search

SeaGL / seagl-terraform

Terraform used to maintain SeaGL's VMs, RDS database, DNS, etc.
GNU Affero General Public License v3.0
1 stars 2 forks source link

Delete default Mailu SG rules #43

Closed strugee closed 6 months ago

strugee commented 6 months ago

This is theoretically a noop because these default rules are already managed by Terraform, but the OpenStack provider insists on a destroy/ recreate cycle in order to introduce it.

github-actions[bot] commented 6 months ago

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Plan 📖success

Terraform Validation 🤖success

Show Plan ``` terraform module.prod_db.random_password.osem_db_master_pass: Refreshing state... [id=none] openstack_networking_secgroup_v2.nc-office: Refreshing state... [id=4d84c1c5-484b-45a1-a23f-b32d367f41b4] module.mailu-vm.openstack_networking_secgroup_v2.main-sg: Refreshing state... [id=d422a797-f933-4a88-9daa-ad3bf51fd524] openstack_networking_secgroup_rule_v2.nc-office-ipv6-egress: Refreshing state... [id=cb85269b-39fc-4169-8fd2-ba7e360b16e5] openstack_networking_secgroup_rule_v2.nc-office-ipv4-egress: Refreshing state... [id=b4c16127-ae56-48c8-aa65-ca37c49c9c79] openstack_networking_secgroup_rule_v2.nc-office-tcp4-ingress["443"]: Refreshing state... [id=f9de80b9-a92e-4629-96a6-4a896cbf9f9e] openstack_networking_secgroup_rule_v2.nc-office-icmp4-ingress: Refreshing state... [id=2373bb0c-08d7-4d05-9101-8194e7a86b50] openstack_networking_secgroup_rule_v2.nc-office-tcp4-ingress["80"]: Refreshing state... [id=5b266c7d-c72b-4395-a8fe-43ed8df1aa6f] openstack_networking_secgroup_rule_v2.nc-office-tcp4-ingress["22"]: Refreshing state... [id=b88334fc-505c-4849-824c-11f03eb59e75] openstack_compute_instance_v2.nc-office: Refreshing state... [id=321fae7f-cbe4-4237-a44e-49c748d82dba] module.mailu-vm.openstack_networking_secgroup_rule_v2.ipv4-egress: Refreshing state... [id=880f7c96-02a4-41d9-aa0c-85236175a91b] module.mailu-vm.openstack_compute_instance_v2.instance: Refreshing state... [id=43089f30-2cc0-43e9-93c0-c2deab336560] module.mailu-vm.openstack_networking_secgroup_rule_v2.ipv6-egress: Refreshing state... [id=094e8ef1-4f00-4dc4-a7b0-9ad5bf09a8e0] module.mailu-vm.openstack_networking_secgroup_rule_v2.icmp4-ingress: Refreshing state... [id=f7332d33-9702-4b7b-af9f-e66deb8ce0af] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["995"]: Refreshing state... [id=db876dde-1e0b-47fa-8960-6c82e495acf3] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["587"]: Refreshing state... [id=3d0856f0-b464-4690-970a-2d6d87ca75b9] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["22"]: Refreshing state... [id=ee1d0145-522d-4bb2-8ba2-e4241c103678] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["465"]: Refreshing state... [id=39e2ac5c-2040-4c2b-9ad5-22c424b0abcb] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["110"]: Refreshing state... [id=0d3c863b-8f4e-4db8-96a2-0714951e3719] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["80"]: Refreshing state... [id=aff5f8e3-6d72-4378-b80c-46948b157d06] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["993"]: Refreshing state... [id=76d6ca04-3aad-466c-8b75-f75c063ca097] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["25"]: Refreshing state... [id=1c044046-80b4-4482-8345-92537c3220ac] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["143"]: Refreshing state... [id=b21d57e8-8f50-41d3-bb7f-42456c2e1d60] module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["443"]: Refreshing state... [id=bb495a69-4c90-431a-a634-7b5459315a65] module.prod_db.aws_db_subnet_group.osem: Refreshing state... [id=osem] aws_route53_record.email_dkim_hubspot_records["hs2-40081384"]: Refreshing state... [id=Z0173878287JIU5M4KB8R_hs2-40081384._domainkey.seagl.org_CNAME] aws_ses_email_identity.email: Refreshing state... [id=sre@seagl.org] aws_route53_record.email_dkim_hubspot_records["hs1-40081384"]: Refreshing state... [id=Z0173878287JIU5M4KB8R_hs1-40081384._domainkey.seagl.org_CNAME] aws_route53_record.mailu-test-dmarc: Refreshing state... [id=Z0173878287JIU5M4KB8R__dmarc.mail-test.seagl.org_TXT] aws_route53_record.mailu-test-autoconfig-cname: Refreshing state... [id=Z0173878287JIU5M4KB8R_autoconfig.mail-test.seagl.org_CNAME] aws_route53_record.route_53_root_txt: Refreshing state... [id=Z0173878287JIU5M4KB8R__TXT] aws_route53_record.route_53_cloud_txt: Refreshing state... [id=Z0173878287JIU5M4KB8R_cloud.seagl.org_TXT] aws_route53_record.route_53_dmarc_txt: Refreshing state... [id=Z0173878287JIU5M4KB8R__dmarc.seagl.org_TXT] data.aws_vpc.vpc: Reading... aws_route53_record.alias: Refreshing state... [id=Z0173878287JIU5M4KB8R_alias.seagl.org_CNAME] aws_route53_record.cloud-a: Refreshing state... [id=Z0173878287JIU5M4KB8R_cloud.seagl.org_A] aws_route53_record.mailu-test-autoconfig-srv["_submissions._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__submissions._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_pop3s._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__pop3s._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_submission._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__submission._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_autodiscover._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__autodiscover._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_imaps._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__imaps._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_imap._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__imap._tcp.mail-test.seagl.org_SRV] aws_route53_record.mailu-test-autoconfig-srv["_pop3._tcp"]: Refreshing state... [id=Z0173878287JIU5M4KB8R__pop3._tcp.mail-test.seagl.org_SRV] aws_route53_record.cloud-aaaa: Refreshing state... [id=Z0173878287JIU5M4KB8R_cloud.seagl.org_AAAA] aws_route53_record.mailu-test-dkim: Refreshing state... [id=Z0173878287JIU5M4KB8R_dkim._domainkey.mail-test.seagl.org_TXT] aws_instance.dokku: Refreshing state... [id=i-02ee81d4bd0860d30] module.prod_db.aws_secretsmanager_secret.osem-db-pass: Refreshing state... [id=arn:aws:secretsmanager:us-west-2:663166083306:secret:db-pass-osem-5KW1mS] aws_s3_bucket.state: Refreshing state... [id=seagl-terraform] aws_route53_record.mailu-test-mx: Refreshing state... [id=Z0173878287JIU5M4KB8R_mail-test.seagl.org_MX] aws_route53_record.mailu-test-spf: Refreshing state... [id=Z0173878287JIU5M4KB8R_mail-test.seagl.org_TXT] data.aws_vpc.vpc: Read complete after 1s [id=vpc-231ecb46] aws_ses_domain_identity.seagl: Refreshing state... [id=seagl.org] aws_route53_record.mailu-test-a: Refreshing state... [id=Z0173878287JIU5M4KB8R_mail.mail-test.seagl.org_A] aws_route53_record.pretalx: Refreshing state... [id=Z0173878287JIU5M4KB8R_pretalx.seagl.org_CNAME] aws_ses_domain_identity.email_domain_identity: Refreshing state... [id=seagl.org] aws_ses_domain_dkim.email_dkim: Refreshing state... [id=seagl.org] module.prod_db.aws_secretsmanager_secret_version.osem-db-pass-val: Refreshing state... [id=arn:aws:secretsmanager:us-west-2:663166083306:secret:db-pass-osem-5KW1mS|5E8ED816-E9AA-4E8E-A382-2EEE9FC74A66] module.prod_db.aws_security_group.osem_rds_security_group: Refreshing state... [id=sg-006c493d98f3c7f1a] aws_route53_record.email_dkim_records[1]: Refreshing state... [id=Z0173878287JIU5M4KB8R_zjerfwsrr5wpwp5p5klnsrrzp6ralpcp._domainkey.seagl.org_CNAME] aws_route53_record.email_dkim_records[0]: Refreshing state... [id=Z0173878287JIU5M4KB8R_nldzqxeyq5fyslu3tzvj4ltbwbexupuj._domainkey.seagl.org_CNAME] aws_route53_record.email_dkim_records[2]: Refreshing state... [id=Z0173878287JIU5M4KB8R_o7o3tsrrlwgkmmx3a7f5njkrvi75woso._domainkey.seagl.org_CNAME] module.prod_db.aws_security_group_rule.private_in: Refreshing state... [id=sgrule-3182957500] module.prod_db.aws_security_group_rule.private_out: Refreshing state... [id=sgrule-1612436969] module.prod_db.aws_db_instance.osem: Refreshing state... [id=osem] aws_s3_bucket_public_access_block.state: Refreshing state... [id=seagl-terraform] aws_s3_bucket_versioning.state: Refreshing state... [id=seagl-terraform] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # module.mailu-vm.openstack_networking_secgroup_rule_v2.icmp4-ingress must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "icmp4-ingress" { ~ id = "f7332d33-9702-4b7b-af9f-e66deb8ce0af" -> (known after apply) ~ port_range_max = 0 -> (known after apply) ~ port_range_min = 0 -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (4 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.ipv4-egress must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "ipv4-egress" { ~ id = "880f7c96-02a4-41d9-aa0c-85236175a91b" -> (known after apply) ~ port_range_max = 0 -> (known after apply) ~ port_range_min = 0 -> (known after apply) + protocol = (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) + remote_ip_prefix = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (2 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.ipv6-egress must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "ipv6-egress" { ~ id = "094e8ef1-4f00-4dc4-a7b0-9ad5bf09a8e0" -> (known after apply) ~ port_range_max = 0 -> (known after apply) ~ port_range_min = 0 -> (known after apply) + protocol = (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) + remote_ip_prefix = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (2 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["110"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "0d3c863b-8f4e-4db8-96a2-0714951e3719" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["143"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "b21d57e8-8f50-41d3-bb7f-42456c2e1d60" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["22"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "ee1d0145-522d-4bb2-8ba2-e4241c103678" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["25"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "1c044046-80b4-4482-8345-92537c3220ac" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["443"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "bb495a69-4c90-431a-a634-7b5459315a65" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["465"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "39e2ac5c-2040-4c2b-9ad5-22c424b0abcb" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["587"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "3d0856f0-b464-4690-970a-2d6d87ca75b9" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["80"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "aff5f8e3-6d72-4378-b80c-46948b157d06" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["993"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "76d6ca04-3aad-466c-8b75-f75c063ca097" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_rule_v2.tcp4-ingress["995"] must be replaced -/+ resource "openstack_networking_secgroup_rule_v2" "tcp4-ingress" { ~ id = "db876dde-1e0b-47fa-8960-6c82e495acf3" -> (known after apply) ~ region = "RegionOne" -> (known after apply) + remote_group_id = (known after apply) ~ security_group_id = "d422a797-f933-4a88-9daa-ad3bf51fd524" # forces replacement -> (known after apply) # forces replacement ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) # (6 unchanged attributes hidden) } # module.mailu-vm.openstack_networking_secgroup_v2.main-sg must be replaced -/+ resource "openstack_networking_secgroup_v2" "main-sg" { ~ all_tags = [] -> (known after apply) + delete_default_rules = true # forces replacement + description = (known after apply) ~ id = "d422a797-f933-4a88-9daa-ad3bf51fd524" -> (known after apply) name = "mailu" ~ region = "RegionOne" -> (known after apply) - tags = [] -> null ~ tenant_id = "03cbb624d5be494d95af475e74fcb47b" -> (known after apply) } Plan: 14 to add, 0 to change, 14 to destroy. Warning: Argument is deprecated with aws_s3_bucket.state, on s3.tf line 1, in resource "aws_s3_bucket" "state": 1: resource "aws_s3_bucket" "state" { Use the aws_s3_bucket_lifecycle_configuration resource instead (and 3 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @strugee, Action: pull_request