Release/3.2.1 #463
Merged
Release/3.2.1 #463
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… channels (#421) * add cloudwatch logs expiry * rename slack lambda function * add cloudwatch expiry to cognito lambdas * update lambda for new streams * remove redundant alarms * create log subscriptions for all lambdas * reliability and submission lambda error processing * add error property * Nagware updates * archive form responses updates * dlq consumer * update yarn lock for archive form responses * update slack messaging to include more info * archive form templates updates * audit logs processor lambda updates * formatting * fix cloudwatch block scope * removed included file in lib package for nagware lambda because it does not exist anymore * fix security issues and add permissions * missed kms entry on resource * add missing input var * Add missing vars on alarm module * typo in module def for alarms * fix typo * fixed few issues --------- Co-authored-by: Bryan Robitaille <[email protected]>
Update the Terraform module version references so they are in the correct format. This will allow Renovate dependency PRs to update them module versions without stripping the `//sub-directory` path.
#431) * feat: added missing cloudwatch subscription filter for submission logs * chore: remove reliability queue alarm that is not needed anymore
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* updated regex pattern to support newly added uris * add page * fix typo in resource name * fix undo introduced typo * try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template
* updated regex pattern to support newly added uris * add page * fix typo in resource name * fix undo introduced typo * try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template * reset staging state:disabled regex till the provider upgrade is merged * attempt to fix waf limit exceeded error * renamed rule * fix undeclared resource name * attempt to fix resource name mismatch
* updated regex pattern to support newly added uris * add page * fix typo in resource name * fix undo introduced typo * try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template * reset staging state:disabled regex till the provider upgrade is merged * attempt to fix waf limit exceeded error * renamed rule * fix undeclared resource name * attempt to fix resource name mismatch * add missing regex component to match path * removed duplicated expression * removed duplicate expression
* updated regex pattern to support newly added uris * add page * fix typo in resource name * fix undo introduced typo * try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template * reset staging state:disabled regex till the provider upgrade is merged * attempt to fix waf limit exceeded error * renamed rule * fix undeclared resource name * attempt to fix resource name mismatch * add missing regex component to match path * removed duplicated expression * removed duplicate expression * refactor capture group, and restricted capture for home page
* feat: nagware sends email to all template associated users * fix: spelling
* Remove unknown error ref * Add events to listen for by subscriber * fix destructuring
* feat: delete overdue draft form responses and dont nag Signed-off-by: Daine Trinidad <[email protected]> * chore: reverting some changes for lockfile Signed-off-by: Daine Trinidad <[email protected]> * chore: some cleanup Signed-off-by: Daine Trinidad <[email protected]> * chore: re-adding template file that got lost during merge Signed-off-by: Daine Trinidad <[email protected]> * chore: removing file again for cleaner diff and history Signed-off-by: Daine Trinidad <[email protected]> * chore: fixed file refactor Signed-off-by: Daine Trinidad <[email protected]> * fix: refactor missed the terraform file; fixed the new name for the file Signed-off-by: Daine Trinidad <[email protected]> * fix: horrible typo, missing 's' Signed-off-by: Daine Trinidad <[email protected]> * fix: move var declaration inside try catch & comment cleanup Signed-off-by: Daine Trinidad <[email protected]> --------- Signed-off-by: Daine Trinidad <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
bryan-robitaille
approved these changes
Aug 17, 2023
Production: app✅ Terraform Init: Plan: 2 to add, 1 to change, 2 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
# data.aws_iam_policy_document.forms_secrets_manager will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "forms_secrets_manager" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:GetSecretValue",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O",
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F",
