search

gpo / gpo-platform-configs

Infrastructure as Code for the GPO
MIT License
0 stars 0 forks source link

feat: remove s3 policy from drupal #17

Closed IanEdington closed 2 months ago

IanEdington commented 2 months ago

This policy is not needed since drupal s3fs sets permissions on private files

IanEdington commented 2 months ago 
 ❯ tofu plan -out=plan
digitalocean_spaces_bucket_policy.example_policy: Refreshing state... [id=drupal]
digitalocean_spaces_bucket.drupal: Refreshing state... [id=drupal]
aws_dynamodb_table.terraform_state_locks: Refreshing state... [id=terraform-state-locks]
aws_s3_bucket.terraform_state: Refreshing state... [id=gpo-terraform-state]
module.default_github_labels_for_secure_gpo_ca.github_issue_labels.labels: Refreshing state... [id=secure.gpo.ca]
module.default_github_labels_for_readme.github_issue_labels.labels: Refreshing state... [id=readme]
github_actions_secret.SSH_USER: Refreshing state... [id=secure.gpo.ca:SSH_USER]
github_actions_secret.gpo_ca_SSH_HOST_STAGE: Refreshing state... [id=gpo.ca:SSH_HOST_STAGE]
github_actions_secret.gpo_ca_SSH_PUBLIC_KEY: Refreshing state... [id=gpo.ca:SSH_PUBLIC_KEY]
module.default_github_labels_for_gpo_ca.github_issue_labels.labels: Refreshing state... [id=gpo.ca]
github_actions_secret.gpo_ca_SSH_PRIVATE_KEY: Refreshing state... [id=gpo.ca:SSH_PRIVATE_KEY]
github_actions_secret.gpo_ca_SSH_HOST_PROD2: Refreshing state... [id=gpo.ca:SSH_HOST_PROD2]
github_actions_secret.SSH_HOST_STAGE: Refreshing state... [id=secure.gpo.ca:SSH_HOST_STAGE]
github_actions_secret.SSH_HOST_PROD: Refreshing state... [id=secure.gpo.ca:SSH_HOST_PROD]
github_actions_secret.gpo_ca_SSH_HOST_PROD1: Refreshing state... [id=gpo.ca:SSH_HOST_PROD1]
github_actions_secret.SSH_PRIVATE_KEY: Refreshing state... [id=secure.gpo.ca:SSH_PRIVATE_KEY]
github_actions_secret.SSH_PUBLIC_KEY: Refreshing state... [id=secure.gpo.ca:SSH_PUBLIC_KEY]
github_actions_secret.gpo_ca_SSH_USER: Refreshing state... [id=gpo.ca:SSH_USER]
module.default_github_labels_for_gpo_platform_configs.github_issue_labels.labels: Refreshing state... [id=gpo-platform-configs]
aws_s3_bucket_versioning.terraform_state_bucket_versioning: Refreshing state... [id=gpo-terraform-state]
aws_s3_bucket_server_side_encryption_configuration.terraform_state_crypto_conf: Refreshing state... [id=gpo-terraform-state]

OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

OpenTofu will perform the following actions:

  # digitalocean_spaces_bucket_policy.example_policy will be destroyed
  # (because digitalocean_spaces_bucket_policy.example_policy is not in configuration)
  - resource "digitalocean_spaces_bucket_policy" "example_policy" {
      - bucket = "drupal" -> null
      - id     = "drupal" -> null
      - policy = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "s3:GetObject"
                      - Effect    = "Deny"
                      - Principal = "*"
                      - Resource  = "arn:aws:s3:::drupal/private/*"
                      - Sid       = "PrivateAccess"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - region = "nyc3" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.
IanEdington commented 2 months ago 
 ❯ tofu apply "plan"
digitalocean_spaces_bucket_policy.example_policy: Destroying... [id=drupal]
digitalocean_spaces_bucket_policy.example_policy: Destruction complete after 0s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.