Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): lock file maintenance #276

Merged
merged 1 commit into from
Dec 11, 2023

Conversation

renovate-cds[bot]
Copy link
Contributor

@renovate-cds renovate-cds bot commented Dec 11, 2023

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

Review

  • Updates have been tested and work
  • If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copy link

Test skip-plan

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success

Copy link

Test changes

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add random_id.id
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # random_id.id will be created
  + resource "random_id" "id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 8
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + id = (known after apply)

Warning: Duplicate required provider

  on changes.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions

Copy link

Test skip-conftest

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success

Plan: 1 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add random_id.id
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # random_id.id will be created
  + resource "random_id" "id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 8
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + id = (known after apply)

Warning: Duplicate required provider

  on skip-conftest.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"

Copy link

Test skip-fmt

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add random_id.id
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # random_id.id will be created
  + resource "random_id" "id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 8
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + id = (known after apply)

Warning: Duplicate required provider

  on skip-fmt.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions

Copy link

Test init-fail

❌   Terraform Init: failed
❌   Terraform Validate: failed
✅   Terraform Format: success
❌   Terraform Plan: failed
❌   Conftest: failed

Show Init results
Initializing the backend...

Initializing provider plugins...
- Finding latest version of foo/bar...

Error: Failed to query available provider packages

Could not retrieve the list of available versions for provider foo/bar:
provider registry registry.terraform.io does not have a provider named
registry.terraform.io/foo/bar

All modules should specify their required_providers so that external
consumers will get the correct providers when using a module. To see which
modules are currently depending on foo/bar, run the following command:
    terraform providers

Show Validate results
Error: Missing required provider

This configuration requires provider registry.terraform.io/foo/bar, but that
provider isn't available. You may be able to install it automatically by
running:
  terraform init
Show plan
Error: Inconsistent dependency lock file

The following dependency selections recorded in the lock file are
inconsistent with the current configuration:
  - provider registry.terraform.io/foo/bar: required by this configuration but no version is selected

To make the initial dependency selections that will initialize the dependency
lock file, run:
  terraform init

Copy link

Test format-error

✅   Terraform Init: success
✅   Terraform Validate: success
❌   Terraform Format: failed
✅   Terraform Plan: success
✅   Conftest: success

🧹   Format: run terraform fmt to fix the following:

format-error.tf
Plan: 1 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add random_id.id
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # random_id.id will be created
  + resource "random_id" "id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 8
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Duplicate required provider

  on format-error.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions

Copy link

Test invalid

✅   Terraform Init: success
❌   Terraform Validate: failed
❌   Terraform Format: failed
❌   Terraform Plan: failed
❌   Conftest: failed

Show Validate results
Warning: Duplicate required provider

  on invalid.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

Error: Missing required argument

  on invalid.tf line 11, in resource "random_id" "id":
  11: resource "random_id" "id" {

The argument "byte_length" is required, but no definition was found.

Error: Unsupported argument

  on invalid.tf line 12, in resource "random_id" "id":
  12:     muffin = "blueberry"

An argument named "muffin" is not expected here.

🧹   Format: run terraform fmt to fix the following:

invalid.tf
Show plan
Warning: Duplicate required provider

  on invalid.tf line 11:
  11: resource "random_id" "id" {

Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.

Error: Missing required argument

  on invalid.tf line 11, in resource "random_id" "id":
  11: resource "random_id" "id" {

The argument "byte_length" is required, but no definition was found.

Error: Unsupported argument

  on invalid.tf line 12, in resource "random_id" "id":
  12:     muffin = "blueberry"

An argument named "muffin" is not expected here.

Copy link

Test validate-fail

✅   Terraform Init: success
❌   Terraform Validate: failed
✅   Terraform Format: success
❌   Terraform Plan: failed
❌   Conftest: failed

Show Validate results
Error: Reference to undeclared input variable

  on validate-fail.tf line 4, in resource "random_id" "foo":
   4:     foo = var.bar

An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
Show plan
Error: Reference to undeclared input variable

  on validate-fail.tf line 4, in resource "random_id" "foo":
   4:     foo = var.bar

An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.

Copy link

Test truncate-plan

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 50 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add module.rds.aws_cloudwatch_log_group.log_exports["postgresql"]
module.rds.aws_cloudwatch_log_group.proxy
module.rds.aws_db_proxy.proxy
module.rds.aws_db_proxy_default_target_group.this
module.rds.aws_db_proxy_target.target
module.rds.aws_db_subnet_group.rds
module.rds.aws_iam_policy.read_connection_string
module.rds.aws_iam_role.rds_proxy
module.rds.aws_iam_role_policy_attachment.read_connection_string
module.rds.aws_rds_cluster.cluster
module.rds.aws_rds_cluster_instance.instances[0]
module.rds.aws_rds_cluster_instance.instances[1]
module.rds.aws_rds_cluster_instance.instances[2]
module.rds.aws_secretsmanager_secret.connection_string
module.rds.aws_secretsmanager_secret.proxy_connection_string
module.rds.aws_secretsmanager_secret_version.connection_string
module.rds.aws_secretsmanager_secret_version.proxy_connection_string
module.rds.aws_security_group.rds_proxy
module.rds.random_string.random
module.vpc.aws_default_network_acl.default
module.vpc.aws_default_route_table.default
module.vpc.aws_default_security_group.default
module.vpc.aws_internet_gateway.gw
module.vpc.aws_nat_gateway.nat_gw[0]
module.vpc.aws_nat_gateway.nat_gw[1]
module.vpc.aws_nat_gateway.nat_gw[2]
module.vpc.aws_network_acl.main
module.vpc.aws_network_acl_rule.block_rdp[0]
module.vpc.aws_network_acl_rule.block_ssh[0]
module.vpc.aws_route.private_nat_gateway[0]
module.vpc.aws_route.private_nat_gateway[1]
module.vpc.aws_route.private_nat_gateway[2]
module.vpc.aws_route.public_internet_gateway
module.vpc.aws_route_table.private[0]
module.vpc.aws_route_table.private[1]
module.vpc.aws_route_table.private[2]
module.vpc.aws_route_table.public
module.vpc.aws_route_table_association.private[0]
module.vpc.aws_route_table_association.private[1]
module.vpc.aws_route_table_association.private[2]
module.vpc.aws_route_table_association.public[0]
module.vpc.aws_route_table_association.public[1]
module.vpc.aws_route_table_association.public[2]
module.vpc.aws_subnet.private[0]
module.vpc.aws_subnet.private[1]
module.vpc.aws_subnet.private[2]
module.vpc.aws_subnet.public[0]
module.vpc.aws_subnet.public[1]
module.vpc.aws_subnet.public[2]
module.vpc.aws_vpc.main

✂   Warning: plan has been truncated! See the full plan in the logs.

Show plan
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "read_connection_string" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "secretsmanager:DescribeSecret",
              + "secretsmanager:GetResourcePolicy",
              + "secretsmanager:GetSecretValue",
              + "secretsmanager:ListSecretVersionIds",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
          + sid       = "0"
        }
      + statement {
          + actions   = [
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "1"
        }
      + statement {
          + actions   = [
              + "kms:Decrypt",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "2"

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "secretsmanager.ca-central-1.amazonaws.com",
                ]
              + variable = "kms:ViaService"
            }
        }
    }

