From 0c9bfaa7edda59d57a62893ac41464f14c2519a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20JANIN?= Date: Wed, 13 Dec 2023 14:26:21 -0500 Subject: [PATCH] fix: GC Notify API Key is not properly passed to Nagware and Reliability lambdas (#553) --- aws/lambdas/iam.tf | 4 +--- aws/lambdas/inputs.tf | 11 +++-------- aws/lambdas/nagware.tf | 2 +- aws/lambdas/reliability.tf | 2 +- aws/secrets/outputs.tf | 6 ++++++ env/cloud/app/terragrunt.hcl | 1 + env/cloud/lambdas/terragrunt.hcl | 4 ++-- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/aws/lambdas/iam.tf b/aws/lambdas/iam.tf index 39fc0bd35..b4526e78f 100644 --- a/aws/lambdas/iam.tf +++ b/aws/lambdas/iam.tf @@ -216,9 +216,7 @@ data "aws_iam_policy_document" "lambda_secrets" { ] resources = [ - var.database_secret_arn, - var.notify_api_key_secret_arn, - var.token_secret_arn + var.database_secret_arn ] } } diff --git a/aws/lambdas/inputs.tf b/aws/lambdas/inputs.tf index e85f32a2c..34f7e5fbf 100644 --- a/aws/lambdas/inputs.tf +++ b/aws/lambdas/inputs.tf @@ -1,7 +1,7 @@ - -variable "notify_api_key_secret_arn" { - description = "ARN of notify_api_key secret" +variable "notify_api_key_secret_value" { + description = "Value of notify_api_key secret" type = string + sensitive = true } variable "gc_template_id" { @@ -9,11 +9,6 @@ variable "gc_template_id" { type = string } -variable "token_secret_arn" { - description = "Token secret used for app" - type = string -} - variable "database_secret_arn" { description = "Database connection secret arn" type = string diff --git a/aws/lambdas/nagware.tf b/aws/lambdas/nagware.tf index 07f09de7b..ba848b116 100644 --- a/aws/lambdas/nagware.tf +++ b/aws/lambdas/nagware.tf @@ -39,7 +39,7 @@ resource "aws_lambda_function" "nagware" { DB_ARN = var.rds_cluster_arn DB_SECRET = var.database_secret_arn DB_NAME = var.rds_db_name - NOTIFY_API_KEY = var.notify_api_key_secret_arn + NOTIFY_API_KEY = var.notify_api_key_secret_value TEMPLATE_ID = var.gc_template_id SNS_ERROR_TOPIC_ARN = var.sns_topic_alert_critical_arn LOCALSTACK = var.localstack_hosted diff --git a/aws/lambdas/reliability.tf b/aws/lambdas/reliability.tf index 8322f6ec3..053e2b115 100644 --- a/aws/lambdas/reliability.tf +++ b/aws/lambdas/reliability.tf @@ -30,7 +30,7 @@ resource "aws_lambda_function" "reliability" { variables = { ENVIRONMENT = var.env REGION = var.region - NOTIFY_API_KEY = var.notify_api_key_secret_arn + NOTIFY_API_KEY = var.notify_api_key_secret_value TEMPLATE_ID = var.gc_template_id DB_ARN = var.rds_cluster_arn DB_SECRET = var.database_secret_arn diff --git a/aws/secrets/outputs.tf b/aws/secrets/outputs.tf index d2115016e..5c1b95f6b 100644 --- a/aws/secrets/outputs.tf +++ b/aws/secrets/outputs.tf @@ -3,6 +3,12 @@ output "notify_api_key_secret_arn" { value = aws_secretsmanager_secret_version.notify_api_key.arn } +output "notify_api_key_secret_value" { + description = "Value of notify_api_key secret" + value = aws_secretsmanager_secret_version.notify_api_key.secret_string + sensitive = true +} + output "freshdesk_api_key_secret_arn" { description = "ARN of freshdesk_api_key secret" value = aws_secretsmanager_secret.freshdesk_api_key.arn diff --git a/env/cloud/app/terragrunt.hcl b/env/cloud/app/terragrunt.hcl index 7f87f6582..93e6a577e 100644 --- a/env/cloud/app/terragrunt.hcl +++ b/env/cloud/app/terragrunt.hcl @@ -106,6 +106,7 @@ dependency "secrets" { mock_outputs_merge_strategy_with_state = "shallow" mock_outputs = { notify_api_key_secret_arn = "" + notify_api_key_secret_value = "" freshdesk_api_key_secret_arn = "" token_secret_arn = "" recaptcha_secret_arn = "" diff --git a/env/cloud/lambdas/terragrunt.hcl b/env/cloud/lambdas/terragrunt.hcl index d079c939e..c28d6d3db 100644 --- a/env/cloud/lambdas/terragrunt.hcl +++ b/env/cloud/lambdas/terragrunt.hcl @@ -90,6 +90,7 @@ dependency "secrets" { mock_outputs_allowed_terraform_commands = ["init", "fmt", "validate", "plan", "show"] mock_outputs = { notify_api_key_secret_arn = "" + notify_api_key_secret_value = "" freshdesk_api_key_secret_arn = "" token_secret_arn = "" recaptcha_secret_arn = "" @@ -134,8 +135,7 @@ inputs = { sns_topic_alert_critical_arn = dependency.sns.outputs.sns_topic_alert_critical_arn - notify_api_key_secret_arn = dependency.secrets.outputs.notify_api_key_secret_arn - token_secret_arn = dependency.secrets.outputs.token_secret_arn + notify_api_key_secret_value = dependency.secrets.outputs.notify_api_key_secret_value reliability_file_storage_arn = dependency.s3.outputs.reliability_file_storage_arn vault_file_storage_arn = dependency.s3.outputs.vault_file_storage_arn