From 9a145799fef946bf689897bfa79d708b889e06e4 Mon Sep 17 00:00:00 2001 From: Falpangaea Date: Wed, 22 Jan 2020 13:42:06 -0500 Subject: [PATCH] upgrade to 0.12.17 --- .terraform-version | 2 +- iam-source.tf | 95 ++++++++++++++++++++++++++++++++++------------ locals.tf | 11 +++--- main.tf | 0 outputs.tf | 5 ++- providers.tf | 0 variables.tf | 11 ++++-- versions.tf | 4 ++ 8 files changed, 93 insertions(+), 35 deletions(-) delete mode 100644 main.tf delete mode 100644 providers.tf create mode 100644 versions.tf diff --git a/.terraform-version b/.terraform-version index b80f98e..e392c3d 100644 --- a/.terraform-version +++ b/.terraform-version @@ -1 +1 @@ -0.11.7 +0.12.17 diff --git a/iam-source.tf b/iam-source.tf index 89de807..e5c0438 100644 --- a/iam-source.tf +++ b/iam-source.tf @@ -1,11 +1,44 @@ +data "aws_iam_user" "user" { + count = var.create_user ? 0 : 1 + user_name = var.user_name +} + +resource "aws_iam_policy" "user_policy" { + name_prefix = "${var.user_name}-" + policy = local.policy +} + +resource "aws_iam_user" "user" { + count = var.create_user ? 1 : 0 + name = var.user_name + force_destroy = var.force_destroy +} + +resource "aws_iam_user_policy_attachment" "user_policy" { + user = aws_iam_user.user[0].name + policy_arn = aws_iam_policy.user_policy.arn +} + +resource "aws_iam_access_key" "key" { + user = aws_iam_user.user[0].name +} + data "aws_iam_policy_document" "user_policy_read" { statement { actions = [ "s3:ListBucket", ] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. resources = [ - "${local.bucket_arn}", + local.bucket_arn, ] condition { @@ -25,8 +58,16 @@ data "aws_iam_policy_document" "user_policy_read_write" { "s3:PutObject", ] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. resources = [ - "${local.object_arn}", + local.object_arn, ] } @@ -35,8 +76,16 @@ data "aws_iam_policy_document" "user_policy_read_write" { "s3:ListBucket", ] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. resources = [ - "${local.bucket_arn}", + local.bucket_arn, ] condition { @@ -54,11 +103,19 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" { statement { actions = [ "s3:PutObject", - "s3:DeleteObject" + "s3:DeleteObject", ] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. resources = [ - "${local.object_arn}", + local.object_arn, ] } @@ -67,8 +124,16 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" { "s3:ListBucket", ] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. resources = [ - "${local.bucket_arn}", + local.bucket_arn, ] condition { @@ -82,21 +147,3 @@ data "aws_iam_policy_document" "user_policy_read_write_delete" { } } -resource "aws_iam_policy" "user_policy" { - name_prefix = "${var.user_name}-" - policy = "${local.policy}" -} - -resource "aws_iam_user" "user" { - name = "${var.user_name}" - force_destroy = "${var.force_destroy}" -} - -resource "aws_iam_user_policy_attachment" "user_policy" { - user = "${aws_iam_user.user.name}" - policy_arn = "${aws_iam_policy.user_policy.arn}" -} - -resource "aws_iam_access_key" "key" { - user = "${aws_iam_user.user.name}" -} diff --git a/locals.tf b/locals.tf index 6d138fa..5de5c75 100644 --- a/locals.tf +++ b/locals.tf @@ -1,7 +1,8 @@ locals { - "bucket_arn" = "arn:aws:s3:::${var.bucket_name}" - "object_arn" = "arn:aws:s3:::${var.bucket_name}/${var.prefix}*" - write_access = "${var.write_access ? "_write" : ""}" - delete_access = "${var.delete_access ? "_delete" : ""}" - policy = "${data.aws_iam_policy_document.user_policy_read${local.write_access}${local.delete_access}.json}" + bucket_arn = "arn:aws:s3:::${var.bucket_name}" + object_arn = "arn:aws:s3:::${var.bucket_name}/${var.prefix}*" + write_access = var.write_access ? "_write" : "" + delete_access = var.delete_access ? "_delete" : "" + policy = var.write_access ? var.delete_access ? data.aws_iam_policy_document.user_policy_read_write_delete.json : data.aws_iam_policy_document.user_policy_read_write.json : data.aws_iam_policy_document.user_policy_read.json } + diff --git a/main.tf b/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/outputs.tf b/outputs.tf index 573cbeb..39adcec 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,8 +1,9 @@ output "iam_user_access_key_id" { - value = "${aws_iam_access_key.key.id}" + value = aws_iam_access_key.key.id } output "iam_user_secret_access_key" { - value = "${aws_iam_access_key.key.secret}" + value = aws_iam_access_key.key.secret sensitive = true } + diff --git a/providers.tf b/providers.tf deleted file mode 100644 index e69de29..0000000 diff --git a/variables.tf b/variables.tf index 9541ef2..349dfc2 100644 --- a/variables.tf +++ b/variables.tf @@ -1,18 +1,23 @@ variable "bucket_name" { - type = "string" + type = string description = "Name for s3 bucket" } variable "prefix" { - type = "string" + type = string description = "Prefix to grant access to, note this module does not add any trailing /" } variable "user_name" { - type = "string" + type = string description = "Short name for the IAM user to create" } +variable "create_user" { + default = true + description = "True if a user needs to be created. False if the user already exists." +} + variable "force_destroy" { default = true description = "Force_destroy the IAM user created by this module? (Default true)" diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}