search

cds-snc / dns

DNS Configuration for domains managed by CDS
18 stars 15 forks source link

update hostedzone comment #407

Closed ben851 closed 1 month ago

ben851 commented 1 month ago

Summary | Résumé

TF Apply requires UpdateHostedZoneComment for route53 on notification.canada.ca

Test instructions | Instructions pour tester la modification

TF Apply works Re-Run failing Prod release in notify https://github.com/cds-snc/notification-terraform/actions/runs/10060196367/job/27807306065

github-actions[bot] commented 1 month ago

DNS

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 3 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|--------------------------------------------------| | update | `aws_iam_policy.notify_prod_dns_manager_policy` | | | `aws_iam_role.notify_prod_dns_manager` | | | `aws_route53_zone.notification-canada-ca-public` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_iam_policy.notify_prod_dns_manager_policy will be updated in-place ~ resource "aws_iam_policy" "notify_prod_dns_manager_policy" { id = "arn:aws:iam::866996500832:policy/notify_prod_dns_manager_policy" name = "notify_prod_dns_manager_policy" ~ policy = jsonencode( ~ { ~ Statement = [ ~ { ~ Action = [ # (4 unchanged elements hidden) "route53:UpdateHostedZoneComment", + "route53:route53:GetChange", ] # (2 unchanged attributes hidden) }, { Action = [ "route53:GetHostedZone", "route53:ListHostedZones", "route53:GetHostedZoneCount", "route53:ListHostedZonesByName", ] Effect = "Allow" Resource = "*" }, ] # (1 unchanged attribute hidden) } ) tags = {} # (7 unchanged attributes hidden) } # aws_iam_role.notify_prod_dns_manager will be updated in-place ~ resource "aws_iam_role" "notify_prod_dns_manager" { ~ assume_role_policy = (sensitive value) id = "notify_prod_dns_manager" name = "notify_prod_dns_manager" tags = {} # (11 unchanged attributes hidden) } # aws_route53_zone.notification-canada-ca-public will be updated in-place ~ resource "aws_route53_zone" "notification-canada-ca-public" { - comment = "Managed by Terraform" -> null id = "Z1XG153PQF3VV5" name = "notification.canada.ca" tags = { "Project" = "dns" } # (7 unchanged attributes hidden) } Plan: 0 to add, 3 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.Route53TerraformDeploy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.notify_prod_dns_manager_policy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_prod_dns_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.dns-github-deployer"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.alpha-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.cds-snc-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.platform-canada-ca-public"] 27 tests, 19 passed, 8 warnings, 0 failures, 0 exceptions ```
ben851 commented 1 month ago

Closing in favour of different PR