Skip to content

[Quickfix][Osdev 2328] - Disable prevent destroy for msk cluster#864

Closed
VadimKovalenkoSNF wants to merge 1 commit intoreleases/v.2.18from
OSDEV-2328_quickfix_disable-prevent-destroy-msk
Closed

[Quickfix][Osdev 2328] - Disable prevent destroy for msk cluster#864
VadimKovalenkoSNF wants to merge 1 commit intoreleases/v.2.18from
OSDEV-2328_quickfix_disable-prevent-destroy-msk

Conversation

@VadimKovalenkoSNF
Copy link
Contributor

@VadimKovalenkoSNF VadimKovalenkoSNF commented Jan 16, 2026
edited by atlassian bot
Loading

Follow-up fix for OSDEV-2318

Disable prevent_destroy for msk cluster to unblock Pre-prod deletion.

@VadimKovalenkoSNF VadimKovalenkoSNF self-assigned this Jan 16, 2026
@VadimKovalenkoSNF VadimKovalenkoSNF mentioned this pull request Jan 16, 2026
Merged
@VadimKovalenkoSNF VadimKovalenkoSNF changed the base branch from main to releases/v.2.18 January 16, 2026 08:55
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 16, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@barecheck
Copy link

barecheck bot commented Jan 16, 2026

React App | Jest test suite - Code coverage report

Total: 40.32%

Your code coverage diff: 0.00% ▴

✅ All code changes are covered

@coderabbitai
Copy link

coderabbitai bot commented Jan 16, 2026

📝 Walkthrough

Walkthrough

This change reduces API cache time-to-live (TTL) values from 1800 to 120 seconds across all environment configurations and base Terraform variables, updates the CloudFront path pattern for the facilities API endpoint, and toggles the MSK configuration lifecycle protection from preventing destruction to allowing it.

Changes

Cohort / File(s) Summary
Environment TTL Configuration
deployment/environments/terraform-preprod.tfvars, deployment/environments/terraform-production.tfvars, deployment/environments/terraform-rba.tfvars, deployment/environments/terraform-staging.tfvars		 Reduced four API cache TTL variables (api_facilities_cache_default_ttl, api_facilities_cache_max_ttl, api_production_locations_cache_default_ttl, api_production_locations_cache_max_ttl) from 1800 to 120 seconds across all environment files
Terraform Variable Defaults
deployment/terraform/variables.tf		 Updated default TTL values for the same four cache variables from 1800 to 120 seconds in base variable declarations
CloudFront Configuration
deployment/terraform/cdn.tf		 Tightened the CloudFront path_pattern for api_facilities cache behavior from "api/facilities*" to "api/facilities/*"
MSK Lifecycle Management
deployment/terraform/kafka.tf		 Changed MSK configuration lifecycle protection from prevent_destroy = true to prevent_destroy = false, enabling resource destruction

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

Suggested reviewers

  • protsack-stephan
  • vlad-shapik
  • roman-stolar
🚥 Pre-merge checks | ✅ 1 | ❌ 2
❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Title check ⚠️ Warning The title focuses solely on disabling prevent_destroy for MSK, but the PR contains significant additional changes: API cache TTL reductions and path pattern modifications across multiple environments. Update the title to reflect both major changes, such as '[Quickfix] Reduce API cache TTLs and disable MSK prevent_destroy' or list the changes more comprehensively.
Description check ⚠️ Warning The description only mentions the MSK prevent_destroy change but omits the substantial cache TTL and path pattern modifications affecting production and staging environments. Expand the description to document the API cache TTL reductions (1800s to 120s) and the api/facilities path pattern change alongside the MSK configuration update.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5361da and db2147f.

📒 Files selected for processing (7)
  • deployment/environments/terraform-preprod.tfvars
  • deployment/environments/terraform-production.tfvars
  • deployment/environments/terraform-rba.tfvars
  • deployment/environments/terraform-staging.tfvars
  • deployment/terraform/cdn.tf
  • deployment/terraform/kafka.tf
  • deployment/terraform/variables.tf
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-06-06T13:47:56.598Z 
Learnt from: VadimKovalenkoSNF
Repo: opensupplyhub/open-supply-hub PR: 649
File: deployment/terraform/waf.tf:15-15
Timestamp: 2025-06-06T13:47:56.598Z
Learning: In deployment/terraform/waf.tf, the user VadimKovalenkoSNF prefers to keep IPv6 detection logic simple using dot-splitting heuristics rather than complex regex patterns, especially since they control the IPv6 and IPv4 addresses used in whitelist and denylist configurations.

Applied to files:

  • deployment/terraform/cdn.tf
📚 Learning: 2025-08-28T05:09:22.632Z 
Learnt from: VadimKovalenkoSNF
Repo: opensupplyhub/open-supply-hub PR: 722
File: deployment/terraform/batch.tf:521-539
Timestamp: 2025-08-28T05:09:22.632Z
Learning: RBA environment uses EventBridge scheduling for database sync, while Preprod environment will use a different approach for data synchronization. Infrastructure changes for automated sync should be applied to RBA only.

Applied to files:

  • deployment/environments/terraform-rba.tfvars
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)
  • GitHub Check: run-flake8-linter
  • GitHub Check: run-eslint-linter-and-prettier-formatter
  • GitHub Check: run-integration-test-code-quality
  • GitHub Check: get-base-branch-countries-cov
  • GitHub Check: get-base-branch-dd-cov
  • GitHub Check: get-base-branch-fe-cov
  • GitHub Check: run-dd-code-quality
  • GitHub Check: run-countries-code-quality
  • GitHub Check: run-fe-code-quality
  • GitHub Check: run-contricleaner-code-quality
  • GitHub Check: get-base-branch-contricleaner-cov
  • GitHub Check: get-base-branch-django-cov
  • GitHub Check: run-django-code-quality
🔇 Additional comments (6)
deployment/terraform/variables.tf (1)

46-68: TTL reduction from 30 minutes to 2 minutes is significant.

The default cache TTL reduction from 1800s to 120s will increase origin traffic by ~15x for these endpoints. This change is applied consistently across defaults and all environment tfvars files.

Ensure the backend infrastructure can handle the increased load, and monitor CloudFront cache hit ratios and origin response times after deployment.

deployment/environments/terraform-production.tfvars (1)

12-15: Production cache TTL reduced to 2 minutes.

This change will result in more frequent cache invalidation in Production. The values are consistent with other environments and the updated defaults.

deployment/environments/terraform-preprod.tfvars (1)

13-16: LGTM!

The TTL values are consistent with Production and other environments.

deployment/terraform/cdn.tf (1)

3-8: Pattern change is safe; all API calls in the codebase use trailing slash format.

The change from api/facilities* to api/facilities/* is compatible with existing usage. Every API call found in the codebase—including React utilities (/api/facilities/, /api/facilities/${osId}/) and Django tests—consistently uses the trailing slash format (/api/facilities/). The wildcard * in the new pattern matches zero or more characters, so /api/facilities/ matches api/facilities/* just as it did the old pattern. No action required.

deployment/environments/terraform-staging.tfvars (1)

11-14: TTL reduction from 30 minutes to 2 minutes looks intentional.

The change aligns with the PR objective to tighten cache behavior. Setting default_ttl equal to max_ttl at 120 seconds means CloudFront will cap caching at 2 minutes regardless of origin Cache-Control headers.

Be aware this will increase origin request volume by up to 15x for these endpoints. Ensure the backend can handle the increased load, especially during traffic spikes.

deployment/environments/terraform-rba.tfvars (1)

12-15: TTL reduction consistent with other environments.

The cache TTL changes match the staging configuration, maintaining environment parity. Since RBA appears to use the production domain (opensupplyhub.org), monitor origin load and response times after deployment to ensure the 15x increase in potential cache misses doesn't degrade user experience.

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 16, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
deployment/terraform/kafka.tf (1)

25-31: Consider making prevent_destroy environment-specific to protect production.

Disabling prevent_destroy applies to all environments including Production, not just Pre-prod. Accidental deletion of the MSK configuration in Production could cause service disruption.

Consider using a variable to conditionally set this based on environment:

♻️ Suggested approach 
+variable "msk_prevent_destroy" {
+  description = "Enable lifecycle protection for MSK configuration"
+  type        = bool
+  default     = true
+}

Then in kafka.tf, use a dynamic approach or set prevent_destroy = true in production tfvars while keeping it false for Pre-prod.

Note: Since prevent_destroy doesn't support interpolation directly, you may need to use separate resource definitions or accept the current approach as a temporary workaround.

If this is a temporary change for Pre-prod teardown, consider adding a TODO comment and reverting after the cleanup is complete.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5361da and db2147f.

📒 Files selected for processing (7)
  • deployment/environments/terraform-preprod.tfvars
  • deployment/environments/terraform-production.tfvars
  • deployment/environments/terraform-rba.tfvars
  • deployment/environments/terraform-staging.tfvars
  • deployment/terraform/cdn.tf
  • deployment/terraform/kafka.tf
  • deployment/terraform/variables.tf
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-06-06T13:47:56.598Z 
Learnt from: VadimKovalenkoSNF
Repo: opensupplyhub/open-supply-hub PR: 649
File: deployment/terraform/waf.tf:15-15
Timestamp: 2025-06-06T13:47:56.598Z
Learning: In deployment/terraform/waf.tf, the user VadimKovalenkoSNF prefers to keep IPv6 detection logic simple using dot-splitting heuristics rather than complex regex patterns, especially since they control the IPv6 and IPv4 addresses used in whitelist and denylist configurations.

Applied to files:

  • deployment/terraform/cdn.tf
📚 Learning: 2025-08-28T05:09:22.632Z 
Learnt from: VadimKovalenkoSNF
Repo: opensupplyhub/open-supply-hub PR: 722
File: deployment/terraform/batch.tf:521-539
Timestamp: 2025-08-28T05:09:22.632Z
Learning: RBA environment uses EventBridge scheduling for database sync, while Preprod environment will use a different approach for data synchronization. Infrastructure changes for automated sync should be applied to RBA only.