  # module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
  + resource "aws_cloudwatch_log_group" "log_exports" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = "STANDARD"
      + name              = "/aws/rds/cluster/test-rds-cluster/postgresql"
      + name_prefix       = (known after apply)
      + retention_in_days = 30
      + skip_destroy      = false
      + tags              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + tags_all          = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_cloudwatch_log_group.proxy will be created
  + resource "aws_cloudwatch_log_group" "proxy" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = "STANDARD"
      + name              = "/aws/rds/proxy/test-rds-proxy"
      + name_prefix       = (known after apply)
      + retention_in_days = 14
      + skip_destroy      = false
      + tags              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_proxy_logs"
          + "Terraform"  = "true"
        }
      + tags_all          = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_proxy_logs"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_db_proxy.proxy will be created
  + resource "aws_db_proxy" "proxy" {
      + arn                    = (known after apply)
      + debug_logging          = false
      + endpoint               = (known after apply)
      + engine_family          = "POSTGRESQL"
      + id                     = (known after apply)
      + idle_client_timeout    = 1800
      + name                   = "test-rds-proxy"
      + require_tls            = true
      + role_arn               = (known after apply)
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-rds-proxy"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-rds-proxy"
          + "Terraform"  = "true"
        }
      + vpc_security_group_ids = (known after apply)
      + vpc_subnet_ids         = (known after apply)

      + auth {
          + auth_scheme               = "SECRETS"
          + client_password_auth_type = (known after apply)
          + description               = "The database connection string"
          + iam_auth                  = "DISABLED"
          + secret_arn                = (known after apply)
        }
    }

  # module.rds.aws_db_proxy_default_target_group.this will be created
  + resource "aws_db_proxy_default_target_group" "this" {
      + arn           = (known after apply)
      + db_proxy_name = "test-rds-proxy"
      + id            = (known after apply)
      + name          = (known after apply)

      + connection_pool_config {
          + connection_borrow_timeout    = (known after apply)
          + init_query                   = (known after apply)
          + max_connections_percent      = (known after apply)
          + max_idle_connections_percent = (known after apply)
          + session_pinning_filters      = (known after apply)
        }
    }

  # module.rds.aws_db_proxy_target.target will be created
  + resource "aws_db_proxy_target" "target" {
      + db_cluster_identifier = (known after apply)
      + db_proxy_name         = "test-rds-proxy"
      + endpoint              = (known after apply)
      + id                    = (known after apply)
      + port                  = (known after apply)
      + rds_resource_id       = (known after apply)
      + target_arn            = (known after apply)
      + target_group_name     = (known after apply)
      + tracked_cluster_id    = (known after apply)
      + type                  = (known after apply)
    }

  # module.rds.aws_db_subnet_group.rds will be created
  + resource "aws_db_subnet_group" "rds" {
      + arn                     = (known after apply)
      + description             = "Managed by Terraform"
      + id                      = (known after apply)
      + name                    = "test-rds-subnet-group"
      + name_prefix             = (known after apply)
      + subnet_ids              = (known after apply)
      + supported_network_types = (known after apply)
      + tags                    = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-subnet-group"
          + "Terraform"  = "true"
        }
      + tags_all                = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-subnet-group"
          + "Terraform"  = "true"
        }
      + vpc_id                  = (known after apply)
    }

  # module.rds.aws_iam_policy.read_connection_string will be created
  + resource "aws_iam_policy" "read_connection_string" {
      + arn         = (known after apply)
      + id          = (known after apply)
      + name        = "test-rdsReadConnectionString"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = (known after apply)
      + policy_id   = (known after apply)
      + tags        = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all    = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_iam_role.rds_proxy will be created
  + resource "aws_iam_role" "rds_proxy" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "rds.amazonaws.com"
                        }
                      + Sid       = "RDSAssume"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "test-rds_rds_proxy"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all              = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
  + resource "aws_iam_role_policy_attachment" "read_connection_string" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "test-rds_rds_proxy"
    }

