Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Cumulus to v17.0.0 #90

Merged
merged 8 commits into from
Aug 22, 2023
Merged

Update Cumulus to v17.0.0 #90

merged 8 commits into from
Aug 22, 2023

Conversation

mckadesorensen
Copy link
Contributor

@mckadesorensen mckadesorensen commented Aug 16, 2023
edited
Loading

Update to Cumulus v17.0.0
Update to Terraform provider to >= 5.0.0

@mckadesorensen mckadesorensen force-pushed the dms/feat/v17.0.0 branch 2 times, most recently from b3e6ddf to 904c527 Compare August 16, 2023 23:53
@mckadesorensen mckadesorensen changed the title Dms/feat/v17.0.0 Update Cumulus to v17.0.0 Aug 17, 2023
@mckadesorensen mckadesorensen marked this pull request as ready for review August 17, 2023 00:13
@mckadesorensen mckadesorensen force-pushed the dms/feat/v17.0.0 branch 3 times, most recently from b672de8 to c07bc4b Compare August 18, 2023 17:30
lindsleycj
lindsleycj reviewed Aug 21, 2023
View reviewed changes
Copy link
Collaborator

@lindsleycj lindsleycj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I think the reason I had that ACL in there is for lower environments. For UAT and PROD deployments the protected and public S3 access logs go to a cloud metrics bucket. But for dev and SIT they don't. So I set it up so those logs go to the internal bucket. It's possible that the ACL is not required since they are in the same account.

https://github.com/asfadmin/CIRRUS-DAAC/blob/master/daac/s3-replicator.tf#L19-L24

https://github.com/asfadmin/CIRRUS-DAAC/blob/master/daac/main.tf#L56-L59

Do you know for sure the ACL can be removed?

@mckadesorensen
Copy link
Contributor Author

@lindsleycj I removed that line because it was causing the following issue:

Error: updating S3 Bucket (ob-cumulus-sbx-internal) ACL: AccessControlListNotSupported: The bucket does not allow ACLs
        status code: 400, request id: A1JPN6YG6CE98KKD, host id: tFxZkAqZ0uiA6CKLkAhL/Iyo9T8pGEOh6LKSxwbJv1F8uj8EEOHyrzsr8Mfi65z3i9OPb6AzLcw=

  on main.tf line 24, in resource "aws_s3_bucket" "internal-bucket":
  24: resource "aws_s3_bucket" "internal-bucket" {

@lindsleycj
Copy link
Collaborator

Ah, I was just looking at what I did on the AWS provider v5 upgrade. I also removed that one line but I added these two blocks to add in the acl:

resource "aws_s3_bucket_ownership_controls" "internal-bucket" {
  bucket = aws_s3_bucket.internal-bucket.id
  rule {
    object_ownership = "ObjectWriter"
  }
}

resource "aws_s3_bucket_acl" "internal-bucket" {
  depends_on = [aws_s3_bucket_ownership_controls.internal-bucket]
  bucket     = aws_s3_bucket.internal-bucket.id
  acl        = "log-delivery-write"
}

@mckadesorensen
Copy link
Contributor Author

@lindsleycj That works.

lindsleycj
lindsleycj approved these changes Aug 22, 2023
View reviewed changes
Copy link
Collaborator

@lindsleycj lindsleycj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is ready to merge. Thank @mckadesorensen!

Do you want me to do the merge and release?

@lindsleycj lindsleycj merged commit a409787 into master Aug 22, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lindsleycj lindsleycj lindsleycj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mckadesorensen @lindsleycj