input=false \
+				-no-color \
+				aws_cloudwatch_log_group.egress_lambda_log_group[0] \
+				/aws/lambda/${DEPLOY_NAME}-cumulus-${MATURITY}-thin-egress-app-EgressLambda"
+	eval $$TF_CMD
+
+# ---------------------------
 .PHONY: destroy-cumulus
 destroy-cumulus: cumulus-init
 	$(banner)

cumulus/tea-cloudwatch.tf.example

@@ -0,0 +1,37 @@
+# If you run into this issue when deploying Cumulus
+#
+# Error: creating CloudWatch Logs Log Group
+# (/aws/lambda/DEPLOY_NAME-cumulus-MATURITY-thin-egress-app-EgressLambda): operation
+# error CloudWatch Logs: CreateLogGroup, https response error StatusCode: 400,
+# RequestID: XXXX, ResourceAlreadyExistsException: The specified log group already
+# exists
+#
+#  with aws_cloudwatch_log_group.egress_lambda_log_group[0],
+#  on thin-egress.tf line 67, in resource "aws_cloudwatch_log_group" "egress_lambda_log_group":
+#  67: resource "aws_cloudwatch_log_group" "egress_lambda_log_group" {
+#
+# You can rename this file from tea-cloudwatch.tf.example to tea-cloudwatch.tf and then
+# fill in the 'id' for your cloudwatch group.
+#
+# Terraform 1.5.x requires the 'id' of the import statement to be a string, it can't
+# even be a variable that is a string.
+#
+# https://developer.hashicorp.com/terraform/language/v1.5.x/import
+#
+# Later versions of Terraform do allow a variable, but it can't a calculated value
+#
+# https://developer.hashicorp.com/terraform/language/v1.6.x/import
+#
+# The thin egress cloudwatch group follows this pattern and should have been reported
+# in the error message
+#
+#  /aws/lambda/DEPLOY_NAME-cumulus-MATURITY-thin-egress-app-EgressLambda
+
+import {
+  to = aws_cloudwatch_log_group.egress_lambda_log_group[0]
+  id = ""
+}
+
+output "imported_tea_log_group" {
+  value = aws_cloudwatch_log_group.egress_lambda_log_group
+}