Skip to content

Commit

Permalink
Merge branch 'terraform-aws-modules:master' into workaround_invalid_c…
Browse files Browse the repository at this point in the history
…ount_argument_error
  • Loading branch information
egarbi authored Jan 19, 2023
2 parents dc9b6ad + aa7ddba commit a13baaf
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 7 deletions.
17 changes: 11 additions & 6 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:

env:
TERRAFORM_DOCS_VERSION: v0.16.0
TFLINT_VERSION: v0.44.1

jobs:
collectInputs:
Expand All @@ -21,7 +22,7 @@ jobs:

- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/directories@v1.8.0
uses: clowdhaus/terraform-composite-actions/directories@v1.8.3

preCommitMinVersions:
name: Min TF pre-commit
Expand All @@ -36,24 +37,26 @@ jobs:

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.2.0
uses: clowdhaus/terraform-min-max@v1.2.4
with:
directory: ${{ matrix.directory }}

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'

- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'

preCommitMaxVersion:
Expand All @@ -69,10 +72,12 @@ jobs:

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.2.0
uses: clowdhaus/terraform-min-max@v1.2.4

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
install-hcledit: true
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,18 @@

All notable changes to this project will be documented in this file.

## [5.10.0](https://github.com/terraform-aws-modules/terraform-aws-iam/compare/v5.9.2...v5.10.0) (2023-01-06)


### Features

* Added Extra STS actions param in assumable role with SAML ([#317](https://github.com/terraform-aws-modules/terraform-aws-iam/issues/317)) ([a2ad4cd](https://github.com/terraform-aws-modules/terraform-aws-iam/commit/a2ad4cde3343abe499a9cf7585804663a6298738))


### Bug Fixes

* Use a version for to avoid GitHub API rate limiting on CI workflows ([#323](https://github.com/terraform-aws-modules/terraform-aws-iam/issues/323)) ([90349fa](https://github.com/terraform-aws-modules/terraform-aws-iam/commit/90349fa122d9b7f043d6678d66da2bf31ba15f93))

### [5.9.2](https://github.com/terraform-aws-modules/terraform-aws-iam/compare/v5.9.1...v5.9.2) (2022-12-10)


Expand Down
1 change: 1 addition & 0 deletions modules/iam-assumable-role-with-saml/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ No modules.
| <a name="input_role_permissions_boundary_arn"></a> [role\_permissions\_boundary\_arn](#input\_role\_permissions\_boundary\_arn) | Permissions boundary ARN to use for IAM role | `string` | `""` | no |
| <a name="input_role_policy_arns"></a> [role\_policy\_arns](#input\_role\_policy\_arns) | List of ARNs of IAM policies to attach to IAM role | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to IAM role resources | `map(string)` | `{}` | no |
| <a name="input_trusted_role_actions"></a> [trusted\_role\_actions](#input\_trusted\_role\_actions) | Extra Actions of STS | `list(string)` | <pre>[<br> ""<br>]</pre> | no |

## Outputs

Expand Down
2 changes: 1 addition & 1 deletion modules/iam-assumable-role-with-saml/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ data "aws_iam_policy_document" "assume_role_with_saml" {

statement {
effect = "Allow"
actions = ["sts:AssumeRoleWithSAML"]
actions = compact(distinct(concat(["sts:AssumeRoleWithSAML"], var.trusted_role_actions)))

principals {
type = "Federated"
Expand Down
6 changes: 6 additions & 0 deletions modules/iam-assumable-role-with-saml/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,9 @@ variable "allow_self_assume_role" {
type = bool
default = false
}

variable "trusted_role_actions" {
description = "Extra Actions of STS"
type = list(string)
default = [""]
}

0 comments on commit a13baaf

Please sign in to comment.