Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package terragrunt for openSUSE:Factory checked in at 2022-11-30 18:53:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/terragrunt (Old) and /work/SRC/openSUSE:Factory/.terragrunt.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "terragrunt" Wed Nov 30 18:53:46 2022 rev:20 rq:1039134 version:0.42.2 Changes: -------- --- /work/SRC/openSUSE:Factory/terragrunt/terragrunt.changes 2022-11-30 15:01:01.201724410 +0100 +++ /work/SRC/openSUSE:Factory/.terragrunt.new.1597/terragrunt.changes 2022-11-30 18:53:47.936659483 +0100 @@ -1,0 +2,13 @@ +Wed Nov 30 13:38:48 UTC 2022 - kastl@b1-systems.de + +- Update to version 0.42.2: + * Improve encryption setting on access log bucket (#2375) + +------------------------------------------------------------------- +Wed Nov 30 13:20:21 UTC 2022 - kastl@b1-systems.de + +- Update to version 0.42.1: + * Feat(#2292) add accesslogging bucket tags property to remote state s3 config block (#2355) + * Update documentation to reference actions for S3 bucket configuration (#2366) + +------------------------------------------------------------------- Old: ---- terragrunt-0.42.0.tar.gz New: ---- terragrunt-0.42.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ terragrunt.spec ++++++ --- /var/tmp/diff_new_pack.Q1MAxx/_old 2022-11-30 18:53:49.100666049 +0100 +++ /var/tmp/diff_new_pack.Q1MAxx/_new 2022-11-30 18:53:49.104666071 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: terragrunt -Version: 0.42.0 +Version: 0.42.2 Release: 0 Summary: Thin wrapper for Terraform for working with multiple Terraform modules License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Q1MAxx/_old 2022-11-30 18:53:49.188666545 +0100 +++ /var/tmp/diff_new_pack.Q1MAxx/_new 2022-11-30 18:53:49.192666568 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/gruntwork-io/terragrunt</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.42.0</param> + <param name="revision">v0.42.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -16,7 +16,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="disabled"> - <param name="archive">terragrunt-0.42.0.tar.gz</param> + <param name="archive">terragrunt-0.42.2.tar.gz</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Q1MAxx/_old 2022-11-30 18:53:49.216666703 +0100 +++ /var/tmp/diff_new_pack.Q1MAxx/_new 2022-11-30 18:53:49.220666725 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/gruntwork-io/terragrunt</param> - <param name="changesrevision">d9eca946aa272ff0d99a34d26138abdea32ab2ff</param></service></servicedata> + <param name="changesrevision">f7dcb4a262f58628909f8264c98abb3f2a4305aa</param></service></servicedata> (No newline at EOF) ++++++ terragrunt-0.42.0.tar.gz -> terragrunt-0.42.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/config/config_helpers_test.go new/terragrunt-0.42.2/config/config_helpers_test.go --- old/terragrunt-0.42.0/config/config_helpers_test.go 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/config/config_helpers_test.go 2022-11-29 19:16:54.000000000 +0100 @@ -877,6 +877,16 @@ configMap["s3_bucket_tags"].(map[string]interface{}), map[string]interface{}{"owner": "terragrunt integration test", "name": "Terraform state storage"}, ) + assert.Equal( + t, + configMap["dynamodb_table_tags"].(map[string]interface{}), + map[string]interface{}{"owner": "terragrunt integration test", "name": "Terraform lock table"}, + ) + assert.Equal( + t, + configMap["accesslogging_bucket_tags"].(map[string]interface{}), + map[string]interface{}{"owner": "terragrunt integration test", "name": "Terraform access log storage"}, + ) } func TestReadTerragruntConfigHooks(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/docs/README.md new/terragrunt-0.42.2/docs/README.md --- old/terragrunt-0.42.0/docs/README.md 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/docs/README.md 2022-11-29 19:16:54.000000000 +0100 @@ -218,7 +218,7 @@ 5. Add `index.html` file to newly create folder: ``` --- -layout: collection-browser # DO NOT CAHNGE THIS +layout: collection-browser # DO NOT CHANGE THIS title: Use cases subtitle: Learn how to integrate Terragrunt with Terraform. excerpt: Learn how to integrate Terragrunt with Terraform. @@ -293,7 +293,7 @@ #### config.yml -Collections are registred in the `_config.yml` file like other typical Jekyll collections. +Collections are registered in the `_config.yml` file like other typical Jekyll collections. Additional field used in the configuration is: `sort_by: order`. It ensures that collection's documents are displayed in the right order. The `order` is set then in every collection document. For large collections it's recommended to split files into several folders, and then to use 3-digit numbers. So each folder would have reserved range of numbers, like: `100 - 199`, `200-299`, etc. It makes easy to add new documents without overwriting `order` fields in other docs. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/docs/_docs/02_features/aws-auth.md new/terragrunt-0.42.2/docs/_docs/02_features/aws-auth.md --- old/terragrunt-0.42.0/docs/_docs/02_features/aws-auth.md 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/docs/_docs/02_features/aws-auth.md 2022-11-29 19:16:54.000000000 +0100 @@ -74,7 +74,11 @@ "s3:PutBucketVersioning", "s3:PutEncryptionConfiguration", "s3:PutBucketAcl", - "s3:PutBucketLogging" + "s3:PutBucketLogging", + "s3:GetEncryptionConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:PutLifecycleConfiguration" ], "Resource": "arn:aws:s3:::BUCKET_NAME" }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/docs/_docs/02_features/keep-your-remote-state-configuration-dry.md new/terragrunt-0.42.2/docs/_docs/02_features/keep-your-remote-state-configuration-dry.md --- old/terragrunt-0.42.0/docs/_docs/02_features/keep-your-remote-state-configuration-dry.md 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/docs/_docs/02_features/keep-your-remote-state-configuration-dry.md 2022-11-29 19:16:54.000000000 +0100 @@ -249,7 +249,7 @@ If you experience an error for any of these configurations, confirm you are using Terraform v0.12.2 or greater. -Further, the config options `s3_bucket_tags`, `dynamodb_table_tags`, `skip_bucket_versioning`, `skip_bucket_ssencryption`, `skip_bucket_root_access`, `skip_bucket_enforced_tls`, `skip_bucket_public_access_blocking`, `accesslogging_bucket_name`, `accesslogging_target_prefix`, and `enable_lock_table_ssencryption` are only valid for backend `s3`. They are used by terragrunt and are **not** passed on to terraform. See section [Create remote state and locking resources automatically](#create-remote-state-and-locking-resources-automatically). +Further, the config options `s3_bucket_tags`, `dynamodb_table_tags`, `accesslogging_bucket_tags`, `skip_bucket_versioning`, `skip_bucket_ssencryption`, `skip_bucket_root_access`, `skip_bucket_enforced_tls`, `skip_bucket_public_access_blocking`, `accesslogging_bucket_name`, `accesslogging_target_prefix`, and `enable_lock_table_ssencryption` are only valid for backend `s3`. They are used by terragrunt and are **not** passed on to terraform. See section [Create remote state and locking resources automatically](#create-remote-state-and-locking-resources-automatically). ### GCS-specific remote state settings diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/docs/_docs/04_reference/config-blocks-and-attributes.md new/terragrunt-0.42.2/docs/_docs/04_reference/config-blocks-and-attributes.md --- old/terragrunt-0.42.0/docs/_docs/04_reference/config-blocks-and-attributes.md 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/docs/_docs/04_reference/config-blocks-and-attributes.md 2022-11-29 19:16:54.000000000 +0100 @@ -392,6 +392,7 @@ - `enable_lock_table_ssencryption`: When `true`, the synchronization lock table in DynamoDB used for remote state concurrent access will not be configured with server side encryption. - `s3_bucket_tags`: A map of key value pairs to associate as tags on the created S3 bucket. - `dynamodb_table_tags`: A map of key value pairs to associate as tags on the created DynamoDB remote state lock table. +- `accesslogging_bucket_tags`: A map of key value pairs to associate as tags on the created S3 bucket to store de access logs. - `disable_aws_client_checksums`: When `true`, disable computing and checking checksums on the request and response, such as the CRC32 check for DynamoDB. This can be used to workaround https://github.com/gruntwork-io/terragrunt/issues/1059. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/docs/_docs/06_migration_guides/upgrading_to_terragrunt_0.19.x.md new/terragrunt-0.42.2/docs/_docs/06_migration_guides/upgrading_to_terragrunt_0.19.x.md --- old/terragrunt-0.42.0/docs/_docs/06_migration_guides/upgrading_to_terragrunt_0.19.x.md 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/docs/_docs/06_migration_guides/upgrading_to_terragrunt_0.19.x.md 2022-11-29 19:16:54.000000000 +0100 @@ -256,6 +256,12 @@ owner = "terragrunt integration test" name = "Terraform lock table" } + + # accesslogging_bucket_tags is an attribute, so an equals sign is REQUIRED + accesslogging_bucket_tags = { + owner = "terragrunt integration test" + name = "Terraform access log storage" + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/remote/remote_state_s3.go new/terragrunt-0.42.2/remote/remote_state_s3.go --- old/terragrunt-0.42.0/remote/remote_state_s3.go 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/remote/remote_state_s3.go 2022-11-29 19:16:54.000000000 +0100 @@ -27,15 +27,17 @@ ) /* - * We use this construct to separate the two config keys 's3_bucket_tags' and 'dynamodb_table_tags' - * from the others, as they are specific to the s3 backend, but only used by terragrunt to tag - * the s3 bucket and the dynamo db, in case it has to create them. + * We use this construct to separate the three config keys 's3_bucket_tags', 'dynamodb_table_tags' + * and 'accesslogging_bucket_tags' from the others, as they are specific to the s3 backend, + * but only used by terragrunt to tag the s3 bucket, the dynamo db and the s3 bucket used to the + * access logs, in case it has to create them. */ type ExtendedRemoteStateConfigS3 struct { remoteStateConfigS3 RemoteStateConfigS3 S3BucketTags map[string]string `mapstructure:"s3_bucket_tags"` DynamotableTags map[string]string `mapstructure:"dynamodb_table_tags"` + AccessLoggingBucketTags map[string]string `mapstructure:"accesslogging_bucket_tags"` SkipBucketVersioning bool `mapstructure:"skip_bucket_versioning"` SkipBucketSSEncryption bool `mapstructure:"skip_bucket_ssencryption"` SkipBucketAccessLogging bool `mapstructure:"skip_bucket_accesslogging"` @@ -56,6 +58,7 @@ var terragruntOnlyConfigs = []string{ "s3_bucket_tags", "dynamodb_table_tags", + "accesslogging_bucket_tags", "skip_bucket_versioning", "skip_bucket_ssencryption", "skip_bucket_accesslogging", @@ -363,12 +366,6 @@ terragruntOptions.Logger.Warnf("Encryption is not enabled on the S3 remote state bucket %s. Terraform state files may contain secrets, so we STRONGLY recommend enabling encryption!", config.Bucket) } - if extendedConfig.AccessLoggingBucketName != "" && extendedConfig.BucketSSEAlgorithm != s3.ServerSideEncryptionAes256 { - return errors.WithStackTrace(InvalidAccessLoggingBucketEncryption{ - BucketSSEAlgorithm: extendedConfig.BucketSSEAlgorithm, - }) - } - return nil } @@ -438,7 +435,7 @@ if bucketUpdatesRequired.SSEEncryption { if config.SkipBucketSSEncryption { terragruntOptions.Logger.Debugf("Server-Side Encryption is disabled for the remote state AWS S3 bucket %s using 'skip_bucket_ssencryption' config.", config.remoteStateConfigS3.Bucket) - } else if err := EnableSSEForS3BucketWide(s3Client, config.remoteStateConfigS3.Bucket, config, terragruntOptions); err != nil { + } else if err := EnableSSEForS3BucketWide(s3Client, config.remoteStateConfigS3.Bucket, fetchEncryptionAlgorithm(config), config, terragruntOptions); err != nil { return err } } @@ -479,8 +476,10 @@ return err } - if err := EnableSSEForS3BucketWide(s3Client, config.AccessLoggingBucketName, config, terragruntOptions); err != nil { - return err + if !config.SkipBucketSSEncryption { + if err := EnableSSEForS3BucketWide(s3Client, config.AccessLoggingBucketName, s3.ServerSideEncryptionAes256, config, terragruntOptions); err != nil { + return err + } } if err := EnableEnforcedTLSAccesstoS3Bucket(s3Client, config.AccessLoggingBucketName, config, terragruntOptions); err != nil { @@ -665,7 +664,7 @@ if config.SkipBucketSSEncryption { terragruntOptions.Logger.Debugf("Server-Side Encryption is disabled for the remote state AWS S3 bucket %s using 'skip_bucket_ssencryption' config.", config.remoteStateConfigS3.Bucket) - } else if err := EnableSSEForS3BucketWide(s3Client, config.remoteStateConfigS3.Bucket, config, terragruntOptions); err != nil { + } else if err := EnableSSEForS3BucketWide(s3Client, config.remoteStateConfigS3.Bucket, fetchEncryptionAlgorithm(config), config, terragruntOptions); err != nil { return err } @@ -689,8 +688,10 @@ return err } - if err := EnableSSEForS3BucketWide(s3Client, config.AccessLoggingBucketName, config, terragruntOptions); err != nil { - return err + if !config.SkipBucketSSEncryption { + if err := EnableSSEForS3BucketWide(s3Client, config.AccessLoggingBucketName, s3.ServerSideEncryptionAes256, config, terragruntOptions); err != nil { + return err + } } if err := EnableEnforcedTLSAccesstoS3Bucket(s3Client, config.AccessLoggingBucketName, config, terragruntOptions); err != nil { @@ -700,6 +701,10 @@ terragruntOptions.Logger.Debugf("Access Logging is disabled for the remote state AWS S3 bucket %s", config.remoteStateConfigS3.Bucket) } + if err := TagS3BucketAccessLogging(s3Client, config, terragruntOptions); err != nil { + return err + } + return nil } @@ -718,6 +723,34 @@ return nil } +func TagS3BucketAccessLogging(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error { + + if config.AccessLoggingBucketTags == nil || len(config.AccessLoggingBucketTags) == 0 { + terragruntOptions.Logger.Debugf("No tags specified for bucket %s.", config.AccessLoggingBucketName) + return nil + } + + // There must be one entry in the list + var tagsConverted = convertTags(config.AccessLoggingBucketTags) + + terragruntOptions.Logger.Debugf("Tagging S3 bucket with %s", config.AccessLoggingBucketTags) + + putBucketTaggingInput := s3.PutBucketTaggingInput{ + Bucket: aws.String(config.AccessLoggingBucketName), + Tagging: &s3.Tagging{ + TagSet: tagsConverted, + }, + } + + _, err := s3Client.PutBucketTagging(&putBucketTaggingInput) + if err != nil { + return errors.WithStackTrace(err) + } + + terragruntOptions.Logger.Debugf("Tagged S3 bucket with %s", config.AccessLoggingBucketTags) + return nil +} + func TagS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error { if config.S3BucketTags == nil || len(config.S3BucketTags) == 0 { @@ -1039,7 +1072,7 @@ } // Enable bucket-wide Server-Side Encryption for the AWS S3 bucket specified in the given config -func EnableSSEForS3BucketWide(s3Client *s3.S3, bucketName string, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error { +func EnableSSEForS3BucketWide(s3Client *s3.S3, bucketName string, algorithm string, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error { terragruntOptions.Logger.Debugf("Enabling bucket-wide SSE on AWS S3 bucket %s", bucketName) accountID, err := aws_helper.GetAWSAccountID(config.GetAwsSessionConfig(), terragruntOptions) @@ -1052,12 +1085,6 @@ return errors.WithStackTrace(err) } - // Encrypt with KMS by default - algorithm := s3.ServerSideEncryptionAwsKms - if config.BucketSSEAlgorithm != "" { - algorithm = config.BucketSSEAlgorithm - } - defEnc := &s3.ServerSideEncryptionByDefault{ SSEAlgorithm: aws.String(algorithm), } @@ -1082,6 +1109,15 @@ return nil } +func fetchEncryptionAlgorithm(config *ExtendedRemoteStateConfigS3) string { + // Encrypt with KMS by default + algorithm := s3.ServerSideEncryptionAwsKms + if config.BucketSSEAlgorithm != "" { + algorithm = config.BucketSSEAlgorithm + } + return algorithm +} + func checkIfSSEForS3Enabled(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) (bool, error) { terragruntOptions.Logger.Debugf("Checking if SSE is enabled for AWS S3 bucket %s", config.Bucket) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/remote/remote_state_s3_test.go new/terragrunt-0.42.2/remote/remote_state_s3_test.go --- old/terragrunt-0.42.0/remote/remote_state_s3_test.go 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/remote/remote_state_s3_test.go 2022-11-29 19:16:54.000000000 +0100 @@ -79,6 +79,12 @@ true, }, { + "equal-ignore-accesslogging-bucket-tags", + map[string]interface{}{"accesslogging_bucket_tags": []map[string]string{{"foo": "bar"}}}, + &TerraformBackend{Type: "s3", Config: map[string]interface{}{}}, + true, + }, + { "unequal-wrong-backend", map[string]interface{}{"foo": "bar"}, &TerraformBackend{Type: "wrong", Config: map[string]interface{}{"foo": "bar"}}, @@ -274,6 +280,7 @@ map[string]interface{}{ "s3_bucket_tags": map[string]string{}, "dynamodb_table_tags": map[string]string{}, + "accesslogging_bucket_tags": map[string]string{}, "skip_bucket_versioning": true, "skip_bucket_ssencryption": false, "skip_bucket_root_access": false, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/remote/remote_state_test.go new/terragrunt-0.42.2/remote/remote_state_test.go --- old/terragrunt-0.42.0/remote/remote_state_test.go 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/remote/remote_state_test.go 2022-11-29 19:16:54.000000000 +0100 @@ -29,7 +29,12 @@ "dynamodb_table_tags": map[string]interface{}{ "team": "team name", - "name": "Terraform state storage", + "name": "Terraform lock table", + "service": "Terraform"}, + + "accesslogging_bucket_tags": map[string]interface{}{ + "team": "team name", + "name": "Terraform access log storage", "service": "Terraform"}, "skip_bucket_versioning": true, @@ -40,7 +45,7 @@ } args := remoteState.ToTerraformInitArgs() - // must not contain s3_bucket_tags or dynamodb_table_tags or skip_bucket_versioning + // must not contain s3_bucket_tags or dynamodb_table_tags or accesslogging_bucket_tags or skip_bucket_versioning assertTerraformInitArgsEqual(t, args, "-backend-config=encrypt=true -backend-config=bucket=my-bucket -backend-config=key=terraform.tfstate -backend-config=region=us-east-1 -backend-config=force_path_style=true -backend-config=shared_credentials_file=my-file") } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/fixture/terragrunt.hcl new/terragrunt-0.42.2/test/fixture/terragrunt.hcl --- old/terragrunt-0.42.0/test/fixture/terragrunt.hcl 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/fixture/terragrunt.hcl 2022-11-29 19:16:54.000000000 +0100 @@ -18,5 +18,10 @@ owner = "terragrunt integration test" name = "Terraform lock table" } + + accesslogging_bucket_tags = { + owner = "terragrunt integration test" + name = "Terraform access log storage" + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/fixture-codegen/remote-state/s3/terragrunt.hcl new/terragrunt-0.42.2/test/fixture-codegen/remote-state/s3/terragrunt.hcl --- old/terragrunt-0.42.0/test/fixture-codegen/remote-state/s3/terragrunt.hcl 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/fixture-codegen/remote-state/s3/terragrunt.hcl 2022-11-29 19:16:54.000000000 +0100 @@ -23,6 +23,11 @@ owner = "terragrunt integration test" name = "Terraform lock table" } + + accesslogging_bucket_tags = { + owner = "terragrunt integration test" + name = "Terraform access log storage" + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/.gitignore new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/.gitignore --- old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/.gitignore 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/.gitignore 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -backend.tf diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/main.tf new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/main.tf --- old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/main.tf 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/main.tf 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -resource "null_resource" "foo" {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/remote_terragrunt.hcl new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/remote_terragrunt.hcl --- old/terragrunt-0.42.0/test/fixture-regressions/accesslogging-bucket/invlid-configuration/remote_terragrunt.hcl 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/fixture-regressions/accesslogging-bucket/invlid-configuration/remote_terragrunt.hcl 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -# Configure Terragrunt to automatically store tfstate files in an S3 bucket -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite" - } - config = { - encrypt = true - bucket = "__FILL_IN_BUCKET_NAME__" - key = "terraform.tfstate" - region = "us-west-2" - dynamodb_table = "__FILL_IN_LOCK_TABLE_NAME__" - enable_lock_table_ssencryption = true - accesslogging_bucket_name = "__FILL_IN_LOGS_BUCKET_NAME__" - bucket_sse_algorithm = "aws:kms" - } -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/terragrunt-0.42.0/test/integration_test.go new/terragrunt-0.42.2/test/integration_test.go --- old/terragrunt-0.42.0/test/integration_test.go 2022-11-29 13:32:50.000000000 +0100 +++ new/terragrunt-0.42.2/test/integration_test.go 2022-11-29 19:16:54.000000000 +0100 @@ -657,32 +657,22 @@ targetLoggingBucket := terraws.GetS3BucketLoggingTarget(t, TERRAFORM_REMOTE_STATE_S3_REGION, s3BucketName) targetLoggingBucketPrefix := terraws.GetS3BucketLoggingTargetPrefix(t, TERRAFORM_REMOTE_STATE_S3_REGION, s3BucketName) + encryptionConfig, err := bucketEncryption(t, TERRAFORM_REMOTE_STATE_S3_REGION, targetLoggingBucket) + assert.NoError(t, err) + assert.NotNil(t, encryptionConfig) + assert.NotNil(t, encryptionConfig.ServerSideEncryptionConfiguration) + for _, rule := range encryptionConfig.ServerSideEncryptionConfiguration.Rules { + if rule.ApplyServerSideEncryptionByDefault != nil { + if rule.ApplyServerSideEncryptionByDefault.SSEAlgorithm != nil { + assert.Equal(t, s3.ServerSideEncryptionAes256, *rule.ApplyServerSideEncryptionByDefault.SSEAlgorithm) + } + } + } + assert.Equal(t, s3BucketLogsName, targetLoggingBucket) assert.Equal(t, remote.DefaultS3BucketAccessLoggingTargetPrefix, targetLoggingBucketPrefix) } -func TestTerragruntFailWithInvalidLoggingConfiguration(t *testing.T) { - t.Parallel() - - examplePath := filepath.Join(TEST_FIXTURE_REGRESSIONS, "accesslogging-bucket/invlid-configuration") - cleanupTerraformFolder(t, examplePath) - - s3BucketName := fmt.Sprintf("terragrunt-test-bucket-%s", strings.ToLower(uniqueId())) - lockTableName := fmt.Sprintf("terragrunt-test-locks-%s", strings.ToLower(uniqueId())) - - tmpTerragruntConfigPath := createTmpTerragruntConfig( - t, - examplePath, - s3BucketName, - lockTableName, - "remote_terragrunt.hcl", - ) - - _, _, err := runTerragruntCommandWithOutput(t, fmt.Sprintf("terragrunt validate --terragrunt-non-interactive --terragrunt-config %s --terragrunt-working-dir %s", tmpTerragruntConfigPath, examplePath)) - assert.Error(t, err) - assert.Contains(t, err.Error(), s3.ServerSideEncryptionAes256) -} - func TestTerragruntWorksWithGCSBackend(t *testing.T) { t.Parallel() ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/terragrunt/vendor.tar.gz /work/SRC/openSUSE:Factory/.terragrunt.new.1597/vendor.tar.gz differ: char 5, line 1