From 2d7c0630613a9f6598539731f0c7a761faca4fa0 Mon Sep 17 00:00:00 2001
From: aliziel <21992503+aliziel@users.noreply.github.com>
Date: Sat, 19 Oct 2024 15:43:03 -0700
Subject: [PATCH 1/5] export `.env` Make variable for use in zip_lambda script,
 not accessible in subshell

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 90d537e..05df121 100644
--- a/Makefile
+++ b/Makefile
@@ -190,4 +190,5 @@ validate-%: docker
 
 ## Zip any lambda functions to prepare for deployment
 zip_lambdas:
+	export DOTENV=$(DOTENV) && \
 	sh app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/zip_lambda.sh

From cee8ae162e615ef7affd59781bcf53e0e702b0c6 Mon Sep 17 00:00:00 2001
From: aliziel <21992503+aliziel@users.noreply.github.com>
Date: Sat, 19 Oct 2024 15:44:50 -0700
Subject: [PATCH 2/5] close double quote to address unexpected EOF error

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 05df121..ac07b3b 100644
--- a/Makefile
+++ b/Makefile
@@ -155,7 +155,7 @@ plan-%: install
 ## pre-deploy-setup: Setup resources prior to initial deployment (idempotent)
 pre-deploy-setup: all-init
 	# Ensure buckets exist, grab the name of the "internal" bucket, and copy launchpad.pfx there.
-	$(DOCKER_RUN) --interactive $(IMAGE) -ic "bin/ensure-buckets-exist.sh 2>/dev/null
+	$(DOCKER_RUN) --interactive $(IMAGE) -ic "bin/ensure-buckets-exist.sh 2>/dev/null"
 
 ## terraform-doctor-STACK: Fixes "duplicate resource" errors for specified STACK
 terraform-doctor-%: docker

From 030d10fb9bef3d7538ccc6fa5f3327083905f4a7 Mon Sep 17 00:00:00 2001
From: aliziel <21992503+aliziel@users.noreply.github.com>
Date: Sun, 27 Oct 2024 18:32:44 -0700
Subject: [PATCH 3/5] remove double quotes yielded by TF console to address
 invalid bucket regex throw

---
 bin/create-test-data.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/create-test-data.sh b/bin/create-test-data.sh
index 3221e86..73dd2af 100755
--- a/bin/create-test-data.sh
+++ b/bin/create-test-data.sh
@@ -10,7 +10,8 @@ echo -n "Determining provider bucket..."
 provider_bucket="$(
   echo 'var.buckets["provider"]["name"]' |
     terraspace console cumulus 2>/dev/null |
-    grep "${CUMULUS_PREFIX}"
+    grep "${CUMULUS_PREFIX}" |
+    sed -E 's/"(.+)"/\1/'
 )"
 echo "${provider_bucket}"
 

From 853f2161f524269937bd9c9e8adcab5bfe8587d7 Mon Sep 17 00:00:00 2001
From: aliziel <21992503+aliziel@users.noreply.github.com>
Date: Mon, 28 Oct 2024 18:36:50 -0700
Subject: [PATCH 4/5] appease terraspace

---
 app/stacks/post-deploy-mods/main.tf | 44 ++++++++++++++---------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/app/stacks/post-deploy-mods/main.tf b/app/stacks/post-deploy-mods/main.tf
index 205bf50..2da3b14 100644
--- a/app/stacks/post-deploy-mods/main.tf
+++ b/app/stacks/post-deploy-mods/main.tf
@@ -7,7 +7,7 @@ resource "aws_lambda_function" "pre_filter_DistApiEndpoints" {
   filename      = "${path.module}/resources/lambdas/pre-filter-DistributionApiEndpoints/distro/lambda.zip"
   role          = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.arn
   handler       = "lambda_function.lambda_handler" #"index.preFilterDistApiEndpoints"
-  runtime       = "python3.10" #local.lambda_runtime
+  runtime       = "python3.10"                     #local.lambda_runtime
   timeout       = 300
   memory_size   = 3008
 
@@ -15,14 +15,14 @@ resource "aws_lambda_function" "pre_filter_DistApiEndpoints" {
 
   lifecycle {
     create_before_destroy = true
-    prevent_destroy = true
+    prevent_destroy       = true
   }
 }
 
 # Define the Execution Role and Policy
 resource "aws_iam_role" "lambda_exec_pre_filter_DistApiEndpoints" {
   #name = "lambda_exec_role_pre_filter_DistributionApiEndpoints"
-  name = "${var.prefix}-lamb_exe_role_pf_DistApiEndpoints"  # Must be 64 chars or less
+  name = "${var.prefix}-lamb_exe_role_pf_DistApiEndpoints" # Must be 64 chars or less
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
@@ -30,7 +30,7 @@ resource "aws_iam_role" "lambda_exec_pre_filter_DistApiEndpoints" {
       {
         Action = "sts:AssumeRole"
         Effect = "Allow"
-        Sid = ""
+        Sid    = ""
         Principal = {
           Service = "lambda.amazonaws.com"
         }
@@ -45,7 +45,7 @@ resource "aws_iam_role" "lambda_exec_pre_filter_DistApiEndpoints" {
 
 # Define an attachment to the aws_iam_role above
 resource "aws_iam_role_policy_attachment" "lambda_exec_policy" {
-  role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
+  role       = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
@@ -54,7 +54,7 @@ resource "aws_iam_policy" "lambda_invoke_policy" {
   #name        = "lambda_invoke_policy"
   name        = "${var.prefix}-lambda_pf_invoke_policy"
   description = "Policy to allow Lambda functions to invoke other Lambda functions"
-  policy      = jsonencode({
+  policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
       {
@@ -70,14 +70,14 @@ resource "aws_iam_policy" "lambda_invoke_policy" {
 
 # Attach the Policy, which allows a Lambda to be Invoked, to the Lambda Role
 resource "aws_iam_role_policy_attachment" "lambda_invoke_policy_attachment" {
-  role        = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
-  policy_arn  = aws_iam_policy.lambda_invoke_policy.arn
+  role       = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
+  policy_arn = aws_iam_policy.lambda_invoke_policy.arn
 }
 
 # Attach an AWS managed Policy for DynamoDB Read Only access
 resource "aws_iam_role_policy_attachment" "dynamodb_readonly_policy" {
-  role        = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
-  policy_arn  = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
+  role       = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
 }
 
 # Fetch existing API Gateway
@@ -88,7 +88,7 @@ data "aws_api_gateway_rest_api" "distribution_api" {
 # Fetch the proxy resource (API Gateway "/{proxy+}" prop)
 data "aws_api_gateway_resource" "proxy_resource" {
   rest_api_id = data.aws_api_gateway_rest_api.distribution_api.id
-  path = "/{proxy+}"
+  path        = "/{proxy+}"
 }
 
 # No need to update the root resource
@@ -116,21 +116,21 @@ data "aws_api_gateway_resource" "proxy_resource" {
 
 # Update the integration for the root resource with GET method
 resource "aws_api_gateway_integration" "proxy_lambda_integration" {
-  rest_api_id = data.aws_api_gateway_rest_api.distribution_api.id
-  resource_id = data.aws_api_gateway_resource.proxy_resource.id
-  http_method = "ANY"
+  rest_api_id             = data.aws_api_gateway_rest_api.distribution_api.id
+  resource_id             = data.aws_api_gateway_resource.proxy_resource.id
+  http_method             = "ANY"
   integration_http_method = "POST" #"GET"
-  type = "AWS_PROXY"
-  uri = aws_lambda_function.pre_filter_DistApiEndpoints.invoke_arn
+  type                    = "AWS_PROXY"
+  uri                     = aws_lambda_function.pre_filter_DistApiEndpoints.invoke_arn
 }
 
 # Ensure the Lambda function as the necessary permissions to be invoked by API Gateway
 resource "aws_lambda_permission" "api_gateway" {
-  statement_id = "AllowAPIGatewayInvoke"
-  action = "lambda:InvokeFunction"
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.pre_filter_DistApiEndpoints.function_name
-  principal = "apigateway.amazonaws.com"
-  source_arn = "${data.aws_api_gateway_rest_api.distribution_api.execution_arn}/*/*"
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${data.aws_api_gateway_rest_api.distribution_api.execution_arn}/*/*"
 }
 
 # Ensure the API Gateway redeploys after the update
@@ -138,11 +138,11 @@ resource "aws_api_gateway_deployment" "api_deployment" {
   depends_on = [aws_api_gateway_integration.proxy_lambda_integration]
 
   rest_api_id = data.aws_api_gateway_rest_api.distribution_api.id
-  stage_name = "dev"  # The existing cumulus deployment for this API Gateway Stage is always called dev (in all environments)
+  stage_name  = "dev" # The existing cumulus deployment for this API Gateway Stage is always called dev (in all environments)
 
   triggers = {
     redeployment = sha1(jsonencode({
-      lambda_version = aws_lambda_function.pre_filter_DistApiEndpoints.source_code_hash
+      lambda_version  = aws_lambda_function.pre_filter_DistApiEndpoints.source_code_hash
       integration_uri = aws_api_gateway_integration.proxy_lambda_integration.uri
     }))
   }

From 0e68594ff9d8bc260611f30e7d37daa1d66936d0 Mon Sep 17 00:00:00 2001
From: aliziel <21992503+aliziel@users.noreply.github.com>
Date: Tue, 29 Oct 2024 11:33:06 -0700
Subject: [PATCH 5/5] Update Makefile

Co-authored-by: Chuck Daniels <chuck@developmentseed.org>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index ac07b3b..e894d9c 100644
--- a/Makefile
+++ b/Makefile
@@ -190,5 +190,5 @@ validate-%: docker
 
 ## Zip any lambda functions to prepare for deployment
 zip_lambdas:
-	export DOTENV=$(DOTENV) && \
+	DOTENV=$(DOTENV) \
 	sh app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/zip_lambda.sh