diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 06270c8a..cb826713 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.44.1 jobs: collectInputs: @@ -21,7 +22,7 @@ jobs: - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 preCommitMinVersions: name: Min TF pre-commit @@ -36,24 +37,26 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.0 + uses: clowdhaus/terraform-min-max@v1.2.4 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' preCommitMaxVersion: @@ -69,10 +72,12 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.0 + uses: clowdhaus/terraform-min-max@v1.2.4 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} + install-hcledit: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 938515ce..932bae47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [5.10.0](https://github.com/terraform-aws-modules/terraform-aws-iam/compare/v5.9.2...v5.10.0) (2023-01-06) + + +### Features + +* Added Extra STS actions param in assumable role with SAML ([#317](https://github.com/terraform-aws-modules/terraform-aws-iam/issues/317)) ([a2ad4cd](https://github.com/terraform-aws-modules/terraform-aws-iam/commit/a2ad4cde3343abe499a9cf7585804663a6298738)) + + +### Bug Fixes + +* Use a version for to avoid GitHub API rate limiting on CI workflows ([#323](https://github.com/terraform-aws-modules/terraform-aws-iam/issues/323)) ([90349fa](https://github.com/terraform-aws-modules/terraform-aws-iam/commit/90349fa122d9b7f043d6678d66da2bf31ba15f93)) + ### [5.9.2](https://github.com/terraform-aws-modules/terraform-aws-iam/compare/v5.9.1...v5.9.2) (2022-12-10) diff --git a/modules/iam-assumable-role-with-saml/README.md b/modules/iam-assumable-role-with-saml/README.md index 20c1301b..f338a3bb 100644 --- a/modules/iam-assumable-role-with-saml/README.md +++ b/modules/iam-assumable-role-with-saml/README.md @@ -52,6 +52,7 @@ No modules. | [role\_permissions\_boundary\_arn](#input\_role\_permissions\_boundary\_arn) | Permissions boundary ARN to use for IAM role | `string` | `""` | no | | [role\_policy\_arns](#input\_role\_policy\_arns) | List of ARNs of IAM policies to attach to IAM role | `list(string)` | `[]` | no | | [tags](#input\_tags) | A map of tags to add to IAM role resources | `map(string)` | `{}` | no | +| [trusted\_role\_actions](#input\_trusted\_role\_actions) | Extra Actions of STS | `list(string)` |
[
""
]
| no | ## Outputs diff --git a/modules/iam-assumable-role-with-saml/main.tf b/modules/iam-assumable-role-with-saml/main.tf index f2bd550f..b3606165 100644 --- a/modules/iam-assumable-role-with-saml/main.tf +++ b/modules/iam-assumable-role-with-saml/main.tf @@ -34,7 +34,7 @@ data "aws_iam_policy_document" "assume_role_with_saml" { statement { effect = "Allow" - actions = ["sts:AssumeRoleWithSAML"] + actions = compact(distinct(concat(["sts:AssumeRoleWithSAML"], var.trusted_role_actions))) principals { type = "Federated" diff --git a/modules/iam-assumable-role-with-saml/variables.tf b/modules/iam-assumable-role-with-saml/variables.tf index 210ad057..7c22048d 100644 --- a/modules/iam-assumable-role-with-saml/variables.tf +++ b/modules/iam-assumable-role-with-saml/variables.tf @@ -87,3 +87,9 @@ variable "allow_self_assume_role" { type = bool default = false } + +variable "trusted_role_actions" { + description = "Extra Actions of STS" + type = list(string) + default = [""] +}