PRMP-1339 - Updates SonarSource action

[jack-nhs]

No description provided.

[github-actions]

Report for environment: pre-prod

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️success

Initialization Output

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.0...
- Installed hashicorp/archive v2.7.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan (0 to add, 4 to change, 0 to destroy)

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "pre-prod-alarm-notifications-lambda"
      ~ last_modified                  = "2024-10-29T15:08:51.000+0000" -> (known after apply)
      ~ source_code_hash               = "nuEZs7U8f6cnlZJISBWa4/TzaBfTtpIurKlFDCYMIPg=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "pre-prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "pre-prod-generate-cost-report-lambda"
      ~ last_modified                  = "2024-10-29T15:08:57.000+0000" -> (known after apply)
      ~ source_code_hash               = "rAIyW7oqNxKkc2LdchAH0mcX8MRST+M7k5FjaH8vMrI=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "pre-prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.cost_usage_permit_s3_to_write_access_logs_policy will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cost_usage_permit_s3_to_write_access_logs_policy" {
        id     = "pre-prod-cost-and-usage-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = [
                          - "s3:Get*",
                          - "s3:ListBucket",
                        ] -> "s3:PutObject"
                      ~ Principal = {
                          - AWS     = "arn:aws:iam::108148468272:role/RepoDeveloper"
                          + Service = "logging.s3.amazonaws.com"
                        }
                      ~ Resource  = [
                          - "arn:aws:s3:::pre-prod-cost-and-usage-access-logs",
                          - "arn:aws:s3:::pre-prod-cost-and-usage-access-logs/*",
                        ] -> "arn:aws:s3:::pre-prod-cost-and-usage-access-logs/access-logs/*"
                      + Sid       = "S3ServerAccessLogsPolicy"
                        # (2 unchanged attributes hidden)
                    },
                ]
              ~ Version   = "2008-10-17" -> "2012-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.deductions-private.aws_ssm_parameter.client_vpn_endpoint_id will be updated in-place
  ~ resource "aws_ssm_parameter" "client_vpn_endpoint_id" {
        id              = "/repo/pre-prod/output/prm-deductions-infra/client-vpn-endpoint-id"
        name            = "/repo/pre-prod/output/prm-deductions-infra/client-vpn-endpoint-id"
      - overwrite       = true -> null
        tags            = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "pre-prod"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

[github-actions]

Report for environment: prod

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️success

Initialization Output

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.0...
- Installed hashicorp/archive v2.7.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan (0 to add, 5 to change, 0 to destroy)

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "prod-alarm-notifications-lambda"
      ~ last_modified                  = "2024-09-11T14:11:41.000+0000" -> (known after apply)
      ~ source_code_hash               = "euXryE/9b5YzAHmYXe4APterFb/Jf+5FNlKZ6S1sI6U=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "prod-generate-cost-report-lambda"
      ~ last_modified                  = "2024-09-11T14:11:47.000+0000" -> (known after apply)
      ~ source_code_hash               = "6GSn+05b9tEe59flwRM7U1OTjkpqNzXQh3nbrvjZrKI=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.cost_usage_permit_s3_to_write_access_logs_policy will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cost_usage_permit_s3_to_write_access_logs_policy" {
        id     = "prod-cost-and-usage-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = [
                          - "s3:Get*",
                          - "s3:ListBucket",
                        ] -> "s3:PutObject"
                      ~ Principal = {
                          - AWS     = "arn:aws:iam::535760944720:role/RepoDeveloper"
                          + Service = "logging.s3.amazonaws.com"
                        }
                      ~ Resource  = [
                          - "arn:aws:s3:::prod-cost-and-usage-access-logs",
                          - "arn:aws:s3:::prod-cost-and-usage-access-logs/*",
                        ] -> "arn:aws:s3:::prod-cost-and-usage-access-logs/access-logs/*"
                      + Sid       = "S3ServerAccessLogsPolicy"
                        # (2 unchanged attributes hidden)
                    },
                ]
              ~ Version   = "2008-10-17" -> "2012-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.deductions-private.aws_security_group.gocd_to_mq will be updated in-place
  ~ resource "aws_security_group" "gocd_to_mq" {
        id                     = "sg-05349fdac523bd34c"
      ~ ingress                = (sensitive value)
        name                   = "prod-gocd-to-mq"
        tags                   = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
            "Name"        = "prod-gocd-to-deductions-private-sg"
        }
        # (8 unchanged attributes hidden)
    }

  # module.deductions-private.aws_ssm_parameter.client_vpn_endpoint_id will be updated in-place
  ~ resource "aws_ssm_parameter" "client_vpn_endpoint_id" {
        id              = "/repo/prod/output/prm-deductions-infra/client-vpn-endpoint-id"
        name            = "/repo/prod/output/prm-deductions-infra/client-vpn-endpoint-id"
      - overwrite       = true -> null
        tags            = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 5 to change, 0 to destroy.

[github-actions]

Report for environment: test

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️success

Initialization Output

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.0...
- Installed hashicorp/archive v2.7.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan (0 to add, 3 to change, 0 to destroy)

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "test-alarm-notifications-lambda"
      ~ last_modified                  = "2024-12-18T15:08:46.000+0000" -> (known after apply)
      ~ source_code_hash               = "20fIQ4NiUO9O31hTsIWuOPn/+HflBjitarqhVgDfOQA=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "test"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "test-generate-cost-report-lambda"
      ~ last_modified                  = "2024-12-18T15:08:52.000+0000" -> (known after apply)
      ~ source_code_hash               = "cPqNRD58Ke37tvYGt4NwAeQMxlLOC2lOllSDbxUnDyg=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "test"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.deductions-private.aws_ssm_parameter.client_vpn_endpoint_id will be updated in-place
  ~ resource "aws_ssm_parameter" "client_vpn_endpoint_id" {
        id              = "/repo/test/output/prm-deductions-infra/client-vpn-endpoint-id"
        name            = "/repo/test/output/prm-deductions-infra/client-vpn-endpoint-id"
      - overwrite       = true -> null
        tags            = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "test"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

[github-actions]

Report for environment: dev

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️success

Initialization Output

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.0...
- Installed hashicorp/archive v2.7.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Show Plan (0 to add, 3 to change, 0 to destroy)

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "dev-alarm-notifications-lambda"
      ~ last_modified                  = "2024-12-18T15:05:29.000+0000" -> (known after apply)
      ~ source_code_hash               = "qnaX+9nGfQXKCvxcvvkwEBF7zlCGq5NP7VjOvByn28o=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "dev"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "dev-generate-cost-report-lambda"
      ~ last_modified                  = "2024-12-18T15:05:36.000+0000" -> (known after apply)
      ~ source_code_hash               = "O8bkYOyLhX1TOF1a638SiL1IAjtlrWeUo+27emd3OBI=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "dev"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.deductions-private.aws_ssm_parameter.client_vpn_endpoint_id will be updated in-place
  ~ resource "aws_ssm_parameter" "client_vpn_endpoint_id" {
        id              = "/repo/dev/output/prm-deductions-infra/client-vpn-endpoint-id"
        name            = "/repo/dev/output/prm-deductions-infra/client-vpn-endpoint-id"
      - overwrite       = true -> null
        tags            = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "dev"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.