From f049e0a0c9c38c5e09c219734f51ef6944494838 Mon Sep 17 00:00:00 2001 From: Rich Green Date: Thu, 23 Jan 2025 11:08:45 +0000 Subject: [PATCH 01/27] add query logging for `non_live_data` vpc and monitor cw logs for r53 dns firewall matches to be alerted to sns/pagerduty --- .../environments/core-logging/logging.tf | 2 +- .../environments/core-logging/r53_logs.tf | 88 +++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/terraform/environments/core-logging/logging.tf b/terraform/environments/core-logging/logging.tf index 8a5205341..b8569e4df 100644 --- a/terraform/environments/core-logging/logging.tf +++ b/terraform/environments/core-logging/logging.tf @@ -1,6 +1,6 @@ locals { resolver_query_log_config_names = toset(["core-logging-rlq-cloudwatch", "core-logging-rlq-s3"]) - vpc_ids = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" } + vpc_ids = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" || key == "non_live_data" } rlq_ids = { for name, config in data.aws_route53_resolver_query_log_config.core_logging : name => config.id } vpc_rlq_associations = merge([ for vpc_key, vpc_id in local.vpc_ids : { diff --git a/terraform/environments/core-logging/r53_logs.tf b/terraform/environments/core-logging/r53_logs.tf index 8169c9d63..038f9c6f6 100644 --- a/terraform/environments/core-logging/r53_logs.tf +++ b/terraform/environments/core-logging/r53_logs.tf @@ -90,3 +90,91 @@ data "aws_iam_policy_document" "r53_resolver_logs_kms" { } } } + +resource "aws_cloudwatch_log_metric_filter" "r53_dns_firewall_metric_filter" { + name = "r53-dns-firewall-matches" + log_group_name = aws_cloudwatch_log_group.r53_resolver_logs.name + + pattern = "{ ($.firewall_rule_action = \"BLOCK\" || $.firewall_rule_action = \"ALERT\") }" + metric_transformation { + name = "r53-dns-firewall-matches" + namespace = "R53DNSFirewall" + value = "1" + } +} + +resource "aws_cloudwatch_metric_alarm" "r53_dns_firewall_alarm" { + alarm_name = "r53-dns-firewall-matches" + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = "1" + metric_name = aws_cloudwatch_log_metric_filter.r53_dns_firewall_metric_filter.metric_transformation[0].name + namespace = aws_cloudwatch_log_metric_filter.r53_dns_firewall_metric_filter.metric_transformation[0].namespace + period = "60" + statistic = "Sum" + threshold = "1" + alarm_actions = [aws_sns_topic.r53_dns_firewall.arn] + tags = local.tags +} + +resource "aws_sns_topic" "r53_dns_firewall" { + name = "r53-dns-firewall-sns-topic" + kms_master_key_id = aws_kms_key.r53_dns_firewall.key_id + tags = local.tags +} + +resource "aws_kms_key" "r53_dns_firewall" { + description = "KMS key for DNS Firewall SNS Topic Encryption" + enable_key_rotation = true + policy = data.aws_iam_policy_document.r53_dns_firewall_kms_policy.json + tags = local.tags +} + +resource "aws_kms_alias" "r53_dns_firewall" { + name_prefix = "alias/r53-dns-firewall-sns-encryption" + target_key_id = aws_kms_key.r53_dns_firewall.key_id +} + +data "aws_iam_policy_document" "r53_dns_firewall_kms_policy" { + # checkov:skip=CKV_AWS_111: "policy is directly related to the resource" + # checkov:skip=CKV_AWS_109: "policy is directly related to the resource" + # checkov:skip=CKV_AWS_356: "policy is directly related to the resource" + statement { + sid = "Allow SNS/Cloudwatch services to use the KMS key" + effect = "Allow" + actions = [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:DescribeKey" + ] + resources = [ + "*" + ] + principals { + type = "Service" + identifiers = ["sns.amazonaws.com", "cloudwatch.amazonaws.com", "logs.amazonaws.com"] + } + } + + statement { + sid = "Allow account to manage key" + effect = "Allow" + actions = [ + "kms:*" + ] + resources = [ + "*" + ] + principals { + type = "AWS" + identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] + } + } +} +module "pagerduty_r53_dns_firewall" { + depends_on = [aws_sns_topic.r53_dns_firewall] + source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4" # v2.0.0 + sns_topics = [aws_sns_topic.r53_dns_firewall.name] + pagerduty_integration_key = local.pagerduty_integration_keys["core_alerts_cloudwatch"] +} From 15c43803efa46e654dfa52cd73e94eb3aabdd0e5 Mon Sep 17 00:00:00 2001 From: Rich Green Date: Thu, 23 Jan 2025 13:02:09 +0000 Subject: [PATCH 02/27] Only associate `non_live_data` vpc with cloudwatch rqlc --- .../environments/core-logging/logging.tf | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/terraform/environments/core-logging/logging.tf b/terraform/environments/core-logging/logging.tf index b8569e4df..b01c27f5e 100644 --- a/terraform/environments/core-logging/logging.tf +++ b/terraform/environments/core-logging/logging.tf @@ -1,9 +1,10 @@ locals { resolver_query_log_config_names = toset(["core-logging-rlq-cloudwatch", "core-logging-rlq-s3"]) - vpc_ids = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" || key == "non_live_data" } + vpc_ids_live_data = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" } + vpc_ids_non_live_data = { for key, value in module.vpc : key => value["vpc_id"] if key == "non_live_data" } rlq_ids = { for name, config in data.aws_route53_resolver_query_log_config.core_logging : name => config.id } - vpc_rlq_associations = merge([ - for vpc_key, vpc_id in local.vpc_ids : { + vpc_rlq_associations_live_data = merge([ + for vpc_key, vpc_id in local.vpc_ids_live_data : { for rlq_name, rlq_id in local.rlq_ids : "${vpc_key}_${rlq_name}" => { vpc_id = vpc_id @@ -11,6 +12,15 @@ locals { } } ]...) + vpc_rlq_associations_non_live_data = merge([ + for vpc_key, vpc_id in local.vpc_ids_non_live_data : { + for rlq_name, rlq_id in local.rlq_ids : + "${vpc_key}_${rlq_name}" => { + vpc_id = vpc_id + rlq_id = rlq_id + } if rlq_name == "core-logging-rlq-cloudwatch" + } + ]...) } data "aws_route53_resolver_query_log_config" "core_logging" { @@ -22,7 +32,13 @@ data "aws_route53_resolver_query_log_config" "core_logging" { } resource "aws_route53_resolver_query_log_config_association" "core_logging" { - for_each = local.is-production ? local.vpc_rlq_associations : {} + for_each = local.is-production ? local.vpc_rlq_associations_live_data : {} + resolver_query_log_config_id = each.value.rlq_id + resource_id = each.value.vpc_id +} + +resource "aws_route53_resolver_query_log_config_association" "core_logging_non_live_data" { + for_each = local.is-production ? local.vpc_rlq_associations_non_live_data : {} resolver_query_log_config_id = each.value.rlq_id resource_id = each.value.vpc_id } From 97d8a581a548cce172fe92e39d524d70047c608d Mon Sep 17 00:00:00 2001 From: Rich Green Date: Thu, 23 Jan 2025 16:06:44 +0000 Subject: [PATCH 03/27] revert --- .../environments/core-logging/logging.tf | 26 ++++--------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/terraform/environments/core-logging/logging.tf b/terraform/environments/core-logging/logging.tf index b01c27f5e..806e53557 100644 --- a/terraform/environments/core-logging/logging.tf +++ b/terraform/environments/core-logging/logging.tf @@ -1,10 +1,9 @@ locals { resolver_query_log_config_names = toset(["core-logging-rlq-cloudwatch", "core-logging-rlq-s3"]) - vpc_ids_live_data = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" } - vpc_ids_non_live_data = { for key, value in module.vpc : key => value["vpc_id"] if key == "non_live_data" } + vpc_ids = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" } rlq_ids = { for name, config in data.aws_route53_resolver_query_log_config.core_logging : name => config.id } - vpc_rlq_associations_live_data = merge([ - for vpc_key, vpc_id in local.vpc_ids_live_data : { + vpc_rlq_associations = merge([ + for vpc_key, vpc_id in local.vpc_ids : { for rlq_name, rlq_id in local.rlq_ids : "${vpc_key}_${rlq_name}" => { vpc_id = vpc_id @@ -12,15 +11,6 @@ locals { } } ]...) - vpc_rlq_associations_non_live_data = merge([ - for vpc_key, vpc_id in local.vpc_ids_non_live_data : { - for rlq_name, rlq_id in local.rlq_ids : - "${vpc_key}_${rlq_name}" => { - vpc_id = vpc_id - rlq_id = rlq_id - } if rlq_name == "core-logging-rlq-cloudwatch" - } - ]...) } data "aws_route53_resolver_query_log_config" "core_logging" { @@ -32,13 +22,7 @@ data "aws_route53_resolver_query_log_config" "core_logging" { } resource "aws_route53_resolver_query_log_config_association" "core_logging" { - for_each = local.is-production ? local.vpc_rlq_associations_live_data : {} + for_each = local.is-production ? local.vpc_rlq_associations : {} resolver_query_log_config_id = each.value.rlq_id resource_id = each.value.vpc_id -} - -resource "aws_route53_resolver_query_log_config_association" "core_logging_non_live_data" { - for_each = local.is-production ? local.vpc_rlq_associations_non_live_data : {} - resolver_query_log_config_id = each.value.rlq_id - resource_id = each.value.vpc_id -} +} \ No newline at end of file From 6c8d768017ce1d334ed9574ee234db929383cc45 Mon Sep 17 00:00:00 2001 From: Rich Green Date: Thu, 23 Jan 2025 16:36:55 +0000 Subject: [PATCH 04/27] associate non-production VPCs with cloudwatch rqlc only --- terraform/environments/core-vpc/logging.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/terraform/environments/core-vpc/logging.tf b/terraform/environments/core-vpc/logging.tf index 5702ab2fb..d62e9af5b 100644 --- a/terraform/environments/core-vpc/logging.tf +++ b/terraform/environments/core-vpc/logging.tf @@ -11,6 +11,15 @@ locals { } } ]...) + vpc_rlq_associations_cloudwatch_only = merge([ + for vpc_key, vpc_id in local.vpc_ids : { + for rlq_name, rlq_id in local.rlq_ids : + "${vpc_key}_${rlq_name}" => { + vpc_id = vpc_id + rlq_id = rlq_id + } if rlq_name == "core-logging-rlq-cloudwatch" + } + ]...) } data "aws_route53_resolver_query_log_config" "core_logging" { @@ -22,7 +31,7 @@ data "aws_route53_resolver_query_log_config" "core_logging" { } resource "aws_route53_resolver_query_log_config_association" "core_logging" { - for_each = local.is-production ? local.vpc_rlq_associations : {} + for_each = local.is-production ? local.vpc_rlq_associations : local.vpc_rlq_associations_cloudwatch_only resolver_query_log_config_id = each.value.rlq_id resource_id = each.value.vpc_id } From c46cff1c00cfcb5467e36fa3f6c1760018cc6126 Mon Sep 17 00:00:00 2001 From: David Sibley Date: Thu, 23 Jan 2025 16:44:12 +0000 Subject: [PATCH 05/27] github and pagerduty updated to use lock files, some minor cleanup --- .../environments/bootstrap/delegate-access/backend.tf | 1 - .../environments/bootstrap/member-bootstrap/backend.tf | 1 - .../environments/bootstrap/secure-baselines/backend.tf | 1 - .../environments/bootstrap/single-sign-on/backend.tf | 1 - terraform/environments/core-sandbox/backend.tf | 1 - terraform/environments/main.tf | 1 - terraform/github/backend.tf | 10 +++++----- terraform/pagerduty/backend.tf | 10 +++++----- terraform/single-sign-on/backend.tf | 1 - terraform/templates/modernisation-platform/backend.tf | 2 +- 10 files changed, 11 insertions(+), 18 deletions(-) diff --git a/terraform/environments/bootstrap/delegate-access/backend.tf b/terraform/environments/bootstrap/delegate-access/backend.tf index 1d1ffb178..4394f95a0 100644 --- a/terraform/environments/bootstrap/delegate-access/backend.tf +++ b/terraform/environments/bootstrap/delegate-access/backend.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/environments/bootstrap/member-bootstrap/backend.tf b/terraform/environments/bootstrap/member-bootstrap/backend.tf index f92d08bee..85345d4cd 100644 --- a/terraform/environments/bootstrap/member-bootstrap/backend.tf +++ b/terraform/environments/bootstrap/member-bootstrap/backend.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/environments/bootstrap/secure-baselines/backend.tf b/terraform/environments/bootstrap/secure-baselines/backend.tf index df0969e50..2e57c86e0 100644 --- a/terraform/environments/bootstrap/secure-baselines/backend.tf +++ b/terraform/environments/bootstrap/secure-baselines/backend.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/environments/bootstrap/single-sign-on/backend.tf b/terraform/environments/bootstrap/single-sign-on/backend.tf index 109c0f74d..5dd93b079 100644 --- a/terraform/environments/bootstrap/single-sign-on/backend.tf +++ b/terraform/environments/bootstrap/single-sign-on/backend.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/environments/core-sandbox/backend.tf b/terraform/environments/core-sandbox/backend.tf index 4b0062d15..47d36cf28 100644 --- a/terraform/environments/core-sandbox/backend.tf +++ b/terraform/environments/core-sandbox/backend.tf @@ -2,7 +2,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/environments/main.tf b/terraform/environments/main.tf index 6699362f0..03925b809 100644 --- a/terraform/environments/main.tf +++ b/terraform/environments/main.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/github/backend.tf b/terraform/github/backend.tf index 83e530abd..8a2bd447f 100644 --- a/terraform/github/backend.tf +++ b/terraform/github/backend.tf @@ -1,11 +1,11 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { - bucket = "modernisation-platform-terraform-state" - encrypt = true - key = "github/terraform.tfstate" - region = "eu-west-2" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "github/terraform.tfstate" + region = "eu-west-2" + use_lockfile = true } } diff --git a/terraform/pagerduty/backend.tf b/terraform/pagerduty/backend.tf index 140adde2e..b3a950385 100644 --- a/terraform/pagerduty/backend.tf +++ b/terraform/pagerduty/backend.tf @@ -1,11 +1,11 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in modernisation-platform-account/s3.tf - #checkov:skip=CKV_TF_3:Ensure state files are locked - temporarily suppressed pending issue #8789 backend "s3" { - bucket = "modernisation-platform-terraform-state" - encrypt = true - key = "pagerduty/terraform.tfstate" - region = "eu-west-2" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "pagerduty/terraform.tfstate" + region = "eu-west-2" + use_lockfile = true } } \ No newline at end of file diff --git a/terraform/single-sign-on/backend.tf b/terraform/single-sign-on/backend.tf index e16b53cb3..9e006350c 100644 --- a/terraform/single-sign-on/backend.tf +++ b/terraform/single-sign-on/backend.tf @@ -1,7 +1,6 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf - backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" diff --git a/terraform/templates/modernisation-platform/backend.tf b/terraform/templates/modernisation-platform/backend.tf index 4bf18853a..4e3226400 100644 --- a/terraform/templates/modernisation-platform/backend.tf +++ b/terraform/templates/modernisation-platform/backend.tf @@ -10,5 +10,5 @@ terraform { region = "eu-west-2" use_lockfile = true workspace_key_prefix = "environments/accounts/$application_name" # This will store the object as environments/accounts/$application_name/${workspace}/terraform.tfstate - } + } } From 8da31c8bf0b8886ced65512250a4d940935020b3 Mon Sep 17 00:00:00 2001 From: David Sibley Date: Thu, 23 Jan 2025 17:18:18 +0000 Subject: [PATCH 06/27] set modernisation platform account to use native locking --- terraform/modernisation-platform-account/backend.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/modernisation-platform-account/backend.tf b/terraform/modernisation-platform-account/backend.tf index 77f3c2318..11898fb22 100644 --- a/terraform/modernisation-platform-account/backend.tf +++ b/terraform/modernisation-platform-account/backend.tf @@ -3,11 +3,11 @@ terraform { # - S3 bucket name, which is created in s3.tf # - DynamoDB table name, which is created in dynamodb.tf backend "s3" { - acl = "bucket-owner-full-control" - bucket = "modernisation-platform-terraform-state" - dynamodb_table = "modernisation-platform-terraform-state-lock" - encrypt = true - key = "modernisation-platform-account/terraform.tfstate" - region = "eu-west-2" + acl = "bucket-owner-full-control" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "modernisation-platform-account/terraform.tfstate" + region = "eu-west-2" + use_lockfile = true } } From f3be7529d1fe7ba88cd7dd5473df73f5daf51d44 Mon Sep 17 00:00:00 2001 From: Rich Green Date: Thu, 23 Jan 2025 18:07:04 +0000 Subject: [PATCH 07/27] use existing `vpc_rlq_associations` map to filter cw values-only for non-prod --- terraform/environments/core-vpc/logging.tf | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/terraform/environments/core-vpc/logging.tf b/terraform/environments/core-vpc/logging.tf index d62e9af5b..61fdad1df 100644 --- a/terraform/environments/core-vpc/logging.tf +++ b/terraform/environments/core-vpc/logging.tf @@ -11,15 +11,6 @@ locals { } } ]...) - vpc_rlq_associations_cloudwatch_only = merge([ - for vpc_key, vpc_id in local.vpc_ids : { - for rlq_name, rlq_id in local.rlq_ids : - "${vpc_key}_${rlq_name}" => { - vpc_id = vpc_id - rlq_id = rlq_id - } if rlq_name == "core-logging-rlq-cloudwatch" - } - ]...) } data "aws_route53_resolver_query_log_config" "core_logging" { @@ -31,7 +22,10 @@ data "aws_route53_resolver_query_log_config" "core_logging" { } resource "aws_route53_resolver_query_log_config_association" "core_logging" { - for_each = local.is-production ? local.vpc_rlq_associations : local.vpc_rlq_associations_cloudwatch_only + for_each = { + for key, value in local.vpc_rlq_associations : + key => value if local.is-production || can(regex("core-logging-rlq-cloudwatch", key)) + } resolver_query_log_config_id = each.value.rlq_id resource_id = each.value.vpc_id -} +} \ No newline at end of file From 2971789934831edd7e03c08af18a9671778237d7 Mon Sep 17 00:00:00 2001 From: David Sibley Date: Thu, 23 Jan 2025 21:35:35 +0000 Subject: [PATCH 08/27] added IAM policy statements permiting the put and delete of tflock objects --- .../bootstrap/member-bootstrap/iam.tf | 26 ++++++++++++--- terraform/environments/sprinkler/iam.tf | 2 +- terraform/github/testing-ci.tf | 10 ++++++ .../modernisation-platform-account/iam.tf | 32 ++++++++++++++++--- .../modernisation-platform-account/s3.tf | 2 +- 5 files changed, 60 insertions(+), 12 deletions(-) diff --git a/terraform/environments/bootstrap/member-bootstrap/iam.tf b/terraform/environments/bootstrap/member-bootstrap/iam.tf index ca9337d79..7d68ab508 100644 --- a/terraform/environments/bootstrap/member-bootstrap/iam.tf +++ b/terraform/environments/bootstrap/member-bootstrap/iam.tf @@ -806,17 +806,33 @@ data "aws_iam_policy_document" "oidc_assume_role_member" { statement { sid = "AllowOIDCReadState" effect = "Allow" - resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*", "arn:aws:s3:::modernisation-platform-terraform-state/"] - actions = ["s3:Get*", - "s3:List*"] + resources = [ + "arn:aws:s3:::modernisation-platform-terraform-state/*", + "arn:aws:s3:::modernisation-platform-terraform-state/" + ] + actions = [ + "s3:Get*", + "s3:List*" + ] } statement { sid = "AllowOIDCWriteState" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/environments/members/*"] - actions = ["s3:PutObject", - "s3:PutObjectAcl"] + actions = [ + "s3:PutObject", + "s3:PutObjectAcl" + ] + } + + statement { + sid = "AllowOIDCDeleteLock" + effect = "Allow" + resources = ["arn:aws:s3:::modernisation-platform-terraform-state/environments/members/*.tflock"] + actions = [ + "s3:DeleteObject" + ] } } diff --git a/terraform/environments/sprinkler/iam.tf b/terraform/environments/sprinkler/iam.tf index 1ada63806..0384cc8fe 100644 --- a/terraform/environments/sprinkler/iam.tf +++ b/terraform/environments/sprinkler/iam.tf @@ -41,7 +41,7 @@ data "aws_iam_policy_document" "oidc_deny_specific_actions" { } statement { - sid = "AllowOIDCRemoveLock" + sid = "AllowOIDCDeleteLock" effect = "Allow" resources = [ "arn:aws:s3:::modernisation-platform-terraform-state/single-sign-on/*.tflock", diff --git a/terraform/github/testing-ci.tf b/terraform/github/testing-ci.tf index 5f6b42df6..9cbd366ee 100644 --- a/terraform/github/testing-ci.tf +++ b/terraform/github/testing-ci.tf @@ -30,11 +30,21 @@ data "aws_iam_policy_document" "testing_ci_policy" { "s3:PutObjectAcl", ] resources = [ + "arn:aws:s3:::modernisation-platform-terraform-state/*.tflock", "arn:aws:s3:::modernisation-platform-terraform-state/terraform.tfstate", "arn:aws:s3:::modernisation-platform-terraform-state/environments/members/testing/testing-test/terraform.tfstate" ] } + statement { + effect = "Allow" + actions = ["s3:DeleteObject"] + resources = [ + "arn:aws:s3:::modernisation-platform-terraform-state/*.tflock", + "arn:aws:s3:::modernisation-platform-terraform-state/environments/members/testing/testing-test/*.tflock" + ] + } + # Based on https://www.terraform.io/docs/language/settings/backends/s3.html#dynamodb-table-permissions statement { effect = "Allow" diff --git a/terraform/modernisation-platform-account/iam.tf b/terraform/modernisation-platform-account/iam.tf index 4117bb484..6faff60f0 100644 --- a/terraform/modernisation-platform-account/iam.tf +++ b/terraform/modernisation-platform-account/iam.tf @@ -67,11 +67,26 @@ data "aws_iam_policy_document" "collaborator_local_plan" { ] resources = [ + "arn:aws:s3:::modernisation-platform-terraform-state/*.tflock", "arn:aws:s3:::modernisation-platform-terraform-state/terraform.tfstate", "arn:aws:s3:::modernisation-platform-terraform-state/environments/members/*", "arn:aws:s3:::modernisation-platform-terraform-state/environments/accounts/core-network-services/*", "arn:aws:s3:::modernisation-platform-terraform-state" ] + + condition { + test = "BoolIfExists" + variable = "aws:MultiFactorAuthPresent" + values = ["true"] + } + } + + statement { + sid = "TerraformStateAccessDeleteLock" + actions = ["s3:DeleteObject"] + + resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*.tflock"] + condition { test = "BoolIfExists" variable = "aws:MultiFactorAuthPresent" @@ -196,9 +211,7 @@ data "aws_iam_policy_document" "modernisation_account_terraform_state_role" { statement { sid = "AllowS3AccessList" effect = "Allow" - actions = [ - "s3:ListBucket", - ] + actions = ["s3:ListBucket"] resources = ["arn:aws:s3:::modernisation-platform-terraform-state"] } statement { @@ -315,8 +328,17 @@ data "aws_iam_policy_document" "oidc_assume_plan_role_member" { sid = "AllowOIDCReadState" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*", "arn:aws:s3:::modernisation-platform-terraform-state/"] - actions = ["s3:Get*", - "s3:List*"] + actions = [ + "s3:Get*", + "s3:List*" + ] + } + + statement { + sid = "AllowOIDCDeleteLock" + effect = "Allow" + resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*.tflock"] + actions = ["s3:DeleteObject"] } } diff --git a/terraform/modernisation-platform-account/s3.tf b/terraform/modernisation-platform-account/s3.tf index 84b4173e8..630a20fc2 100644 --- a/terraform/modernisation-platform-account/s3.tf +++ b/terraform/modernisation-platform-account/s3.tf @@ -426,7 +426,7 @@ data "aws_iam_policy_document" "allow-state-access-from-root-account" { } statement { - sid = "AllowSprinklerGithubActionRoleRemoveLock" + sid = "AllowSprinklerGithubActionRoleDeleteLock" effect = "Allow" actions = [ "s3:DeleteObject" From 78beab7800132900a46ad7426e42f4927cd16d39 Mon Sep 17 00:00:00 2001 From: David Sibley Date: Thu, 23 Jan 2025 21:35:57 +0000 Subject: [PATCH 09/27] applied terraform formatter --- .../environments/bootstrap/member-bootstrap/iam.tf | 8 ++++---- terraform/environments/sprinkler/iam.tf | 2 +- terraform/github/testing-ci.tf | 2 +- terraform/modernisation-platform-account/iam.tf | 8 ++++---- terraform/single-sign-on/backend.tf | 12 ++++++------ 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/terraform/environments/bootstrap/member-bootstrap/iam.tf b/terraform/environments/bootstrap/member-bootstrap/iam.tf index 7d68ab508..7c9b3bb5b 100644 --- a/terraform/environments/bootstrap/member-bootstrap/iam.tf +++ b/terraform/environments/bootstrap/member-bootstrap/iam.tf @@ -804,8 +804,8 @@ data "aws_iam_policy_document" "oidc_assume_role_member" { } statement { - sid = "AllowOIDCReadState" - effect = "Allow" + sid = "AllowOIDCReadState" + effect = "Allow" resources = [ "arn:aws:s3:::modernisation-platform-terraform-state/*", "arn:aws:s3:::modernisation-platform-terraform-state/" @@ -820,7 +820,7 @@ data "aws_iam_policy_document" "oidc_assume_role_member" { sid = "AllowOIDCWriteState" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/environments/members/*"] - actions = [ + actions = [ "s3:PutObject", "s3:PutObjectAcl" ] @@ -830,7 +830,7 @@ data "aws_iam_policy_document" "oidc_assume_role_member" { sid = "AllowOIDCDeleteLock" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/environments/members/*.tflock"] - actions = [ + actions = [ "s3:DeleteObject" ] } diff --git a/terraform/environments/sprinkler/iam.tf b/terraform/environments/sprinkler/iam.tf index 0384cc8fe..b3292b2c9 100644 --- a/terraform/environments/sprinkler/iam.tf +++ b/terraform/environments/sprinkler/iam.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "oidc_deny_specific_actions" { sid = "AllowOIDCReadState" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*", "arn:aws:s3:::modernisation-platform-terraform-state/"] - actions = ["s3:List*"] + actions = ["s3:List*"] } statement { diff --git a/terraform/github/testing-ci.tf b/terraform/github/testing-ci.tf index 9cbd366ee..65746fb38 100644 --- a/terraform/github/testing-ci.tf +++ b/terraform/github/testing-ci.tf @@ -37,7 +37,7 @@ data "aws_iam_policy_document" "testing_ci_policy" { } statement { - effect = "Allow" + effect = "Allow" actions = ["s3:DeleteObject"] resources = [ "arn:aws:s3:::modernisation-platform-terraform-state/*.tflock", diff --git a/terraform/modernisation-platform-account/iam.tf b/terraform/modernisation-platform-account/iam.tf index 6faff60f0..6d33bf7a3 100644 --- a/terraform/modernisation-platform-account/iam.tf +++ b/terraform/modernisation-platform-account/iam.tf @@ -82,7 +82,7 @@ data "aws_iam_policy_document" "collaborator_local_plan" { } statement { - sid = "TerraformStateAccessDeleteLock" + sid = "TerraformStateAccessDeleteLock" actions = ["s3:DeleteObject"] resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*.tflock"] @@ -209,9 +209,9 @@ data "aws_iam_policy_document" "modernisation_account_terraform_state_role" { resources = ["arn:aws:dynamodb:eu-west-2:${data.aws_caller_identity.current.account_id}:table/modernisation-platform-terraform-state-lock"] } statement { - sid = "AllowS3AccessList" - effect = "Allow" - actions = ["s3:ListBucket"] + sid = "AllowS3AccessList" + effect = "Allow" + actions = ["s3:ListBucket"] resources = ["arn:aws:s3:::modernisation-platform-terraform-state"] } statement { diff --git a/terraform/single-sign-on/backend.tf b/terraform/single-sign-on/backend.tf index 9e006350c..2c1681eee 100644 --- a/terraform/single-sign-on/backend.tf +++ b/terraform/single-sign-on/backend.tf @@ -2,11 +2,11 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf backend "s3" { - acl = "bucket-owner-full-control" - bucket = "modernisation-platform-terraform-state" - encrypt = true - key = "single-sign-on/terraform.tfstate" - region = "eu-west-2" - use_lockfile = true + acl = "bucket-owner-full-control" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "single-sign-on/terraform.tfstate" + region = "eu-west-2" + use_lockfile = true } } \ No newline at end of file From 5e761644ee45a3c62b691da7e69f6f60c9a5ccda Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 04:48:17 +0000 Subject: [PATCH 10/27] Automated code formatting fixes --- terraform/environments/sprinkler/iam.tf | 4 ++-- terraform/single-sign-on/backend.tf | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/terraform/environments/sprinkler/iam.tf b/terraform/environments/sprinkler/iam.tf index 1ada63806..e8bc0548e 100644 --- a/terraform/environments/sprinkler/iam.tf +++ b/terraform/environments/sprinkler/iam.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "oidc_deny_specific_actions" { sid = "AllowOIDCReadState" effect = "Allow" resources = ["arn:aws:s3:::modernisation-platform-terraform-state/*", "arn:aws:s3:::modernisation-platform-terraform-state/"] - actions = ["s3:List*"] + actions = ["s3:List*"] } statement { @@ -49,4 +49,4 @@ data "aws_iam_policy_document" "oidc_deny_specific_actions" { ] actions = ["s3:DeleteObject"] } -} \ No newline at end of file +} diff --git a/terraform/single-sign-on/backend.tf b/terraform/single-sign-on/backend.tf index 9e006350c..83ddd13f9 100644 --- a/terraform/single-sign-on/backend.tf +++ b/terraform/single-sign-on/backend.tf @@ -2,11 +2,11 @@ terraform { # `backend` blocks do not support variables, so the following are hard-coded here: # - S3 bucket name, which is created in terraform/modernisation-platform-account/s3.tf backend "s3" { - acl = "bucket-owner-full-control" - bucket = "modernisation-platform-terraform-state" - encrypt = true - key = "single-sign-on/terraform.tfstate" - region = "eu-west-2" - use_lockfile = true + acl = "bucket-owner-full-control" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "single-sign-on/terraform.tfstate" + region = "eu-west-2" + use_lockfile = true } -} \ No newline at end of file +} From 1cc9a758db1fb5535a8f7c2e6951919a323e0258 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 09:10:11 +0000 Subject: [PATCH 11/27] Bump github/codeql-action from 3.28.3 to 3.28.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.3 to 3.28.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7...ee117c905ab18f32fa0f66c2fe40ecc8013f3e04) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/code-scanning.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 305feebd8..548c204ed 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -39,7 +39,7 @@ jobs: run: tflint --disable-rule=terraform_unused_declarations --format sarif > tflint.sarif - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: sarif_file: tflint.sarif trivy: @@ -64,7 +64,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: success() || failure() - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: sarif_file: 'trivy-results.sarif' checkov: @@ -92,6 +92,6 @@ jobs: skip_check: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: sarif_file: ./checkov.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e58c1bf9f..49b35f681 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: sarif_file: results.sarif From 5e2cb77bce238b9f8a648b3d24f7c1bb9358747c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 09:11:05 +0000 Subject: [PATCH 12/27] Bump bridgecrewio/checkov-action from 12.2946.0 to 12.2948.0 Bumps [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) from 12.2946.0 to 12.2948.0. - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](https://github.com/bridgecrewio/checkov-action/compare/3cb001754ea6e3e3fdd99cf32c0fc0e52b299453...50b959918599bb15388ef018e2f51c5e83e2d0e2) --- updated-dependencies: - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/code-scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 305feebd8..9de6d8f29 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -82,7 +82,7 @@ jobs: fetch-depth: 0 - name: Run Checkov action id: checkov - uses: bridgecrewio/checkov-action@3cb001754ea6e3e3fdd99cf32c0fc0e52b299453 # v12.2946.0 + uses: bridgecrewio/checkov-action@50b959918599bb15388ef018e2f51c5e83e2d0e2 # v12.2948.0 with: directory: ./ framework: terraform From 51dbaaaa9e322c9e0ad8a7e10aedca4d6085f86d Mon Sep 17 00:00:00 2001 From: Rich Green Date: Fri, 24 Jan 2025 11:54:02 +0000 Subject: [PATCH 13/27] add new local for `vpc_cloudwatch_rlq_associations` --- terraform/environments/core-vpc/logging.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/core-vpc/logging.tf b/terraform/environments/core-vpc/logging.tf index 61fdad1df..4ed7421fb 100644 --- a/terraform/environments/core-vpc/logging.tf +++ b/terraform/environments/core-vpc/logging.tf @@ -11,6 +11,9 @@ locals { } } ]...) + vpc_cloudwatch_rlq_associations = { + for key, value in local.vpc_rlq_associations : key => value if can(regex("cloudwatch", key)) + } } data "aws_route53_resolver_query_log_config" "core_logging" { @@ -22,10 +25,7 @@ data "aws_route53_resolver_query_log_config" "core_logging" { } resource "aws_route53_resolver_query_log_config_association" "core_logging" { - for_each = { - for key, value in local.vpc_rlq_associations : - key => value if local.is-production || can(regex("core-logging-rlq-cloudwatch", key)) - } + for_each = local.is-production ? local.vpc_rlq_associations : local.vpc_cloudwatch_rlq_associations resolver_query_log_config_id = each.value.rlq_id resource_id = each.value.vpc_id } \ No newline at end of file From 7ad43818ff93e02b77be97b1ae9d2ebd375552c4 Mon Sep 17 00:00:00 2001 From: Aaron Robinson <41325732+ASTRobinson@users.noreply.github.com> Date: Fri, 24 Jan 2025 15:41:46 +0000 Subject: [PATCH 14/27] Fix Pagination --- scripts/git-create-environments.sh | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/scripts/git-create-environments.sh b/scripts/git-create-environments.sh index 67062f1c8..bf3e1ee1a 100755 --- a/scripts/git-create-environments.sh +++ b/scripts/git-create-environments.sh @@ -11,16 +11,31 @@ get_existing_environments() { github_environments="" while :; do - response=$(curl -s \ + response=$(curl -si \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token ${secret}" \ "https://api.github.com/repos/${repository}/environments?per_page=100&page=${page}") - current_page_environments=$(echo $response | jq -r '.environments[].name') + # Separate headers and body using awk + headers=$(echo "$response" | awk 'BEGIN {RS="\r\n\r\n"} NR==1 {print}') + body=$(echo "$response" | awk 'BEGIN {RS="\r\n\r\n"} NR==2 {print}') + + # Debug output to see the headers and body + # echo "Headers for page ${page}:" + # echo "${headers}" + # echo "Body for page ${page}:" + # echo "${body}" + + current_page_environments=$(echo "$body" | jq -r '.environments[].name') + if [ $? -ne 0 ]; then + echo "jq error: Failed to parse JSON" + exit 1 + fi + github_environments="${github_environments} ${current_page_environments}" # Check if there's a "next" link in the headers - next_link=$(echo "$response" | grep -i '^link:' | sed -n 's/.*<\(.*\)>; rel="next".*/\1/p') + next_link=$(echo "$headers" | grep -i '^link:' | sed -n 's/.*<\(.*\)>; rel="next".*/\1/p') if [ -z "$next_link" ]; then break # No more pages to fetch From 7f08bebeefd8ea2810c8ea0787dd9d39e59e6f25 Mon Sep 17 00:00:00 2001 From: Aaron Robinson <41325732+ASTRobinson@users.noreply.github.com> Date: Fri, 24 Jan 2025 15:53:20 +0000 Subject: [PATCH 15/27] trigger-workflow --- environments/sprinkler.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/environments/sprinkler.json b/environments/sprinkler.json index d8d01aab8..c4a5648b3 100644 --- a/environments/sprinkler.json +++ b/environments/sprinkler.json @@ -44,8 +44,7 @@ "level": "developer", "nuke": "rebuild" } - ], - "additional_reviewers": ["astrobinson"] + ] } ], "tags": { From b749ed8484e2794368ef298a735f5e4a532c546f Mon Sep 17 00:00:00 2001 From: "Vincent.Cheung" Date: Fri, 24 Jan 2025 16:29:31 +0000 Subject: [PATCH 16/27] TM-893 Add new role for MojFin lower envs for SSM users --- environments/mojfin.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/environments/mojfin.json b/environments/mojfin.json index 75c0639f8..c5973d83a 100644 --- a/environments/mojfin.json +++ b/environments/mojfin.json @@ -11,6 +11,10 @@ { "sso_group_name": "laa-mojfin-developers", "level": "developer" + }, + { + "sso_group_name": "laa-mojfin-database-access", + "level": "instance-management" } ] }, @@ -37,6 +41,10 @@ { "sso_group_name": "laa-mojfin-developers", "level": "developer" + }, + { + "sso_group_name": "laa-mojfin-database-access", + "level": "instance-management" } ] }, @@ -57,7 +65,7 @@ "tags": { "application": "mojfin", "business-unit": "LAA", - "infrastructure-support": "aws-webops-laa@digital.justice.gov.uk", + "infrastructure-support": "laa_ops@digital.justice.gov.uk", "owner": "william.moran@justice.gov.uk", "critical-national-infrastructure": false }, From 6ea09d90ea3fc1ee942ce20234c6dce2c014b8a7 Mon Sep 17 00:00:00 2001 From: modernisation-platform-ci Date: Sat, 25 Jan 2025 22:41:55 +0000 Subject: [PATCH 17/27] Workflow: created files in .github --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cfb305a87..c399b5275 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -427,6 +427,10 @@ updates: directory: "/terraform/modules/kms" schedule: interval: "daily" + - package-ecosystem: "terraform" + directory: "/terraform/modules/r53-dns-firewall" + schedule: + interval: "daily" - package-ecosystem: "terraform" directory: "/terraform/modules/ram-ec2-retagging" schedule: From 0418e80e611a7aa02b6b540241157fc832101faa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:23:50 +0000 Subject: [PATCH 18/27] Bump github.com/aws/aws-sdk-go-v2 Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.33.0 to 1.34.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.33.0...v1.34.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- scripts/internal/get-testing-ci-user-creds/go.mod | 4 ++-- scripts/internal/get-testing-ci-user-creds/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/internal/get-testing-ci-user-creds/go.mod b/scripts/internal/get-testing-ci-user-creds/go.mod index 3acb5c898..f0ec15ec5 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.mod +++ b/scripts/internal/get-testing-ci-user-creds/go.mod @@ -3,7 +3,7 @@ module modernisation-platform/get-testing-creds go 1.23 require ( - github.com/aws/aws-sdk-go-v2 v1.33.0 + github.com/aws/aws-sdk-go-v2 v1.34.0 github.com/aws/aws-sdk-go-v2/config v1.29.1 github.com/aws/aws-sdk-go-v2/credentials v1.17.54 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13 @@ -19,5 +19,5 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect - github.com/aws/smithy-go v1.22.1 // indirect + github.com/aws/smithy-go v1.22.2 // indirect ) diff --git a/scripts/internal/get-testing-ci-user-creds/go.sum b/scripts/internal/get-testing-ci-user-creds/go.sum index a38dea3f7..5cead10e9 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.sum +++ b/scripts/internal/get-testing-ci-user-creds/go.sum @@ -1,5 +1,5 @@ -github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= -github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= +github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= @@ -24,5 +24,5 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSb github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= -github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= From 3edc7ff3b0be4d6d6b029c6fcad41402ae540507 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:28:46 +0000 Subject: [PATCH 19/27] Bump actions/setup-node from 4.1.0 to 4.2.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/39370e3970a6d050c480ffad4ff0ed4d3fdee5af...1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/notify-user-new-environment-created.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/notify-user-new-environment-created.yml b/.github/workflows/notify-user-new-environment-created.yml index 9120ffb58..f6953191a 100644 --- a/.github/workflows/notify-user-new-environment-created.yml +++ b/.github/workflows/notify-user-new-environment-created.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20 - name: Send message to user on onboarding issue close From 9f0e88b2f551a5590bfd1b80970465978b83993b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:28:49 +0000 Subject: [PATCH 20/27] Bump oxsecurity/megalinter from 8.3.0 to 8.4.0 Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 8.3.0 to 8.4.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/1fc052d03c7a43c78fe0fee19c9d648b749e0c01...f90c800040e4f84800700b27b2394d3eecc1fdad) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/format-code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml index b76aed919..4b4a2ab4e 100644 --- a/.github/workflows/format-code.yml +++ b/.github/workflows/format-code.yml @@ -41,7 +41,7 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter/flavors/terraform@1fc052d03c7a43c78fe0fee19c9d648b749e0c01 #v8.3.0 + uses: oxsecurity/megalinter/flavors/terraform@f90c800040e4f84800700b27b2394d3eecc1fdad #v8.4.0 env: # All available variables are described in documentation # https://megalinter.io/configuration/#shared-variables From 681d59c87f66eb736a23aaca7c07451f54be381c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:28:56 +0000 Subject: [PATCH 21/27] Bump github/codeql-action from 3.28.4 to 3.28.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.4 to 3.28.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ee117c905ab18f32fa0f66c2fe40ecc8013f3e04...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/code-scanning.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index c39bdaa09..35055c0d0 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -39,7 +39,7 @@ jobs: run: tflint --disable-rule=terraform_unused_declarations --format sarif > tflint.sarif - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: tflint.sarif trivy: @@ -64,7 +64,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: success() || failure() - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: 'trivy-results.sarif' checkov: @@ -92,6 +92,6 @@ jobs: skip_check: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: ./checkov.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 49b35f681..c4aabe9bb 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif From bcb5c529bfd0e6d2d30cba928747dec29046fd28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:29:30 +0000 Subject: [PATCH 22/27] Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.34.13 to 1.34.14. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/textract/v1.34.13...service/textract/v1.34.14) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- scripts/internal/get-testing-ci-user-creds/go.mod | 6 +++--- scripts/internal/get-testing-ci-user-creds/go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/scripts/internal/get-testing-ci-user-creds/go.mod b/scripts/internal/get-testing-ci-user-creds/go.mod index f0ec15ec5..a95c45c72 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.mod +++ b/scripts/internal/get-testing-ci-user-creds/go.mod @@ -6,14 +6,14 @@ require ( github.com/aws/aws-sdk-go-v2 v1.34.0 github.com/aws/aws-sdk-go-v2/config v1.29.1 github.com/aws/aws-sdk-go-v2/credentials v1.17.54 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 ) require ( github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect diff --git a/scripts/internal/get-testing-ci-user-creds/go.sum b/scripts/internal/get-testing-ci-user-creds/go.sum index 5cead10e9..7a3a14102 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.sum +++ b/scripts/internal/get-testing-ci-user-creds/go.sum @@ -6,18 +6,18 @@ github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAu github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13 h1:+dFX6kb0ekos09TP4icFIyqq/u3POCQDSrShc9ZkCCI= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13/go.mod h1:l+Fboycn+g9RMQcYbTfpqF/d3qZn90q5PYmO7Biu+WM= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 h1:rhT0h8cSV5ZNZWy67Eqe3OQTFGRu9xwgyFsuGeIXmGQ= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14/go.mod h1:CLEjbx0xH3ptihCb1l0XlrqoGfWD9xU0na47/s7fR/s= github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY= From ad5f94efdbebf9aef4fefefd2f2b0d069c0eca51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:29:49 +0000 Subject: [PATCH 23/27] Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.34.13 to 1.34.14. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/textract/v1.34.13...service/textract/v1.34.14) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .../internal/get-security-hub-findings/go.mod | 10 +++++----- .../internal/get-security-hub-findings/go.sum | 20 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/internal/get-security-hub-findings/go.mod b/scripts/internal/get-security-hub-findings/go.mod index 3129fc8c5..0b63c4c6e 100644 --- a/scripts/internal/get-security-hub-findings/go.mod +++ b/scripts/internal/get-security-hub-findings/go.mod @@ -3,22 +3,22 @@ module modernisation-platform/get-security-hub-findings go 1.23 require ( - github.com/aws/aws-sdk-go-v2 v1.33.0 + github.com/aws/aws-sdk-go-v2 v1.34.0 github.com/aws/aws-sdk-go-v2/config v1.29.1 github.com/aws/aws-sdk-go-v2/credentials v1.17.54 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 ) require ( github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect - github.com/aws/smithy-go v1.22.1 // indirect + github.com/aws/smithy-go v1.22.2 // indirect ) diff --git a/scripts/internal/get-security-hub-findings/go.sum b/scripts/internal/get-security-hub-findings/go.sum index f909ca3c3..5d27ef11a 100644 --- a/scripts/internal/get-security-hub-findings/go.sum +++ b/scripts/internal/get-security-hub-findings/go.sum @@ -1,23 +1,23 @@ -github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= -github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= +github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13 h1:+dFX6kb0ekos09TP4icFIyqq/u3POCQDSrShc9ZkCCI= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.13/go.mod h1:l+Fboycn+g9RMQcYbTfpqF/d3qZn90q5PYmO7Biu+WM= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 h1:rhT0h8cSV5ZNZWy67Eqe3OQTFGRu9xwgyFsuGeIXmGQ= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14/go.mod h1:CLEjbx0xH3ptihCb1l0XlrqoGfWD9xU0na47/s7fR/s= github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 h1:1f8l9jG/6vP0WP1Lo8QJNGL0DaJRFiD+pqeAaCcUVBk= github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5/go.mod h1:8IYDBdfP7wR5P1hZ9WacHyV97Fnvrvbz/LvDjSOynKM= github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= @@ -26,5 +26,5 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSb github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= -github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= From c0da839f070c9d795e9f5940bbc7a41783e44524 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:33:45 +0000 Subject: [PATCH 24/27] Bump github.com/aws/aws-sdk-go-v2/config Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.1 to 1.29.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.1...config/v1.29.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .../internal/get-testing-ci-user-creds/go.mod | 18 +++++----- .../internal/get-testing-ci-user-creds/go.sum | 36 +++++++++---------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/scripts/internal/get-testing-ci-user-creds/go.mod b/scripts/internal/get-testing-ci-user-creds/go.mod index a95c45c72..3abc60fae 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.mod +++ b/scripts/internal/get-testing-ci-user-creds/go.mod @@ -4,20 +4,20 @@ go 1.23 require ( github.com/aws/aws-sdk-go-v2 v1.34.0 - github.com/aws/aws-sdk-go-v2/config v1.29.1 - github.com/aws/aws-sdk-go-v2/credentials v1.17.54 + github.com/aws/aws-sdk-go-v2/config v1.29.2 + github.com/aws/aws-sdk-go-v2/credentials v1.17.55 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 ) require ( - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 // indirect github.com/aws/smithy-go v1.22.2 // indirect ) diff --git a/scripts/internal/get-testing-ci-user-creds/go.sum b/scripts/internal/get-testing-ci-user-creds/go.sum index 7a3a14102..d8bded580 100644 --- a/scripts/internal/get-testing-ci-user-creds/go.sum +++ b/scripts/internal/get-testing-ci-user-creds/go.sum @@ -1,28 +1,28 @@ github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= -github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= -github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/config v1.29.2 h1:JuIxOEPcSKpMB0J+khMjznG9LIhIBdmqNiEcPclnwqc= +github.com/aws/aws-sdk-go-v2/config v1.29.2/go.mod h1:HktTHregOZwNSM/e7WTfVSu9RCX+3eOv+6ij27PtaYs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55 h1:CDhKnDEaGkLA5ZszV/qw5uwN5M8rbv9Cl0JRN+PRsaM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55/go.mod h1:kPD/vj+RB5MREDUky376+zdnjZpR+WgdBBvwrmnlmKE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 h1:kU7tmXNaJ07LsyN3BUgGqAmVmQtq0w6duVIHAKfp0/w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25/go.mod h1:OiC8+OiqrURb1wrwmr/UbOVLFSWEGxjinj5C299VQdo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGswmFTOVYqmbz1GBs9ZMtQe8SrYxPwrkrlRv8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10/go.mod h1:TsxON4fEZXyrKY+D+3d2gSTyJkGORexIYab9PTf56DA= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 h1:rhT0h8cSV5ZNZWy67Eqe3OQTFGRu9xwgyFsuGeIXmGQ= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14/go.mod h1:CLEjbx0xH3ptihCb1l0XlrqoGfWD9xU0na47/s7fR/s= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 h1:kznaW4f81mNMlREkU9w3jUuJvU5g/KsqDV43ab7Rp6s= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12/go.mod h1:bZy9r8e0/s0P7BSDHgMLXK2KvdyRRBIQ2blKlvLt0IU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 h1:mUwIpAvILeKFnRx4h1dEgGEFGuV8KJ3pEScZWVFYuZA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11/go.mod h1:JDJtD+b8HNVv71axz8+S5492KM8wTzHRFpMKQbPlYxw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 h1:g9d+TOsu3ac7SgmY2dUf1qMgu/uJVTlQ4VCbH6hRxSw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10/go.mod h1:WZfNmntu92HO44MVZAubQaz3qCuIdeOdog2sADfU6hU= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= From d7eaee9967e47047a628538439e39fbc22476698 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:41:36 +0000 Subject: [PATCH 25/27] Bump github.com/aws/aws-sdk-go-v2/credentials Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.17.54 to 1.17.55. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.54...credentials/v1.17.55) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .../internal/get-security-hub-findings/go.mod | 14 +++++----- .../internal/get-security-hub-findings/go.sum | 28 +++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/scripts/internal/get-security-hub-findings/go.mod b/scripts/internal/get-security-hub-findings/go.mod index 0b63c4c6e..43dde4031 100644 --- a/scripts/internal/get-security-hub-findings/go.mod +++ b/scripts/internal/get-security-hub-findings/go.mod @@ -5,20 +5,20 @@ go 1.23 require ( github.com/aws/aws-sdk-go-v2 v1.34.0 github.com/aws/aws-sdk-go-v2/config v1.29.1 - github.com/aws/aws-sdk-go-v2/credentials v1.17.54 + github.com/aws/aws-sdk-go-v2/credentials v1.17.55 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 ) require ( - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 // indirect github.com/aws/smithy-go v1.22.2 // indirect ) diff --git a/scripts/internal/get-security-hub-findings/go.sum b/scripts/internal/get-security-hub-findings/go.sum index 5d27ef11a..e490de449 100644 --- a/scripts/internal/get-security-hub-findings/go.sum +++ b/scripts/internal/get-security-hub-findings/go.sum @@ -2,29 +2,29 @@ github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vrea github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55 h1:CDhKnDEaGkLA5ZszV/qw5uwN5M8rbv9Cl0JRN+PRsaM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55/go.mod h1:kPD/vj+RB5MREDUky376+zdnjZpR+WgdBBvwrmnlmKE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 h1:kU7tmXNaJ07LsyN3BUgGqAmVmQtq0w6duVIHAKfp0/w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25/go.mod h1:OiC8+OiqrURb1wrwmr/UbOVLFSWEGxjinj5C299VQdo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGswmFTOVYqmbz1GBs9ZMtQe8SrYxPwrkrlRv8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10/go.mod h1:TsxON4fEZXyrKY+D+3d2gSTyJkGORexIYab9PTf56DA= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 h1:rhT0h8cSV5ZNZWy67Eqe3OQTFGRu9xwgyFsuGeIXmGQ= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14/go.mod h1:CLEjbx0xH3ptihCb1l0XlrqoGfWD9xU0na47/s7fR/s= github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 h1:1f8l9jG/6vP0WP1Lo8QJNGL0DaJRFiD+pqeAaCcUVBk= github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5/go.mod h1:8IYDBdfP7wR5P1hZ9WacHyV97Fnvrvbz/LvDjSOynKM= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 h1:kznaW4f81mNMlREkU9w3jUuJvU5g/KsqDV43ab7Rp6s= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12/go.mod h1:bZy9r8e0/s0P7BSDHgMLXK2KvdyRRBIQ2blKlvLt0IU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 h1:mUwIpAvILeKFnRx4h1dEgGEFGuV8KJ3pEScZWVFYuZA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11/go.mod h1:JDJtD+b8HNVv71axz8+S5492KM8wTzHRFpMKQbPlYxw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 h1:g9d+TOsu3ac7SgmY2dUf1qMgu/uJVTlQ4VCbH6hRxSw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10/go.mod h1:WZfNmntu92HO44MVZAubQaz3qCuIdeOdog2sADfU6hU= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= From 223d4ff5910472c0f9ecde154e2348f015b39f2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:45:40 +0000 Subject: [PATCH 26/27] Bump github.com/aws/aws-sdk-go-v2/service/securityhub Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.5 to 1.55.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.55.5...service/iot/v1.55.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- scripts/internal/get-security-hub-findings/go.mod | 2 +- scripts/internal/get-security-hub-findings/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/internal/get-security-hub-findings/go.mod b/scripts/internal/get-security-hub-findings/go.mod index 43dde4031..4fe7277bf 100644 --- a/scripts/internal/get-security-hub-findings/go.mod +++ b/scripts/internal/get-security-hub-findings/go.mod @@ -7,7 +7,7 @@ require ( github.com/aws/aws-sdk-go-v2/config v1.29.1 github.com/aws/aws-sdk-go-v2/credentials v1.17.55 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 - github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 + github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.6 github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 ) diff --git a/scripts/internal/get-security-hub-findings/go.sum b/scripts/internal/get-security-hub-findings/go.sum index e490de449..1352b8cac 100644 --- a/scripts/internal/get-security-hub-findings/go.sum +++ b/scripts/internal/get-security-hub-findings/go.sum @@ -18,8 +18,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGs github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10/go.mod h1:TsxON4fEZXyrKY+D+3d2gSTyJkGORexIYab9PTf56DA= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 h1:rhT0h8cSV5ZNZWy67Eqe3OQTFGRu9xwgyFsuGeIXmGQ= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14/go.mod h1:CLEjbx0xH3ptihCb1l0XlrqoGfWD9xU0na47/s7fR/s= -github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5 h1:1f8l9jG/6vP0WP1Lo8QJNGL0DaJRFiD+pqeAaCcUVBk= -github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.5/go.mod h1:8IYDBdfP7wR5P1hZ9WacHyV97Fnvrvbz/LvDjSOynKM= +github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.6 h1:dqBbbqO0VIoGHsT8ZfH3MMOYP59xckJ4mnC/luO2LqQ= +github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.6/go.mod h1:Tk4wQGDT645pvvQD142cn4u2qZLER+76SabLY3HknBo= github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 h1:kznaW4f81mNMlREkU9w3jUuJvU5g/KsqDV43ab7Rp6s= github.com/aws/aws-sdk-go-v2/service/sso v1.24.12/go.mod h1:bZy9r8e0/s0P7BSDHgMLXK2KvdyRRBIQ2blKlvLt0IU= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 h1:mUwIpAvILeKFnRx4h1dEgGEFGuV8KJ3pEScZWVFYuZA= From 1f3380ba1dca82151a6eb27f0cae57dda12d3c94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:50:22 +0000 Subject: [PATCH 27/27] Bump github.com/aws/aws-sdk-go-v2/config Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.1 to 1.29.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.1...config/v1.29.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- scripts/internal/get-security-hub-findings/go.mod | 4 ++-- scripts/internal/get-security-hub-findings/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/internal/get-security-hub-findings/go.mod b/scripts/internal/get-security-hub-findings/go.mod index 4fe7277bf..3ae347523 100644 --- a/scripts/internal/get-security-hub-findings/go.mod +++ b/scripts/internal/get-security-hub-findings/go.mod @@ -4,7 +4,7 @@ go 1.23 require ( github.com/aws/aws-sdk-go-v2 v1.34.0 - github.com/aws/aws-sdk-go-v2/config v1.29.1 + github.com/aws/aws-sdk-go-v2/config v1.29.2 github.com/aws/aws-sdk-go-v2/credentials v1.17.55 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.14 github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.6 @@ -15,7 +15,7 @@ require ( github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 // indirect diff --git a/scripts/internal/get-security-hub-findings/go.sum b/scripts/internal/get-security-hub-findings/go.sum index 1352b8cac..22f97b025 100644 --- a/scripts/internal/get-security-hub-findings/go.sum +++ b/scripts/internal/get-security-hub-findings/go.sum @@ -1,7 +1,7 @@ github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= -github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= -github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= +github.com/aws/aws-sdk-go-v2/config v1.29.2 h1:JuIxOEPcSKpMB0J+khMjznG9LIhIBdmqNiEcPclnwqc= +github.com/aws/aws-sdk-go-v2/config v1.29.2/go.mod h1:HktTHregOZwNSM/e7WTfVSu9RCX+3eOv+6ij27PtaYs= github.com/aws/aws-sdk-go-v2/credentials v1.17.55 h1:CDhKnDEaGkLA5ZszV/qw5uwN5M8rbv9Cl0JRN+PRsaM= github.com/aws/aws-sdk-go-v2/credentials v1.17.55/go.mod h1:kPD/vj+RB5MREDUky376+zdnjZpR+WgdBBvwrmnlmKE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 h1:kU7tmXNaJ07LsyN3BUgGqAmVmQtq0w6duVIHAKfp0/w= @@ -10,8 +10,8 @@ github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G48 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGswmFTOVYqmbz1GBs9ZMtQe8SrYxPwrkrlRv8=