Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service monitorのbasic authをauthorization headerに書き込む #526

Merged
merged 3 commits into from
Oct 16, 2024
Merged

Service monitorのbasic authをauthorization headerに書き込む #526

merged 3 commits into from
Oct 16, 2024

Conversation

piny940
Copy link
Owner

@piny940 piny940 commented Oct 16, 2024

No description provided.

@infracost Infracost
Copy link

infracost bot commented Oct 16, 2024
edited
Loading

💰 Infracost report

Monthly estimate generated

This comment will be updated when code changes.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 16, 2024
edited
Loading

AWS plan for staging

Plan: 0 to add, 2 to change, 0 to destroy
Terraform Plan Details 
data.archive_file.dummy: Reading...
data.archive_file.dummy: Read complete after 0s [id=5b895fd2cbdc8e2a359b45bc3dd7c435c7378aa5]
data.aws_ssm_parameter.slack_api_token: Reading...
data.aws_ssm_parameter.basic_auth_password: Reading...
data.aws_ssm_parameter.basic_auth_user: Reading...
data.aws_ssm_parameter.health_check_url: Reading...
aws_iam_role.service-monitor: Refreshing state... [id=stg-service-monitor]
aws_iam_role.event_bridge: Refreshing state... [id=stg-event-bridge]
aws_s3_bucket.terraform_remote_backend: Refreshing state... [id=stg-aws-tf-backend.piny940.com]
data.aws_ssm_parameter.slack_api_token: Read complete after 0s [id=/stg-service-monitor/slack-api-token/v1]
data.aws_ssm_parameter.basic_auth_user: Read complete after 0s [id=/stg-service-monitor/basic-auth-user/v1]
data.aws_ssm_parameter.basic_auth_password: Read complete after 0s [id=/stg-service-monitor/basic-auth-password/v1]
data.aws_ssm_parameter.health_check_url: Read complete after 0s [id=/stg-service-monitor/health-check-url/v1]
aws_iam_role_policy_attachment.service-monitor: Refreshing state... [id=stg-service-monitor-20241016020611841500000001]
aws_lambda_function.service-monitor: Refreshing state... [id=stg-service-monitor]
aws_cloudwatch_log_group.service-monitor: Refreshing state... [id=/aws/lambda/stg-service-monitor]
aws_scheduler_schedule.service-monitor: Refreshing state... [id=default/stg-service-monitor]
aws_iam_role_policy.event_bridge: Refreshing state... [id=stg-event-bridge:stg-service-monitor-event-bridge]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.event_bridge will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "event_bridge" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:lambda:ap-northeast-1:891377239454:function:stg-service-monitor",
            ]
        }
    }

  # aws_iam_role_policy.event_bridge will be updated in-place
  ~ resource "aws_iam_role_policy" "event_bridge" {
        id          = "stg-event-bridge:stg-service-monitor-event-bridge"
        name        = "stg-service-monitor-event-bridge"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "lambda:InvokeFunction"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:lambda:ap-northeast-1:891377239454:function:stg-service-monitor"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # aws_lambda_function.service-monitor will be updated in-place
  ~ resource "aws_lambda_function" "service-monitor" {
        id                             = "stg-service-monitor"
        tags                           = {}
        # (29 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              + "BASIC_AUTH_PASSWORD" = (sensitive value)
              + "BASIC_AUTH_USER"     = (sensitive value)
              ~ "HEALTH_CHECK_URL"    = (sensitive value)
                # (2 unchanged elements hidden)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 16, 2024
edited
Loading

AWS plan for production

Plan: 0 to add, 2 to change, 0 to destroy
Terraform Plan Details 
data.archive_file.dummy: Reading...
data.archive_file.dummy: Read complete after 0s [id=5b895fd2cbdc8e2a359b45bc3dd7c435c7378aa5]
data.aws_ssm_parameter.slack_api_token: Reading...
data.aws_ssm_parameter.basic_auth_user: Reading...
data.aws_ssm_parameter.basic_auth_password: Reading...
data.aws_ssm_parameter.health_check_url: Reading...
aws_iam_role.service-monitor: Refreshing state... [id=service-monitor]
aws_s3_bucket.terraform_remote_backend: Refreshing state... [id=aws-tf-backend.piny940.com]
aws_iam_role.event_bridge: Refreshing state... [id=event-bridge]
aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::891377239454:oidc-provider/token.actions.githubusercontent.com]
aws_iam_role.github_actions: Refreshing state... [id=github-actions-aws-owner]
aws_iam_role_policy_attachment.service-monitor: Refreshing state... [id=service-monitor-20241016033752998500000001]
aws_iam_role_policy_attachment.github_actions_administrator: Refreshing state... [id=github-actions-aws-owner-20241015145030772900000001]
data.aws_ssm_parameter.slack_api_token: Read complete after 0s [id=/service-monitor/slack-api-token/v1]
data.aws_ssm_parameter.health_check_url: Read complete after 0s [id=/service-monitor/health-check-url/v1]
data.aws_ssm_parameter.basic_auth_password: Read complete after 0s [id=/service-monitor/basic-auth-password/v1]
data.aws_ssm_parameter.basic_auth_user: Read complete after 0s [id=/service-monitor/basic-auth-user/v1]
aws_lambda_function.service-monitor: Refreshing state... [id=service-monitor]
aws_cloudwatch_log_group.service-monitor: Refreshing state... [id=/aws/lambda/service-monitor]
aws_iam_role_policy.event_bridge: Refreshing state... [id=event-bridge:service-monitor-event-bridge]
aws_scheduler_schedule.service-monitor: Refreshing state... [id=default/service-monitor]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.event_bridge will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "event_bridge" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:lambda:ap-northeast-1:891377239454:function:service-monitor",
            ]
        }
    }

  # aws_iam_role_policy.event_bridge will be updated in-place
  ~ resource "aws_iam_role_policy" "event_bridge" {
        id          = "event-bridge:service-monitor-event-bridge"
        name        = "service-monitor-event-bridge"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "lambda:InvokeFunction"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:lambda:ap-northeast-1:891377239454:function:service-monitor"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # aws_lambda_function.service-monitor will be updated in-place
  ~ resource "aws_lambda_function" "service-monitor" {
        id                             = "service-monitor"
        tags                           = {}
        # (29 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              + "BASIC_AUTH_PASSWORD" = (sensitive value)
              + "BASIC_AUTH_USER"     = (sensitive value)
              ~ "HEALTH_CHECK_URL"    = (sensitive value)
                # (2 unchanged elements hidden)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@piny940 piny940 merged commit bedb214 into main Oct 16, 2024
22 checks passed
@piny940 piny940 deleted the service-monitor-basic-auth branch October 16, 2024 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@piny940