From 102fe02f2d7f8f00dc28a9a199203fea6d3c10f9 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Mon, 16 Oct 2023 21:42:32 +0300 Subject: [PATCH] Support AWS Provider V5 (#167) * Support AWS Provider V5 * Support AWS Provider V5 * updates --- .github/renovate.json | 7 ++++--- .github/workflows/release-branch.yml | 1 + .github/workflows/release-published.yml | 2 +- README.md | 6 +----- docs/terraform.md | 2 +- examples/basic/versions.tf | 10 ++++++++++ examples/complete/main.tf | 10 +++++----- examples/complete/versions.tf | 2 +- examples/docs/versions.tf | 10 ++++++++++ examples/non_vpc/versions.tf | 10 ++++++++++ main.tf | 26 ++++++++++++------------- outputs.tf | 16 +++++++-------- versions.tf | 2 +- 13 files changed, 66 insertions(+), 38 deletions(-) create mode 100644 examples/basic/versions.tf create mode 100644 examples/docs/versions.tf create mode 100644 examples/non_vpc/versions.tf diff --git a/.github/renovate.json b/.github/renovate.json index b61ed24..909df09 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,13 +1,14 @@ { "extends": [ "config:base", - ":preserveSemverRanges" + ":preserveSemverRanges", + ":rebaseStalePrs" ], - "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"], + "baseBranches": ["main"], "labels": ["auto-update"], "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], "terraform": { - "ignorePaths": ["**/context.tf", "examples/**"] + "ignorePaths": ["**/context.tf"] } } diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 3f8fe62..b30901e 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -10,6 +10,7 @@ on: - 'docs/**' - 'examples/**' - 'test/**' + - 'README.*' permissions: contents: write diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index f86352b..b31232b 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -11,4 +11,4 @@ permissions: jobs: terraform-module: - uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main diff --git a/README.md b/README.md index 6fcd46f..66d27b3 100644 --- a/README.md +++ b/README.md @@ -102,10 +102,6 @@ We highly recommend that in your code you pin the version to the exact version y using so that your infrastructure remains stable, and update versions in a systematic way so that they do not catch you by surprise. -Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), -the registry shows many of our inputs as required when in fact they are optional. -The table below correctly indicates which inputs are required. - ```hcl @@ -166,7 +162,7 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 3.35.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 8562fdf..6df0fdc 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 3.35.0 | | [null](#requirement\_null) | >= 2.0 | diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf new file mode 100644 index 0000000..fe97db9 --- /dev/null +++ b/examples/basic/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } +} diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b29360b..38cdaaa 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -4,21 +4,21 @@ provider "aws" { module "vpc" { source = "cloudposse/vpc/aws" - version = "0.18.2" + version = "2.1.0" - cidr_block = "172.16.0.0/16" + ipv4_primary_cidr_block = "172.16.0.0/16" context = module.this.context } module "subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.34.0" + version = "2.4.1" availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id - igw_id = module.vpc.igw_id - cidr_block = module.vpc.vpc_cidr_block + igw_id = [module.vpc.igw_id] + ipv4_cidr_block = [module.vpc.vpc_cidr_block] nat_gateway_enabled = false nat_instance_enabled = false diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 971ae24..e74ac36 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/docs/versions.tf b/examples/docs/versions.tf new file mode 100644 index 0000000..fe97db9 --- /dev/null +++ b/examples/docs/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } +} diff --git a/examples/non_vpc/versions.tf b/examples/non_vpc/versions.tf new file mode 100644 index 0000000..fe97db9 --- /dev/null +++ b/examples/non_vpc/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } +} diff --git a/main.tf b/main.tf index bbdfe3e..a11580e 100644 --- a/main.tf +++ b/main.tf @@ -36,7 +36,7 @@ resource "aws_security_group_rule" "ingress_security_groups" { to_port = var.ingress_port_range_end protocol = "tcp" source_security_group_id = var.security_groups[count.index] - security_group_id = join("", aws_security_group.default.*.id) + security_group_id = join("", aws_security_group.default[*].id) } resource "aws_security_group_rule" "ingress_cidr_blocks" { @@ -47,7 +47,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" { to_port = var.ingress_port_range_end protocol = "tcp" cidr_blocks = var.allowed_cidr_blocks - security_group_id = join("", aws_security_group.default.*.id) + security_group_id = join("", aws_security_group.default[*].id) } resource "aws_security_group_rule" "egress" { @@ -58,7 +58,7 @@ resource "aws_security_group_rule" "egress" { to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] - security_group_id = join("", aws_security_group.default.