Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: GCForms release v3.3.0 #497

Merged
merged 1 commit into from
Sep 19, 2023

Conversation

sre-read-write[bot]
Copy link
Contributor

🤖 I have created a release beep boop

3.3.0 (2023-09-19)

Features

Bug Fixes

  • Add missing freshdesk api key to ecs task (d8a96ac)
  • format of TF workflow Slack webhook URL (#496) (4bb5ca2)
  • Github action logic for release-generator (#479) (dbb3a77)
  • IAM permission for freshdesk secret (f22ee82)
  • release generator token step (#495) (ae47a64)
  • set target Slack channel for notification (#487) (fee609c)

Miscellaneous Chores

  • deps: lock file maintenance (#467) (d9329d5)
  • deps: update all non-major docker images (#465) (1766d88)
  • deps: update all non-major docker images (#488) (1e3d5c3)
  • deps: update all non-major github action dependencies (#466) (38611b1)
  • deps: update all non-major github action dependencies (#472) (fb2c43c)
  • deps: update aws-actions/configure-aws-credentials digest to fbaaea8 (#489) (f0f7f6b)
  • release generator (#475) (31e1b98)
  • release generator fix (#484) (661cf9a)
  • synced file(s) with cds-snc/site-reliability-engineering (#468) (563f2af)
  • synced file(s) with cds-snc/site-reliability-engineering (#490) (74cc135)
  • synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml' (#470) (4565dcf)
  • synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml' (#486) (8b3eee3)
  • upgrade python image (#471) (e75ef9b)
  • use GitHub app token with release-please (#491) (92f10eb)

Code Refactoring

  • split out security group rules from inline (6eaee25)

This PR was generated with Release Please. See documentation.

@sre-read-write sre-read-write bot force-pushed the release-please--branches--develop branch from 6c878e2 to ab7542c Compare September 19, 2023 18:06
@github-actions
Copy link

Production: sqs

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 3 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_sqs_queue.audit_log_queue
aws_sqs_queue.reliability_queue
aws_sqs_queue.reprocess_submission_queue
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_sqs_queue.audit_log_queue will be updated in-place
  ~ resource "aws_sqs_queue" "audit_log_queue" {
        id                                = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
      ~ max_message_size                  = 2048 -> 262144
        name                              = "audit_log_queue"
        tags                              = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (14 unchanged attributes hidden)
    }

  # aws_sqs_queue.reliability_queue will be updated in-place
  ~ resource "aws_sqs_queue" "reliability_queue" {
        id                                = "https://sqs.ca-central-1.amazonaws.com/957818836222/submission_processing.fifo"
      ~ max_message_size                  = 2048 -> 262144
        name                              = "submission_processing.fifo"
        tags                              = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (15 unchanged attributes hidden)
    }

  # aws_sqs_queue.reprocess_submission_queue will be updated in-place
  ~ resource "aws_sqs_queue" "reprocess_submission_queue" {
        id                                = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
      ~ max_message_size                  = 2048 -> 262144
        name                              = "reprocess_submission_queue.fifo"
        tags                              = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (15 unchanged attributes hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions

@github-actions
Copy link

Production: cognito

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 1 to add, 1 to change, 1 to destroy
Show summary
CHANGE NAME
update aws_lambda_function.cognito_email_sender
recreate aws_lambda_layer_version.cognito_email_sender_nodejs
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_lambda_function.cognito_email_sender will be updated in-place
  ~ resource "aws_lambda_function" "cognito_email_sender" {
        id                             = "Cognito_Email_Sender"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:5",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_layer_version.cognito_email_sender_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "cognito_email_sender_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:5" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T17:31:27.218+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:5" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "u6J74Ho/5YDhMmlrfw36uOZdFOTSPzqf3qTAAlgx1yY=" -> "qs5cRdZWWVSfafohxew27cuy4hk3mS87FPivY+FhcwQ=" # forces replacement
      ~ source_code_size            = 14656566 -> (known after apply)
      ~ version                     = "5" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]

20 tests, 17 passed, 3 warnings, 0 failures, 0 exceptions

@github-actions
Copy link

Production: network

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 2 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add aws_security_group_rule.forms_database_ingress
aws_security_group_rule.forms_redis_ingress
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group_rule.forms_database_ingress will be created
  + resource "aws_security_group_rule" "forms_database_ingress" {
      + description              = "Security group rule for Forms Database ingress"
      + from_port                = 5432
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-0603a6edcc9e34d98"
      + self                     = false
      + source_security_group_id = "sg-0155dac5ed87643b8"
      + to_port                  = 5432
      + type                     = "ingress"
    }

  # aws_security_group_rule.forms_redis_ingress will be created
  + resource "aws_security_group_rule" "forms_redis_ingress" {
      + description              = "Security group rule for Forms Database ingress"
      + from_port                = 6379
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-0388290614e570375"
      + self                     = false
      + source_security_group_id = "sg-0155dac5ed87643b8"
      + to_port                  = 6379
      + type                     = "ingress"
    }

Plan: 2 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions

@github-actions
Copy link

Production: app

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 10 to add, 9 to change, 12 to destroy
Show summary
CHANGE NAME
add aws_secretsmanager_secret.freshdesk_api_key
aws_secretsmanager_secret_version.freshdesk_api_key
delete aws_secretsmanager_secret.google_client_id
aws_secretsmanager_secret.google_client_secret
aws_secretsmanager_secret_version.google_client_id
aws_secretsmanager_secret_version.google_client_secret
update aws_iam_policy.forms_secrets_manager
aws_iam_policy.lambda_app_invoke
aws_lambda_function.archive_form_templates
aws_lambda_function.archiver
aws_lambda_function.audit_logs
aws_lambda_function.dead_letter_queue_consumer
aws_lambda_function.nagware
aws_lambda_function.reliability
aws_lambda_function.submission
recreate aws_ecs_task_definition.form_viewer
aws_lambda_layer_version.archive_form_templates_nodejs
aws_lambda_layer_version.archiver_nodejs
aws_lambda_layer_version.audit_logs_lib
aws_lambda_layer_version.dead_letter_queue_consumer_lib
aws_lambda_layer_version.nagware_nodejs
aws_lambda_layer_version.reliability_nodejs
aws_lambda_layer_version.submission_lib

✂   Warning: plan has been truncated! See the full plan in the logs.

Show plan
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.forms_secrets_manager will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "forms_secrets_manager" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "secretsmanager:GetSecretValue",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O",
              + "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
              + "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN",
              + "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE",
              + "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou",
              + (known after apply),
            ]
        }
    }

  # data.aws_iam_policy_document.lambda_app_invoke will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "lambda_app_invoke" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:lambda:ca-central-1:957818836222:function:Submission",
            ]
        }
    }

  # data.template_file.form_viewer_task will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "form_viewer_task" {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "METRIC_PROVIDER"
                          + value = "${metric_provider}"
                        },
                      + {
                          + name  = "TRACER_PROVIDER"
                          + value = "${tracer_provider}"
                        },
                      + {
                          + name  = "SUBMISSION_API"
                          + value = "${submission_api}"
                        },
                      + {
                          + name  = "NEXTAUTH_URL"
                          + value = "${nextauth_url}"
                        },
                      + {
                          + name  = "REDIS_URL"
                          + value = "${redis_url}"
                        },
                      + {
                          + name  = "RELIABILITY_FILE_STORAGE"
                          + value = "${reliability_file_storage}"
                        },
                      + {
                          + name  = "RECAPTCHA_V3_SITE_KEY"
                          + value = "${recaptcha_public}"
                        },
                      + {
                          + name  = "TEMPORARY_TOKEN_TEMPLATE_ID"
                          + value = "${gc_temp_token_template_id}"
                        },
                      + {
                          + name  = "TEMPLATE_ID"
                          + value = "${gc_template_id}"
                        },
                      + {
                          + name  = "VAULT_FILE_STORAGE"
                          + value = "${vault_file_storage}"
                        },
                      + {
                          + name  = "COGNITO_ENDPOINT_URL"
                          + value = "${cognito_endpoint_url}"
                        },
                      + {
                          + name  = "COGNITO_CLIENT_ID"
                          + value = "${cognito_client_id}"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_CONTACT_US"
                          + value = "${email_address_contact_us}"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_SUPPORT"
                          + value = "${email_address_support}"
                        },
                      + {
                          + name  = "REPROCESS_SUBMISSION_QUEUE_URL"
                          + value = "${reprocess_submission_queue}"
                        },
                      + {
                          + name  = "AUDIT_LOG_QUEUE_URL"
                          + value = "${audit_log_queue_url}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "form_viewer"
                  + portMappings     = [
                      + {
                          + containerPort = 3000
                        },
                    ]
                  + secrets          = [
                      + {
                          + name      = "NOTIFY_API_KEY"
                          + valueFrom = "${notify_api_key}"
                        },
                      + {
                          + name      = "RECAPTCHA_V3_SECRET_KEY"
                          + valueFrom = "${recaptcha_secret}"
                        },
                      + {
                          + name      = "DATABASE_URL"
                          + valueFrom = "${database_url}"
                        },
                      + {
                          + name      = "TOKEN_SECRET"
                          + valueFrom = "${token_secret}"
                        },
                      + {
                          + name      = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
                          + valueFrom = "${gc_notify_callback_bearer_token}"
                        },
                      + {
                          + name      = "FRESHDESK_API_KEY"
                          + valueFrom = "${freshdesk_api_key}"
                        },
                    ]
                },
            ]
        )
      + vars     = {
          + "audit_log_queue_url"             = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
          + "awslogs-group"                   = "Forms"
          + "awslogs-region"                  = "ca-central-1"
          + "awslogs-stream-prefix"           = "ecs-form-viewer"
          + "cognito_client_id"               = "5rkjd3us3ocssieiitdbtjitiv"
          + "cognito_endpoint_url"            = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
          + "database_url"                    = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
          + "email_address_contact_us"        = "assistance+forms-formulaires@cds-snc.ca"
          + "email_address_support"           = "assistance+forms-formulaires@cds-snc.ca"
          + "gc_notify_callback_bearer_token" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O"
          + "gc_temp_token_template_id"       = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
          + "gc_template_id"                  = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
          + "image"                           = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
          + "metric_provider"                 = "stdout"
          + "nextauth_url"                    = "https://forms-formulaires.alpha.canada.ca"
          + "notify_api_key"                  = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
          + "recaptcha_public"                = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ"
          + "recaptcha_secret"                = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN"
          + "redis_url"                       = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
          + "reliability_file_storage"        = "forms-production-reliability-file-storage"
          + "reprocess_submission_queue"      = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
          + "submission_api"                  = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
          + "token_secret"                    = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou"
          + "tracer_provider"                 = "stdout"
          + "vault_file_storage"              = "forms-production-vault-file-storage"
        }
    }

  # aws_ecs_task_definition.form_viewer must be replaced
-/+ resource "aws_ecs_task_definition" "form_viewer" {
      ~ arn                      = "arn:aws:ecs:ca-central-1:957818836222:task-definition/form-viewer:22" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - cpu              = 0
                  - environment      = [
                      - {
                          - name  = "AUDIT_LOG_QUEUE_URL"
                          - value = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
                        },
                      - {
                          - name  = "COGNITO_CLIENT_ID"
                          - value = "5rkjd3us3ocssieiitdbtjitiv"
                        },
                      - {
                          - name  = "COGNITO_ENDPOINT_URL"
                          - value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
                        },
                      - {
                          - name  = "EMAIL_ADDRESS_CONTACT_US"
                          - value = "assistance+forms-formulaires@cds-snc.ca"
                        },
                      - {
                          - name  = "EMAIL_ADDRESS_SUPPORT"
                          - value = "assistance+forms-formulaires@cds-snc.ca"
                        },
                      - {
                          - name  = "METRIC_PROVIDER"
                          - value = "stdout"
                        },
                      - {
                          - name  = "NEXTAUTH_URL"
                          - value = "https://forms-formulaires.alpha.canada.ca"
                        },
                      - {
                          - name  = "RECAPTCHA_V3_SITE_KEY"
                          - value = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ"
                        },
                      - {
                          - name  = "REDIS_URL"
                          - value = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
                        },
                      - {
                          - name  = "RELIABILITY_FILE_STORAGE"
                          - value = "forms-production-reliability-file-storage"
                        },
                      - {
                          - name  = "REPROCESS_SUBMISSION_QUEUE_URL"
                          - value = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
                        },
                      - {
                          - name  = "SUBMISSION_API"
                          - value = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
                        },
                      - {
                          - name  = "TEMPLATE_ID"
                          - value = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
                        },
                      - {
                          - name  = "TEMPORARY_TOKEN_TEMPLATE_ID"
                          - value = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
                        },
                      - {
                          - name  = "TRACER_PROVIDER"
                          - value = "stdout"
                        },
                      - {
                          - name  = "VAULT_FILE_STORAGE"
                          - value = "forms-production-vault-file-storage"
                        },
                    ]
                  - essential        = true
                  - image            = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
                  - linuxParameters  = {
                      - capabilities = {
                          - drop = [
                              - "ALL",
                            ]
                        }
                    }
                  - logConfiguration = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "Forms"
                          - awslogs-region        = "ca-central-1"
                          - awslogs-stream-prefix = "ecs-form-viewer"
                        }
                    }
                  - mountPoints      = []
                  - name             = "form_viewer"
                  - portMappings     = [
                      - {
                          - containerPort = 3000
                          - hostPort      = 3000
                          - protocol      = "tcp"
                        },
                    ]
                  - secrets          = [
                      - {
                          - name      = "NOTIFY_API_KEY"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
                        },
                      - {
                          - name      = "RECAPTCHA_V3_SECRET_KEY"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_ID"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_SECRET"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC"
                        },
                      - {
                          - name      = "DATABASE_URL"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
                        },
                      - {
                          - name      = "TOKEN_SECRET"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou"
                        },
                      - {
                          - name      = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O"
                        },
                    ]
                  - volumesFrom      = []
                },
            ] # forces replacement
        ) -> (known after apply)
      ~ id                       = "form-viewer" -> (known after apply)
      ~ revision                 = 22 -> (known after apply)
        tags                     = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_iam_policy.forms_secrets_manager will be updated in-place
  ~ resource "aws_iam_policy" "forms_secrets_manager" {
        id        = "arn:aws:iam::957818836222:policy/formsSecretsManagerKeyRetrieval"
        name      = "formsSecretsManagerKeyRetrieval"
      ~ policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "secretsmanager:GetSecretValue"
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F",
                          - "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O",
                        ]
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags      = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (4 unchanged attributes hidden)
    }

