search

cds-snc / dns

DNS Configuration for domains managed by CDS
18 stars 15 forks source link

Github User - Add List Policies #404

Closed ben851 closed 1 month ago

ben851 commented 1 month ago

Summary | Résumé

TF Apply is failing due to missing permissions for the github user.

Test instructions | Instructions pour tester la modification

TF Apply works

github-actions[bot] commented 1 month ago

DNS

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 2 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|-------------------------------------------------| | update | `aws_iam_policy.Route53TerraformDeploy` | | | `aws_iam_policy.notify_prod_dns_manager_policy` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_iam_policy.Route53TerraformDeploy will be updated in-place ~ resource "aws_iam_policy" "Route53TerraformDeploy" { id = "arn:aws:iam::866996500832:policy/Route53TerraformDeploy" name = "Route53TerraformDeploy" ~ policy = jsonencode( ~ { ~ Statement = [ # (2 unchanged elements hidden) { Action = [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", ] Effect = "Allow" Resource = [ "arn:aws:s3:::cds-dns-terraform-state/*", ] }, ~ { ~ Action = [ # (7 unchanged elements hidden) "iam:UpdateAssumeRolePolicy", + "iam:ListPolicyVersions", ] # (2 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) } ) tags = {} # (7 unchanged attributes hidden) } # aws_iam_policy.notify_prod_dns_manager_policy will be updated in-place ~ resource "aws_iam_policy" "notify_prod_dns_manager_policy" { id = "arn:aws:iam::866996500832:policy/notify_prod_dns_manager_policy" name = "notify_prod_dns_manager_policy" ~ policy = jsonencode( ~ { ~ Statement = [ ~ { ~ Action = [ # (2 unchanged elements hidden) "route53:GetChange", + "route53:ListTagsForResource", ] # (2 unchanged attributes hidden) }, { Action = [ "route53:GetHostedZone", "route53:ListHostedZones", "route53:GetHostedZoneCount", "route53:ListHostedZonesByName", ] Effect = "Allow" Resource = "*" }, ] # (1 unchanged attribute hidden) } ) tags = {} # (7 unchanged attributes hidden) } Plan: 0 to add, 2 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.Route53TerraformDeploy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.notify_prod_dns_manager_policy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_prod_dns_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.dns-github-deployer"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.alpha-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.cds-snc-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.platform-canada-ca-public"] 27 tests, 19 passed, 8 warnings, 0 failures, 0 exceptions ```