*.id) + security_group_id = join("", aws_security_group.default[*].id) } # https://github.com/terraform-providers/terraform-provider-aws/issues/5218 @@ -72,7 +72,7 @@ resource "aws_iam_service_linked_role" "default" { resource "aws_iam_role" "elasticsearch_user" { count = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0 name = module.user_label.id - assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json) + assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json) description = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster" tags = module.user_label.tags @@ -192,7 +192,7 @@ resource "aws_elasticsearch_domain" "default" { for_each = var.vpc_enabled ? [true] : [] content { - security_group_ids = var.create_security_group ? [join("", aws_security_group.default.*.id)] : var.security_groups + security_group_ids = var.create_security_group ? [join("", aws_security_group.default[*].id)] : var.security_groups subnet_ids = var.subnet_ids } } @@ -249,8 +249,8 @@ data "aws_iam_policy_document" "default" { actions = distinct(compact(var.iam_actions)) resources = [ - join("", aws_elasticsearch_domain.default.*.arn), - "${join("", aws_elasticsearch_domain.default.*.arn)}/*" + join("", aws_elasticsearch_domain.default[*].arn), + "${join("", aws_elasticsearch_domain.default[*].arn)}/*" ] principals { @@ -263,15 +263,15 @@ data "aws_iam_policy_document" "default" { # https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-ac-types-ip # https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/ dynamic "statement" { - for_each = length(var.allowed_cidr_blocks) > 0 && ! var.vpc_enabled ? [true] : [] + for_each = length(var.allowed_cidr_blocks) > 0 && !var.vpc_enabled ? [true] : [] content { effect = "Allow" actions = distinct(compact(var.iam_actions)) resources = [ - join("", aws_elasticsearch_domain.default.*.arn), - "${join("", aws_elasticsearch_domain.default.*.arn)}/*" + join("", aws_elasticsearch_domain.default[*].arn), + "${join("", aws_elasticsearch_domain.default[*].arn)}/*" ] principals { @@ -291,7 +291,7 @@ data "aws_iam_policy_document" "default" { resource "aws_elasticsearch_domain_policy" "default" { count = module.this.enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0 domain_name = module.this.id - access_policies = join("", data.aws_iam_policy_document.default.*.json) + access_policies = join("", data.aws_iam_policy_document.default[*].json) } module "domain_hostname" { @@ -302,7 +302,7 @@ module "domain_hostname" { dns_name = var.elasticsearch_subdomain_name == "" ? module.this.id : var.elasticsearch_subdomain_name ttl = 60 zone_id = var.dns_zone_id - records = [join("", aws_elasticsearch_domain.default.*.endpoint)] + records = [join("", aws_elasticsearch_domain.default[*].endpoint)] context = module.this.context } @@ -318,7 +318,7 @@ module "kibana_hostname" { # Note: kibana_endpoint is not just a domain name, it includes a path component, # and as such is not suitable for a DNS record. The plain endpoint is the # hostname portion and should be used for DNS. - records = [join("", aws_elasticsearch_domain.default.*.endpoint)] + records = [join("", aws_elasticsearch_domain.default[*].endpoint)] context = module.this.context } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index f48ca86..5a379d7 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,30 +1,30 @@ output "security_group_id" { - value = join("", aws_security_group.default.*.id) + value = join("", aws_security_group.default[*].id) description = "Security Group ID to control access to the Elasticsearch domain" } output "domain_arn" { - value = join("", aws_elasticsearch_domain.default.*.arn) + value = join("", aws_elasticsearch_domain.default[*].arn) description = "ARN of the Elasticsearch domain" } output "domain_id" { - value = join("", aws_elasticsearch_domain.default.*.domain_id) + value = join("", aws_elasticsearch_domain.default[*].domain_id) description = "Unique identifier for the Elasticsearch domain" } output "domain_name" { - value = join("", aws_elasticsearch_domain.default.*.domain_name) + value = join("", aws_elasticsearch_domain.default[*].domain_name) description = "Name of the Elasticsearch domain" } output "domain_endpoint" { - value = join("", aws_elasticsearch_domain.default.*.endpoint) + value = join("", aws_elasticsearch_domain.default[*].endpoint) description = "Domain-specific endpoint used to submit index, search, and data upload requests" } output "kibana_endpoint" { - value = join("", aws_elasticsearch_domain.default.*.kibana_endpoint) + value = join("", aws_elasticsearch_domain.default[*].kibana_endpoint) description = "Domain-specific endpoint for Kibana without https scheme" } @@ -39,11 +39,11 @@ output "kibana_hostname" { } output "elasticsearch_user_iam_role_name" { - value = join(",", aws_iam_role.elasticsearch_user.*.name) + value = join(",", aws_iam_role.elasticsearch_user[*].name) description = "The name of the IAM role to allow access to Elasticsearch cluster" } output "elasticsearch_user_iam_role_arn" { - value = join(",", aws_iam_role.elasticsearch_user.*.arn) + value = join(",", aws_iam_role.elasticsearch_user[*].arn) description = "The ARN of the IAM role to allow access to Elasticsearch cluster" } diff --git a/versions.tf b/versions.tf index 588d1c7..f365c51 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = {