Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: adding intermediary S3 bucket for FFIS email data #64

Merged
merged 4 commits into from
Apr 28, 2023

Conversation

slapula
Copy link
Contributor

@slapula slapula commented Apr 27, 2023

Ticket #61

Description

SES Receipt rules don't play nicely with S3 buckets that enforce encrypted objects. I am creating an intermediary S3 bucket than doesn't require that so that we may download the emails and move them to the Grants source data bucket.

Testing

Automated and Unit Tests

  • Added Unit tests

Manual tests for Reviewer

  • Added steps to test feature/functionality manually

Checklist

  • Provided ticket and description
  • Provided testing information
  • Provided adequate test coverage for all new code
  • Added PR reviewers

@slapula slapula self-assigned this Apr 27, 2023
@github-actions
Copy link

github-actions bot commented Apr 27, 2023

Terraform Summary

Step Result
🖌 Terraform Format & Style
⚙️ Terraform Initialization
🤖 Terraform Validation
📖 Terraform Plan

Output

Validation Output
Success! The configuration is valid.


Plan Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.ses_source_data_s3_access will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ses_source_data_s3_access" {
+       id   = (known after apply)
+       json = (known after apply)

+       statement {
+           actions   = [
+               "s3:PutObject",
            ]
+           resources = [
+               (known after apply),
            ]
+           sid       = "AllowFFISEmailDeliveryFromSES"

+           condition {
+               test     = "StringEquals"
+               values   = [
+                   "357150818708",
                ]
+               variable = "AWS:SourceAccount"
            }
+           condition {
+               test     = "StringEquals"
+               values   = [
+                   "arn:aws:ses:us-west-2:357150818708:receipt-rule-set/grants_ingest-staging-ffis_ingest:receipt-rule/grants_ingest-staging-ffis_ingest",
                ]
+               variable = "AWS:SourceArn"
            }

+           principals {
+               identifiers = [
+                   "ses.amazonaws.com",
                ]
+               type        = "Service"
            }
        }
    }

  # aws_ses_receipt_rule.ffis_ingest will be created
+   resource "aws_ses_receipt_rule" "ffis_ingest" {
+       arn           = (known after apply)
+       enabled       = true
+       id            = (known after apply)
+       name          = "grants_ingest-staging-ffis_ingest"
+       recipients    = [
+           "ffis-ingest@staging.grants.usdigitalresponse.org",
        ]
+       rule_set_name = "grants_ingest-staging-ffis_ingest"
+       scan_enabled  = true
+       tls_policy    = "Require"

+       s3_action {
+           bucket_name       = (known after apply)
+           object_key_prefix = "ses/ffis_ingest/new"
+           position          = 1
        }
    }

  # aws_ses_receipt_rule_set.ffis_ingest will be created
+   resource "aws_ses_receipt_rule_set" "ffis_ingest" {
+       arn           = (known after apply)
+       id            = (known after apply)
+       rule_set_name = "grants_ingest-staging-ffis_ingest"
    }

  # datadog_metric_metadata.custom["grants_ingest.DownloadGrantsGovDB.source_size"] will be updated in-place
  ~ resource "datadog_metric_metadata" "custom" {
        id              = "grants_ingest.DownloadGrantsGovDB.source_size"
-       type            = "gauge" -> null
        # (6 unchanged attributes hidden)
    }

  # datadog_metric_metadata.custom["grants_ingest.SplitGrantsGovXMLDB.opportunity.created"] will be updated in-place
  ~ resource "datadog_metric_metadata" "custom" {
        id              = "grants_ingest.SplitGrantsGovXMLDB.opportunity.created"
-       type            = "gauge" -> null
        # (5 unchanged attributes hidden)
    }

  # datadog_metric_metadata.custom["grants_ingest.SplitGrantsGovXMLDB.opportunity.skipped"] will be updated in-place
  ~ resource "datadog_metric_metadata" "custom" {
        id              = "grants_ingest.SplitGrantsGovXMLDB.opportunity.skipped"
-       type            = "gauge" -> null
        # (5 unchanged attributes hidden)
    }

  # datadog_metric_metadata.custom["grants_ingest.SplitGrantsGovXMLDB.opportunity.updated"] will be updated in-place
  ~ resource "datadog_metric_metadata" "custom" {
        id              = "grants_ingest.SplitGrantsGovXMLDB.opportunity.updated"
-       type            = "gauge" -> null
        # (5 unchanged attributes hidden)
    }

  # module.email_delivery_bucket.data.aws_iam_policy_document.aggregated_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "aggregated_policy" {
+       id                        = (known after apply)
+       json                      = (known after apply)
+       override_policy_documents = (known after apply)
+       source_policy_documents   = [
+           (known after apply),
        ]
    }

  # module.email_delivery_bucket.data.aws_iam_policy_document.bucket_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "bucket_policy" {
+       id   = (known after apply)
+       json = (known after apply)

+       statement {
+           actions   = [
+               "s3:*",
            ]
+           effect    = "Deny"
+           resources = [
+               (known after apply),
+               (known after apply),
            ]
+           sid       = "ForceSSLOnlyAccess"

+           condition {
+               test     = "Bool"
+               values   = [
+                   "false",
                ]
+               variable = "aws:SecureTransport"
            }

+           principals {
+               identifiers = [
+                   "*",
                ]
+               type        = "*"
            }
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket.default[0] will be created
+   resource "aws_s3_bucket" "default" {
+       acceleration_status         = (known after apply)
+       acl                         = (known after apply)
+       arn                         = (known after apply)
+       bucket                      = "grantsingest-staging-emaildelivery-357150818708-us-west-2"
+       bucket_domain_name          = (known after apply)
+       bucket_regional_domain_name = (known after apply)
+       force_destroy               = false
+       hosted_zone_id              = (known after apply)
+       id                          = (known after apply)
+       object_lock_enabled         = false
+       policy                      = (known after apply)
+       region                      = (known after apply)
+       request_payer               = (known after apply)
+       tags                        = {
+           "Attributes" = "357150818708-us-west-2"
+           "Name"       = "grantsingest-staging-emaildelivery-357150818708-us-west-2"
+           "Namespace"  = "grantsingest-staging"
        }
+       tags_all                    = {
+           "Attributes" = "357150818708-us-west-2"
+           "Name"       = "grantsingest-staging-emaildelivery-357150818708-us-west-2"
+           "Namespace"  = "grantsingest-staging"
+           "env"        = "staging"
+           "management" = "terraform"
+           "owner"      = "grants"
+           "repo"       = "grants-ingest"
+           "service"    = "grants-ingest"
+           "usage"      = "workload"
        }
+       website_domain              = (known after apply)
+       website_endpoint            = (known after apply)

+       cors_rule {
+           allowed_headers = (known after apply)
+           allowed_methods = (known after apply)
+           allowed_origins = (known after apply)
+           expose_headers  = (known after apply)
+           max_age_seconds = (known after apply)
        }

+       grant {
+           id          = (known after apply)
+           permissions = (known after apply)
+           type        = (known after apply)
+           uri         = (known after apply)
        }

+       lifecycle_rule {
+           abort_incomplete_multipart_upload_days = (known after apply)
+           enabled                                = (known after apply)
+           id                                     = (known after apply)
+           prefix                                 = (known after apply)
+           tags                                   = (known after apply)

+           expiration {
+               date                         = (known after apply)
+               days                         = (known after apply)
+               expired_object_delete_marker = (known after apply)
            }

+           noncurrent_version_expiration {
+               days = (known after apply)
            }

+           noncurrent_version_transition {
+               days          = (known after apply)
+               storage_class = (known after apply)
            }

+           transition {
+               date          = (known after apply)
+               days          = (known after apply)
+               storage_class = (known after apply)
            }
        }

+       logging {
+           target_bucket = (known after apply)
+           target_prefix = (known after apply)
        }

+       object_lock_configuration {
+           object_lock_enabled = (known after apply)

+           rule {
+               default_retention {
+                   days  = (known after apply)
+                   mode  = (known after apply)
+                   years = (known after apply)
                }
            }
        }

+       replication_configuration {
+           role = (known after apply)

+           rules {
+               delete_marker_replication_status = (known after apply)
+               id                               = (known after apply)
+               prefix                           = (known after apply)
+               priority                         = (known after apply)
+               status                           = (known after apply)

+               destination {
+                   account_id         = (known after apply)
+                   bucket             = (known after apply)
+                   replica_kms_key_id = (known after apply)
+                   storage_class      = (known after apply)

+                   access_control_translation {
+                       owner = (known after apply)
                    }

+                   metrics {
+                       minutes = (known after apply)
+                       status  = (known after apply)
                    }

+                   replication_time {
+                       minutes = (known after apply)
+                       status  = (known after apply)
                    }
                }

+               filter {
+                   prefix = (known after apply)
+                   tags   = (known after apply)
                }

+               source_selection_criteria {
+                   sse_kms_encrypted_objects {
+                       enabled = (known after apply)
                    }
                }
            }
        }

+       server_side_encryption_configuration {
+           rule {
+               bucket_key_enabled = (known after apply)

+               apply_server_side_encryption_by_default {
+                   kms_master_key_id = (known after apply)
+                   sse_algorithm     = (known after apply)
                }
            }
        }

+       versioning {
+           enabled    = (known after apply)
+           mfa_delete = (known after apply)
        }

+       website {
+           error_document           = (known after apply)
+           index_document           = (known after apply)
+           redirect_all_requests_to = (known after apply)
+           routing_rules            = (known after apply)
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket_acl.default[0] will be created
+   resource "aws_s3_bucket_acl" "default" {
+       acl    = "private"
+       bucket = (known after apply)
+       id     = (known after apply)

+       access_control_policy {
+           grant {
+               permission = (known after apply)

+               grantee {
+                   display_name  = (known after apply)
+                   email_address = (known after apply)
+                   id            = (known after apply)
+                   type          = (known after apply)
+                   uri           = (known after apply)
                }
            }

+           owner {
+               display_name = (known after apply)
+               id           = (known after apply)
            }
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket_lifecycle_configuration.default[0] will be created
+   resource "aws_s3_bucket_lifecycle_configuration" "default" {
+       bucket = (known after apply)
+       id     = (known after apply)

+       rule {
+           id     = "rule-1"
+           status = "Enabled"

+           abort_incomplete_multipart_upload {
+               days_after_initiation = 1
            }

+           expiration {
+               days                         = 30
+               expired_object_delete_marker = (known after apply)
            }

+           filter {
            }
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket_ownership_controls.default[0] will be created
+   resource "aws_s3_bucket_ownership_controls" "default" {
+       bucket = (known after apply)
+       id     = (known after apply)

+       rule {
+           object_ownership = "ObjectWriter"
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket_policy.default[0] will be created
+   resource "aws_s3_bucket_policy" "default" {
+       bucket = (known after apply)
+       id     = (known after apply)
+       policy = (known after apply)
    }

  # module.email_delivery_bucket.aws_s3_bucket_public_access_block.default[0] will be created
+   resource "aws_s3_bucket_public_access_block" "default" {
+       block_public_acls       = true
+       block_public_policy     = true
+       bucket                  = (known after apply)
+       id                      = (known after apply)
+       ignore_public_acls      = true
+       restrict_public_buckets = true
    }

  # module.email_delivery_bucket.aws_s3_bucket_server_side_encryption_configuration.default[0] will be created
+   resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
+       bucket = (known after apply)
+       id     = (known after apply)

+       rule {
+           bucket_key_enabled = false

+           apply_server_side_encryption_by_default {
+               sse_algorithm = "AES256"
            }
        }
    }

  # module.email_delivery_bucket.aws_s3_bucket_versioning.default[0] will be created
+   resource "aws_s3_bucket_versioning" "default" {
+       bucket = (known after apply)
+       id     = (known after apply)

+       versioning_configuration {
+           mfa_delete = (known after apply)
+           status     = "Enabled"
        }
    }

  # module.email_delivery_bucket.time_sleep.wait_for_aws_s3_bucket_settings[0] will be created
+   resource "time_sleep" "wait_for_aws_s3_bucket_settings" {
+       create_duration  = "30s"
+       destroy_duration = "30s"
+       id               = (known after apply)
    }

  # module.grants_source_data_bucket.aws_s3_bucket_policy.default[0] will be updated in-place
  ~ resource "aws_s3_bucket_policy" "default" {
        id     = "grantsingest-staging-grantssourcedata-357150818708-us-west-2"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (2 unchanged elements hidden)
                    {
                        Action    = "s3:*"
                        Condition = {
                            Bool = {
                                "aws:SecureTransport" = [
                                    "false",
                                ]
                            }
                        }
                        Effect    = "Deny"
                        Principal = "*"
                        Resource  = [
                            "arn:aws:s3:::grantsingest-staging-grantssourcedata-357150818708-us-west-2/*",
                            "arn:aws:s3:::grantsingest-staging-grantssourcedata-357150818708-us-west-2",
                        ]
                        Sid       = "ForceSSLOnlyAccess"
                    },
-                   {
-                       Action    = "s3:PutObject"
-                       Condition = {
-                           StringEquals = {
-                               "AWS:SourceAccount" = [
-                                   "357150818708",
                                ]
-                               "AWS:SourceArn"     = [
-                                   "arn:aws:ses:us-west-2:357150818708:receipt-rule-set/ffis_ingest-rule-set:receipt-rule/grants_ingest-staging-ffis_ingest",
                                ]
                            }
                        }
-                       Effect    = "Allow"
-                       Principal = {
-                           Service = "ses.amazonaws.com"
                        }
-                       Resource  = "arn:aws:s3:::grantsingest-staging-grantssourcedata-357150818708-us-west-2/ses/*"
-                       Sid       = "AllowFFISEmailDeliveryFromSES"
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.DownloadGrantsGovDB.module.lambda_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "grants_ingest-staging-DownloadGrantsGovDB"
      ~ last_modified                  = "2023-04-27T20:34:14.000+0000" -> (known after apply)
      ~ qualified_arn                  = "arn:aws:lambda:us-west-2:357150818708:function:grants_ingest-staging-DownloadGrantsGovDB:18" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:357150818708:function:grants_ingest-staging-DownloadGrantsGovDB:18/invocations" -> (known after apply)
      ~ s3_key                         = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip"
      ~ s3_object_version              = "w509yYAfhF_m7Ln2MNNutkpAOqn9z8O8" -> (known after apply)
        tags                           = {}
      ~ version                        = "18" -> (known after apply)
        # (23 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "DD_TAGS"                        = "git.commit.sha:1082220b67b96e480a416801d38212af8d4b9576,git.repository_url:github.com/usdigitalresponse/grants-ingest,handlername:downloadgrantsgovdb" -> "git.commit.sha:4d4abfcf3c33df0d661a6662ef0cc89899bfc568,git.repository_url:github.com/usdigitalresponse/grants-ingest,handlername:downloadgrantsgovdb"
              ~ "DD_VERSION"                     = "1082220b67b96e480a416801d38212af8d4b9576" -> "4d4abfcf3c33df0d661a6662ef0cc89899bfc568"
                # (12 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.DownloadGrantsGovDB.module.lambda_function.aws_lambda_permission.current_version_triggers["Schedule"] must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
      ~ id                  = "Schedule" -> (known after apply)
      ~ qualifier           = "18" -> (known after apply) # forces replacement
+       statement_id_prefix = (known after apply)
        # (5 unchanged attributes hidden)
    }

  # module.DownloadGrantsGovDB.module.lambda_function.aws_s3_object.lambda_package[0] must be replaced
-/+ resource "aws_s3_object" "lambda_package" {
      ~ bucket_key_enabled     = false -> (known after apply)
      ~ content_type           = "binary/octet-stream" -> (known after apply)
      ~ etag                   = "4d849d836b0213f6d90dff6831aeeb66-2" -> (known after apply)
      ~ id                     = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> (known after apply)
      ~ key                    = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip" # forces replacement
+       kms_key_id             = (known after apply)
-       metadata               = {} -> null
      ~ source                 = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip"
-       tags                   = {} -> null
      ~ version_id             = "w509yYAfhF_m7Ln2MNNutkpAOqn9z8O8" -> (known after apply)
        # (6 unchanged attributes hidden)
    }

  # module.DownloadGrantsGovDB.module.lambda_function.local_file.archive_plan[0] will be created
+   resource "local_file" "archive_plan" {
+       content              = jsonencode(
            {
+               artifacts_dir = "builds"
+               build_plan    = [
+                   [
+                       "sh",
+                       "..",
+                       <<-EOT
                            task build-DownloadGrantsGovDB
                            cd bin/DownloadGrantsGovDB
                        EOT,
                    ],
+                   [
+                       "zip:embedded",
+                       "..",
+                       null,
                    ],
                ]
+               filename      = "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip"
+               runtime       = "provided.al2"
            }
        )
+       content_base64sha256 = (known after apply)
+       content_base64sha512 = (known after apply)
+       content_md5          = (known after apply)
+       content_sha1         = (known after apply)
+       content_sha256       = (known after apply)
+       content_sha512       = (known after apply)
+       directory_permission = "0755"
+       file_permission      = "0644"
+       filename             = "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.plan.json"
+       id                   = (known after apply)
    }

  # module.DownloadGrantsGovDB.module.lambda_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "1282668698085131230" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "filename"  = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip"
          ~ "timestamp" = "1682627527204704000" -> "1682689315401967000"
        }
    }

  # module.DownloadGrantsGovDB.module.lambda_function.null_resource.sam_metadata_aws_lambda_function[0] must be replaced
-/+ resource "null_resource" "sam_metadata_aws_lambda_function" {
      ~ id       = "5621242716264037807" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "built_output_path"    = "builds/1cd351ec6e43822ec88843c38ea09ae29a7776919a626b2f79fa166f74fb3b5d.zip" -> "builds/c7342c24545b6883c5a588d11c730f0ebf8dba7f3a8574e37b5363337c85a64b.zip"
            # (4 unchanged elements hidden)
        }
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "grants_ingest-staging-SplitGrantsGovXMLDB"
      ~ last_modified                  = "2023-04-27T20:34:16.000+0000" -> (known after apply)
      ~ qualified_arn                  = "arn:aws:lambda:us-west-2:357150818708:function:grants_ingest-staging-SplitGrantsGovXMLDB:17" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:357150818708:function:grants_ingest-staging-SplitGrantsGovXMLDB:17/invocations" -> (known after apply)
      ~ s3_key                         = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip"
      ~ s3_object_version              = "TJTp7D4KU9C5udgaKOk8Hvv2EAPz5hs." -> (known after apply)
        tags                           = {}
      ~ version                        = "17" -> (known after apply)
        # (23 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "DD_TAGS"                          = "git.commit.sha:1082220b67b96e480a416801d38212af8d4b9576,git.repository_url:github.com/usdigitalresponse/grants-ingest,handlername:splitgrantsgovxmldb" -> "git.commit.sha:4d4abfcf3c33df0d661a6662ef0cc89899bfc568,git.repository_url:github.com/usdigitalresponse/grants-ingest,handlername:splitgrantsgovxmldb"
              ~ "DD_VERSION"                       = "1082220b67b96e480a416801d38212af8d4b9576" -> "4d4abfcf3c33df0d661a6662ef0cc89899bfc568"
                # (15 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.aws_lambda_permission.current_version_triggers["S3BucketNotification"] must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
      ~ id                  = "S3BucketNotification" -> (known after apply)
      ~ qualifier           = "17" -> (known after apply) # forces replacement
+       statement_id_prefix = (known after apply)
        # (5 unchanged attributes hidden)
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.aws_s3_object.lambda_package[0] must be replaced
-/+ resource "aws_s3_object" "lambda_package" {
      ~ bucket_key_enabled     = false -> (known after apply)
      ~ content_type           = "binary/octet-stream" -> (known after apply)
      ~ etag                   = "91dc01062d8b233c022a9453ebf47b1f-2" -> (known after apply)
      ~ id                     = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> (known after apply)
      ~ key                    = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip" # forces replacement
+       kms_key_id             = (known after apply)
-       metadata               = {} -> null
      ~ source                 = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip"
-       tags                   = {} -> null
      ~ version_id             = "TJTp7D4KU9C5udgaKOk8Hvv2EAPz5hs." -> (known after apply)
        # (6 unchanged attributes hidden)
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.local_file.archive_plan[0] will be created
+   resource "local_file" "archive_plan" {
+       content              = jsonencode(
            {
+               artifacts_dir = "builds"
+               build_plan    = [
+                   [
+                       "sh",
+                       "..",
+                       <<-EOT
                            task build-SplitGrantsGovXMLDB
                            cd bin/SplitGrantsGovXMLDB
                        EOT,
                    ],
+                   [
+                       "zip:embedded",
+                       "..",
+                       null,
                    ],
                ]
+               filename      = "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip"
+               runtime       = "provided.al2"
            }
        )
+       content_base64sha256 = (known after apply)
+       content_base64sha512 = (known after apply)
+       content_md5          = (known after apply)
+       content_sha1         = (known after apply)
+       content_sha256       = (known after apply)
+       content_sha512       = (known after apply)
+       directory_permission = "0755"
+       file_permission      = "0644"
+       filename             = "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.plan.json"
+       id                   = (known after apply)
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "6903751115379792512" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "filename"  = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip"
          ~ "timestamp" = "1682627527140030000" -> "1682689316391321000"
        }
    }

