-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Allow adding optional arguments to terraform/grunt plan #322
base: main
Are you sure you want to change the base?
Conversation
Test init-fail❌ Terraform Init: Show Init resultsInitializing the backend...
Initializing provider plugins...
- Finding latest version of foo/bar...
Error: Failed to query available provider packages
Could not retrieve the list of available versions for provider foo/bar:
provider registry registry.terraform.io does not have a provider named
registry.terraform.io/foo/bar
All modules should specify their required_providers so that external
consumers will get the correct providers when using a module. To see which
modules are currently depending on foo/bar, run the following command:
terraform providers
Show Validate resultsError: Missing required provider
This configuration requires provider registry.terraform.io/foo/bar, but that
provider isn't available. You may be able to install it automatically by
running:
terraform init
Show planError: Inconsistent dependency lock file
The following dependency selections recorded in the lock file are
inconsistent with the current configuration:
- provider registry.terraform.io/foo/bar: required by this configuration but no version is selected
To make the initial dependency selections that will initialize the dependency
lock file, run:
terraform init
|
Test skip-fmt✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on skip-fmt.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test skip-plan✅ Terraform Init: |
Test validate-fail✅ Terraform Init: Show Validate resultsError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
Show planError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
|
Test format-error✅ Terraform Init: 🧹 Format: run format-error.tf Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Duplicate required provider
on format-error.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test invalid✅ Terraform Init: Show Validate resultsWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
🧹 Format: run invalid.tf Show planWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
|
Test changes✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on changes.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test skip-conftest✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on skip-conftest.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
|
Test import✅ Terraform Init: Plan: 2 to import, 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_cloudwatch_log_group.controltower-notificationforwarder will be imported
resource "aws_cloudwatch_log_group" "controltower-notificationforwarder" {
arn = "arn:aws:logs:ca-central-1:124044056575:log-group:/aws/lambda/aws-controltower-NotificationForwarder"
id = "/aws/lambda/aws-controltower-NotificationForwarder"
log_group_class = "STANDARD"
name = "/aws/lambda/aws-controltower-NotificationForwarder"
retention_in_days = 14
skip_destroy = false
tags = {}
tags_all = {}
}
# aws_cloudwatch_log_group.topic will be created
+ resource "aws_cloudwatch_log_group" "topic" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "topic"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_sns_topic.controltower-notificationforwarder will be imported
resource "aws_sns_topic" "controltower-notificationforwarder" {
application_success_feedback_sample_rate = 0
arn = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
content_based_deduplication = false
fifo_topic = false
firehose_success_feedback_sample_rate = 0
http_success_feedback_sample_rate = 0
id = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
lambda_success_feedback_sample_rate = 0
name = "internal-sre-alert"
owner = "124044056575"
policy = jsonencode(
{
Id = "SNS Access Policy"
Statement = [
{
Action = [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
]
Condition = {
StringEquals = {
"aws:SourceOwner" = "124044056575"
}
}
Effect = "Allow"
Principal = {
AWS = "*"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowAccountToUse"
},
{
Action = "SNS:Publish"
Condition = {
StringEquals = {
"aws:SourceAccount" = "124044056575"
}
}
Effect = "Allow"
Principal = {
Service = "cloudwatch.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowCloudWatchToPublish"
},
{
Action = "SNS:Publish"
Condition = {
ArnEquals = {
"aws:SourceArn" = "arn:aws:events:ca-central-1:124044056575:rule/internal-sre-alerts-abuse-rule"
}
}
Effect = "Allow"
Principal = {
Service = "events.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowAbuseEventsToPublish"
},
{
Action = "SNS:Publish"
Condition = {
StringEquals = {
"aws:SourceAccount" = "124044056575"
}
}
Effect = "Allow"
Principal = {
Service = "budgets.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowBudgetEventsToPublish"
},
]
Version = "2012-10-17"
}
)
signature_version = 0
sqs_success_feedback_sample_rate = 0
tags = {
"CostCentre" = "SRE"
"Terraform" = "true"
"managed_by" = "AFT"
}
tags_all = {
"CostCentre" = "SRE"
"Terraform" = "true"
"managed_by" = "AFT"
}
}
Plan: 2 to import, 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.controltower-notificationforwarder"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.topic"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Test truncate-plan✅ Terraform Init: Plan: 36 to add, 0 to change, 0 to destroy Show summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 7
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
}
}
# module.rds.aws_db_proxy_default_target_group.this will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
}
# module.rds.aws_db_proxy_target.target will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ attachment_count = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enable_local_write_forwarding = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_mode = "provisioned"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "probably"
+ network_type = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_secretsmanager_secret_version.connection_string will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds_proxy will be created
+ resource "aws_security_group" "rds_proxy" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
}
# module.vpc.aws_network_acl.main will be created
+ resource "aws_network_acl" "main" {
+ arn = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_network_acl_rule.block_rdp[0] will be created
+ resource "aws_network_acl_rule" "block_rdp" {
+ cidr_block = "0.0.0.0/0"
+ egress = false
+ from_port = 3389
+ id = (known after apply)
+ network_acl_id = (known after apply)
+ protocol = "tcp"
+ rule_action = "deny"
+ rule_number = 51
+ to_port = 3389
}
# module.vpc.aws_network_acl_rule.block_ssh[0] will be created
+ resource "aws_network_acl_rule" "block_ssh" {
+ cidr_block = "0.0.0.0/0"
+ egress = false
+ from_port = 22
+ id = (known after apply)
+ network_acl_id = (known after apply)
+ protocol = "tcp"
+ rule_action = "deny"
+ rule_number = 50
+ to_port = 22
}
# module.vpc.aws_route.private_nat_gateway[0] will be created
+ resource "aws_route" "private_nat_gateway" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known... Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test conftest-deny✅ Terraform Init: Plan: 36 to add, 0 to change, 0 to destroy Show summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 7
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
}
}
# module.rds.aws_db_proxy_default_target_group.this will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
}
# module.rds.aws_db_proxy_target.target will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ attachment_count = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enable_local_write_forwarding = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_mode = "provisioned"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "cal"
+ network_type = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_secretsmanager_secret_version.connection_string will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds_proxy will be created
+ resource "aws_security_group" "rds_proxy" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
}
# module.vpc.aws_network_acl.main will be created
+ resource "aws_network_acl" "main" {
+ arn = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_network_acl_rule.block_rdp[0] will be created
+ resource "aws_network_acl_rule" "block_rdp" {
+ cidr_block = "0.0.0.0/0"
+ egress = false
+ from_port = 3389
+ id = (known after apply)
+ network_acl_id = (known after apply)
+ protocol = "tcp"
+ rule_action = "deny"
+ rule_number = 51
+ to_port = 3389
}
# module.vpc.aws_network_acl_rule.block_ssh[0] will be created
+ resource "aws_network_acl_rule" "block_ssh" {
+ cidr_block = "0.0.0.0/0"
+ egress = false
+ from_port = 22
+ id = (known after apply)
+ network_acl_id = (known after apply)
+ protocol = "tcp"
+ rule_action = "deny"
+ rule_number = 50
+ to_port = 22
}
# module.vpc.aws_route.private_nat_gateway[0] will be created
+ resource "aws_route" "private_nat_gateway" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known... Show Conftest resultsFAIL - plan.json - main - Postgresql main password > 8 characters: ["module.rds.aws_rds_cluster.cluster"]
20 tests, 19 passed, 0 warnings, 1 failure, 0 exceptions
|
Summary | Résumé
I'd like to be able to pass additional arguments to the terraform/terragrunt plan step. I've created a new input called args that just appends whatever's there to the end of the plan command.
I have no idea what I'm doing.
Test instructions | Instructions pour tester la modification
Reference latest version in a github workflow (I'll be testing w/ notification-terraform) and pass an argument as required.