From ece5d225058812595f1b02c086f86da9d35a6bec Mon Sep 17 00:00:00 2001
From: boris-dyga-SM <123933753+boris-dyga-SM@users.noreply.github.com>
Date: Thu, 1 Feb 2024 22:27:52 +0200
Subject: [PATCH] The access token is now passed in a http header (#83)
This is done to avoid exposure as the data.http.id (which contains
the URL) in the logs.
---
.gitignore | 4 ++++
README.md | 2 +-
docs/terraform.md | 2 +-
modules/conformance-pack/main.tf | 10 ++--------
4 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/.gitignore b/.gitignore
index f123b94..18f2e5f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,7 @@
# Crash log files
crash.log
test.log
+
+# MacOS service files
+.DS_Store
+
diff --git a/README.md b/README.md
index 2dbd863..db3a440 100644
--- a/README.md
+++ b/README.md
@@ -115,7 +115,7 @@ Available targets:
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | 5.33.0 |
## Modules
diff --git a/docs/terraform.md b/docs/terraform.md
index f5aad10..2dde5f7 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | 5.33.0 |
## Modules
diff --git a/modules/conformance-pack/main.tf b/modules/conformance-pack/main.tf
index 9aaa500..f7b8cf9 100644
--- a/modules/conformance-pack/main.tf
+++ b/modules/conformance-pack/main.tf
@@ -13,13 +13,7 @@ resource "aws_config_conformance_pack" "default" {
}
data "http" "conformance_pack" {
- /*
- To access a public GitHub repo the following URL is used:
- https://raw.githubusercontent.com////
-
- To access a private GitHub repo an access token with appropriate permissions should be generated first and then provided in the url:
- https://@raw.githubusercontent.com////
- */
- url = var.access_token == "" ? var.conformance_pack : "${split("://", var.conformance_pack)[0]}://${var.access_token}@${split("://", var.conformance_pack)[1]}"
+ url = var.conformance_pack
+ request_headers = var.access_token == "" ? {} : { Authorization = "token ${var.access_token}" }
}