Comment out unencrypted migration method in encryption configuration (#189)

Author: brettcurtis

.github/workflows/plan-and-apply.yml

@@ -74,7 +74,7 @@ jobs:
       # https://github.com/marketplace/actions/cache
 
       - name: Setup cache
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.0
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ${{ inputs.working_directory }}/.terraform
@@ -87,15 +87,15 @@ jobs:
       # https://github.com/marketplace/actions/checkout
 
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ inputs.checkout_ref }}
 
       # Google Cloud Platform - Authenticate to Google Cloud
       # https://github.com/marketplace/actions/authenticate-to-google-cloud
 
       - name: Authenticate
-        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v2.1.6
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
         with:
           create_credentials_file: true
           service_account: ${{ inputs.service_account }}
@@ -173,15 +173,15 @@ jobs:
       # https://github.com/marketplace/actions/checkout
 
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ inputs.checkout_ref }}
 
       # Google Cloud Platform - Authenticate to Google Cloud
       # https://github.com/marketplace/actions/authenticate-to-google-cloud
 
       - name: Authenticate
-        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v2.1.6
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
         with:
           create_credentials_file: true
           service_account: ${{ inputs.service_account }}

tests/plan-and-apply/main.tofu

@@ -14,16 +14,18 @@ module "project" {
 # Google Storage Bucket Module (osinfra.io)
 # https://github.com/osinfra-io/opentofu-google-storage-bucket
 
-module "bucket" {
-  source = "github.com/osinfra-io/opentofu-google-storage-bucket?ref=642c3eb45623e0e619dcc3c80c98ef804da7c153" # v0.2.1
+# Comment or un-comment out the following two resources to test the apply job.
 
-  force_destroy = true
-  labels        = module.helpers.labels
-  location      = "US"
-  name          = "test-${random_id.test.hex}-${module.helpers.env}"
-  project       = module.project.id
-}
+# module "bucket" {
+#   source = "github.com/osinfra-io/opentofu-google-storage-bucket?ref=642c3eb45623e0e619dcc3c80c98ef804da7c153" # v0.2.1
 
-resource "random_id" "test" {
-  byte_length = 4
-}
+#   force_destroy = true
+#   labels        = module.helpers.labels
+#   location      = "US"
+#   name          = "test-${random_id.test.hex}-${module.helpers.env}"
+#   project       = module.project.id
+# }
+
+# resource "random_id" "test" {
+#   byte_length = 4
+# }

tests/plan-and-apply/providers.tofu

@@ -7,7 +7,7 @@ terraform {
   # fallback encryption methods for state and plan files for bootstrapping.
 
   encryption {
-    method "unencrypted" "migrate" {}
+    # method "unencrypted" "migrate" {}
 
     key_provider "gcp_kms" "default" {
       kms_encryption_key = var.kms_encryption_key
@@ -19,21 +19,21 @@ terraform {
     }
 
     plan {
-      method = method.aes_gcm.default
-      #enforced = true
+      method   = method.aes_gcm.default
+      enforced = true
 
-      fallback {
-        method = method.unencrypted.migrate
-      }
+      # fallback {
+      #   method = method.unencrypted.migrate
+      # }
     }
 
     state {
-      method = method.aes_gcm.default
-      #enforced = true
+      method   = method.aes_gcm.default
+      enforced = true
 
-      fallback {
-        method = method.unencrypted.migrate
-      }
+      # fallback {
+      #   method = method.unencrypted.migrate
+      # }
     }
   }