delete rustc-ci rust-lang-security data

[marcoieni]

In #733 I deleted the rust-lang-ci module because in #666 we refactored it and moved it to terragrunt. Now I want to delete the security module as well and get ride of the entire terraform module.

@rust-lang/security Is it fine to delete these resources?

If any of you approved the PR I will run terraform destroy and merge this PR.
Note that the s3 buckets rust-lang-security-ci-artifacts and rust-lang-security-ci-caches are both empty.

Maybe we can also archive https://github.com/rust-lang-ci/rsec since it seems unused? 🤔
From my understanding we use this feature of GitHub now

Output of terraform destroy:

Terraform will perform the following actions:

  # module.security.aws_s3_bucket.artifacts will be destroyed
  - resource "aws_s3_bucket" "artifacts" {
      - acl                         = "public-read" -> null
      - arn                         = "arn:aws:s3:::rust-lang-security-ci-artifacts" -> null
      - bucket                      = "rust-lang-security-ci-artifacts" -> null
      - bucket_domain_name          = "rust-lang-security-ci-artifacts.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "rust-lang-security-ci-artifacts.s3.us-west-1.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2F56UZL2M1ACD" -> null
      - id                          = "rust-lang-security-ci-artifacts" -> null
      - object_lock_enabled         = false -> null
      - region                      = "us-west-1" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null

      - grant {
          - id          = "730816d54a134d4c9688ff28754024b230dfdec7744a131ddf1df25ad98fe560" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - lifecycle_rule {
          - abort_incomplete_multipart_upload_days = 1 -> null
          - enabled                                = true -> null
          - id                                     = "cleanup-rustc-builds" -> null
          - prefix                                 = "rustc-builds" -> null
          - tags                                   = {} -> null

          - expiration {
              - days                         = 90 -> null
              - expired_object_delete_marker = false -> null
            }

          - noncurrent_version_expiration {
              - days = 1 -> null
            }
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }
    }

  # module.security.aws_s3_bucket.caches will be destroyed
  - resource "aws_s3_bucket" "caches" {
      - acl                         = "private" -> null
      - arn                         = "arn:aws:s3:::rust-lang-security-ci-caches" -> null
      - bucket                      = "rust-lang-security-ci-caches" -> null
      - bucket_domain_name          = "rust-lang-security-ci-caches.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "rust-lang-security-ci-caches.s3.us-west-1.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2F56UZL2M1ACD" -> null
      - id                          = "rust-lang-security-ci-caches" -> null
      - object_lock_enabled         = false -> null
      - region                      = "us-west-1" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null

      - grant {
          - id          = "730816d54a134d4c9688ff28754024b230dfdec7744a131ddf1df25ad98fe560" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - lifecycle_rule {
          - abort_incomplete_multipart_upload_days = 1 -> null
          - enabled                                = true -> null
          - id                                     = "delete-bucket-after-90-days" -> null
          - tags                                   = {} -> null

          - expiration {
              - days                         = 30 -> null
              - expired_object_delete_marker = false -> null
            }

          - noncurrent_version_expiration {
              - days = 1 -> null
            }
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }
    }

  # module.security.aws_s3_bucket_inventory.artifacts will be destroyed
  - resource "aws_s3_bucket_inventory" "artifacts" {
      - bucket                   = "rust-lang-security-ci-artifacts" -> null
      - enabled                  = true -> null
      - id                       = "rust-lang-security-ci-artifacts:all-objects-csv" -> null
      - included_object_versions = "Current" -> null
      - name                     = "all-objects-csv" -> null
      - optional_fields          = [
          - "ETag",
          - "IntelligentTieringAccessTier",
          - "Size",
          - "StorageClass",
        ] -> null

      - destination {
          - bucket {
              - bucket_arn = "arn:aws:s3:::rust-inventories" -> null
              - format     = "CSV" -> null
              - prefix     = "rust-lang-security-ci-artifacts" -> null
            }
        }

      - schedule {
          - frequency = "Weekly" -> null
        }
    }

  # module.security.aws_s3_bucket_public_access_block.artifacts["true"] will be destroyed
  - resource "aws_s3_bucket_public_access_block" "artifacts" {
      - block_public_acls       = false -> null
      - block_public_policy     = true -> null
      - bucket                  = "rust-lang-security-ci-artifacts" -> null
      - id                      = "rust-lang-security-ci-artifacts" -> null
      - ignore_public_acls      = true -> null
      - restrict_public_buckets = true -> null
    }

  # module.security.aws_s3_bucket_public_access_block.caches["true"] will be destroyed
  - resource "aws_s3_bucket_public_access_block" "caches" {
      - block_public_acls       = false -> null
      - block_public_policy     = true -> null
      - bucket                  = "rust-lang-security-ci-caches" -> null
      - id                      = "rust-lang-security-ci-caches" -> null
      - ignore_public_acls      = true -> null
      - restrict_public_buckets = true -> null
    }

Plan: 0 to add, 0 to change, 5 to destroy.

[pietroalbini]

I think it's fine to remove it, that whole setup is unfinished and we never had an actual need for it. It would require a lot of effort to bring it back up and running.

From my understanding we use this feature of GitHub now

We do, but that doesn't support running our CI.

[marcoieni]

Ok, then I will run terraform destroy and archive the repository 👍

[marcoieni]

done, thanks for the quick response!

[pietroalbini]

I think the repository can be straight up deleted, it doesn't have anything in it that is not in rust-lang/rust.

[marcoieni]

deleted 👍