  # aws_iam_policy.lambda_app_invoke will be updated in-place
  ~ resource "aws_iam_policy" "lambda_app_invoke" {
        id          = "arn:aws:iam::957818836222:policy/lambda_app_invoke"
        name        = "lambda_app_invoke"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "lambda:InvokeFunction"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags        = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_lambda_function.archive_form_templates will be updated in-place
  ~ resource "aws_lambda_function" "archive_form_templates" {
        id                             = "ArchiveFormTemplates"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_lib_packages:2",
          - "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_node_packages:4",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.archiver will be updated in-place
  ~ resource "aws_lambda_function" "archiver" {
        id                             = "Archiver"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:archiver_lib_packages:1",
          - "arn:aws:lambda:ca-central-1:957818836222:layer:archiver_node_packages:7",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.audit_logs will be updated in-place
  ~ resource "aws_lambda_function" "audit_logs" {
        id                             = "AuditLogs"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:audit_logs_node_packages:4",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.dead_letter_queue_consumer will be updated in-place
  ~ resource "aws_lambda_function" "dead_letter_queue_consumer" {
        id                             = "DeadLetterQueueConsumer"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:dead_letter_queue_consumer_node_packages:5",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.nagware will be updated in-place
  ~ resource "aws_lambda_function" "nagware" {
        id                             = "Nagware"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:nagware_lib_packages:4",
          - "arn:aws:lambda:ca-central-1:957818836222:layer:nagware_node_packages:4",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.reliability will be updated in-place
  ~ resource "aws_lambda_function" "reliability" {
        id                             = "Reliability"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:reliability_lib_packages:17",
          - "arn:aws:lambda:ca-central-1:957818836222:layer:reliability_node_packages:34",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.submission will be updated in-place
  ~ resource "aws_lambda_function" "submission" {
        id                             = "Submission"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:957818836222:layer:submission_node_packages:22",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-production"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_layer_version.archive_form_templates_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "archive_form_templates_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_node_packages:4" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:15:17.613+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_node_packages:4" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "YmVzpiq+4Xh0RKDevKf5FtOl/i6pD2+DgsZqRbBoyUE=" -> "U7YTzsbYATYmRnzFQ2nphx91ATD+XeGW0/0eq7JO374=" # forces replacement
      ~ source_code_size            = 2422615 -> (known after apply)
      ~ version                     = "4" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.archiver_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "archiver_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:archiver_node_packages:7" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:15:35.160+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:archiver_node_packages:7" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:archiver_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "PSgOj/N85QqdzFMI/PSu5FlY7y6g+/RYkB/3pqDjnKI=" -> "5U9x5dCmwJ6xIpguaeoTzEw2t6BZiEhws8ZozxMZ5Hw=" # forces replacement
      ~ source_code_size            = 4934213 -> (known after apply)
      ~ version                     = "7" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.audit_logs_lib must be replaced
-/+ resource "aws_lambda_layer_version" "audit_logs_lib" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:audit_logs_node_packages:4" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:15:23.850+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:audit_logs_node_packages:4" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:audit_logs_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "Vuhm5i6qDfOJPb0rmGAwOjib3YO5sCB7Hzj8hdr3qOk=" -> "vduYlNH7TwZ3UIpgcQk3oMNmQh6TNJCXN7J0rLAnrdg=" # forces replacement
      ~ source_code_size            = 3178065 -> (known after apply)
      ~ version                     = "4" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.dead_letter_queue_consumer_lib must be replaced
-/+ resource "aws_lambda_layer_version" "dead_letter_queue_consumer_lib" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:dead_letter_queue_consumer_node_packages:5" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:15:11.449+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:dead_letter_queue_consumer_node_packages:5" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:dead_letter_queue_consumer_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "SMQq+1+sI2HdKWmLJOoISuisHMmGYvYkG2P74/2vrAk=" -> "MHuTntHaUrwEUfSxCwtR0AxiqeGbHXWEwDZ8VsIle7Q=" # forces replacement
      ~ source_code_size            = 2378315 -> (known after apply)
      ~ version                     = "5" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.nagware_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "nagware_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:nagware_node_packages:4" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:14:58.652+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:nagware_node_packages:4" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:nagware_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "4B2iG5Xt1VEvnAyu5exsI4Kxo+74QoN1hrpDnf+OR60=" -> "5y9ICbD+oc2wk8ZhMSXRETeD7pa29ShwFT11/dTcx8o=" # forces replacement
      ~ source_code_size            = 3752041 -> (known after apply)
      ~ version                     = "4" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.reliability_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "reliability_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:957818836222:layer:reliability_node_packages:34" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-16T18:15:05.590+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:957818836222:layer:reliability_node_packages:34" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:957818836222:layer:reliability_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "pZ0vjmSfGEzCv6OY5Xxdn5wBod3v8tMj4I61IVh/8vw=" -> "F52GWueXwxewlrWxEH64raGzpZcNFwHr/FatV5jJ9xw=" # forces replacement
      ~ source_code_size            = 6700752 -> (known after apply)
      ~ version                     = "34" -> (known after apply)
        # (4 unchanged attributes...
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_2am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_3am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_4am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_5am_every_business_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]

28 tests, 17 passed, 11 warnings, 0 failures, 0 exceptions

Copy link
Contributor

@bryan-robitaille bryan-robitaille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Releasing v3.3.0 to production

@bryan-robitaille bryan-robitaille merged commit b41ebb3 into develop Sep 19, 2023
1 check passed
@bryan-robitaille bryan-robitaille deleted the release-please--branches--develop branch September 19, 2023 18:49
@sre-read-write
Copy link
Contributor Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant