Skip to content

fix remote resource bug#1335

Merged
eschultink merged 9 commits into
rc-v0.6.7from
s228-fix-remote-resource-bug
Jul 1, 2026
Merged

fix remote resource bug#1335
eschultink merged 9 commits into
rc-v0.6.7from
s228-fix-remote-resource-bug

Conversation

@eschultink

@eschultink eschultink commented Jun 30, 2026

Copy link
Copy Markdown
Member

Fixes

  • prebuilt bundle apply bug - when using prebuilt bundles, but not enabling remote resources - the terraform modules have errors

Change implications

  • dependencies added/changed? no
  • something important to note in future release notes?
    • NOTE in CHANGELOG.md anything that will show up in terraform plan/apply that isn't obviously a no-op?
      • Unlikely — this is a bug fix for apply behavior when remote resources are absent; no expected plan/apply diffs for existing working configs.
    • breaking changes? if in module/example that is NOT marked alpha, requires major version change
      • No — fixes incorrect apply behavior; should not require a major version bump.

@eschultink eschultink self-assigned this Jun 30, 2026
eschultink and others added 2 commits June 30, 2026 14:59
Use s3api head-object and HTTP HEAD instead of s3 ls, which requires ListBucket on public artifact buckets.

Co-authored-by: Cursor <cursoragent@cursor.com>
Resolve CHANGELOG and remote-resources doc conflicts by keeping the
Unreleased entry and combining release link formatting with branch docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
Terraform does not short-circuit || in variable validation, so
provision_auth_key = {} failed with null > 0. Mirror the GCP fix
using a ternary chain.

Co-authored-by: Erik Schultink <eschultink@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes Terraform plan/apply issues when using prebuilt s3:// / gs:// deployment bundles in configurations that may (or may not) also enable remote resource loading, by making artifacts-bucket provisioning and wiring more explicit and resilient.

Changes:

  • Add enable_remote_resources to the core aws / gcp modules and adjust artifacts bucket provisioning logic for prebuilt bundle scenarios.
  • Separate “deployment bundle bucket” from “artifacts bucket” in GCP so host modules can deploy from a remote bundle while still optionally using an artifacts bucket for remote resources.
  • Harden remote-resource IAM/env-var handling (AWS) and update docs + changelog to reflect the opt-in behavior and provisioning rules.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
tools/lib/deployment-bundle.sh Adds S3 URL parsing + existence checks using aws s3api head-object with a curl fallback.
infra/modules/gcp/variables.tf Introduces enable_remote_resources and clarifies artifacts bucket variable semantics.
infra/modules/gcp/main.tf Adjusts artifacts-bucket provisioning and introduces outputs to distinguish deployment bundle bucket vs artifacts bucket.
infra/modules/gcp-host/variables.tf Updates custom_artifacts_bucket_name/enable_remote_resources descriptions.
infra/modules/gcp-host/main.tf Wires enable_remote_resources through and uses the new deployment bundle bucket output for function deployment.
infra/modules/aws/variables.tf Introduces enable_remote_resources and clarifies artifacts bucket semantics.
infra/modules/aws/main.tf Updates bucket provisioning logic to provision an artifacts bucket when remote resources are enabled.
infra/modules/aws-proxy-lambda/remote_resource_iam.tftest.hcl Adds a test ensuring no remote-resource IAM statement is created when bucket is null.
infra/modules/aws-proxy-lambda/main.tf Guards env vars/IAM ARN generation so paths without a bucket don’t generate remote-resource config.
infra/modules/aws-host/variables.tf Updates descriptions for artifacts bucket + remote resources behavior.
infra/modules/aws-host/main.tf Passes enable_remote_resources into the aws module and gates remote resource wiring on bucket existence.
docs/configuration/remote-resources.md Updates documentation to describe opt-in remote resources and bucket provisioning behavior.
CHANGELOG.md Adds an Unreleased note describing the plan/apply fix for prebuilt bundles + remote resources.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread infra/modules/gcp/main.tf Outdated
Comment on lines +208 to +211
if http_url="$(deployment_bundle_s3_to_http_url "$bundle_path")"; then
curl -fsSI "$http_url" >/dev/null 2>&1
return $?
fi

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would just prefer to error on anythign that's not a 2xx, right??

Comment thread infra/modules/aws/main.tf
Comment thread infra/modules/gcp/main.tf Outdated
eschultink and others added 2 commits June 30, 2026 15:06
…te resources

coalesce() fails when no artifacts bucket is provisioned and custom_artifacts_bucket_name
is unset; use a ternary chain so plan succeeds for gs:// deployment bundles.

Co-authored-by: Cursor <cursoragent@cursor.com>
eschultink and others added 3 commits July 1, 2026 10:36
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
- Gate GCP artifacts bucket provisioning on custom_artifacts_bucket_name
- Preserve full object key for gs:// deployment bundles with nested paths
- Follow S3 redirects in deployment bundle HTTP existence check

Co-authored-by: Cursor <cursoragent@cursor.com>
Follow redirects with a max of 5 hops, then fail unless the final
response is 2xx so region redirects cannot masquerade as success.

Co-authored-by: Cursor <cursoragent@cursor.com>
@eschultink eschultink merged commit dd93d87 into rc-v0.6.7 Jul 1, 2026
120 checks passed
@eschultink eschultink deleted the s228-fix-remote-resource-bug branch July 1, 2026 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants