feat: make Verify API opt-in & secure attestation with CSRF tokens #42

xDarksome · 2023-07-10T15:19:10Z

Description

Resolves #39
Resolves #19

How Has This Been Tested?

Integration

Due Diligence

Breaking change
Requires a documentation update
Requires a e2e/integration test update

github-actions · 2023-07-10T15:20:22Z

Show Plan


terraform
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
data.github_release.latest_release: Reading...
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Read complete after 0s [id=108611090]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.data.aws_iam_policy_document.otel: Reading...
data.aws_ecr_repository.repository: Reading...
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z05475933U67RRYWNMJX5]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
      ~ propagate_tags                     = "NONE" -> "TASK_DEFINITION"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-10T15:57:53Z

Show Plan


terraform
data.github_release.latest_release: Reading...
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
data.github_release.latest_release: Read complete after 0s [id=108611090]
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.ecs.data.aws_iam_policy_document.otel: Reading...
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
module.dns.data.aws_route53_zone.hosted_zone: Reading...
data.aws_ecr_repository.repository: Reading...
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 0s [id=Z05475933U67RRYWNMJX5]
data.aws_ecr_repository.repository: Read complete after 0s [id=bouncer]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
      ~ propagate_tags                     = "NONE" -> "TASK_DEFINITION"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-11T15:37:45Z

Show Plan


terraform
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
data.github_release.latest_release: Reading...
data.github_release.latest_release: Read complete after 0s [id=108611090]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.data.aws_iam_policy_document.otel: Reading...
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
data.aws_ecr_repository.repository: Reading...
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 0s [id=Z05475933U67RRYWNMJX5]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
      ~ propagate_tags                     = "NONE" -> "TASK_DEFINITION"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-11T15:38:59Z

Show Plan


terraform
data.github_release.latest_release: Reading...
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Read complete after 0s [id=108611090]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.ecs.data.aws_iam_policy_document.otel: Reading...
data.aws_ecr_repository.repository: Reading...
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z05475933U67RRYWNMJX5]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
      ~ propagate_tags                     = "NONE" -> "TASK_DEFINITION"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-11T15:41:09Z

Show Plan


terraform
data.github_release.latest_release: Reading...
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Read complete after 1s [id=108611090]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
data.aws_ecr_repository.repository: Reading...
module.ecs.data.aws_iam_policy_document.otel: Reading...
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z05475933U67RRYWNMJX5]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
      ~ propagate_tags                     = "NONE" -> "TASK_DEFINITION"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-12T13:23:11Z

Show Plan


terraform
data.github_release.latest_release: Reading...
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Read complete after 0s [id=108611090]
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.data.aws_iam_policy_document.otel: Reading...
data.aws_ecr_repository.repository: Reading...
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 0s [id=Z05475933U67RRYWNMJX5]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:54" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:54" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 54 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-12T13:34:22Z

Show Plan


terraform
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Reading...
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
data.github_release.latest_release: Read complete after 0s [id=108611090]
module.ecs.data.aws_iam_policy_document.otel: Reading...
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
data.aws_ecr_repository.repository: Reading...
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z05475933U67RRYWNMJX5]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
data.aws_ecr_repository.repository: Read complete after 2s [id=bouncer]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:55" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:55" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 55 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

github-actions · 2023-07-12T16:01:28Z

Show Plan


terraform
data.assert_test.workspace: Reading...
data.assert_test.workspace: Read complete after 0s
module.o11y.grafana_data_source.cloudwatch: Refreshing state... [id=18]
data.github_release.latest_release: Reading...
data.github_release.latest_release: Read complete after 1s [id=108611090]
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0a3731d74832a2230]
data.aws_ecr_repository.repository: Reading...
module.ecs.aws_cloudwatch_log_group.cluster_logs: Refreshing state... [id=staging-verify_logs]
module.dns.data.aws_route53_zone.hosted_zone: Reading...
module.ecs.data.aws_iam_policy_document.otel: Reading...
module.dns.aws_acm_certificate.domain_certificate: Refreshing state... [id=arn:aws:acm:eu-central-1:898587786287:certificate/5000bccc-0f2d-432e-a688-0ca51a821cfd]
aws_prometheus_workspace.prometheus: Refreshing state... [id=ws-586fa3aa-5a55-4d4e-b677-c0b6b993fea3]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Reading...
module.ecs.data.aws_iam_policy_document.otel: Read complete after 0s [id=340601808]
module.ecs.data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=1077804475]
module.ecs.aws_iam_policy.otel: Refreshing state... [id=arn:aws:iam::898587786287:policy/staging-verify-otel]
module.ecs.aws_iam_role.ecs_task_execution_role: Refreshing state... [id=staging-verify-ecs-task-execution-role]
module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837390400000006]
module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836599400000001]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102837389900000005]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836611600000002]
module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836851100000004]
module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_xray_policy: Refreshing state... [id=staging-verify-ecs-task-execution-role-20230125102836838900000003]
module.dns.data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z05475933U67RRYWNMJX5]
module.ecs.aws_ecs_cluster.app_cluster: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:cluster/staging-verify]
module.dns.aws_route53_record.cert_verification[0]: Refreshing state... [id=Z05475933U67RRYWNMJX5__a20e2ba642a1981cd40943c9f65369d2.staging.verify.walletconnect.com._CNAME]
module.o11y.grafana_data_source.prometheus: Refreshing state... [id=19]
data.aws_ecr_repository.repository: Read complete after 1s [id=bouncer]
module.o11y.data.template_file.grafana_dashboard_template: Reading...
module.o11y.data.template_file.grafana_dashboard_template: Read complete after 0s [id=e101364582af6040f796a54d6881cbf210a0d5aa9ec7476ab4b6fae968268ae5]
module.o11y.grafana_dashboard.at_a_glance: Refreshing state... [id=0:staging_verify]
module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0cfe7c4f29fd0889a]
module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-07ccf3c41ce39b1a6]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-00d455cf4c822c44a]
module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0366444d184ba63ae]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-09d7dc916b9f7d698]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09629110e5ba174e6]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0cb8399f7a4f000c2]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094cd63118c7d693d]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-013bb0b4108fceb35]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0a60f1f9ad9411a16]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-00184fa2b3610a7dd]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-03eef038b326b965c]
module.ecs.aws_lb_target_group.target_group: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/staging-verify-target-group/521a938df3b3e108]
module.redis.aws_security_group.service_security_group: Refreshing state... [id=sg-0ad09ffed48972f67]
module.ecs.aws_security_group.lb_ingress: Refreshing state... [id=sg-006fdafde4fb520f6]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09629110e5ba174e61080289494]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0831db520b7ce0fce]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0aba7479f027fd8e1]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0954b80eda72717f8]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0327de12f74b61dca]
module.redis.aws_elasticache_subnet_group.private_subnets: Refreshing state... [id=verify-staging-verify-private-subnet-group]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-064db9a92995a3edf]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-010155a0e463e12ac]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-09edcc2c2e1312316]
module.ecs.aws_security_group.app_ingress: Refreshing state... [id=sg-0ba8aa7a32ad3772e]
module.ecs.aws_lb.application_load_balancer: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/app/staging-verify-load-balancer/02c37dc9f5009c09]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-03280999ce1081122]
module.vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-013bb0b4108fceb351080289494]
module.redis.aws_elasticache_cluster.cache: Refreshing state... [id=verify-staging-verify]
module.ecs.aws_lb_listener.listener: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/d06576a2571142c2]
module.ecs.aws_lb_listener.listener-http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/app/staging-verify-load-balancer/02c37dc9f5009c09/89008b30e3390b5b]
module.ecs.aws_route53_record.dns_load_balancer: Refreshing state... [id=Z05475933U67RRYWNMJX5_staging.verify.walletconnect.com_A]
module.ecs.aws_ecs_task_definition.app_task_definition: Refreshing state... [id=staging-verify]
module.ecs.aws_ecs_service.app_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging-verify/staging-verify-service"
        name                               = "staging-verify-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:55" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "app_task_definition" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify:55" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging-verify" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging-verify" -> (known after apply)
      ~ revision                 = 55 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Warning: Argument is deprecated

  with module.o11y.grafana_data_source.cloudwatch,
  on monitoring/main.tf line 35, in resource "grafana_data_source" "cloudwatch":
  35: resource "grafana_data_source" "cloudwatch" {

Use json_data_encoded instead.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: /tmp/plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "/tmp/plan.tfplan"

Action: pull_request

arein

nice update on the integration tests. thank you!

LordSloppy

Thanks

feat: make Verify API opt-in & secure attestation with CSRF tokens

cf855c6

xDarksome self-assigned this Jul 10, 2023

xDarksome temporarily deployed to infra/staging July 10, 2023 15:19 — with GitHub Actions Inactive

fix: fmt

7fe7ec0

xDarksome temporarily deployed to infra/staging July 10, 2023 15:57 — with GitHub Actions Inactive

feat: make secret configurable & use CookieStore for sessions

5b02c84

xDarksome temporarily deployed to infra/staging July 11, 2023 15:36 — with GitHub Actions Inactive

fix(terraform): fmt

4e22b1b

xDarksome temporarily deployed to infra/staging July 11, 2023 15:38 — with GitHub Actions Inactive

fix: doc

81157d8

xDarksome temporarily deployed to infra/staging July 11, 2023 15:40 — with GitHub Actions Inactive

xDarksome had a problem deploying to staging July 11, 2023 15:49 — with GitHub Actions Failure

xDarksome temporarily deployed to staging July 11, 2023 15:53 — with GitHub Actions Inactive

feat: switch staging to use prod cloud

fde6a4f

xDarksome temporarily deployed to infra/staging July 12, 2023 13:22 — with GitHub Actions Inactive

xDarksome temporarily deployed to staging July 12, 2023 13:25 — with GitHub Actions Inactive

fix: integration tests

0d91102

xDarksome temporarily deployed to infra/staging July 12, 2023 13:33 — with GitHub Actions Inactive

feat: update JS

03da322

xDarksome temporarily deployed to infra/staging July 12, 2023 16:00 — with GitHub Actions Inactive

xDarksome requested a review from arein July 12, 2023 16:05

arein approved these changes Jul 13, 2023

View reviewed changes

xDarksome merged commit 022f45a into main Jul 13, 2023
7 checks passed

LordSloppy reviewed Jul 13, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: make Verify API opt-in & secure attestation with CSRF tokens #42

feat: make Verify API opt-in & secure attestation with CSRF tokens #42

xDarksome commented Jul 10, 2023 •

edited

Loading

github-actions bot commented Jul 10, 2023

github-actions bot commented Jul 10, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 12, 2023

github-actions bot commented Jul 12, 2023

github-actions bot commented Jul 12, 2023

arein left a comment

LordSloppy left a comment

feat: make Verify API opt-in & secure attestation with CSRF tokens #42

feat: make Verify API opt-in & secure attestation with CSRF tokens #42

Conversation

xDarksome commented Jul 10, 2023 • edited Loading

Description

How Has This Been Tested?

Due Diligence

github-actions bot commented Jul 10, 2023

github-actions bot commented Jul 10, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 11, 2023

github-actions bot commented Jul 12, 2023

github-actions bot commented Jul 12, 2023

github-actions bot commented Jul 12, 2023

arein left a comment

Choose a reason for hiding this comment

LordSloppy left a comment

Choose a reason for hiding this comment

xDarksome commented Jul 10, 2023 •

edited

Loading