Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): lock file maintenance #419

Merged
merged 1 commit into from
Aug 15, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 19, 2023

Mend Renovate

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

Review

  • Updates have been tested and work
  • If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch 10 times, most recently from 83f6d79 to ce2db59 Compare July 13, 2023 14:37
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch 9 times, most recently from b45dc37 to 1aaba19 Compare July 21, 2023 12:42
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch 3 times, most recently from a48fd52 to cb7abb8 Compare July 26, 2023 18:51
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from cb7abb8 to 0266cf4 Compare August 9, 2023 13:26
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 0266cf4 to 08bc11a Compare August 14, 2023 19:04
@github-actions
Copy link

⚠ Terrform update available

Terraform: 1.5.5 (using 1.4.2)
Terragrunt: 0.49.1 (using 0.46.3)

@github-actions
Copy link

Staging: cognito

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 1 to add, 1 to change, 1 to destroy
Show summary
CHANGE NAME
update aws_lambda_function.cognito_email_sender
recreate aws_lambda_layer_version.cognito_email_sender_nodejs
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_lambda_function.cognito_email_sender will be updated in-place
  ~ resource "aws_lambda_function" "cognito_email_sender" {
        id                             = "Cognito_Email_Sender"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:11",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_layer_version.cognito_email_sender_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "cognito_email_sender_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:11" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-06-12T12:21:32.715+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:11" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "c+eGdPnzn4i6o3ffu7Y/K0Lk69/eTjIvSvDkf5SOk54=" -> "u6J74Ho/5YDhMmlrfw36uOZdFOTSPzqf3qTAAlgx1yY=" # forces replacement
      ~ source_code_size            = 14374963 -> (known after apply)
      ~ version                     = "11" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]

20 tests, 17 passed, 3 warnings, 0 failures, 0 exceptions

@github-actions
Copy link

Staging: app

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 8 to add, 8 to change, 8 to destroy
Show summary
CHANGE NAME
recreate aws_ecs_task_definition.form_viewer
aws_lambda_layer_version.archive_form_templates_nodejs
aws_lambda_layer_version.archiver_nodejs
aws_lambda_layer_version.audit_logs_lib
aws_lambda_layer_version.dead_letter_queue_consumer_lib
aws_lambda_layer_version.nagware_nodejs
aws_lambda_layer_version.reliability_nodejs
aws_lambda_layer_version.submission_lib
update aws_iam_policy.lambda_app_invoke
aws_lambda_function.archive_form_templates
aws_lambda_function.archiver
aws_lambda_function.audit_logs
aws_lambda_function.dead_letter_queue_consumer
aws_lambda_function.nagware
aws_lambda_function.reliability
aws_lambda_function.submission
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.lambda_app_invoke will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "lambda_app_invoke" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:lambda:ca-central-1:687401027353:function:Submission",
            ]
        }
    }