  # module.rds.aws_rds_cluster.cluster will be created
  + resource "aws_rds_cluster" "cluster" {
      + allocated_storage                   = (known after apply)
      + allow_major_version_upgrade         = false
      + apply_immediately                   = false
      + arn                                 = (known after apply)
      + availability_zones                  = (known after apply)
      + backtrack_window                    = 0
      + backup_retention_period             = 7
      + cluster_identifier                  = "test-rds-cluster"
      + cluster_identifier_prefix           = (known after apply)
      + cluster_members                     = (known after apply)
      + cluster_resource_id                 = (known after apply)
      + copy_tags_to_snapshot               = true
      + database_name                       = "foo"
      + db_cluster_parameter_group_name     = (known after apply)
      + db_subnet_group_name                = "test-rds-subnet-group"
      + db_system_id                        = (known after apply)
      + delete_automated_backups            = true
      + deletion_protection                 = true
      + enable_global_write_forwarding      = false
      + enable_http_endpoint                = false
      + enabled_cloudwatch_logs_exports     = [
          + "postgresql",
        ]
      + endpoint                            = (known after apply)
      + engine                              = "aurora-postgresql"
      + engine_mode                         = "provisioned"
      + engine_version                      = "14.5"
      + engine_version_actual               = (known after apply)
      + final_snapshot_identifier           = (known after apply)
      + hosted_zone_id                      = (known after apply)
      + iam_database_authentication_enabled = false
      + iam_roles                           = (known after apply)
      + id                                  = (known after apply)
      + kms_key_id                          = (known after apply)
      + master_password                     = (sensitive value)
      + master_user_secret                  = (known after apply)
      + master_user_secret_kms_key_id       = (known after apply)
      + master_username                     = "probably"
      + network_type                        = (known after apply)
      + port                                = (known after apply)
      + preferred_backup_window             = "07:00-09:00"
      + preferred_maintenance_window        = "sun:06:00-sun:07:00"
      + reader_endpoint                     = (known after apply)
      + skip_final_snapshot                 = false
      + storage_encrypted                   = true
      + storage_type                        = (known after apply)
      + tags                                = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + tags_all                            = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + vpc_security_group_ids              = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[0] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "14.5"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-0"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-0"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-0"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[1] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "14.5"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-1"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-1"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-1"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[2] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "14.5"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-2"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-2"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-2"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_secretsmanager_secret.connection_string will be created
  + resource "aws_secretsmanager_secret" "connection_string" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = (known after apply)
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + tags                           = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all                       = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }

      + replica {
          + kms_key_id         = (known after apply)
          + last_accessed_date = (known after apply)
          + region             = (known after apply)
          + status             = (known after apply)
          + status_message     = (known after apply)
        }
    }

  # module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
  + resource "aws_secretsmanager_secret" "proxy_connection_string" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = (known after apply)
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + tags                           = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all                       = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }

      + replica {
          + kms_key_id         = (known after apply)
          + last_accessed_date = (known after apply)
          + region             = (known after apply)
          + status             = (known after apply)
          + status_message     = (known after apply)
        }
    }

  # module.rds.aws_secretsmanager_secret_version.connection_string will be created
  + resource "aws_secretsmanager_secret_version" "connection_string" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
  + resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.rds.aws_security_group.rds_proxy will be created
  + resource "aws_security_group" "rds_proxy" {
      + arn                    = (known after apply)
      + description            = "The Security group that allows communication between the proxy and the database"
      + egress                 = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 5432
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = true
              + to_port          = 5432
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 5432
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = true
              + to_port          = 5432
            },
        ]
      + name                   = "test-rds_rds_proxy_sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_rds_proxy_sg"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_rds_proxy_sg"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.rds.random_string.random will be created
  + resource "random_string" "random" {
      + id          = (known after apply)
      + length      = 6
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.vpc.aws_default_network_acl.default will be created
  + resource "aws_default_network_acl" "default" {
      + arn                    = (known after apply)
      + default_network_acl_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_nacl"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_nacl"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_default_route_table.default will be created
  + resource "aws_default_route_table" "default" {
      + arn                    = (known after apply)
      + default_route_table_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + route                  = []
      + tags                   = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
          + "name"       = "vpc_default_route_table"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
          + "name"       = "vpc_default_route_table"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_sg"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_sg"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_internet_gateway.gw will be created
  + resource "aws_internet_gateway" "gw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_internet_gateway"
          + "Terraform"  = "true"
        }
      + tags_all = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_internet_gateway"
          + "Terraform"  = "true"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_nat_gateway.nat_gw[0] will be created
  + resource "aws_nat_gateway" "nat_gw" {
      + association_id                     = (known after apply)
      + connectivity_type                  = "private"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-0"
          + "Terraform"  = "true"
        }
      + tags_all                           = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-0"
          + "Terraform"  = "true"
        }
    }

  # module.vpc.aws_nat_gateway.nat_gw[1] will be created
  + resource "aws_nat_gateway" "nat_gw" {
      + association_id                     = (known after apply)
      + connectivity_type                  = "private"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-1"
          + "Terraform"  = "true"
        }
      + tags_all                           = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-1"
          + "Terraform"  = "true"
        }
    }

  # module.vpc.aws_nat_gateway.nat_gw[2] will be created
  + resource...
Show Conftest results
20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions

Copy link

Test conftest-deny

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
❌   Conftest: failed

Plan: 50 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add module.rds.aws_cloudwatch_log_group.log_exports[&quot;postgresql&quot;]
module.rds.aws_cloudwatch_log_group.proxy
module.rds.aws_db_proxy.proxy
module.rds.aws_db_proxy_default_target_group.this
module.rds.aws_db_proxy_target.target
module.rds.aws_db_subnet_group.rds
module.rds.aws_iam_policy.read_connection_string
module.rds.aws_iam_role.rds_proxy
module.rds.aws_iam_role_policy_attachment.read_connection_string
module.rds.aws_rds_cluster.cluster
module.rds.aws_rds_cluster_instance.instances[0]
module.rds.aws_rds_cluster_instance.instances[1]
module.rds.aws_rds_cluster_instance.instances[2]
module.rds.aws_secretsmanager_secret.connection_string
module.rds.aws_secretsmanager_secret.proxy_connection_string
module.rds.aws_secretsmanager_secret_version.connection_string
module.rds.aws_secretsmanager_secret_version.proxy_connection_string
module.rds.aws_security_group.rds_proxy
module.rds.random_string.random
module.vpc.aws_default_network_acl.default
module.vpc.aws_default_route_table.default
module.vpc.aws_default_security_group.default
module.vpc.aws_internet_gateway.gw
module.vpc.aws_nat_gateway.nat_gw[0]
module.vpc.aws_nat_gateway.nat_gw[1]
module.vpc.aws_nat_gateway.nat_gw[2]
module.vpc.aws_network_acl.main
module.vpc.aws_network_acl_rule.block_rdp[0]
module.vpc.aws_network_acl_rule.block_ssh[0]
module.vpc.aws_route.private_nat_gateway[0]
module.vpc.aws_route.private_nat_gateway[1]
module.vpc.aws_route.private_nat_gateway[2]
module.vpc.aws_route.public_internet_gateway
module.vpc.aws_route_table.private[0]
module.vpc.aws_route_table.private[1]
module.vpc.aws_route_table.private[2]
module.vpc.aws_route_table.public
module.vpc.aws_route_table_association.private[0]
module.vpc.aws_route_table_association.private[1]
module.vpc.aws_route_table_association.private[2]
module.vpc.aws_route_table_association.public[0]
module.vpc.aws_route_table_association.public[1]
module.vpc.aws_route_table_association.public[2]
module.vpc.aws_subnet.private[0]
module.vpc.aws_subnet.private[1]
module.vpc.aws_subnet.private[2]
module.vpc.aws_subnet.public[0]
module.vpc.aws_subnet.public[1]
module.vpc.aws_subnet.public[2]
module.vpc.aws_vpc.main

✂   Warning: plan has been truncated! See the full plan in the logs.

Show plan
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "read_connection_string" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "secretsmanager:DescribeSecret",
              + "secretsmanager:GetResourcePolicy",
              + "secretsmanager:GetSecretValue",
              + "secretsmanager:ListSecretVersionIds",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
          + sid       = "0"
        }
      + statement {
          + actions   = [
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "1"
        }
      + statement {
          + actions   = [
              + "kms:Decrypt",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "2"

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "secretsmanager.ca-central-1.amazonaws.com",
                ]
              + variable = "kms:ViaService"
            }
        }
    }

  # module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
  + resource "aws_cloudwatch_log_group" "log_exports" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = "STANDARD"
      + name              = "/aws/rds/cluster/test-rds-cluster/postgresql"
      + name_prefix       = (known after apply)
      + retention_in_days = 30
      + skip_destroy      = false
      + tags              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + tags_all          = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_cloudwatch_log_group.proxy will be created
  + resource "aws_cloudwatch_log_group" "proxy" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = "STANDARD"
      + name              = "/aws/rds/proxy/test-rds-proxy"
      + name_prefix       = (known after apply)
      + retention_in_days = 14
      + skip_destroy      = false
      + tags              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_proxy_logs"
          + "Terraform"  = "true"
        }
      + tags_all          = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_proxy_logs"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_db_proxy.proxy will be created
  + resource "aws_db_proxy" "proxy" {
      + arn                    = (known after apply)
      + debug_logging          = false
      + endpoint               = (known after apply)
      + engine_family          = "POSTGRESQL"
      + id                     = (known after apply)
      + idle_client_timeout    = 1800
      + name                   = "test-rds-proxy"
      + require_tls            = true
      + role_arn               = (known after apply)
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-rds-proxy"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-rds-proxy"
          + "Terraform"  = "true"
        }
      + vpc_security_group_ids = (known after apply)
      + vpc_subnet_ids         = (known after apply)

      + auth {
          + auth_scheme               = "SECRETS"
          + client_password_auth_type = (known after apply)
          + description               = "The database connection string"
          + iam_auth                  = "DISABLED"
          + secret_arn                = (known after apply)
        }
    }

  # module.rds.aws_db_proxy_default_target_group.this will be created
  + resource "aws_db_proxy_default_target_group" "this" {
      + arn           = (known after apply)
      + db_proxy_name = "test-rds-proxy"
      + id            = (known after apply)
      + name          = (known after apply)

      + connection_pool_config {
          + connection_borrow_timeout    = (known after apply)
          + init_query                   = (known after apply)
          + max_connections_percent      = (known after apply)
          + max_idle_connections_percent = (known after apply)
          + session_pinning_filters      = (known after apply)
        }
    }

  # module.rds.aws_db_proxy_target.target will be created
  + resource "aws_db_proxy_target" "target" {
      + db_cluster_identifier = (known after apply)
      + db_proxy_name         = "test-rds-proxy"
      + endpoint              = (known after apply)
      + id                    = (known after apply)
      + port                  = (known after apply)
      + rds_resource_id       = (known after apply)
      + target_arn            = (known after apply)
      + target_group_name     = (known after apply)
      + tracked_cluster_id    = (known after apply)
      + type                  = (known after apply)
    }

  # module.rds.aws_db_subnet_group.rds will be created
  + resource "aws_db_subnet_group" "rds" {
      + arn                     = (known after apply)
      + description             = "Managed by Terraform"
      + id                      = (known after apply)
      + name                    = "test-rds-subnet-group"
      + name_prefix             = (known after apply)
      + subnet_ids              = (known after apply)
      + supported_network_types = (known after apply)
      + tags                    = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-subnet-group"
          + "Terraform"  = "true"
        }
      + tags_all                = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-subnet-group"
          + "Terraform"  = "true"
        }
      + vpc_id                  = (known after apply)
    }

  # module.rds.aws_iam_policy.read_connection_string will be created
  + resource "aws_iam_policy" "read_connection_string" {
      + arn         = (known after apply)
      + id          = (known after apply)
      + name        = "test-rdsReadConnectionString"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = (known after apply)
      + policy_id   = (known after apply)
      + tags        = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all    = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
    }

  # module.rds.aws_iam_role.rds_proxy will be created
  + resource "aws_iam_role" "rds_proxy" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "rds.amazonaws.com"
                        }
                      + Sid       = "RDSAssume"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "test-rds_rds_proxy"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all              = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
  + resource "aws_iam_role_policy_attachment" "read_connection_string" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "test-rds_rds_proxy"
    }

  # module.rds.aws_rds_cluster.cluster will be created
  + resource "aws_rds_cluster" "cluster" {
      + allocated_storage                   = (known after apply)
      + allow_major_version_upgrade         = false
      + apply_immediately                   = false
      + arn                                 = (known after apply)
      + availability_zones                  = (known after apply)
      + backtrack_window                    = 0
      + backup_retention_period             = 7
      + cluster_identifier                  = "test-rds-cluster"
      + cluster_identifier_prefix           = (known after apply)
      + cluster_members                     = (known after apply)
      + cluster_resource_id                 = (known after apply)
      + copy_tags_to_snapshot               = true
      + database_name                       = "foo"
      + db_cluster_parameter_group_name     = (known after apply)
      + db_subnet_group_name                = "test-rds-subnet-group"
      + db_system_id                        = (known after apply)
      + delete_automated_backups            = true
      + deletion_protection                 = true
      + enable_global_write_forwarding      = false
      + enable_http_endpoint                = false
      + enabled_cloudwatch_logs_exports     = [
          + "postgresql",
        ]
      + endpoint                            = (known after apply)
      + engine                              = "aurora-postgresql"
      + engine_mode                         = "provisioned"
      + engine_version                      = "13.3"
      + engine_version_actual               = (known after apply)
      + final_snapshot_identifier           = (known after apply)
      + hosted_zone_id                      = (known after apply)
      + iam_database_authentication_enabled = false
      + iam_roles                           = (known after apply)
      + id                                  = (known after apply)
      + kms_key_id                          = (known after apply)
      + master_password                     = (sensitive value)
      + master_user_secret                  = (known after apply)
      + master_user_secret_kms_key_id       = (known after apply)
      + master_username                     = "cal"
      + network_type                        = (known after apply)
      + port                                = (known after apply)
      + preferred_backup_window             = "07:00-09:00"
      + preferred_maintenance_window        = "sun:06:00-sun:07:00"
      + reader_endpoint                     = (known after apply)
      + skip_final_snapshot                 = false
      + storage_encrypted                   = true
      + storage_type                        = (known after apply)
      + tags                                = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + tags_all                            = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-cluster"
          + "Terraform"  = "true"
        }
      + vpc_security_group_ids              = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[0] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "13.3"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-0"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-0"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-0"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[1] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "13.3"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-1"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-1"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-1"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_rds_cluster_instance.instances[2] will be created
  + resource "aws_rds_cluster_instance" "instances" {
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + cluster_identifier                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_parameter_group_name               = (known after apply)
      + db_subnet_group_name                  = "test-rds-subnet-group"
      + dbi_resource_id                       = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "aurora-postgresql"
      + engine_version                        = "13.3"
      + engine_version_actual                 = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "test-rds-instance-2"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.medium"
      + kms_key_id                            = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + network_type                          = (known after apply)
      + performance_insights_enabled          = true
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + preferred_backup_window               = (known after apply)
      + preferred_maintenance_window          = (known after apply)
      + promotion_tier                        = 0
      + publicly_accessible                   = (known after apply)
      + storage_encrypted                     = (known after apply)
      + tags                                  = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-2"
          + "Terraform"  = "true"
        }
      + tags_all                              = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds-instance-2"
          + "Terraform"  = "true"
        }
      + writer                                = (known after apply)
    }

  # module.rds.aws_secretsmanager_secret.connection_string will be created
  + resource "aws_secretsmanager_secret" "connection_string" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = (known after apply)
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + tags                           = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all                       = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }

      + replica {
          + kms_key_id         = (known after apply)
          + last_accessed_date = (known after apply)
          + region             = (known after apply)
          + status             = (known after apply)
          + status_message     = (known after apply)
        }
    }

  # module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
  + resource "aws_secretsmanager_secret" "proxy_connection_string" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = (known after apply)
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + tags                           = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }
      + tags_all                       = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
        }

      + replica {
          + kms_key_id         = (known after apply)
          + last_accessed_date = (known after apply)
          + region             = (known after apply)
          + status             = (known after apply)
          + status_message     = (known after apply)
        }
    }

  # module.rds.aws_secretsmanager_secret_version.connection_string will be created
  + resource "aws_secretsmanager_secret_version" "connection_string" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
  + resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.rds.aws_security_group.rds_proxy will be created
  + resource "aws_security_group" "rds_proxy" {
      + arn                    = (known after apply)
      + description            = "The Security group that allows communication between the proxy and the database"
      + egress                 = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 5432
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = true
              + to_port          = 5432
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 5432
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = true
              + to_port          = 5432
            },
        ]
      + name                   = "test-rds_rds_proxy_sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_rds_proxy_sg"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "test-rds_rds_proxy_sg"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.rds.random_string.random will be created
  + resource "random_string" "random" {
      + id          = (known after apply)
      + length      = 6
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.vpc.aws_default_network_acl.default will be created
  + resource "aws_default_network_acl" "default" {
      + arn                    = (known after apply)
      + default_network_acl_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_nacl"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_nacl"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_default_route_table.default will be created
  + resource "aws_default_route_table" "default" {
      + arn                    = (known after apply)
      + default_route_table_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + route                  = []
      + tags                   = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
          + "name"       = "vpc_default_route_table"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Terraform"  = "true"
          + "name"       = "vpc_default_route_table"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_sg"
          + "Terraform"  = "true"
        }
      + tags_all               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_default_sg"
          + "Terraform"  = "true"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_internet_gateway.gw will be created
  + resource "aws_internet_gateway" "gw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_internet_gateway"
          + "Terraform"  = "true"
        }
      + tags_all = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc_internet_gateway"
          + "Terraform"  = "true"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_nat_gateway.nat_gw[0] will be created
  + resource "aws_nat_gateway" "nat_gw" {
      + association_id                     = (known after apply)
      + connectivity_type                  = "private"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-0"
          + "Terraform"  = "true"
        }
      + tags_all                           = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-0"
          + "Terraform"  = "true"
        }
    }

  # module.vpc.aws_nat_gateway.nat_gw[1] will be created
  + resource "aws_nat_gateway" "nat_gw" {
      + association_id                     = (known after apply)
      + connectivity_type                  = "private"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-1"
          + "Terraform"  = "true"
        }
      + tags_all                           = {
          + "CostCentre" = "cal"
          + "Name"       = "vpc-natgw-1"
          + "Terraform"  = "true"
        }
    }

  # module.vpc.aws_nat_gateway.nat_gw[2] will be created
  + resource...
Show Conftest results
FAIL - plan.json - main - Postgresql main password > 8 characters: ["module.rds.aws_rds_cluster.cluster"]

20 tests, 19 passed, 0 warnings, 1 failure, 0 exceptions

@patheard
Copy link
Member

@patheard patheard merged commit a53e3dc into main Dec 11, 2023
15 checks passed
@patheard patheard deleted the renovate-cds/lock-file-maintenance branch December 11, 2023 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants