cloudposse / terraform-aws-config-storage

This module creates an S3 bucket suitable for storing AWS Config data
https://cloudposse.com/accelerate
Apache License 2.0
6 stars 9 forks source link

Update Terraform cloudposse/s3-log-storage/aws to v0.28.0 #23

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-log-storage/aws (source) module minor 0.26.0 -> 0.28.0

Release Notes

cloudposse/terraform-aws-s3-log-storage ### [`v0.28.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/0.28.0) [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.27.0...0.28.0) ### WARNING, DATA LOSS LIKELY if you do not follow upgrade instructions: - Upgrade instructions: [v0.27.0 to v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-\(POTENTIAL-DATA-LOSS\)) - Upgrade instructions: [versions prior to v0.27.0 to v0.27.0 ](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-\(POTENTIAL-DATA-LOSS\)) #### πŸš€ Enhancements
Support AWS v4 provider @​Nuru (#​71) #### what - Migrate to AWS v4 Terraform provider - Add features - Allow full S3 storage lifecycle configuration - Allow multiple bucket policy documents - Allow specifying the bucket name directly, rather than requiring it to be generated by `null-label` - Allow specifying S3 object ownership - Allow enabling S3 bucket keys for encryption - Deprecate variable by variable specification of a single storage lifecycle rule - Add extra safety measure `force_destroy_enabled` #### why - AWS v4 broke this module - Feature parity - Replaced with more power and more flexible input - Reduce the chance that automated upgrades will cause data loss #### references - Upgrade instructions: [v0.27.0 to v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)) - Upgrade instructions: [versions prior to v0.27.0 to v0.27.0 ](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS))
### [`v0.27.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/0.27.0) [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.26.0...0.27.0) ### Warning: Potential total data loss This release is a refactoring in preparation for supporting Terraform AWS Provider v4. One feature was removed, but otherwise there are no changes to inputs or behavior. However, the Terraform "addresses" of resources have changed, so you are need to run several `terraform state mv` commands. **Warning:** failure to run the required `terraform state mv` commands will cause Terraform to delete your existing S3 bucket and create a new one, **deleting all the data stored in the bucket in the process.** Details on how to safely upgrade are in this repository's Wiki [here](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-\(POTENTIAL-DATA-LOSS\)) #### Support for "MFA delete" removed In [#​54](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/54) a contributor added support for [MFA delete](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html) via the `versioning_mfa_delete_enabled`. In AWS provider version 3.x this argument was [documented](https://registry.terraform.io/providers/hashicorp/aws/3.74.3/docs/resources/s3\_bucket#mfa_delete) with the caveat > This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. With AWS provider version 4.0, this argument now does toggle the setting. Unfortunately, that adds the requirement then when it is enabled, you must supply a current MFA token every time you run `terraform apply`. That is not compatible with automation, and therefore we have no intention to support it and have removed the `versioning_mfa_delete_enabled` input. #### πŸš€ Enhancements
Refactor to use s3-bucket module, update in general @​Nuru (#​66) #### what - Refactor to use [terraform-aws-s3-bucket](https://togithub.com/cloudposse/terraform-aws-s3-bucket) - Remove support for `mfa_delete` - Pin AWS provider `< 4.0` and disable Renovate bot, closes #​64 - General updates #### why - Simplify maintenance and standardize on single S3 bucket module, in preparation for upgrade to Terraform AWS provider v4 - With Terraform AWS provider v4, having `mfa_delete` enabled requires entering an MFA token for every Terraform operation, which is incompatible with automation. Users requiring `mfa_delete` should either not use Terraform or create their own fork. - Current module does not work with AWS v4, but Renovate would try to update it anyway - Stay current with boilerplate and management tools #### notes This is the first of 2 upgrade releases to get this module to support Terraform AWS Provider v4. We are breaking it into 2 releases so that users have the option of upgrading step-by-step rather than all at once. Upgrade instructions are [here](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0).
Cleanups and safety checks for upgrade @​Nuru (#​70) #### what - Add warning to README and error when `force_destroy` is `true` - Maintain rule name for lifecycle rule - Disable Renovate bot #### why - If `force_destroy` is `true` then an automated, unattended process could cause the S3 bucket to be deleted and all data in it irretrievably lost - Remove an unwanted and unneeded source of changes created by upgrading - This version should not be updated, it is pinned for compability #### references Closes Renovate PRs: - Closes [#​67](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/67) (do not want) - Closes [#​68](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/68) (incorporated via `build-harness`) - Closes [#​69](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/69) (do not want)

Configuration

πŸ“… Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.

Nuru commented 2 years ago

The migration to s3-log-storage v0.28.0 has a high risk of data loss. Any module this is updating to this version needs, at a minimum:

You can view the s3-log-storage migration documents as an example, and please note you do not need to copy or rewrite them, you can just reference them in the module-specific migration documents.

Once the module has been updated to the current s3-bucket and s3-log-storage modules and fully supports AWS provider v4, we will need to make an internal decision about version number changes. We may want to release this as v1.0.0 or v2.0.0.

renovate[bot] commented 2 years ago

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (0.28.0). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.