  # module.SplitGrantsGovXMLDB.module.lambda_function.null_resource.sam_metadata_aws_lambda_function[0] must be replaced
-/+ resource "null_resource" "sam_metadata_aws_lambda_function" {
      ~ id       = "8872185519992552964" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "built_output_path"    = "builds/d478d0890d23ce200d31203a1f9a886b8d58b709d5304372fa19119275bee435.zip" -> "builds/e6f4d6243ffc41ea80b137d81d618a5f672014ece4611b5e1602ded3974735b6.zip"
            # (4 unchanged elements hidden)
        }
    }

Plan: 21 to add, 7 to change, 8 to destroy.

Pusher: @slapula, Action: pull_request, Workflow: Continuous Integration

Copy link
Member

@TylerHendrickson TylerHendrickson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One quick opportunistic change noted in the comments. Additionally, I believe that we found that an aws_ses_receipt_rule_set resource will also need to be defined and referenced in the existing aws_ses_receipt_rule.ffis_ingest resource definition in order to get builds working again, e.g.:

resource "aws_ses_receipt_rule_set" "ffis_ingest" {
  rule_set_name = "${var.namespace}-ffis_ingest"
}

resource "aws_ses_receipt_rule" "ffis_ingest" {
  ...
  rule_set_name = aws_ses_receipt_rule_set.ffis_ingest.rule_set_name
  ...
}

terraform/main.tf Outdated Show resolved Hide resolved
@TylerHendrickson TylerHendrickson mentioned this pull request Apr 27, 2023
6 tasks
Copy link
Member

@TylerHendrickson TylerHendrickson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One two more quick tweaks, please and thank you!

terraform/main.tf Outdated Show resolved Hide resolved
terraform/main.tf Outdated Show resolved Hide resolved
@slapula slapula merged commit 2d5a0df into main Apr 28, 2023
@slapula slapula deleted the 61-ffis-source-bucket-for-ses branch April 28, 2023 14:39
@TylerHendrickson TylerHendrickson added bug Something isn't working terraform Pull requests that update Terraform code labels Aug 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working terraform Pull requests that update Terraform code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants