chore: GCForms release v3.23.1

[sre-read-write[bot]]

:robot: I have created a release beep boop

3.23.1 (2024-09-23)

Bug Fixes

• set default OIDC token expiry times (#834) (ffd6e97)
• test if Notify Slack log message JSON is valid (#838) (2878a0d)
• upgrade ecs module to stop task revision flip-flop (#842) (d2b9882)

Miscellaneous Chores

• deps: update actions/create-github-app-token action to v1.11.0 (#843) (df37373)
• downgrade to Zitadel v2.61.1 (#833) (678ebca)
• reduce Zitadel token timeout to 30 mins (#837) (89b31c5)
• remove IdP and API feature flags (#841) (5003a42)
• suppress context canceled IdP errors (#836) (b5fd220)
• synced file(s) with cds-snc/site-reliability-engineering (#825) (d47d9cf)
• synced file(s) with cds-snc/site-reliability-engineering (#835) (8210659)
• upgrade to Zitadel v2.62.0 (#832) (099a5b2)

---

This PR was generated with Release Please. See documentation.

[github-actions[bot]]

Production: app

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|---------------------------------------| | add | `aws_ecs_task_definition.form_viewer` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_ecs_task_definition.form_viewer will be created + resource "aws_ecs_task_definition" "form_viewer" { + arn = (known after apply) + arn_without_revision = (known after apply) + container_definitions = jsonencode( [ + { + Command = null + Cpu = 0 + CredentialSpecs = null + DependsOn = null + DisableNetworking = null + DnsSearchDomains = null + DnsServers = null + DockerLabels = null + DockerSecurityOptions = null + EntryPoint = null + Environment = [ + { + Name = "AUDIT_LOG_QUEUE_URL" + Value = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue" }, + { + Name = "COGNITO_CLIENT_ID" + Value = "5rkjd3us3ocssieiitdbtjitiv" }, + { + Name = "COGNITO_ENDPOINT_URL" + Value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33" }, + { + Name = "EMAIL_ADDRESS_CONTACT_US" + Value = "assistance+forms-formulaires@cds-snc.ca" }, + { + Name = "EMAIL_ADDRESS_SUPPORT" + Value = "assistance+forms-formulaires@cds-snc.ca" }, + { + Name = "HOST_URL" + Value = "https://forms-formulaires.alpha.canada.ca" }, + { + Name = "METRIC_PROVIDER" + Value = "stdout" }, + { + Name = "NEXTAUTH_URL" + Value = "https://forms-formulaires.alpha.canada.ca" }, + { + Name = "RECAPTCHA_V3_SITE_KEY" + Value = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ" }, + { + Name = "REDIS_URL" + Value = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com" }, + { + Name = "RELIABILITY_FILE_STORAGE" + Value = "forms-production-reliability-file-storage" }, + { + Name = "REPROCESS_SUBMISSION_QUEUE_URL" + Value = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo" }, + { + Name = "TEMPLATE_ID" + Value = "92096ac6-1cc5-40ae-9052-fffdb8439a90" }, + { + Name = "TEMPORARY_TOKEN_TEMPLATE_ID" + Value = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422" }, + { + Name = "TRACER_PROVIDER" + Value = "stdout" }, + { + Name = "VAULT_FILE_STORAGE" + Value = "forms-production-vault-file-storage" }, + { + Name = "ZITADEL_PROVIDER" + Value = "https://auth.forms-formulaires.alpha.canada.ca" }, ] + EnvironmentFiles = null + Essential = true + ExtraHosts = null + FirelensConfiguration = null + HealthCheck = null + Hostname = null + Image = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production" + Interactive = null + Links = null + LinuxParameters = { + Capabilities = { + Add = [] + Drop = [ + "ALL", ] } + Devices = null + InitProcessEnabled = null + MaxSwap = null + SharedMemorySize = null + Swappiness = null + Tmpfs = null } + LogConfiguration = { + LogDriver = "awslogs" + Options = { + awslogs-group = "Forms" + awslogs-region = "ca-central-1" + awslogs-stream-prefix = "ecs-form-viewer" } + SecretOptions = null } + Memory = null + MemoryReservation = null + MountPoints = [] + Name = "form_viewer" + PortMappings = [ + { + AppProtocol = "" + ContainerPort = 3000 + ContainerPortRange = null + HostPort = 3000 + Name = null + Protocol = "tcp" }, ] + Privileged = null + PseudoTerminal = null + ReadonlyRootFilesystem = null + RepositoryCredentials = null + ResourceRequirements = null + Secrets = [ + { + Name = "DATABASE_URL" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE" }, + { + Name = "FRESHDESK_API_KEY" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:freshdesk_api_key-2Q118n" }, + { + Name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_callback_bearer_token-sWF9yQ" }, + { + Name = "NOTIFY_API_KEY" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr" }, + { + Name = "RECAPTCHA_V3_SECRET_KEY" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN" }, + { + Name = "SENTRY_API_KEY" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:sentry_api_key-zulAvy" }, + { + Name = "TOKEN_SECRET" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou" }, + { + Name = "ZITADEL_ADMINISTRATION_KEY" + ValueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:zitadel_administration_key-7rE09g" }, ] + StartTimeout = null + StopTimeout = null + SystemControls = [] + Ulimits = null + User = null + VolumesFrom = [] + WorkingDirectory = null }, ] ) + cpu = "2048" + execution_role_arn = "arn:aws:iam::957818836222:role/form-viewer" + family = "form-viewer" + id = (known after apply) + memory = "4096" + network_mode = "awsvpc" + requires_compatibilities = [ + "FARGATE", ] + revision = (known after apply) + skip_destroy = false + tags_all = { + "CostCentre" = "forms-platform-production" + "Terraform" = "true" } + task_role_arn = "arn:aws:iam::957818836222:role/form-viewer" + track_latest = false } Plan: 1 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"] WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"] WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"] 34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions ```

[github-actions[bot]]

Production: alarms

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|--------------------------------------------------------------| | update | `aws_cloudwatch_log_subscription_filter.idp_error_detection` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_cloudwatch_log_subscription_filter.api_error_detection[0] has moved to aws_cloudwatch_log_subscription_filter.api_error_detection resource "aws_cloudwatch_log_subscription_filter" "api_error_detection" { id = "cwlsf-973426895" name = "error_detection_in_api_logs" # (5 unchanged attributes hidden) } # aws_cloudwatch_log_subscription_filter.idp_error_detection will be updated in-place # (moved from aws_cloudwatch_log_subscription_filter.idp_error_detection[0]) ~ resource "aws_cloudwatch_log_subscription_filter" "idp_error_detection" { ~ filter_pattern = "level=error" -> "[(w1=\"*level=error*\") && w1!=\"*context canceled*\"]" id = "cwlsf-2763607751" name = "error_detection_in_idp_logs" # (4 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.api_cpu_utilization_high_warn[0] has moved to aws_cloudwatch_metric_alarm.api_cpu_utilization_high_warn resource "aws_cloudwatch_metric_alarm" "api_cpu_utilization_high_warn" { id = "API-CpuUtilizationWarn" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.api_lb_healthy_host_count[0] has moved to aws_cloudwatch_metric_alarm.api_lb_healthy_host_count resource "aws_cloudwatch_metric_alarm" "api_lb_healthy_host_count" { id = "API-HealthyHostCount" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.api_lb_unhealthy_host_count[0] has moved to aws_cloudwatch_metric_alarm.api_lb_unhealthy_host_count resource "aws_cloudwatch_metric_alarm" "api_lb_unhealthy_host_count" { id = "API-UnhealthyHostCount" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.api_memory_utilization_high_warn[0] has moved to aws_cloudwatch_metric_alarm.api_memory_utilization_high_warn resource "aws_cloudwatch_metric_alarm" "api_memory_utilization_high_warn" { id = "API-MemoryUtilizationWarn" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.api_response_time_warn[0] has moved to aws_cloudwatch_metric_alarm.api_response_time_warn resource "aws_cloudwatch_metric_alarm" "api_response_time_warn" { id = "API-ResponseTimeWarn" tags = {} # (22 unchanged attributes hidden) # (1 unchanged block hidden) } # aws_cloudwatch_metric_alarm.idp_bounce_rate_high[0] has moved to aws_cloudwatch_metric_alarm.idp_bounce_rate_high resource "aws_cloudwatch_metric_alarm" "idp_bounce_rate_high" { id = "IdP-SESBounceRate" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idp_complaint_rate_high[0] has moved to aws_cloudwatch_metric_alarm.idp_complaint_rate_high resource "aws_cloudwatch_metric_alarm" "idp_complaint_rate_high" { id = "IdP-SESComplaintRate" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idp_cpu_utilization_high_warn[0] has moved to aws_cloudwatch_metric_alarm.idp_cpu_utilization_high_warn resource "aws_cloudwatch_metric_alarm" "idp_cpu_utilization_high_warn" { id = "IdP-CpuUtilizationWarn" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idp_memory_utilization_high_warn[0] has moved to aws_cloudwatch_metric_alarm.idp_memory_utilization_high_warn resource "aws_cloudwatch_metric_alarm" "idp_memory_utilization_high_warn" { id = "IdP-MemoryUtilizationWarn" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idp_rds_cpu_utilization[0] has moved to aws_cloudwatch_metric_alarm.idp_rds_cpu_utilization resource "aws_cloudwatch_metric_alarm" "idp_rds_cpu_utilization" { id = "IdP-RDSCpuUtilization" tags = {} # (22 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idp_response_time_warn[0] has moved to aws_cloudwatch_metric_alarm.idp_response_time_warn resource "aws_cloudwatch_metric_alarm" "idp_response_time_warn" { id = "IdP-ResponseTimeWarn" tags = {} # (22 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.athena_bucket.aws_s3_bucket.this, on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 3 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_athena_data_catalog.dynamodb"] WARN - plan.json - main - Missing Common Tags: ["aws_athena_data_catalog.rds_data_catalog"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_healthy_hosts"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup1"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup2"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_audit_log_dead_letter_queue_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_cpu_utilization_high_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_lb_healthy_host_count"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_lb_unhealthy_host_count"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_memory_utilization_high_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_response_time_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"] WARN - plan.json - main - Missing Common Tags:... ```

[sre-read-write[bot]]

:robot: Created releases:

• v3.23.1 :sunflower: