CCM-11586: try fix truststore uri

masl2 · masl2 · commit 27b267195cef · 2025-08-20T15:07:05.000+01:00
diff --git a/infrastructure/terraform/components/api/api_gateway_domain.tf b/infrastructure/terraform/components/api/api_gateway_domain.tf
@@ -9,11 +9,12 @@ resource "aws_api_gateway_domain_name" "main" {
   }
 
   depends_on = [
-    aws_s3_bucket.truststore
+    aws_s3_bucket.truststore,
+    aws_s3_object.placeholder_truststore
   ]
 
   mutual_tls_authentication {
-      truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore[0].id}"
+      truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore[0].key}"
       truststore_version = aws_s3_object.placeholder_truststore[0].version_id
   }
 
@@ -35,11 +36,12 @@ resource "aws_api_gateway_domain_name" "main_nonprod" {
   }
 
   depends_on = [
-    aws_s3_bucket.truststore
+    aws_s3_bucket.truststore,
+    aws_s3_object.placeholder_truststore_nonprod
   ]
 
   mutual_tls_authentication {
-      truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].id}"
+      truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].key}"
       truststore_version = aws_s3_object.placeholder_truststore_nonprod[0].version_id
   }
 }
diff --git a/infrastructure/terraform/components/api/s3_bucket_truststore.tf b/infrastructure/terraform/components/api/s3_bucket_truststore.tf
@@ -52,7 +52,8 @@ resource "aws_s3_object" "placeholder_truststore" {
   content = module.supplier_ssl[0].cacert_pem
 
   depends_on = [
-    aws_s3_bucket_versioning.truststore
+    aws_s3_bucket_versioning.truststore,
+    module.supplier_ssl
   ]
 
   lifecycle {
@@ -65,7 +66,7 @@ resource "aws_s3_object" "placeholder_truststore" {
 # In non-manually configured env (e.g. PR) exclude lifecycle policy so resources are managed
 # Requires duplicate block as lifecycle policies cannot be dynamic
 resource "aws_s3_object" "placeholder_truststore_nonprod" {
-  count   = var.manually_configure_mtls_truststore ? 0 : 1
+  count   = !var.manually_configure_mtls_truststore ? 1 : 0
   bucket  = aws_s3_bucket.truststore.bucket
   key     = "truststore.pem"
   content = module.supplier_ssl[0].cacert_pem

Original file line number	Diff line number	Diff line change
`@@ -9,11 +9,12 @@ resource "aws_api_gateway_domain_name" "main" {`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`depends_on = [`
`12`		`- aws_s3_bucket.truststore`
	`12`	`+ aws_s3_bucket.truststore,`
	`13`	`+ aws_s3_object.placeholder_truststore`
`13`	`14`	`]`
`14`	`15`
`15`	`16`	`mutual_tls_authentication {`
`16`		`- truststore_uri = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore[0].id}"`
	`17`	`+ truststore_uri = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore[0].key}"`
`17`	`18`	`truststore_version = aws_s3_object.placeholder_truststore[0].version_id`
`18`	`19`	`}`
`19`	`20`
`@@ -35,11 +36,12 @@ resource "aws_api_gateway_domain_name" "main_nonprod" {`
`35`	`36`	`}`
`36`	`37`
`37`	`38`	`depends_on = [`
`38`		`- aws_s3_bucket.truststore`
	`39`	`+ aws_s3_bucket.truststore,`
	`40`	`+ aws_s3_object.placeholder_truststore_nonprod`
`39`	`41`	`]`
`40`	`42`
`41`	`43`	`mutual_tls_authentication {`
`42`		`- truststore_uri = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].id}"`
	`44`	`+ truststore_uri = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].key}"`
`43`	`45`	`truststore_version = aws_s3_object.placeholder_truststore_nonprod[0].version_id`
`44`	`46`	`}`
`45`	`47`	`}`