Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Base Restructured #107

Merged
merged 5 commits into from
Jun 10, 2024
Merged

Code Base Restructured #107

merged 5 commits into from
Jun 10, 2024

Conversation

HarshitSF
Copy link
Collaborator

No description provided.

@HarshitSF HarshitSF linked an issue Jun 10, 2024 that may be closed by this pull request
Follow Best practices for code base structure #106
Closed
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 10, 2024
edited
Loading

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
2.9% Duplication on New Code

See analysis details on SonarCloud

@HarshitSF HarshitSF requested a review from rayl15 June 10, 2024 11:39
rayl15
rayl15 approved these changes Jun 10, 2024
View reviewed changes
Copy link
Collaborator

@rayl15 rayl15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@rayl15 rayl15 merged commit b2aa8a5 into main Jun 10, 2024
1 check passed
@github-actions GitHub Actions
Copy link
Contributor

Terraform plan output for bootstrap in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # aws_dynamodb_table.tenant_details will be created
  + resource "aws_dynamodb_table" "tenant_details" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "TENANT_ID"
      + id               = (known after apply)
      + name             = "--tenant-details"
      + read_capacity    = 5
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "Environment" = null
          + "Name"        = "--tenant-details"
          + "Project"     = null
        }
      + tags_all         = {
          + "Environment" = (known after apply)
          + "Name"        = "--tenant-details"
          + "Project"     = (known after apply)
        }
      + write_capacity   = 5

      + attribute {
          + name = "TENANT_ID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # aws_s3_bucket.artifact_bucket will be created
  + resource "aws_s3_bucket" "artifact_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = null
          + "Project"     = null
          + "type"        = "artifact"
        }
      + tags_all                    = {
          + "Environment" = (known after apply)
          + "Project"     = (known after apply)
          + "type"        = "artifact"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # aws_s3_bucket_public_access_block.public_access_block will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.bootstrap.data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.bootstrap.aws_dynamodb_table.terraform_state_lock will be created
  + resource "aws_dynamodb_table" "terraform_state_lock" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "LockID"
      + id               = (known after apply)
      + name             = "--terraform-state-lock"
      + read_capacity    = 2
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "DynamoDBName" = "--terraform-state-lock"
          + "Environment"  = null
          + "Name"         = "--terraform-state-lock"
          + "Project"      = null
        }
      + tags_all         = {
          + "DynamoDBName" = "--terraform-state-lock"
          + "Environment"  = (known after apply)
          + "Name"         = "--terraform-state-lock"
          + "Project"      = (known after apply)
        }
      + write_capacity   = 2

      + attribute {
          + name = "LockID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # module.bootstrap.aws_s3_bucket.private will be created
  + resource "aws_s3_bucket" "private" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_acl.this will be created
  + resource "aws_s3_bucket_acl" "this" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_analytics_configuration.private_analytics_config[0] will be created
  + resource "aws_s3_bucket_analytics_configuration" "private_analytics_config" {
      + bucket = (sensitive value)
      + id     = (known after apply)
      + name   = "Analytics"

      + storage_class_analysis {
          + data_export {
              + output_schema_version = "V_1"

              + destination {
                  + s3_bucket_destination {
                      + bucket_arn = (known after apply)
                      + format     = "CSV"
                      + prefix     = "_AWSBucketAnalytics"
                    }
                }
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_lifecycle_configuration.this will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "rule-1"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 14
            }

          + expiration {
              + days                         = 0
              + expired_object_delete_marker = true
            }

          + noncurrent_version_expiration {
              + noncurrent_days = 365
            }

          + noncurrent_version_transition {
              + noncurrent_days           = 30
              + storage_class             = "STANDARD_IA"
                # (1 unchanged attribute hidden)
            }
        }
      + rule {
          + id     = "rule-2"
          + status = "Enabled"

          + expiration {
              + days                         = 14
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketInventory/"
            }
        }
      + rule {
          + id     = "rule-3"
          + status = "Enabled"

          + expiration {
              + days                         = 30
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketAnalytics/"
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_ownership_controls.this will be created
  + resource "aws_s3_bucket_ownership_controls" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + object_ownership = "BucketOwnerPreferred"
        }
    }

  # module.bootstrap.aws_s3_bucket_public_access_block.public_access_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.bootstrap.aws_s3_bucket_server_side_encryption_configuration.example will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + bucket_key_enabled = false

          + apply_server_side_encryption_by_default {
              + sse_algorithm     = "AES256"
                # (1 unchanged attribute hidden)
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = "Disabled"
          + status     = "Enabled"
        }
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["///artifact-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Codepipeline Artifact Bucket"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "///artifact-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = null
          + "Project"     = null
        }
      + tags_all    = {
          + "Environment" = (known after apply)
          + "Project"     = (known after apply)
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["///tenant-details-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Tenant Details DynamoDB Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "///tenant-details-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = null
          + "Project"     = null
        }
      + tags_all    = {
          + "Environment" = (known after apply)
          + "Project"     = (known after apply)
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["///terraform-state-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Bucket Name"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "///terraform-state-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = null
          + "Project"     = null
        }
      + tags_all    = {
          + "Environment" = (known after apply)
          + "Project"     = (known after apply)
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["///terraform-state-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Dynamodb Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "///terraform-state-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = null
          + "Project"     = null
        }
      + tags_all    = {
          + "Environment" = (known after apply)
          + "Project"     = (known after apply)
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bucket_suffix.random_password.password will be created
  + resource "random_password" "password" {
      + bcrypt_hash      = (sensitive value)
      + id               = (known after apply)
      + length           = 6
      + lower            = true
      + min_lower        = 0
      + min_numeric      = 0
      + min_special      = 0
      + min_upper        = 0
      + number           = true
      + numeric          = true
      + result           = (sensitive value)
      + special          = false
      + upper            = false
        # (1 unchanged attribute hidden)
    }

Plan: 18 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + state_bucket_arn      = (known after apply)
  + state_bucket_name     = (sensitive value)
  + state_lock_table_arn  = (known after apply)
  + state_lock_table_name = "--terraform-state-lock"

@HarshitSF HarshitSF deleted the feature/repo-standardization branch June 19, 2024 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rayl15 rayl15 rayl15 approved these changes

Assignees
No one assigned
Labels
saas ARC Saas saas-Control Plane IaC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Follow Best practices for code base structure
2 participants
@HarshitSF @rayl15