Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test: This PR is a test run to trigger the terraform GH workflow #33

Closed
wants to merge 7 commits into from
Closed

Test: This PR is a test run to trigger the terraform GH workflow #33

wants to merge 7 commits into from

Conversation

DecFox
Copy link
Contributor

@DecFox DecFox commented Mar 20, 2024

No Description
NOTE: We will close this once we have tested the terraform workflow

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 20, 2024
edited
Loading

Terraform Run Output 🤖

Format and Style 🖌failure

Initialization ⚙️success

Validation 🤖success

Validation Output 

$ terraform validate
Success! The configuration is valid.

Plan 📖success

  • Plan: 0 to add, 1 to change, 9 to destroy.
Show Plan 

$ terraform plan
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
random_password.jwt_secret: Refreshing state... [id=none]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 1s [id=905418398257]
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
data.aws_availability_zones.available: Reading...
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [id=admin+dev@ooni.org]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
data.aws_availability_zones.available: Read complete after 0s [id=eu-central-1]
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Reading...
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 1s [id=905418398257]
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=2785224313]
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Reading...
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3]
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 1s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:14]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIY7OIFEQBN]
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:11]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240313203054132800000001]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
aws_codestarconnections_connection.ooniapi: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.terraform_state_backend.data.aws_region.current: Reading...
module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading...
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.network.aws_subnet.main[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-direct/930ce65884ee161e]
module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-0a06ff444314a32ea]
module.network.aws_subnet.main[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-067fbf5952f79c6d0]
module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-0a9cdefae27025e5d]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-direct/d9d4c36932007629]
module.network.aws_route_table.r: Refreshing state... [id=rtb-0bbf2b9ab4843cb17]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0ba21672c9ad75937]
module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe]
module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6]
module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.network.aws_route_table_association.a[0]: Refreshing state... [id=rtbassoc-042ec84b0762fc826]
module.network.aws_route_table_association.a[1]: Refreshing state... [id=rtbassoc-06b1cb607df775424]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A]
module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668]
module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5]
module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A]
module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC]
module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC]
module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240310171855273500000002]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
  - destroy

Terraform planned the following actions, but then encountered a problem:

  # module.ooniapi_frontend.aws_acm_certificate.ooniapi will be destroyed
  # (because aws_acm_certificate.ooniapi is not in configuration)
  - resource "aws_acm_certificate" "ooniapi" {
      - arn                       = "arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2" -> null
      - domain_name               = "api.dev.ooni.io" -> null
      - domain_validation_options = [
          - {
              - domain_name           = "api.dev.ooni.io"
              - resource_record_name  = "_cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io."
              - resource_record_type  = "CNAME"
              - resource_record_value = "_6acf703f143779af1dd69f8ae24d75c0.mhbtsbpdnt.acm-validations.aws."
            },
        ] -> null
      - id                        = "arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2" -> null
      - key_algorithm             = "RSA_2048" -> null
      - not_after                 = "2025-04-08T23:59:59Z" -> null
      - not_before                = "2024-03-10T00:00:00Z" -> null
      - pending_renewal           = false -> null
      - renewal_eligibility       = "ELIGIBLE" -> null
      - renewal_summary           = [] -> null
      - status                    = "ISSUED" -> null
      - subject_alternative_names = [
          - "api.dev.ooni.io",
        ] -> null
      - tags                      = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                  = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - type                      = "AMAZON_ISSUED" -> null
      - validation_emails         = [] -> null
      - validation_method         = "DNS" -> null

      - options {
          - certificate_transparency_logging_preference = "ENABLED" -> null
        }
    }

  # module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi will be destroyed
  # (because aws_acm_certificate_validation.ooniapi is not in configuration)
  - resource "aws_acm_certificate_validation" "ooniapi" {
      - certificate_arn         = "arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2" -> null
      - id                      = "2024-03-10 17:19:18.261 +0000 UTC" -> null
      - validation_record_fqdns = [
          - "_cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io",
        ] -> null
    }

  # module.ooniapi_frontend.aws_alb.ooniapi will be destroyed
  # (because aws_alb.ooniapi is not in configuration)
  - resource "aws_alb" "ooniapi" {
      - arn                                         = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6" -> null
      - arn_suffix                                  = "app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6" -> null
      - desync_mitigation_mode                      = "defensive" -> null
      - dns_name                                    = "ooni-tier0-api-frontend-453676777.eu-central-1.elb.amazonaws.com" -> null
      - drop_invalid_header_fields                  = false -> null
      - enable_cross_zone_load_balancing            = true -> null
      - enable_deletion_protection                  = false -> null
      - enable_http2                                = true -> null
      - enable_tls_version_and_cipher_suite_headers = false -> null
      - enable_waf_fail_open                        = false -> null
      - enable_xff_client_port                      = false -> null
      - id                                          = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6" -> null
      - idle_timeout                                = 60 -> null
      - internal                                    = false -> null
      - ip_address_type                             = "ipv4" -> null
      - load_balancer_type                          = "application" -> null
      - name                                        = "ooni-tier0-api-frontend" -> null
      - preserve_host_header                        = false -> null
      - security_groups                             = [
          - "sg-067fbf5952f79c6d0",
        ] -> null
      - subnets                                     = [
          - "subnet-0b18966cccfc9d5ef",
          - "subnet-0e7a4478be988463f",
        ] -> null
      - tags                                        = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                                    = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - vpc_id                                      = "vpc-0e382f3ad89286de9" -> null
      - xff_header_processing_mode                  = "append" -> null
      - zone_id                                     = "Z215JYRZR1TBD5" -> null

      - access_logs {
          - enabled = false -> null
        }

      - connection_logs {
          - enabled = false -> null
        }

      - subnet_mapping {
          - subnet_id = "subnet-0b18966cccfc9d5ef" -> null
        }
      - subnet_mapping {
          - subnet_id = "subnet-0e7a4478be988463f" -> null
        }
    }

  # module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http will be destroyed
  # (because aws_alb_listener.ooniapi_listener_http is not in configuration)
  - resource "aws_alb_listener" "ooniapi_listener_http" {
      - arn               = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1" -> null
      - id                = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1" -> null
      - load_balancer_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6" -> null
      - port              = 80 -> null
      - protocol          = "HTTP" -> null
      - tags              = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all          = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null

      - default_action {
          - order = 1 -> null
          - type  = "redirect" -> null

          - redirect {
              - host        = "#{host}" -> null
              - path        = "/#{path}" -> null
              - port        = "443" -> null
              - protocol    = "HTTPS" -> null
              - query       = "#{query}" -> null
              - status_code = "HTTP_301" -> null
            }
        }
    }

  # module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https will be destroyed
  # (because aws_alb_listener.ooniapi_listener_https is not in configuration)
  - resource "aws_alb_listener" "ooniapi_listener_https" {
      - arn               = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd" -> null
      - certificate_arn   = "arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2" -> null
      - id                = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd" -> null
      - load_balancer_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6" -> null
      - port              = 443 -> null
      - protocol          = "HTTPS" -> null
      - ssl_policy        = "ELBSecurityPolicy-2016-08" -> null
      - tags              = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all          = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-api-frontend"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null

      - default_action {
          - order            = 1 -> null
          - target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f" -> null
          - type             = "forward" -> null
        }

      - mutual_authentication {
          - ignore_client_certificate_expiry = false -> null
          - mode                             = "off" -> null
        }
    }

  # module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule will be destroyed
  # (because aws_lb_listener_rule.ooniapi_ooniauth_rule is not in configuration)
  - resource "aws_lb_listener_rule" "ooniapi_ooniauth_rule" {
      - arn          = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc" -> null
      - id           = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc" -> null
      - listener_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd" -> null
      - priority     = 101 -> null
      - tags         = {} -> null
      - tags_all     = {} -> null

      - action {
          - order            = 1 -> null
          - target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3" -> null
          - type             = "forward" -> null
        }

      - condition {
          - path_pattern {
              - values = [
                  - "/api/_/account_metadata",
                  - "/api/v1/user_login",
                  - "/api/v1/user_refresh_token",
                  - "/api/v1/user_register",
                  - "/api/v2/ooniauth/*",
                ] -> null
            }
        }
    }

  # module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule will be destroyed
  # (because aws_lb_listener_rule.ooniapi_oonirun_rule is not in configuration)
  - resource "aws_lb_listener_rule" "ooniapi_oonirun_rule" {
      - arn          = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5" -> null
      - id           = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5" -> null
      - listener_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd" -> null
      - priority     = 100 -> null
      - tags         = {} -> null
      - tags_all     = {} -> null

      - action {
          - order            = 1 -> null
          - target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5" -> null
          - type             = "forward" -> null
        }

      - condition {
          - path_pattern {
              - values = [
                  - "/api/v2/oonirun/*",
                ] -> null
            }
        }
    }

  # module.ooniapi_frontend.aws_route53_record.ooniapi will be destroyed
  # (because aws_route53_record.ooniapi is not in configuration)
  - resource "aws_route53_record" "ooniapi" {
      - fqdn                             = "api.dev.ooni.io" -> null
      - id                               = "Z055356431RGCLK3JXZDL_api.dev.ooni.io_A" -> null
      - multivalue_answer_routing_policy = false -> null
      - name                             = "api.dev.ooni.io" -> null
      - records                          = [] -> null
      - ttl                              = 0 -> null
      - type                             = "A" -> null
      - zone_id                          = "Z055356431RGCLK3JXZDL" -> null

      - alias {
          - evaluate_target_health = true -> null
          - name                   = "ooni-tier0-api-frontend-453676777.eu-central-1.elb.amazonaws.com" -> null
          - zone_id                = "Z215JYRZR1TBD5" -> null
        }
    }

  # module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"] will be destroyed
  # (because aws_route53_record.ooniapi_cert_validation is not in configuration)
  - resource "aws_route53_record" "ooniapi_cert_validation" {
      - allow_overwrite                  = true -> null
      - fqdn                             = "_cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io" -> null
      - id                               = "Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME" -> null
      - multivalue_answer_routing_policy = false -> null
      - name                             = "_cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io" -> null
      - records                          = [
          - "_6acf703f143779af1dd69f8ae24d75c0.mhbtsbpdnt.acm-validations.aws.",
        ] -> null
      - ttl                              = 60 -> null
      - type                             = "CNAME" -> null
      - zone_id                          = "Z055356431RGCLK3JXZDL" -> null
    }

  # module.oonidevops_github_user.aws_iam_user.oonidevops_github will be updated in-place
  ~ resource "aws_iam_user" "oonidevops_github" {
        id            = "oonidevops-github"
        name          = "oonidevops-github"
      ~ tags          = {
          - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null
            "Environment"          = "dev"
            "Name"                 = "oonidevops-dev"
            "Repository"           = "https://github.com/ooni/devops"
        }
      ~ tags_all      = {
          - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null
            # (3 unchanged elements hidden)
        }
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 9 to destroy.
Pusher @DecFox
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Wed, 20 Mar 2024 18:11:12 GMT

@DecFox DecFox closed this Mar 20, 2024
@DecFox DecFox deleted the tf-workflow branch March 20, 2024 18:13
@DecFox DecFox mentioned this pull request Mar 20, 2024
Merged
DecFox added a commit that referenced this pull request Mar 20, 2024
@DecFox
fix: ansible and terraform workflows (#35)
e157c00 
Closes #34. This also fixes the ansible workflow with similar changes.
The fix was tried in #33.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DecFox