search

gpo / gpo-platform-configs

Infrastructure as Code for the GPO
MIT License
0 stars 0 forks source link

feat: add Digital Ocean s3 bucket for Drupal #16

Closed IanEdington closed 2 months ago

IanEdington commented 2 months ago 
 ❯ tofu init --upgrade

Initializing the backend...
Upgrading modules...
- default_github_labels_for_gpo_ca in default_github_labels_module
- default_github_labels_for_gpo_platform_configs in default_github_labels_module
- default_github_labels_for_readme in default_github_labels_module
- default_github_labels_for_secure_gpo_ca in default_github_labels_module

Initializing provider plugins...
- Finding digitalocean/digitalocean versions matching "~> 2.0"...
- Finding hashicorp/aws versions matching "~> 5.60"...
- Finding integrations/github versions matching "~> 6.0"...
- Installing digitalocean/digitalocean v2.40.0...
- Installed digitalocean/digitalocean v2.40.0 (signed, key ID F82037E524B9C0E8)
- Installing hashicorp/aws v5.65.0...
- Installed hashicorp/aws v5.65.0 (signed, key ID 0C0AF313E5FD9F80)
- Using previously-installed integrations/github v6.2.3

Providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://opentofu.org/docs/cli/plugins/signing/

OpenTofu has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

OpenTofu has been successfully initialized!
IanEdington commented 2 months ago 
 ❯ tofu plan -out=plan
aws_dynamodb_table.terraform_state_locks: Refreshing state... [id=terraform-state-locks]
aws_s3_bucket.terraform_state: Refreshing state... [id=gpo-terraform-state]
module.default_github_labels_for_readme.github_issue_labels.labels: Refreshing state... [id=readme]
github_actions_secret.gpo_ca_SSH_PUBLIC_KEY: Refreshing state... [id=gpo.ca:SSH_PUBLIC_KEY]
github_actions_secret.SSH_HOST_PROD: Refreshing state... [id=secure.gpo.ca:SSH_HOST_PROD]
github_actions_secret.gpo_ca_SSH_HOST_PROD2: Refreshing state... [id=gpo.ca:SSH_HOST_PROD2]
github_actions_secret.gpo_ca_SSH_HOST_STAGE: Refreshing state... [id=gpo.ca:SSH_HOST_STAGE]
github_actions_secret.SSH_HOST_STAGE: Refreshing state... [id=secure.gpo.ca:SSH_HOST_STAGE]
github_actions_secret.SSH_PRIVATE_KEY: Refreshing state... [id=secure.gpo.ca:SSH_PRIVATE_KEY]
github_actions_secret.SSH_USER: Refreshing state... [id=secure.gpo.ca:SSH_USER]
github_actions_secret.gpo_ca_SSH_HOST_PROD1: Refreshing state... [id=gpo.ca:SSH_HOST_PROD1]
github_actions_secret.SSH_PUBLIC_KEY: Refreshing state... [id=secure.gpo.ca:SSH_PUBLIC_KEY]
github_actions_secret.gpo_ca_SSH_USER: Refreshing state... [id=gpo.ca:SSH_USER]
github_actions_secret.gpo_ca_SSH_PRIVATE_KEY: Refreshing state... [id=gpo.ca:SSH_PRIVATE_KEY]
module.default_github_labels_for_gpo_ca.github_issue_labels.labels: Refreshing state... [id=gpo.ca]
module.default_github_labels_for_gpo_platform_configs.github_issue_labels.labels: Refreshing state... [id=gpo-platform-configs]
module.default_github_labels_for_secure_gpo_ca.github_issue_labels.labels: Refreshing state... [id=secure.gpo.ca]
aws_s3_bucket_versioning.terraform_state_bucket_versioning: Refreshing state... [id=gpo-terraform-state]
aws_s3_bucket_server_side_encryption_configuration.terraform_state_crypto_conf: Refreshing state... [id=gpo-terraform-state]

OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

OpenTofu will perform the following actions:

  # digitalocean_spaces_bucket.drupal will be created
  + resource "digitalocean_spaces_bucket" "drupal" {
      + acl                = "private"
      + bucket_domain_name = (known after apply)
      + endpoint           = (known after apply)
      + force_destroy      = false
      + id                 = (known after apply)
      + name               = "drupal"
      + region             = "nyc3"
      + urn                = (known after apply)
    }

  # digitalocean_spaces_bucket_policy.example_policy will be created
  + resource "digitalocean_spaces_bucket_policy" "example_policy" {
      + bucket = "drupal"
      + id     = (known after apply)
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "s3:GetObject"
                      + Effect    = "Deny"
                      + Principal = "*"
                      + Resource  = "arn:aws:s3:::drupal/private/*"
                      + Sid       = "PrivateAccess"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + region = "nyc3"
    }

Plan: 2 to add, 0 to change, 0 to destroy.
IanEdington commented 2 months ago 
 ❯ tofu apply "plan"
digitalocean_spaces_bucket.drupal: Creating...
digitalocean_spaces_bucket.drupal: Still creating... [10s elapsed]
digitalocean_spaces_bucket.drupal: Still creating... [20s elapsed]
digitalocean_spaces_bucket.drupal: Still creating... [30s elapsed]
digitalocean_spaces_bucket.drupal: Creation complete after 31s [id=drupal]
digitalocean_spaces_bucket_policy.example_policy: Creating...
digitalocean_spaces_bucket_policy.example_policy: Creation complete after 0s [id=drupal]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.