Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oonidevops-github): add ses read permissions #41

Merged
merged 3 commits into from
Apr 12, 2024
Merged

feat(oonidevops-github): add ses read permissions #41

merged 3 commits into from
Apr 12, 2024

Conversation

DecFox
Copy link
Contributor

@DecFox DecFox commented Apr 11, 2024

This fixes the missing permissions from the oonidevops_github user to run terraform plan in the gh workflow: https://github.com/ooni/devops/actions/runs/8646489668/job/23705925739?pr=40#step:8:209

@github-actions GitHub Actions
Copy link

Terraform Run Output 🤖

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output 

$ terraform validate
Success! The configuration is valid.

Plan 📖success

  • Plan: 0 to add, 1 to change, 0 to destroy.
Show Plan 

$ terraform plan
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
random_password.jwt_secret: Refreshing state... [id=none]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
module.oonith_oohelperd.data.aws_ecs_task_definition.oonith_service_current[0]: Reading...
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [[email protected]]
module.oonith_oohelperd.aws_acm_certificate.oonith_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/1028122f-cb4a-48ed-987b-a069fab2e2a9]
module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254]
module.oonith_oohelperd.aws_iam_role.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role]
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_ooniprobe.data.aws_ecs_task_definition.ooniapi_service_current[0]: Reading...
aws_s3_bucket.oonith_codepipeline_bucket: Refreshing state... [id=codepipeline-oonith-eu-central-1-f148ea7b]
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
module.oonith_oohelperd.data.aws_ecs_task_definition.oonith_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/oonith-service-oohelperd-td:15]
data.aws_availability_zones.available: Reading...
module.ooniapi_ooniprobe.data.aws_ecs_task_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniprobe-td:5]
module.ooniapi_ooniprobe.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:21]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=2785224313]
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt]
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:22]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniprobe]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
data.aws_availability_zones.available: Read complete after 0s [id=eu-central-1]
module.oonith_oohelperd_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-oonith-oohelperd]
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.oonith_oohelperd.aws_cloudwatch_log_group.oonith_service: Refreshing state... [id=ooni-ecs-group/oonith-service-oohelperd]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.ooniapi_ooniprobe.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/3c92c753-426b-41ca-97c2-8967c0fd704b]
module.oonith_cluster.aws_iam_role.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
module.oonith_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/oonith-ecs-cluster]
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
module.ooniapi_ooniprobe.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniprobe]
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Reading...
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIY7OIFEQBN]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.oonith_oohelperd.aws_iam_role_policy.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role:oonith-service-oohelperd-task-role]
module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
module.oonith_oohelperd.aws_route53_record.oonith_service_validation["oohelperd.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__bcaab73c83b6b1e544f8d6a172071b8b.oohelperd.th.dev.ooni.io._CNAME]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
module.ooniapi_ooniprobe.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role:ooniapi-service-ooniprobe-task-role]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniprobe]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.oonith_oohelperd_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-oonith-oohelperd]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.oonith_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=oonith-ecs-cluster]
module.oonith_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role:oonith-ecs-cluster-instance-role-policy]
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240313203054132800000001]
module.oonith_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/oonith-ecs-cluster]
module.ooniapi_ooniprobe.aws_route53_record.ooniapi_service_validation["ooniprobe.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__f976c78b8792bbc3f04508cf0574e363.ooniprobe.api.dev.ooni.io._CNAME]
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC]
module.oonith_oohelperd.aws_ecs_task_definition.oonith_service: Refreshing state... [id=oonith-service-oohelperd-td]
aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
module.terraform_state_backend.data.aws_region.current: Reading...
module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading...
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniprobe-eu-central-1]
module.oonith_oohelperd_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oohelperd-eu-central-1]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniprobe]
module.oonith_oohelperd_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-oonith-oohelperd]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.oonith_oohelperd_deployer.aws_codebuild_project.oonith: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/oonith-oohelperd]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.network.aws_subnet.main[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.network.aws_subnet.main[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-direct/930ce65884ee161e]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniprobe-mapped/080434bf9508b6dc]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3]
module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-0a9cdefae27025e5d]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-067fbf5952f79c6d0]
module.oonith_cluster.aws_security_group.web: Refreshing state... [id=sg-06138176945addb53]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniprobe-direct/0875162e1a850a12]
module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-0a06ff444314a32ea]
module.oonith_oohelperd.aws_alb_target_group.oonith_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-direct/95d803cb77bc1052]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-direct/d9d4c36932007629]
module.network.aws_route_table.r: Refreshing state... [id=rtb-0bbf2b9ab4843cb17]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0ba21672c9ad75937]
module.network.aws_route_table_association.a[0]: Refreshing state... [id=rtbassoc-042ec84b0762fc826]
module.oonith_cluster.aws_security_group.container_host: Refreshing state... [id=sg-021df55770ed1fb73]
module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe]
module.network.aws_route_table_association.a[1]: Refreshing state... [id=rtbassoc-06b1cb607df775424]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6]
module.ooniapi_ooniprobe.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniprobe/e1c3628a052086fd]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3]
module.oonith_oohelperd.aws_alb.oonith_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/oonith-service-oohelperd/998330cb5dcb034d]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.oonith_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0cc1023af38e0c608]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.oonith_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=oonith-ecs-cluster20240402135340671300000005]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A]
module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357]
module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A]
module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668]
module.ooniapi_ooniprobe.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniprobe.api.dev.ooni.io_A]
module.ooniapi_ooniprobe.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniprobe/e1c3628a052086fd/7869359b1011bd9c]
module.ooniapi_ooniprobe.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniprobe/e1c3628a052086fd/ae5c1586eda58113]
module.oonith_oohelperd.aws_alb_listener.oonith_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/998330cb5dcb034d/c15e502940e39e70]
module.oonith_oohelperd.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/998330cb5dcb034d/0f2a5c25858eb6f5]
module.oonith_oohelperd.aws_route53_record.oonith_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oohelperd.th.dev.ooni.io_A]
module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC]
module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240310171855273500000002]
module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC]
module.ooniapi_ooniprobe.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-04-08 12:35:09.968 +0000 UTC]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/2b09ed268181ba4f]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
module.oonith_oohelperd.aws_acm_certificate_validation.oonith_service: Refreshing state... [id=2024-04-02 20:52:22.493 +0000 UTC]
module.oonith_oohelperd.aws_ecs_service.oonith_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/oonith-ecs-cluster/oonith-service-oohelperd]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.oonith_oohelperd_deployer.aws_codepipeline.oonith: Refreshing state... [id=oonith-oohelperd]
module.ooniapi_ooniprobe.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniprobe-td]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_ooniprobe.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniprobe]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_ooniprobe_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform planned the following actions, but then encountered a problem:

