#pr-reviews (2024-07)

Pull Request Reviews for Cloud Posse Projects

2024-07-01

2024-07-02

Joe Niland avatar
Joe Niland
#140 Bump upstream module version and min TF and AWS provider versions

what

• Bump version of cloudposse/repository-webhooks/github to latest • Require Terraform 1.3 and AWS provider v5

why

• Min version requirements should match Codebuild module, which this one depends on

references

• Will resolve one of the issues in #115

1

2024-07-03

2024-07-17

Lennart Goedhart avatar
Lennart Goedhart
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Gabriela Campana (Cloud Posse)

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)
Lennart Goedhart avatar
Lennart Goedhart

Yep, I’m looking into the comments (and seeing if there’s a way I can run the pipeline tests locally to catch everything before I submit )

Lennart Goedhart avatar
Lennart Goedhart
#115 fix: improve description trunctation

what

Fix the description truncation mechanism to handle sentences such as “Terraform module that provision an S3 bucket to store the terraform.tfstate file”; or “Made in the U.S.A.”

why

Some CI jobs were failing that had something.other in the description due to a shell script error caused by a non-closing backtick.
See this CI job as an example.

references

https://github.com/cloudposse/terraform-aws-tfstate-backend/actions/runs/9797916695/job/27055456433

notes

The formatting was also modified by my IDE YAML formatter. Let me know if you’d prefer that I roll-back the formatting update.

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)

@Igor Rodionov

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Lennart Goedhart, we ended up opening up a separate PR

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I left a comment with details

1
Lennart Goedhart avatar
Lennart Goedhart

No worries. Thanks!

2024-07-19

2024-07-20

2024-07-23

galais.jerome avatar
galais.jerome

Hello,

I created a PR since 5 December 2023 for Cloudfront module (terraform-aws-cloudfront-cdn) to unlock OAC feature. Since this date I have forked this module to use OAC on my projects.

Please can you validate my PR to add that on the official module ?

PR: https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/112

Thank you

@Gabriela Campana (Cloud Posse)

#112 Add origin_access_control_id feature

what

• add origin_access_control_id optional variable to define origin_access_control on Cloudfront • add origin_access_control_id argument on cloudfront_distribution resource • Update the Readme with new vars

why

I done that because before you can’t use Origin access control with this module.

1
1
Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)

@Jeremy G (Cloud Posse)

#112 Add origin_access_control_id feature

what

• add origin_access_control_id optional variable to define origin_access_control on Cloudfront • add origin_access_control_id argument on cloudfront_distribution resource • Update the Readme with new vars

why

I done that because before you can’t use Origin access control with this module.

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)

Hi @galais.jerome Thanks for bringing this up. I’ve just asked our engineers to review it. Will keep you posted

1
Igor Rodionov avatar
Igor Rodionov

@galais.jerome I just ran tests on your PR and they falied with the error

TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: ╷
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │ Error: Reference to undeclared resource
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │ 
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │ 
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: │ A managed resource "origin" "value" has not been declared in module.cdn.
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: ╵
TestExamplesComplete 2024-07-24T13:39:23Z retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
│ Error: Reference to undeclared resource
│ 
│   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
│   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
│ 
│ A managed resource "origin" "value" has not been declared in module.cdn.
╵}
    apply.go:15: 
        	Error Trace:	apply.go:15
        	            				examples_complete_test.go:46
        	Error:      	Received unexpected error:
        	            	FatalError{Underlying: error while running command: exit status 1; ╷
        	            	│ Error: Reference to undeclared resource
        	            	│ 
        	            	│   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
        	            	│   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
        	            	│ 
        	            	│ A managed resource "origin" "value" has not been declared in module.cdn.
        	            	╵}
        	Test:       	TestExamplesComplete
TestExamplesComplete 2024-07-24T13:39:23Z retry.go:91: terraform [destroy -auto-approve -input=false -var attributes=["erpluf"] -var-file fixtures.us-east-2.tfvars -lock=false]
TestExamplesComplete 2024-07-24T13:39:23Z logger.go:66: Running command terraform with args [destroy -auto-approve -input=false -var attributes=["erpluf"] -var-file fixtures.us-east-2.tfvars -lock=false]
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: ╷
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │ Error: Reference to undeclared resource
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │ 
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │ 
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: │ A managed resource "origin" "value" has not been declared in module.cdn.
TestExamplesComplete 2024-07-24T13:39:25Z logger.go:66: ╵
TestExamplesComplete 2024-07-24T13:39:25Z retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
│ Error: Reference to undeclared resource
│ 
│   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
│   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
│ 
│ A managed resource "origin" "value" has not been declared in module.cdn.
╵}
    destroy.go:11: 
        	Error Trace:	destroy.go:11
        	            				examples_complete_test.go:15
        	            				panic.go:523
        	            				testing.go:999
        	            				apply.go:15
        	            				examples_complete_test.go:46
        	Error:      	Received unexpected error:
        	            	FatalError{Underlying: error while running command: exit status 1; ╷
        	            	│ Error: Reference to undeclared resource
        	            	│ 
        	            	│   on ../../main.tf line 81, in resource "aws_cloudfront_distribution" "default":
        	            	│   81:     origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
        	            	│ 
        	            	│ A managed resource "origin" "value" has not been declared in module.cdn.
        	            	╵}
        	Test:       	TestExamplesComplete
--- FAIL: TestExamplesComplete (16.26s)
1
Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)

I think there are other problems with this module, regarding the distinction between origins, custom origins, and S3 origins. I’m not familiar enough with CloudFront to be sure, but we have both var.custom_origins and top-level variables like var.origin_domain_name, so I think any addition, like origin_access_control_id has to be added in 2 places.

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)

@Yonatan Koren is the work you did recently for a Cloud Posse customer related to this?

Yonatan Koren avatar
Yonatan Koren

It was very much related to this, but they stuck with OAI and not OAC (the latter not being available in our module, which this PR solves).

galais.jerome avatar
galais.jerome

Hello,

I make a commit to fix my PR. I putted variable on first location but not the second. I think it’s ok now.

Can you test @Igor Rodionov ?

Fixed commit: https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/112/commits/3216561425f11f21caf0009eff41fb07863755ff

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
1
galais.jerome avatar
galais.jerome

Thank you

2024-07-24

Eligio Mariño avatar
Eligio Mariño
#103 build: upgrade aws provider to 5.29.0

what

• Upgrade terraform-aws-provider to 5.29.0 • Add variable for storage_type in the test.

why

• storage_type was released in 5.29.0 but the current minimum version is 5.21.0. This change corrects the minimum required version to 5.29.0

references

closes #86

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.29.0

1

2024-07-25

Carlos Lopes avatar
Carlos Lopes

trivial PR with a bug fix for the terraform-aws-backup module

https://github.com/cloudposse/terraform-aws-backup/pull/86

#86 fix: null value reference when copy_action is specified without lifecycle options

what

Attempt to get attribute from null value error when a copy_action is specified in a backup rule without any lifecycle options

steps to reproduce

Based on the complete example:


module "backup" {
  source = "../.."

  backup_resources = [module.efs.arn]
  not_resources    = var.not_resources

  rules = [
    {
      name              = "${module.this.name}-daily"
      schedule          = var.schedule
      start_window      = var.start_window
      completion_window = var.completion_window
      lifecycle = {
        cold_storage_after = var.cold_storage_after
        delete_after       = var.delete_after
      }
      copy_action = {
        destination_vault_arn = "arn:aws:backup:us-east-2:123456789000:backup-vault:my-vault"
      }
    }
  ]

  backup_vault_lock_configuration = {
    max_retention_days = 365
    min_retention_days = 30
  }

  context = module.this.context
}

why

The following error should not happen:

╷
│ Error: Attempt to get attribute from null value
│
│   on ../../main.tf line 79, in resource "aws_backup_plan" "default":
│   79:               cold_storage_after = rule.value.copy_action.lifecycle.cold_storage_after
│     ├────────────────
│     │ rule.value.copy_action.lifecycle is null
│
│ This value is null, so it does not have any attributes.
╵
╷
│ Error: Attempt to get attribute from null value
│
│   on ../../main.tf line 80, in resource "aws_backup_plan" "default":
│   80:               delete_after       = rule.value.copy_action.lifecycle.delete_after
│     ├────────────────
│     │ rule.value.copy_action.lifecycle is null
│
│ This value is null, so it does not have any attributes.
╵

1
1

2024-07-30

Lennart Goedhart avatar
Lennart Goedhart

Would we be able to get a new release of terraform-aws-tfstate-backend that includes some of the recently merged PRs? It’s not a blocker, since I’m using git SHAs to pull at the moment, but it would be nice to have.

cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Igor Rodionov are these not happening automatically?

cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Looks like a bug

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Igor Rodionov avatar
Igor Rodionov

@Lennart Goedhart I cut a new release

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Igor Rodionov did you fix the underlying issue?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh, that should have been fixed by @Jeremy G (Cloud Posse) in https://github.com/cloudposse-github-actions/screenshot/pull/8

#8 Security fixes

what

• Update Puppeteer to v22.13.1 • Properly quote string inputs and variables • Update README

why

• Fix 3 high severity vulnerabilities • Avoid problems when string inputs contain characters like $ or ` that are meaningful to the shell • Keep README current

references

Security Advisory GHSA-3h5v-q93c-6h6qExample broken run due to use of backtick • Puppeteer v22 remove waitForTimeout(milliseconds) • Supersedes and closes #2 • Supersedes and closes #7

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Maybe rerunning it would just work

Igor Rodionov avatar
Igor Rodionov

there is no need to rerun it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

how to know if it’s fixed?

Igor Rodionov avatar
Igor Rodionov

rerun works fine

1
Igor Rodionov avatar
Igor Rodionov

and cut new release 1.5.0

2024-07-31

    keyboard_arrow_up