Applied to files:

  • deployment/environments/terraform-rba.tfvars
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)
  • GitHub Check: run-flake8-linter
  • GitHub Check: run-eslint-linter-and-prettier-formatter
  • GitHub Check: run-integration-test-code-quality
  • GitHub Check: get-base-branch-countries-cov
  • GitHub Check: get-base-branch-dd-cov
  • GitHub Check: get-base-branch-fe-cov
  • GitHub Check: run-dd-code-quality
  • GitHub Check: run-countries-code-quality
  • GitHub Check: run-fe-code-quality
  • GitHub Check: run-contricleaner-code-quality
  • GitHub Check: get-base-branch-contricleaner-cov
  • GitHub Check: get-base-branch-django-cov
  • GitHub Check: run-django-code-quality
🔇 Additional comments (6)
deployment/terraform/variables.tf (1)

46-68: TTL reduction from 30 minutes to 2 minutes is significant.

The default cache TTL reduction from 1800s to 120s will increase origin traffic by ~15x for these endpoints. This change is applied consistently across defaults and all environment tfvars files.

Ensure the backend infrastructure can handle the increased load, and monitor CloudFront cache hit ratios and origin response times after deployment.

deployment/environments/terraform-production.tfvars (1)

12-15: Production cache TTL reduced to 2 minutes.

This change will result in more frequent cache invalidation in Production. The values are consistent with other environments and the updated defaults.

deployment/environments/terraform-preprod.tfvars (1)

13-16: LGTM!

The TTL values are consistent with Production and other environments.

deployment/terraform/cdn.tf (1)

3-8: Pattern change is safe; all API calls in the codebase use trailing slash format.

The change from api/facilities* to api/facilities/* is compatible with existing usage. Every API call found in the codebase—including React utilities (/api/facilities/, /api/facilities/${osId}/) and Django tests—consistently uses the trailing slash format (/api/facilities/). The wildcard * in the new pattern matches zero or more characters, so /api/facilities/ matches api/facilities/* just as it did the old pattern. No action required.

deployment/environments/terraform-staging.tfvars (1)

11-14: TTL reduction from 30 minutes to 2 minutes looks intentional.

The change aligns with the PR objective to tighten cache behavior. Setting default_ttl equal to max_ttl at 120 seconds means CloudFront will cap caching at 2 minutes regardless of origin Cache-Control headers.

Be aware this will increase origin request volume by up to 15x for these endpoints. Ensure the backend can handle the increased load, especially during traffic spikes.

deployment/environments/terraform-rba.tfvars (1)

12-15: TTL reduction consistent with other environments.

The cache TTL changes match the staging configuration, maintaining environment parity. Since RBA appears to use the production domain (opensupplyhub.org), monitor origin load and response times after deployment to ensure the 15x increase in potential cache misses doesn't degrade user experience.

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

@barecheck
Copy link

barecheck bot commented Jan 16, 2026

Dedupe Hub App | Unittest test suite - Code coverage report

Total: 55.73%

Your code coverage diff: 0.00% ▴

✅ All code changes are covered

@barecheck
Copy link

barecheck bot commented Jan 16, 2026

Contricleaner App | Unittest test suite - Code coverage report

Total: 98.75%

Your code coverage diff: 0.00% ▴

✅ All code changes are covered

@barecheck
Copy link

barecheck bot commented Jan 16, 2026

Countries App | Unittest test suite - Code coverage report

Total: 100%

Your code coverage diff: 0.00% ▴

✅ All code changes are covered

VadimKovalenkoSNF added a commit that referenced this pull request Jan 16, 2026
@VadimKovalenkoSNF
[Backmerge][OSDEV-2318] Disable prevent destroy for msk cluster (#863)
f7a0604 
Backmerge PR of
#864

Follow-up fix for
[OSDEV-2318](https://opensupplyhub.atlassian.net/browse/OSDEV-2318)

Disable `prevent_destroy` for msk cluster to unblock `Pre-prod`
deletion.

[OSDEV-2318]:
https://opensupplyhub.atlassian.net/browse/OSDEV-2318?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
@barecheck
Copy link

barecheck bot commented Jan 16, 2026

Django App | Unittest test suite - Code coverage report

Total: 81.87%

Your code coverage diff: 0.00% ▴

✅ All code changes are covered

@VadimKovalenkoSNF
Copy link
Contributor Author

VadimKovalenkoSNF commented Jan 16, 2026

Close, because we don't need those changes in the current release branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@vlad-shapik vlad-shapik vlad-shapik approved these changes

@protsack-stephan protsack-stephan Awaiting requested review from protsack-stephan

+1 more reviewer

@roman-stolar roman-stolar roman-stolar approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@VadimKovalenkoSNF VadimKovalenkoSNF

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VadimKovalenkoSNF @roman-stolar @vlad-shapik