  # data.template_file.form_viewer_task will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "template_file" "form_viewer_task" {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "METRIC_PROVIDER"
                          + value = "${metric_provider}"
                        },
                      + {
                          + name  = "TRACER_PROVIDER"
                          + value = "${tracer_provider}"
                        },
                      + {
                          + name  = "SUBMISSION_API"
                          + value = "${submission_api}"
                        },
                      + {
                          + name  = "NEXTAUTH_URL"
                          + value = "${nextauth_url}"
                        },
                      + {
                          + name  = "REDIS_URL"
                          + value = "${redis_url}"
                        },
                      + {
                          + name  = "RELIABILITY_FILE_STORAGE"
                          + value = "${reliability_file_storage}"
                        },
                      + {
                          + name  = "RECAPTCHA_V3_SITE_KEY"
                          + value = "${recaptcha_public}"
                        },
                      + {
                          + name  = "TEMPORARY_TOKEN_TEMPLATE_ID"
                          + value = "${gc_temp_token_template_id}"
                        },
                      + {
                          + name  = "TEMPLATE_ID"
                          + value = "${gc_template_id}"
                        },
                      + {
                          + name  = "VAULT_FILE_STORAGE"
                          + value = "${vault_file_storage}"
                        },
                      + {
                          + name  = "COGNITO_ENDPOINT_URL"
                          + value = "${cognito_endpoint_url}"
                        },
                      + {
                          + name  = "COGNITO_CLIENT_ID"
                          + value = "${cognito_client_id}"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_CONTACT_US"
                          + value = "${email_address_contact_us}"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_SUPPORT"
                          + value = "${email_address_support}"
                        },
                      + {
                          + name  = "REPROCESS_SUBMISSION_QUEUE_URL"
                          + value = "${reprocess_submission_queue}"
                        },
                      + {
                          + name  = "AUDIT_LOG_QUEUE_URL"
                          + value = "${audit_log_queue_url}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "form_viewer"
                  + portMappings     = [
                      + {
                          + containerPort = 3000
                        },
                    ]
                  + secrets          = [
                      + {
                          + name      = "NOTIFY_API_KEY"
                          + valueFrom = "${notify_api_key}"
                        },
                      + {
                          + name      = "RECAPTCHA_V3_SECRET_KEY"
                          + valueFrom = "${recaptcha_secret}"
                        },
                      + {
                          + name      = "GOOGLE_CLIENT_ID"
                          + valueFrom = "${google_client_id}"
                        },
                      + {
                          + name      = "GOOGLE_CLIENT_SECRET"
                          + valueFrom = "${google_client_secret}"
                        },
                      + {
                          + name      = "DATABASE_URL"
                          + valueFrom = "${database_url}"
                        },
                      + {
                          + name      = "TOKEN_SECRET"
                          + valueFrom = "${token_secret}"
                        },
                      + {
                          + name      = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
                          + valueFrom = "${gc_notify_callback_bearer_token}"
                        },
                    ]
                },
            ]
        )
      + vars     = {
          + "audit_log_queue_url"             = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_queue"
          + "awslogs-group"                   = "Forms"
          + "awslogs-region"                  = "ca-central-1"
          + "awslogs-stream-prefix"           = "ecs-form-viewer"
          + "cognito_client_id"               = "17bsg3b2b7q5snon007rru264u"
          + "cognito_endpoint_url"            = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_Cguq9JNQ1"
          + "database_url"                    = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:server-database-url-0PSpE3"
          + "email_address_contact_us"        = "jose.jimenez@cds-snc.ca"
          + "email_address_support"           = "assistance+forms-formulaires@cds-snc.ca"
          + "gc_notify_callback_bearer_token" = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:gc_notify_callback_bearer_token-wZbg6S"
          + "gc_temp_token_template_id"       = "b6885d06-d10a-422a-973f-05e274d9aa86"
          + "gc_template_id"                  = "8d597a1b-a1d6-4e3c-8421-042a2b4158b7"
          + "google_client_id"                = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:google_client_id-wRtgIh"
          + "google_client_secret"            = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:google_client_secret-tePLmK"
          + "image"                           = "687401027353.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_staging"
          + "metric_provider"                 = "stdout"
          + "nextauth_url"                    = "https://forms-staging.cdssandbox.xyz"
          + "notify_api_key"                  = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-nV4keR"
          + "recaptcha_public"                = "6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY"
          + "recaptcha_secret"                = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:recaptcha_secret-spUZxB"
          + "redis_url"                       = "gcforms-redis-rep-group.uwpetx.ng.0001.cac1.cache.amazonaws.com"
          + "reliability_file_storage"        = "forms-staging-reliability-file-storage"
          + "reprocess_submission_queue"      = "https://sqs.ca-central-1.amazonaws.com/687401027353/reprocess_submission_queue.fifo"
          + "submission_api"                  = "arn:aws:lambda:ca-central-1:687401027353:function:Submission"
          + "token_secret"                    = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:token_secret-UyxxRR"
          + "tracer_provider"                 = "stdout"
          + "vault_file_storage"              = "forms-staging-vault-file-storage"
        }
    }

  # aws_ecs_task_definition.form_viewer must be replaced
-/+ resource "aws_ecs_task_definition" "form_viewer" {
      ~ arn                      = "arn:aws:ecs:ca-central-1:687401027353:task-definition/form-viewer:1209" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - cpu              = 0
                  - environment      = [
                      - {
                          - name  = "AUDIT_LOG_QUEUE_URL"
                          - value = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_queue"
                        },
                      - {
                          - name  = "COGNITO_CLIENT_ID"
                          - value = "17bsg3b2b7q5snon007rru264u"
                        },
                      - {
                          - name  = "COGNITO_ENDPOINT_URL"
                          - value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_Cguq9JNQ1"
                        },
                      - {
                          - name  = "EMAIL_ADDRESS_CONTACT_US"
                          - value = "jose.jimenez@cds-snc.ca"
                        },
                      - {
                          - name  = "EMAIL_ADDRESS_SUPPORT"
                          - value = "assistance+forms-formulaires@cds-snc.ca"
                        },
                      - {
                          - name  = "METRIC_PROVIDER"
                          - value = "stdout"
                        },
                      - {
                          - name  = "NEXTAUTH_URL"
                          - value = "https://forms-staging.cdssandbox.xyz"
                        },
                      - {
                          - name  = "RECAPTCHA_V3_SITE_KEY"
                          - value = "6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY"
                        },
                      - {
                          - name  = "REDIS_URL"
                          - value = "gcforms-redis-rep-group.uwpetx.ng.0001.cac1.cache.amazonaws.com"
                        },
                      - {
                          - name  = "RELIABILITY_FILE_STORAGE"
                          - value = "forms-staging-reliability-file-storage"
                        },
                      - {
                          - name  = "REPROCESS_SUBMISSION_QUEUE_URL"
                          - value = "https://sqs.ca-central-1.amazonaws.com/687401027353/reprocess_submission_queue.fifo"
                        },
                      - {
                          - name  = "SUBMISSION_API"
                          - value = "arn:aws:lambda:ca-central-1:687401027353:function:Submission"
                        },
                      - {
                          - name  = "TEMPLATE_ID"
                          - value = "8d597a1b-a1d6-4e3c-8421-042a2b4158b7"
                        },
                      - {
                          - name  = "TEMPORARY_TOKEN_TEMPLATE_ID"
                          - value = "b6885d06-d10a-422a-973f-05e274d9aa86"
                        },
                      - {
                          - name  = "TRACER_PROVIDER"
                          - value = "stdout"
                        },
                      - {
                          - name  = "VAULT_FILE_STORAGE"
                          - value = "forms-staging-vault-file-storage"
                        },
                    ]
                  - essential        = true
                  - image            = "687401027353.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_staging"
                  - linuxParameters  = {
                      - capabilities = {
                          - drop = [
                              - "ALL",
                            ]
                        }
                    }
                  - logConfiguration = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "Forms"
                          - awslogs-region        = "ca-central-1"
                          - awslogs-stream-prefix = "ecs-form-viewer"
                        }
                    }
                  - mountPoints      = []
                  - name             = "form_viewer"
                  - portMappings     = [
                      - {
                          - containerPort = 3000
                          - hostPort      = 3000
                          - protocol      = "tcp"
                        },
                    ]
                  - secrets          = [
                      - {
                          - name      = "NOTIFY_API_KEY"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-nV4keR"
                        },
                      - {
                          - name      = "RECAPTCHA_V3_SECRET_KEY"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:recaptcha_secret-spUZxB"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_ID"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:google_client_id-wRtgIh"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_SECRET"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:google_client_secret-tePLmK"
                        },
                      - {
                          - name      = "DATABASE_URL"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:server-database-url-0PSpE3"
                        },
                      - {
                          - name      = "TOKEN_SECRET"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:token_secret-UyxxRR"
                        },
                      - {
                          - name      = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
                          - valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:gc_notify_callback_bearer_token-wZbg6S"
                        },
                    ]
                  - volumesFrom      = []
                },
            ] # forces replacement
        ) -> (known after apply)
      ~ id                       = "form-viewer" -> (known after apply)
      ~ revision                 = 1209 -> (known after apply)
        tags                     = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_iam_policy.lambda_app_invoke will be updated in-place
  ~ resource "aws_iam_policy" "lambda_app_invoke" {
        id          = "arn:aws:iam::687401027353:policy/lambda_app_invoke"
        name        = "lambda_app_invoke"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "lambda:InvokeFunction"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:lambda:ca-central-1:687401027353:function:Submission"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags        = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_lambda_function.archive_form_templates will be updated in-place
  ~ resource "aws_lambda_function" "archive_form_templates" {
        id                             = "ArchiveFormTemplates"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:archive_form_templates_lib_packages:2",
          - "arn:aws:lambda:ca-central-1:687401027353:layer:archive_form_templates_node_packages:12",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.archiver will be updated in-place
  ~ resource "aws_lambda_function" "archiver" {
        id                             = "Archiver"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:archiver_lib_packages:1",
