Merge pull request #725 from NixOS/fix-deprecations

Fix most deprecation warnings in terraform workspace

Author: arianvp

terraform/cache-bucket/main.tf

@@ -5,15 +5,30 @@ variable "bucket_name" {
 resource "aws_s3_bucket" "cache" {
   provider = aws
   bucket   = var.bucket_name
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "cache" {
+  provider = aws
+  bucket   = aws_s3_bucket.cache.id
+
+  rule {
+    id     = "Infrequent Access"
+    status = "Enabled"
 
-  lifecycle_rule {
-    enabled = true
+    filter {
+      prefix = ""
+    }
 
     transition {
       days          = 365
       storage_class = "STANDARD_IA"
     }
   }
+}
+
+resource "aws_s3_bucket_cors_configuration" "cache" {
+  provider = aws
+  bucket   = aws_s3_bucket.cache.bucket
 
   cors_rule {
     allowed_headers = ["Authorization"]
@@ -23,6 +38,7 @@ resource "aws_s3_bucket" "cache" {
   }
 }
 
+
 resource "aws_s3_bucket_public_access_block" "cache" {
   bucket = aws_s3_bucket.cache.bucket
 

terraform/cache-staging.tf

@@ -11,6 +11,17 @@ module "cache-staging-202010" {
   }
 }
 
+import {
+  to = module.cache-staging-202010.aws_s3_bucket_lifecycle_configuration.cache
+  id = "nix-cache-staging"
+}
+
+import {
+  to = module.cache-staging-202010.aws_s3_bucket_cors_configuration.cache
+  id = "nix-cache-staging"
+}
+
+
 # This is the new bucket we want to use in future.
 module "cache-staging-202410" {
   source      = "./cache-bucket"
@@ -21,6 +32,16 @@ module "cache-staging-202410" {
   }
 }
 
+import {
+  to = module.cache-staging-202410.aws_s3_bucket_lifecycle_configuration.cache
+  id = "nix-cache-staging-202410"
+}
+
+import {
+  to = module.cache-staging-202410.aws_s3_bucket_cors_configuration.cache
+  id = "nix-cache-staging-202410"
+}
+
 # The fastly configuration below will first try the new bucket and than the old bucket.
 # As demonstation we have two files in the buckets:
 # $ curl https://cache-staging.nixos.org/new-cache                                                                                                                                                               │

terraform/cache.tf

@@ -5,16 +5,37 @@ locals {
 resource "aws_s3_bucket" "cache" {
   provider = aws.us
   bucket   = "nix-cache"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "cache" {
+  provider = aws.us
+  bucket   = aws_s3_bucket.cache.id
 
-  lifecycle_rule {
-    enabled = true
+  transition_default_minimum_object_size = "varies_by_storage_class"
+
+  rule {
+    id     = "Infrequent Access"
+    status = "Enabled"
+
+    filter {
+      prefix = ""
+    }
 
     transition {
       days          = 365
       storage_class = "STANDARD_IA"
     }
   }
+}
+
+import {
+  to = aws_s3_bucket_lifecycle_configuration.cache
+  id = aws_s3_bucket.cache.id
+}
 
+resource "aws_s3_bucket_cors_configuration" "cache" {
+  provider = aws.us
+  bucket   = aws_s3_bucket.cache.id
   cors_rule {
     allowed_headers = ["Authorization"]
     allowed_methods = ["GET"]
@@ -23,6 +44,11 @@ resource "aws_s3_bucket" "cache" {
   }
 }
 
+import {
+  to = aws_s3_bucket_cors_configuration.cache
+  id = aws_s3_bucket.cache.id
+}
+
 resource "aws_s3_bucket_object" "cache-nix-cache-info" {
   provider = aws.us
 

terraform/cache_inventory.tf

@@ -2,9 +2,21 @@
 resource "aws_s3_bucket" "cache_inventory" {
   provider = aws.us
   bucket   = "nix-cache-inventory"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "cache_inventory" {
+  provider = aws.us
+  bucket   = aws_s3_bucket.cache_inventory.id
 
-  lifecycle_rule {
-    enabled = true
+  transition_default_minimum_object_size = "varies_by_storage_class"
+
+  rule {
+    id     = "tf-s3-lifecycle-20231017200421961900000001"
+    status = "Enabled"
+
+    filter {
+      prefix = ""
+    }
 
     # Only keep the last 30 days
     expiration {
@@ -13,6 +25,11 @@ resource "aws_s3_bucket" "cache_inventory" {
   }
 }
 
+import {
+  to = aws_s3_bucket_lifecycle_configuration.cache_inventory
+  id = aws_s3_bucket.cache_inventory.id
+}
+
 resource "aws_s3_bucket_inventory" "cache_inventory" {
   provider = aws.us
 
@@ -40,4 +57,3 @@ resource "aws_s3_bucket_inventory" "cache_inventory" {
     }
   }
 }
-

terraform/cache_log.tf

@@ -22,6 +22,10 @@ resource "aws_s3_bucket_lifecycle_configuration" "cache_log" {
     id     = "rule-1"
     status = "Enabled"
 
+    filter {
+      prefix = ""
+    }
+
     expiration {
       days = "30"
     }

terraform/channels.tf

@@ -10,16 +10,33 @@ locals {
   # Use the website endpoint because the bucket is configured with website
   # enabled. This also means we can't use TLS between Fastly and AWS because
   # the website endpoint only has port 80 open.
-  channels_backend = aws_s3_bucket.channels.website_endpoint
+  channels_backend = "nix-channels.s3-website-us-east-1.amazonaws.com"
+  # TODO: Uncomment this once has been applied once. This is to work around fastly bug https://github.com/fastly/terraform-provider-fastly/issues/884
+  # channels_backend = aws_s3_bucket_website_configuration.channels.website_endpoint
 }
 
 resource "aws_s3_bucket" "channels" {
   provider = aws.us
   bucket   = "nix-channels"
+}
+
+resource "aws_s3_bucket_website_configuration" "channels" {
+  provider = aws.us
+  bucket   = aws_s3_bucket.channels.id
 
-  website {
-    index_document = "index.html"
+  index_document {
+    suffix = "index.html"
   }
+}
+
+import {
+  to = aws_s3_bucket_website_configuration.channels
+  id = aws_s3_bucket.channels.id
+}
+
+resource "aws_s3_bucket_cors_configuration" "channels" {
+  provider = aws.us
+  bucket   = aws_s3_bucket.channels.id
 
   cors_rule {
     allowed_headers = ["*"]
@@ -30,6 +47,12 @@ resource "aws_s3_bucket" "channels" {
   }
 }
 
+import {
+  to = aws_s3_bucket_cors_configuration.channels
+  id = aws_s3_bucket.channels.id
+
+}
+
 resource "aws_s3_bucket_object" "channels-index-html" {
   provider = aws.us
 
@@ -275,5 +298,5 @@ resource "fastly_tls_subscription" "channels" {
 
 # TODO: move the DNS config to terraform
 output "channels-managed_dns_challenge" {
-  value = fastly_tls_subscription.channels.managed_dns_challenge
+  value = fastly_tls_subscription.channels.managed_dns_challenges
 }

terraform/gh-releases.tf

@@ -181,5 +181,5 @@ resource "fastly_tls_subscription" "gh_releases" {
 }
 
 output "gh-releases-managed_dns_challenge" {
-  value = fastly_tls_subscription.gh_releases.managed_dns_challenge
+  value = fastly_tls_subscription.gh_releases.managed_dns_challenges
 }

terraform/nixpkgs-tarballs.tf

@@ -3,17 +3,27 @@ locals {
   # Use the website endpoint because the bucket is configured with website
   # enabled. This also means we can't use TLS between Fastly and AWS because
   # the website endpoint only has port 80 open.
-  tarballs_backend = aws_s3_bucket.nixpkgs-tarballs.website_endpoint
+  tarballs_backend = "nixpkgs-tarballs.s3-website-eu-west-1.amazonaws.com"
+  # TODO: Uncomment this once has been applied once. This is to work around fastly bug https://github.com/fastly/terraform-provider-fastly/issues/884
+  # tarballs_backend = aws_s3_bucket_website_configuration.nixpkgs-tarballs.website_endpoint
 }
 
 resource "aws_s3_bucket" "nixpkgs-tarballs" {
   bucket = "nixpkgs-tarballs"
+}
 
-  website {
-    index_document = "index.html"
+resource "aws_s3_bucket_website_configuration" "nixpkgs-tarballs" {
+  bucket = aws_s3_bucket.nixpkgs-tarballs.id
+  index_document {
+    suffix = "index.html"
   }
 }
 
+import {
+  to = aws_s3_bucket_website_configuration.nixpkgs-tarballs
+  id = aws_s3_bucket.nixpkgs-tarballs.id
+}
+
 resource "aws_s3_bucket_policy" "nixpkgs-tarballs" {
   bucket = aws_s3_bucket.nixpkgs-tarballs.id
 
@@ -284,7 +294,7 @@ resource "fastly_tls_subscription" "nixpkgs-tarballs" {
 
 # TODO: move the DNS config to terraform
 output "nixpkgs-tarballs-managed_dns_challenge" {
-  value = fastly_tls_subscription.nixpkgs-tarballs.managed_dns_challenge
+  value = fastly_tls_subscription.nixpkgs-tarballs.managed_dns_challenges
 }
 
 # Create an S3 bucket for CloudTrail logs
@@ -293,12 +303,21 @@ resource "aws_s3_bucket" "nixpkgs-tarballs-cloudtrail-logs" {
   # We can potentially make this public for transparency?
   # But first I want to see what the logs look like.
   acl = "private"
+}
 
-  versioning {
-    enabled = true
+resource "aws_s3_bucket_versioning" "nixpkgs-tarballs-cloudtrail-logs" {
+  bucket = aws_s3_bucket.nixpkgs-tarballs-cloudtrail-logs.id
+  versioning_configuration {
+    status = "Enabled"
   }
 }
 
+
+import {
+  to = aws_s3_bucket_versioning.nixpkgs-tarballs-cloudtrail-logs
+  id = aws_s3_bucket.nixpkgs-tarballs-cloudtrail-logs.id
+}
+
 # Attach a policy to the CloudTrail logs S3 bucket
 data "aws_iam_policy_document" "nixpkgs-tarballs-cloudtrail-logs-policy" {
   statement {

terraform/releases.tf

@@ -12,15 +12,35 @@ locals {
 
 resource "aws_s3_bucket" "releases" {
   bucket = "nix-releases"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "releases" {
+  bucket = aws_s3_bucket.releases.id
+
 
-  lifecycle_rule {
-    enabled = true
+  transition_default_minimum_object_size = "varies_by_storage_class"
+  rule {
+    id     = "tf-s3-lifecycle-20230907091915137900000001"
+    status = "Enabled"
+
+    filter {
+      prefix = ""
+    }
 
     transition {
       days          = 365
       storage_class = "STANDARD_IA"
     }
   }
+}
+
+import {
+  id = aws_s3_bucket.releases.id
+  to = aws_s3_bucket_lifecycle_configuration.releases
+}
+
+resource "aws_s3_bucket_cors_configuration" "releases" {
+  bucket = aws_s3_bucket.releases.id
 
   cors_rule {
     allowed_headers = ["*"]
@@ -31,6 +51,11 @@ resource "aws_s3_bucket" "releases" {
   }
 }
 
+import {
+  to = aws_s3_bucket_cors_configuration.releases
+  id = aws_s3_bucket.releases.id
+}
+
 resource "aws_s3_bucket_object" "releases-index-html" {
   acl          = "public-read"
   bucket       = aws_s3_bucket.releases.bucket
@@ -238,5 +263,5 @@ resource "fastly_tls_subscription" "releases" {
 
 # TODO: move the DNS config to terraform
 output "releases-managed_dns_challenge" {
-  value = fastly_tls_subscription.releases.managed_dns_challenge
+  value = fastly_tls_subscription.releases.managed_dns_challenges
 }