  # module.oonidevops_github_user.aws_iam_policy.oonidevops_github will be updated in-place
  ~ resource "aws_iam_policy" "oonidevops_github" {
        id          = "arn:aws:iam::905418398257:policy/oonidevops-github-policy"
        name        = "oonidevops-github-policy"
      ~ policy      = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                            # (126 unchanged elements hidden)
                            "secretsmanager:GetSecretValue",
                          + "ses:ListConfigurationSets",
                          + "ses:ListCustomVerificationEmailTemplates",
                          + "ses:ListIdentities",
                          + "ses:ListIdentityPolicies",
                          + "ses:ListTemplates",
                          + "ses:DescribeActiveReceiptRuleSet",
                          + "ses:DescribeConfigurationSet",
                          + "ses:DescribeReceiptRule",
                          + "ses:DescribeReceiptRuleSet",
                          + "ses:GetAccountSendingEnabled",
                          + "ses:GetCustomVerificationEmailTemplate",
                          + "ses:GetIdentityDkimAttributes",
                          + "ses:GetIdentityMailFromDomainAttributes",
                          + "ses:GetIdentityNotificationAttributes",
                          + "ses:GetIdentityPolicies",
                          + "ses:GetIdentityVerificationAttributes",
                          + "ses:GetSendQuota",
                          + "ses:GetSendStatistics",
                          + "ses:GetTemplate",
                          + "ses:ListReceiptFilters",
                          + "ses:ListReceiptRuleSets",
                          + "ses:ListVerifiedEmailAddresses",
                            "states:Describe*",
                            # (22 unchanged elements hidden)
                        ]
                        # (2 unchanged attributes hidden)
                    },
                    {
                        Action   = [
                            "dynamodb:*",
                        ]
                        Effect   = "Allow"
                        Resource = "arn:aws:dynamodb:eu-central-1:905418398257:table/oonidevops-dev-terraform-state-lock"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags        = {}
        # (5 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
Pusher @DecFox
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Thu, 11 Apr 2024 13:34:25 GMT

@hellais
Copy link
Member

hellais commented Apr 12, 2024

This looks good, though I am disabling the CI runs for the prod environment since we don't have an account setup there yet that has the appropriate permissions and I think we should think about it more carefully before we run the CI against production.

@hellais hellais merged commit 320ec87 into main Apr 12, 2024
1 check passed
@hellais hellais deleted the github-user branch April 12, 2024 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DecFox @hellais