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC",
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE",
+ "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou",
+ (known after apply),
]
}
}
# data.template_file.form_viewer_task will be read during apply
# (config refers to values not yet known)
<= data "template_file" "form_viewer_task" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = jsonencode(
[
+ {
+ environment = [
+ {
+ name = "METRIC_PROVIDER"
+ value = "${metric_provider}"
},
+ {
+ name = "TRACER_PROVIDER"
+ value = "${tracer_provider}"
},
+ {
+ name = "SUBMISSION_API"
+ value = "${submission_api}"
},
+ {
+ name = "NEXTAUTH_URL"
+ value = "${nextauth_url}"
},
+ {
+ name = "REDIS_URL"
+ value = "${redis_url}"
},
+ {
+ name = "RELIABILITY_FILE_STORAGE"
+ value = "${reliability_file_storage}"
},
+ {
+ name = "RECAPTCHA_V3_SITE_KEY"
+ value = "${recaptcha_public}"
},
+ {
+ name = "TEMPORARY_TOKEN_TEMPLATE_ID"
+ value = "${gc_temp_token_template_id}"
},
+ {
+ name = "TEMPLATE_ID"
+ value = "${gc_template_id}"
},
+ {
+ name = "VAULT_FILE_STORAGE"
+ value = "${vault_file_storage}"
},
+ {
+ name = "COGNITO_ENDPOINT_URL"
+ value = "${cognito_endpoint_url}"
},
+ {
+ name = "COGNITO_CLIENT_ID"
+ value = "${cognito_client_id}"
},
+ {
+ name = "EMAIL_ADDRESS_CONTACT_US"
+ value = "${email_address_contact_us}"
},
+ {
+ name = "EMAIL_ADDRESS_SUPPORT"
+ value = "${email_address_support}"
},
+ {
+ name = "REPROCESS_SUBMISSION_QUEUE_URL"
+ value = "${reprocess_submission_queue}"
},
+ {
+ name = "AUDIT_LOG_QUEUE_URL"
+ value = "${audit_log_queue_url}"
},
]
+ image = "${image}"
+ linuxParameters = {
+ capabilities = {
+ drop = [
+ "ALL",
]
}
}
+ logConfiguration = {
+ logDriver = "awslogs"
+ options = {
+ awslogs-group = "${awslogs-group}"
+ awslogs-region = "${awslogs-region}"
+ awslogs-stream-prefix = "${awslogs-stream-prefix}"
}
}
+ name = "form_viewer"
+ portMappings = [
+ {
+ containerPort = 3000
},
]
+ secrets = [
+ {
+ name = "NOTIFY_API_KEY"
+ valueFrom = "${notify_api_key}"
},
+ {
+ name = "RECAPTCHA_V3_SECRET_KEY"
+ valueFrom = "${recaptcha_secret}"
},
+ {
+ name = "GOOGLE_CLIENT_ID"
+ valueFrom = "${google_client_id}"
},
+ {
+ name = "GOOGLE_CLIENT_SECRET"
+ valueFrom = "${google_client_secret}"
},
+ {
+ name = "DATABASE_URL"
+ valueFrom = "${database_url}"
},
+ {
+ name = "TOKEN_SECRET"
+ valueFrom = "${token_secret}"
},
+ {
+ name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
+ valueFrom = "${gc_notify_callback_bearer_token}"
},
]
},
]
)
+ vars = {
+ "audit_log_queue_url" = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
+ "awslogs-group" = "Forms"
+ "awslogs-region" = "ca-central-1"
+ "awslogs-stream-prefix" = "ecs-form-viewer"
+ "cognito_client_id" = "5rkjd3us3ocssieiitdbtjitiv"
+ "cognito_endpoint_url" = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
+ "database_url" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
+ "email_address_contact_us" = "[email protected]"
+ "email_address_support" = "[email protected]"
+ "gc_notify_callback_bearer_token" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O"
+ "gc_temp_token_template_id" = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
+ "gc_template_id" = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
+ "google_client_id" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F"
+ "google_client_secret" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC"
+ "image" = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
+ "metric_provider" = "stdout"
+ "nextauth_url" = "https://forms-formulaires.alpha.canada.ca"
+ "notify_api_key" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
+ "recaptcha_public" = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ"
+ "redis_url" = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
+ "reliability_file_storage" = "forms-production-reliability-file-storage"
+ "reprocess_submission_queue" = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
+ "submission_api" = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
+ "token_secret" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou"
+ "tracer_provider" = "stdout"
+ "vault_file_storage" = "forms-production-vault-file-storage"
}
}
# aws_ecs_task_definition.form_viewer must be replaced
-/+ resource "aws_ecs_task_definition" "form_viewer" {
~ arn = "arn:aws:ecs:ca-central-1:957818836222:task-definition/form-viewer:21" -> (known after apply)
~ container_definitions = jsonencode(
[
- {
- cpu = 0
- environment = [
- {
- name = "AUDIT_LOG_QUEUE_URL"
- value = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
},
- {
- name = "COGNITO_CLIENT_ID"
- value = "5rkjd3us3ocssieiitdbtjitiv"
},
- {
- name = "COGNITO_ENDPOINT_URL"
- value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
},
- {
- name = "EMAIL_ADDRESS_CONTACT_US"
- value = "[email protected]"
},
- {
- name = "EMAIL_ADDRESS_SUPPORT"
- value = "[email protected]"
},
- {
- name = "METRIC_PROVIDER"
- value = "stdout"
},
- {
- name = "NEXTAUTH_URL"
- value = "https://forms-formulaires.alpha.canada.ca"
},
- {
- name = "RECAPTCHA_V3_SITE_KEY"
- value = "6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY"
},
- {
- name = "REDIS_URL"
- value = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
},
- {
- name = "RELIABILITY_FILE_STORAGE"
- value = "forms-production-reliability-file-storage"
},
- {
- name = "REPROCESS_SUBMISSION_QUEUE_URL"
- value = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
},
- {
- name = "SUBMISSION_API"
- value = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
},
- {
- name = "TEMPLATE_ID"
- value = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
},
- {
- name = "TEMPORARY_TOKEN_TEMPLATE_ID"
- value = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
},
- {
- name = "TRACER_PROVIDER"
- value = "stdout"
},
- {
- name = "VAULT_FILE_STORAGE"
- value = "forms-production-vault-file-storage"
},
]
- essential = true
- image = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
- linuxParameters = {
- capabilities = {
- drop = [
- "ALL",
]
}
}
- logConfiguration = {
- logDriver = "awslogs"
- options = {
- awslogs-group = "Forms"
- awslogs-region = "ca-central-1"
- awslogs-stream-prefix = "ecs-form-viewer"
}
}
- mountPoints = []
- name = "form_viewer"
- portMappings = [
- {
- containerPort = 3000
- hostPort = 3000
- protocol = "tcp"
},
]
- secrets = [
- {
- name = "NOTIFY_API_KEY"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
},
- {
- name = "RECAPTCHA_V3_SECRET_KEY"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN"
},
- {
- name = "GOOGLE_CLIENT_ID"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F"
},
- {
- name = "GOOGLE_CLIENT_SECRET"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC"
},
- {
- name = "DATABASE_URL"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
},
- {
- name = "TOKEN_SECRET"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou"
},
- {
- name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
- valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O"
},
]
- volumesFrom = []
},
] # forces replacement
) -> (known after apply)
~ id = "form-viewer" -> (known after apply)
~ revision = 21 -> (known after apply)
tags = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
# (9 unchanged attributes hidden)
}
# aws_iam_policy.forms_secrets_manager will be updated in-place
~ resource "aws_iam_policy" "forms_secrets_manager" {
id = "arn:aws:iam::957818836222:policy/formsSecretsManagerKeyRetrieval"
name = "formsSecretsManagerKeyRetrieval"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = "secretsmanager:GetSecretValue"
- Effect = "Allow"
- Resource = [
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_secret-aPRebC",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:google_client_id-7VwI9F",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O",
]
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
tags = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret_version.recaptcha_secret must be replaced
-/+ resource "aws_secretsmanager_secret_version" "recaptcha_secret" {
~ arn = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN" -> (known after apply)
~ id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN|FAC7B750-E04E-47CC-B633-C09389EF0E94" -> (known after apply)
~ secret_string = (sensitive value) # forces replacement
~ version_id = "FAC7B750-E04E-47CC-B633-C09389EF0E94" -> (known after apply)
~ version_stages = [
- "AWSCURRENT",
] -> (known after apply)
# (1 unchanged attribute hidden)
}
Plan: 2 to add, 1 to change, 2 to destroy.
Warning: Argument is deprecated
with aws_s3_bucket.reliability_file_storage,
on s3.tf line 4, in resource "aws_s3_bucket" "reliability_file_storage":
4: resource "aws_s3_bucket" "reliability_file_storage" {
Use the aws_s3_bucket_lifecycle_configuration resource instead
(and 17 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_2am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_3am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_4am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_5am_every_business_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
28 tests, 17 passed, 11 warnings, 0 failures, 0 exceptions
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary | Résumé
Release 3.2.1