Skip to content

Commit

Permalink
upgrade to 0.12.17
Browse files Browse the repository at this point in the history
  • Loading branch information
Falpangaea committed Jan 22, 2020
1 parent abfbc3b commit 9a14579
Show file tree
Hide file tree
Showing 8 changed files with 93 additions and 35 deletions.
2 changes: 1 addition & 1 deletion .terraform-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.11.7
0.12.17
95 changes: 71 additions & 24 deletions iam-source.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,44 @@
data "aws_iam_user" "user" {
count = var.create_user ? 0 : 1
user_name = var.user_name
}

resource "aws_iam_policy" "user_policy" {
name_prefix = "${var.user_name}-"
policy = local.policy
}

resource "aws_iam_user" "user" {
count = var.create_user ? 1 : 0
name = var.user_name
force_destroy = var.force_destroy
}

resource "aws_iam_user_policy_attachment" "user_policy" {
user = aws_iam_user.user[0].name
policy_arn = aws_iam_policy.user_policy.arn
}

resource "aws_iam_access_key" "key" {
user = aws_iam_user.user[0].name
}

data "aws_iam_policy_document" "user_policy_read" {
statement {
actions = [
"s3:ListBucket",
]

# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
resources = [
"${local.bucket_arn}",
local.bucket_arn,
]

condition {
Expand All @@ -25,8 +58,16 @@ data "aws_iam_policy_document" "user_policy_read_write" {
"s3:PutObject",
]

# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
resources = [
"${local.object_arn}",
local.object_arn,
]
}

Expand All @@ -35,8 +76,16 @@ data "aws_iam_policy_document" "user_policy_read_write" {
"s3:ListBucket",
]

# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
resources = [
"${local.bucket_arn}",
local.bucket_arn,
]

condition {
Expand All @@ -54,11 +103,19 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" {
statement {
actions = [
"s3:PutObject",
"s3:DeleteObject"
"s3:DeleteObject",
]

# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
resources = [
"${local.object_arn}",
local.object_arn,
]
}

Expand All @@ -67,8 +124,16 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" {
"s3:ListBucket",
]

# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
resources = [
"${local.bucket_arn}",
local.bucket_arn,
]

condition {
Expand All @@ -82,21 +147,3 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" {
}
}

resource "aws_iam_policy" "user_policy" {
name_prefix = "${var.user_name}-"
policy = "${local.policy}"
}

resource "aws_iam_user" "user" {
name = "${var.user_name}"
force_destroy = "${var.force_destroy}"
}

resource "aws_iam_user_policy_attachment" "user_policy" {
user = "${aws_iam_user.user.name}"
policy_arn = "${aws_iam_policy.user_policy.arn}"
}

resource "aws_iam_access_key" "key" {
user = "${aws_iam_user.user.name}"
}
11 changes: 6 additions & 5 deletions locals.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
locals {
"bucket_arn" = "arn:aws:s3:::${var.bucket_name}"
"object_arn" = "arn:aws:s3:::${var.bucket_name}/${var.prefix}*"
write_access = "${var.write_access ? "_write" : ""}"
delete_access = "${var.delete_access ? "_delete" : ""}"
policy = "${data.aws_iam_policy_document.user_policy_read${local.write_access}${local.delete_access}.json}"
bucket_arn = "arn:aws:s3:::${var.bucket_name}"
object_arn = "arn:aws:s3:::${var.bucket_name}/${var.prefix}*"
write_access = var.write_access ? "_write" : ""
delete_access = var.delete_access ? "_delete" : ""
policy = var.write_access ? var.delete_access ? data.aws_iam_policy_document.user_policy_read_write_delete.json : data.aws_iam_policy_document.user_policy_read_write.json : data.aws_iam_policy_document.user_policy_read.json
}

Empty file removed main.tf
Empty file.
5 changes: 3 additions & 2 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
output "iam_user_access_key_id" {
value = "${aws_iam_access_key.key.id}"
value = aws_iam_access_key.key.id
}

output "iam_user_secret_access_key" {
value = "${aws_iam_access_key.key.secret}"
value = aws_iam_access_key.key.secret
sensitive = true
}

Empty file removed providers.tf
Empty file.
11 changes: 8 additions & 3 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -1,18 +1,23 @@
variable "bucket_name" {
type = "string"
type = string
description = "Name for s3 bucket"
}

variable "prefix" {
type = "string"
type = string
description = "Prefix to grant access to, note this module does not add any trailing /"
}

variable "user_name" {
type = "string"
type = string
description = "Short name for the IAM user to create"
}

variable "create_user" {
default = true
description = "True if a user needs to be created. False if the user already exists."
}

variable "force_destroy" {
default = true
description = "Force_destroy the IAM user created by this module? (Default true)"
Expand Down
4 changes: 4 additions & 0 deletions versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

terraform {
required_version = ">= 0.12"
}

0 comments on commit 9a14579

Please sign in to comment.