From b81fe0b246ee101b7664d61aa051104f32f08727 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 23 Oct 2025 11:35:27 -0700
Subject: [PATCH 1/4] migrate csv_upload_bucket to new provider

---
 .github/workflows/deploy.yml | 41 ++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 35c289f43..629166faa 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -48,22 +48,31 @@ jobs:
     # 2. Go back to main.tf and update the module syntax and parameters for the new provider
     # 3. Go through the CI/CD again, at this point it should work.
     #
-    # - name: Terraform change provider
-    #   working-directory: terraform/staging
-    #   env:
-    #     AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
-    #     AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
-    #     TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
-    #     TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-    #   run: |
-    #     terraform state pull | jq '
-    #       .resources |= map(select(.module == "module.csv_upload_bucket"))
-    #     ' > module-csv_upload_bucket.tfstate
-    #     terraform state replace-provider \
-    #       -state=module-csv_upload_bucket.tfstate \
-    #       'registry.terraform.io/cloudfoundry-community/cloudfoundry' \
-    #       'registry.terraform.io/cloudfoundry/cloudfoundry'
-    #     terraform state push module-csv_upload_bucket.tfstate
+    - name: Terraform change provider
+      working-directory: terraform/staging
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
+        TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
+        TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
+      run: |
+        set -euo pipefail
+        echo "Finding all resources in module.csv_upload_bucket..."
+        resources=$(terraform state list | grep '^module.csv_upload_bucket' || true)
+        if [ -z "$resources" ]; then
+          echo "No resources found under module.csv_upload_bucket -- skipping migration."
+          exit 0
+        fi
+        echo "Migrating provider for these resources:"
+        echo "$resources"
+        terraform state replace-provider \
+          'registry.terraform.io/cloudfoundry-community/cloudfoundry' \
+          'registry.terraform.io/cloudfoundry/cloudfoundry' \
+          $resources
+
+        echo "Provider migration complete."
+        echo "Verifying..."
+        terraform state show $(echo "$resources" | head -n 1) | grep 'provider'
 
     - name: Terraform apply
       working-directory: terraform/staging

From 7d63d3b9d3448bc181afac8d89439cace965a956 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 23 Oct 2025 12:53:51 -0700
Subject: [PATCH 2/4] try again

---
 .github/workflows/deploy.yml            | 37 -------------------------
 .github/workflows/terraform-staging.yml |  1 +
 terraform/staging/main.tf               | 19 +++++++++++--
 3 files changed, 17 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 629166faa..7f2ac124f 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -37,43 +37,6 @@ jobs:
         AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
       run: terraform init
 
-
-    # Some excitement for later.  When we have a module we cannot just delete
-    # (db, csv_bucket) we need to modify the state in the tfstate file.
-    #
-    # Once both providers are defined in the providers.tf, the order of operations should be
-    #
-    # 1. Uncomment this command and let it run as part of CI/CD.  This alters the state,
-    #    but the module will be temporarily unusable
-    # 2. Go back to main.tf and update the module syntax and parameters for the new provider
-    # 3. Go through the CI/CD again, at this point it should work.
-    #
-    - name: Terraform change provider
-      working-directory: terraform/staging
-      env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
-        TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
-        TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-      run: |
-        set -euo pipefail
-        echo "Finding all resources in module.csv_upload_bucket..."
-        resources=$(terraform state list | grep '^module.csv_upload_bucket' || true)
-        if [ -z "$resources" ]; then
-          echo "No resources found under module.csv_upload_bucket -- skipping migration."
-          exit 0
-        fi
-        echo "Migrating provider for these resources:"
-        echo "$resources"
-        terraform state replace-provider \
-          'registry.terraform.io/cloudfoundry-community/cloudfoundry' \
-          'registry.terraform.io/cloudfoundry/cloudfoundry' \
-          $resources
-
-        echo "Provider migration complete."
-        echo "Verifying..."
-        terraform state show $(echo "$resources" | head -n 1) | grep 'provider'
-
     - name: Terraform apply
       working-directory: terraform/staging
       env:
diff --git a/.github/workflows/terraform-staging.yml b/.github/workflows/terraform-staging.yml
index 9fe174ee8..c50a36946 100644
--- a/.github/workflows/terraform-staging.yml
+++ b/.github/workflows/terraform-staging.yml
@@ -41,6 +41,7 @@ jobs:
         id: validation
         run: terraform validate -no-color
 