          - "arn:aws:lambda:ca-central-1:687401027353:layer:archiver_node_packages:14",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.audit_logs will be updated in-place
  ~ resource "aws_lambda_function" "audit_logs" {
        id                             = "AuditLogs"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:audit_logs_node_packages:12",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.dead_letter_queue_consumer will be updated in-place
  ~ resource "aws_lambda_function" "dead_letter_queue_consumer" {
        id                             = "DeadLetterQueueConsumer"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:dead_letter_queue_consumer_node_packages:17",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.nagware will be updated in-place
  ~ resource "aws_lambda_function" "nagware" {
        id                             = "Nagware"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:nagware_lib_packages:9",
          - "arn:aws:lambda:ca-central-1:687401027353:layer:nagware_node_packages:16",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.reliability will be updated in-place
  ~ resource "aws_lambda_function" "reliability" {
        id                             = "Reliability"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:reliability_lib_packages:108",
          - "arn:aws:lambda:ca-central-1:687401027353:layer:reliability_node_packages:127",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_function.submission will be updated in-place
  ~ resource "aws_lambda_function" "submission" {
        id                             = "Submission"
      ~ layers                         = [
          - "arn:aws:lambda:ca-central-1:687401027353:layer:submission_node_packages:23",
        ] -> (known after apply)
        tags                           = {
            "CostCentre" = "forms-platform-staging"
            "Terraform"  = "true"
        }
        # (19 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_lambda_layer_version.archive_form_templates_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "archive_form_templates_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:archive_form_templates_node_packages:12" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-07-11T19:44:38.940+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:archive_form_templates_node_packages:12" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:archive_form_templates_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "f2p3c94G3L6jYURXgO+w3kfQqNa5wWgeartQ0/vdw/0=" -> "YmVzpiq+4Xh0RKDevKf5FtOl/i6pD2+DgsZqRbBoyUE=" # forces replacement
      ~ source_code_size            = 2340281 -> (known after apply)
      ~ version                     = "12" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.archiver_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "archiver_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:archiver_node_packages:14" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-07-11T19:44:59.447+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:archiver_node_packages:14" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:archiver_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "DbAEHzOTFUsc3lunJi1wiQ3jMDrBZH3u4sabdZbeoVc=" -> "/VlkiahWh0lbNsmre0wTbuvFZ64Oh9Ya4b/rUeykRzo=" # forces replacement
      ~ source_code_size            = 4607070 -> (known after apply)
      ~ version                     = "14" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.audit_logs_lib must be replaced
-/+ resource "aws_lambda_layer_version" "audit_logs_lib" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:audit_logs_node_packages:12" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-07-11T19:44:46.445+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:audit_logs_node_packages:12" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:audit_logs_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "qPyibtp7s79T10bBmKxADTN9cJLeBlMVM+Ggb9s34SE=" -> "Vuhm5i6qDfOJPb0rmGAwOjib3YO5sCB7Hzj8hdr3qOk=" # forces replacement
      ~ source_code_size            = 3103082 -> (known after apply)
      ~ version                     = "12" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.dead_letter_queue_consumer_lib must be replaced
-/+ resource "aws_lambda_layer_version" "dead_letter_queue_consumer_lib" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:dead_letter_queue_consumer_node_packages:17" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-07-11T19:45:05.609+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:dead_letter_queue_consumer_node_packages:17" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:dead_letter_queue_consumer_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "V3swCO1X+vaGy9fAY9zfA23/blxkHWfEodaamtlYdj0=" -> "SMQq+1+sI2HdKWmLJOoISuisHMmGYvYkG2P74/2vrAk=" # forces replacement
      ~ source_code_size            = 2296878 -> (known after apply)
      ~ version                     = "17" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.nagware_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "nagware_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:nagware_node_packages:16" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-07-26T17:12:56.608+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:nagware_node_packages:16" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:nagware_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "Ggli/WoTw6SVanhWXvhR4WQDQ7Mv+fS3slM292yTyXo=" -> "lTmGsxGfLOdfer7bHyp1ODqJt6kvYEWBiIXNAA0N/DQ=" # forces replacement
      ~ source_code_size            = 3676801 -> (known after apply)
      ~ version                     = "16" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.reliability_nodejs must be replaced
-/+ resource "aws_lambda_layer_version" "reliability_nodejs" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:reliability_node_packages:127" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-08-09T13:26:43.919+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:reliability_node_packages:127" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:reliability_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "jPZUwheFlV3sEyLWHMj4aEPtEByHczXoOzr5mQ1dkl4=" -> "KR/D69+DbFWKg+r/2qrIlT12C3ZyqF6o5NSKEBXGu3E=" # forces replacement
      ~ source_code_size            = 6372493 -> (known after apply)
      ~ version                     = "127" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_lambda_layer_version.submission_lib must be replaced
-/+ resource "aws_lambda_layer_version" "submission_lib" {
      ~ arn                         = "arn:aws:lambda:ca-central-1:687401027353:layer:submission_node_packages:23" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2023-06-12T12:23:41.666+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ca-central-1:687401027353:layer:submission_node_packages:23" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ca-central-1:687401027353:layer:submission_node_packages" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "L1DFPjOFL0aQifL5rU4PQ/S19MKe1JSip3U+STp4g0g=" -> "LtR35Gv1Oh9hvkCx73zLx18DnXsxe1moqgdQkL18040=" # forces replacement
      ~ source_code_size            = 2977536 -> (known after apply)
      ~ version                     = "23" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

Plan: 8 to add, 8 to change, 8 to destroy.

Warning: Argument is deprecated

  with aws_s3_bucket.reliability_file_storage,
  on s3.tf line 4, in resource "aws_s3_bucket" "reliability_file_storage":
   4: resource "aws_s3_bucket" "reliability_file_storage" {

Use the aws_s3_bucket_lifecycle_configuration resource instead

(and 17 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_2am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_3am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_4am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_5am_every_business_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]

28 tests, 17 passed, 11 warnings, 0 failures, 0 exceptions

@bryan-robitaille bryan-robitaille merged commit 438f339 into develop Aug 15, 2023
3 checks passed
@bryan-robitaille bryan-robitaille deleted the renovate/lock-file-maintenance branch August 15, 2023 15:34
bryan-robitaille added a commit that referenced this pull request Aug 16, 2023
* chore: new workflow for full infrastructure plan against staging (#424)

* feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)

* add cloudwatch logs expiry

* rename slack lambda function

* add cloudwatch expiry to cognito lambdas

* update lambda for new streams

* remove redundant alarms

* create log subscriptions for all lambdas

* reliability and submission lambda error processing

* add error property

* Nagware updates

* archive form responses updates

* dlq consumer

* update yarn lock for archive form responses

* update slack messaging to include more info

* archive form templates updates

* audit logs processor lambda updates

* formatting

* fix cloudwatch block scope

* removed included file in lib package for nagware lambda because it does not exist anymore

* fix security issues and add permissions

* missed kms entry on resource

* add missing input var

* Add missing vars on alarm module

* typo in module def for alarms

* fix typo

* fixed few issues

---------

Co-authored-by: Bryan Robitaille <bryan.robitaille.work@gmail.com>

* Revert "feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)" (#426)

This reverts commit 7f502df.

* Revert "Revert "feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)" (#426)" (#428)

This reverts commit 063e411.

* fix: permission for Cloudwatch to run Notify Slack lambda (#429)

* fix: permission for Cloudwatch to run Notify Slack lambda (second attempt) (#430)

* fix: Terraform module version reference (#427)

Update the Terraform module version references so
they are in the correct format.  This will allow Renovate
dependency PRs to update them module versions
without stripping the `//sub-directory` path.

* feat: added missing cloudwatch subscription filter for submission logs (#431)

* feat: added missing cloudwatch subscription filter for submission logs

* chore: remove reliability queue alarm that is not needed anymore

* chore: format all console logs in JSON (#432)

* fix: multiple issues with NotifySlack lambda (#434)

* chore(deps): update all non-major github action dependencies (#418)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update all non-major docker images (#417)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update WAF rules to support newly added URIs (#433)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* disabled waf regex till provider is merged (#435)

* Attempt to fix waf limit exceeded error (#437)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* Fix/add missing regex comp (#438)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* add missing regex component to match path

* removed duplicated expression

* removed duplicate expression

* Fix WAF InvalidParameterException (#439)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* add missing regex component to match path

* removed duplicated expression

* removed duplicate expression

* refactor capture group, and restricted capture for home page

* fix invalid syntax (#441)

* Restore missing output for lambda function name (#443)

* feat: nagware sends email to all template associated users (#442)

* feat: nagware sends email to all template associated users

* fix: spelling

* Feature/alarm for privileges (#445)

* Remove unknown error ref

* Add events to listen for by subscriber

* fix destructuring

* Feat/dontnagtestresponse (#449)

* feat: delete overdue draft form responses and dont nag

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: reverting some changes for lockfile

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: some cleanup

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: re-adding template file that got lost during merge

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: removing file again for cleaner diff and history

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: fixed file refactor

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: refactor missed the terraform file; fixed the new name for the file

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: horrible typo, missing 's'

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: move var declaration inside try catch & comment cleanup

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

---------

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* doc: update readme to inform about signed commits on this repo (#450)

* feat: added severity level to alarms being sent to Slack (#451)

* add path for profile (#453)

* chore(deps): update all non-major github action dependencies (#447)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update all non-major docker images (#446)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): lock file maintenance (#419)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump version

* update version

* refactor: rework Nagware warning message being sent to Slack (#457)

* fix: nagware notification layout (#460)

* Host header fix (#461)

---------

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>
Co-authored-by: Clément JANIN <clement.janin@cds-snc.ca>
Co-authored-by: Pat Heard <patrick.heard@cds-snc.ca>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Raphael <raphael.keita@cds-snc.ca>
Co-authored-by: Dave Samojlenko <dsamojlenko@gmail.com>
Co-authored-by: Daine Trinidad <daine.trinidad@gmail.com>
Co-authored-by: Tim Arney <timarney@users.noreply.github.com>
craigzour added a commit that referenced this pull request Aug 17, 2023
* chore: new workflow for full infrastructure plan against staging (#424)

* feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)

* add cloudwatch logs expiry

* rename slack lambda function

* add cloudwatch expiry to cognito lambdas

* update lambda for new streams

* remove redundant alarms

* create log subscriptions for all lambdas

* reliability and submission lambda error processing

* add error property

* Nagware updates

* archive form responses updates

* dlq consumer

* update yarn lock for archive form responses

* update slack messaging to include more info

* archive form templates updates

* audit logs processor lambda updates

* formatting

* fix cloudwatch block scope

* removed included file in lib package for nagware lambda because it does not exist anymore

* fix security issues and add permissions

* missed kms entry on resource

* add missing input var

* Add missing vars on alarm module

* typo in module def for alarms

* fix typo

* fixed few issues

---------

Co-authored-by: Bryan Robitaille <bryan.robitaille.work@gmail.com>

* Revert "feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)" (#426)

This reverts commit 7f502df.