+
       - name: Terraform plan
         id: plan
         env:
diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
index 506d6ace2..1beebb7cd 100644
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -45,7 +45,7 @@ module "redis-v70" {
   )
 }
 
-module "csv_upload_bucket" {
+module "csv_upload_bucket_old" {
   source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v1.0.0"
 
   cf_org_name   = local.cf_org_name
@@ -75,15 +75,28 @@ module "egress-space" {
 
 module "ses_email" {
   source = "../shared/ses"
+  providers = {
+    cloudfoundry = cloudfoundry.official
+  }
+  cf_space_id = data.cloudfoundry_space.space.id
 
-  cf_org_name         = local.cf_org_name
-  cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
   aws_region          = "us-west-2"
   mail_from_subdomain = "mail"
   email_receipt_error = "notify-support@gsa.gov"
 }
 
+# module "ses_email_old" {
+# source = "../shared/ses"
+
+# cf_org_name         = local.cf_org_name
+# cf_space_name       = local.cf_space_name
+# name                = "${local.app_name}-ses-${local.env}"
+# aws_region          = "us-west-2"
+# mail_from_subdomain = "mail"
+# email_receipt_error = "notify-support@gsa.gov"
+# }
+
 module "sns_sms" {
   source = "../shared/sns"
 

From 2db396e0c0703a28be7594d87d747ac2fda4d977 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 23 Oct 2025 13:00:23 -0700
Subject: [PATCH 3/4] try again

---
 terraform/staging/main.tf | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
index 1beebb7cd..8d9a7ec80 100644
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -73,18 +73,18 @@ module "egress-space" {
   ]
 }
 
-module "ses_email" {
-  source = "../shared/ses"
-  providers = {
-    cloudfoundry = cloudfoundry.official
-  }
-  cf_space_id = data.cloudfoundry_space.space.id
+# module "ses_email" {
+# source = "../shared/ses"
+# providers = {
+# cloudfoundry = cloudfoundry.official
+# }
+# cf_space_id = data.cloudfoundry_space.space.id
 
-  name                = "${local.app_name}-ses-${local.env}"
-  aws_region          = "us-west-2"
-  mail_from_subdomain = "mail"
-  email_receipt_error = "notify-support@gsa.gov"
-}
+# name                = "${local.app_name}-ses-${local.env}"
+# aws_region          = "us-west-2"
+# mail_from_subdomain = "mail"
+# email_receipt_error = "notify-support@gsa.gov"
+# }
 
 # module "ses_email_old" {
 # source = "../shared/ses"

From 43beeae5c6b543818f9f76008c7a70056e5189b8 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 23 Oct 2025 13:17:54 -0700
Subject: [PATCH 4/4] try again

---
 terraform/staging/main.tf | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
index 8d9a7ec80..e44c357cb 100644
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -45,7 +45,7 @@ module "redis-v70" {
   )
 }
 
-module "csv_upload_bucket_old" {
+module "csv_upload_bucket" {
   source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v1.0.0"
 
   cf_org_name   = local.cf_org_name
@@ -53,15 +53,6 @@ module "csv_upload_bucket_old" {
   name          = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
-# module "csv_upload_bucket_new" {
-# source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v2.4.0"
-# providers = {
-# cloudfoundry = cloudfoundry.official
-# }
-# cf_space_id     = data.cloudfoundry_space.space.id
-# name          = "${local.app_name}-csv-upload-bucket-${local.env}"
-# }
-
 module "egress-space" {
   source = "../shared/egress_space"