* Revert "Revert "feat: use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421)" (#426)" (#428)

This reverts commit 063e411.

* fix: permission for Cloudwatch to run Notify Slack lambda (#429)

* fix: permission for Cloudwatch to run Notify Slack lambda (second attempt) (#430)

* fix: Terraform module version reference (#427)

Update the Terraform module version references so
they are in the correct format.  This will allow Renovate
dependency PRs to update them module versions
without stripping the `//sub-directory` path.

* feat: added missing cloudwatch subscription filter for submission logs (#431)

* feat: added missing cloudwatch subscription filter for submission logs

* chore: remove reliability queue alarm that is not needed anymore

* chore: format all console logs in JSON (#432)

* fix: multiple issues with NotifySlack lambda (#434)

* chore(deps): update all non-major github action dependencies (#418)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update all non-major docker images (#417)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update WAF rules to support newly added URIs (#433)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* disabled waf regex till provider is merged (#435)

* Attempt to fix waf limit exceeded error (#437)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* Fix/add missing regex comp (#438)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* add missing regex component to match path

* removed duplicated expression

* removed duplicate expression

* Fix WAF InvalidParameterException (#439)

* updated regex pattern to support newly added uris

* add page

* fix typo in resource name

* fix undo introduced typo

* try updating resource type to wafv1 where regex_pattern_strings is supported else will fallback on regular regex_string template

* reset staging state:disabled regex till the provider upgrade is merged

* attempt to fix waf limit exceeded error

* renamed rule

* fix undeclared resource name

* attempt to fix resource name mismatch

* add missing regex component to match path

* removed duplicated expression

* removed duplicate expression

* refactor capture group, and restricted capture for home page

* fix invalid syntax (#441)

* Restore missing output for lambda function name (#443)

* feat: nagware sends email to all template associated users (#442)

* feat: nagware sends email to all template associated users

* fix: spelling

* Feature/alarm for privileges (#445)

* Remove unknown error ref

* Add events to listen for by subscriber

* fix destructuring

* Feat/dontnagtestresponse (#449)

* feat: delete overdue draft form responses and dont nag

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: reverting some changes for lockfile

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: some cleanup

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: re-adding template file that got lost during merge

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: removing file again for cleaner diff and history

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* chore: fixed file refactor

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: refactor missed the terraform file; fixed the new name for the file

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: horrible typo, missing 's'

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* fix: move var declaration inside try catch & comment cleanup

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

---------

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>

* doc: update readme to inform about signed commits on this repo (#450)

* feat: added severity level to alarms being sent to Slack (#451)

* add path for profile (#453)

* chore(deps): update all non-major github action dependencies (#447)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update all non-major docker images (#446)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): lock file maintenance (#419)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor: rework Nagware warning message being sent to Slack (#457)

* fix: nagware notification layout (#460)

* Host header fix (#461)

* release: 3.2.0 (#458)

* fix: use valid ReCaptcha site key for production environment (#462)

* release 3.2.1

---------

Signed-off-by: Daine Trinidad <daine.trinidad@cds-snc.ca>
Co-authored-by: Bryan Robitaille <bryan.robitaille@cds-snc.ca>
Co-authored-by: Bryan Robitaille <bryan.robitaille.work@gmail.com>
Co-authored-by: Pat Heard <patrick.heard@cds-snc.ca>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Raphael <raphael.keita@cds-snc.ca>
Co-authored-by: Dave Samojlenko <dsamojlenko@gmail.com>
Co-authored-by: Daine Trinidad <daine.trinidad@gmail.com>
Co-authored-by: Tim Arney <timarney@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant