feat: define iam_policy_statements object syntax #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gberenice
force-pushed
the
feature/support_optional_attributes
branch
from
8960d44 to
f9191c9
Compare
|
/terratest |
|
/terratest |
Nuru
previously requested changes
Jun 8, 2023
variables.tf
Outdated
| type = string | ||
| identifiers = list(string) | ||
| })), []) | ||
| }) | ||
| description = "Map of IAM policy statements to use in the policy. This can be used with or instead of the `var.iam_source_json_url`." |
There was a problem hiding this comment.
Change "Map of" to "Object describing"
There was a problem hiding this comment.
Change "Map of" to "Object describing"
@Nuru from what I can see - a map is expected here, so I fixed the variable definition.
variables.tf
Outdated
Comment on lines
8
to
14
| type = object({ | ||
| sid = optional(string, "") | ||
| effect = optional(string, "") | ||
| actions = optional(list(string), []) | ||
| not_actions = optional(list(string), []) | ||
| resources = optional(list(string), []) | ||
| not_resources = optional(list(string), []) |
There was a problem hiding this comment.
- Add
versionhere and inmain.tf. - Move statement components to list of objects.
- Inputs that are not going to be expanded into blocks by
dynamicshould default tonull. - In
main.tf, replace lookups like
lookup(statement.value, "sid", statement.key)With direct references
statement.value.sid
Suggested change
| type = object({ | |
| sid = optional(string, "") | |
| effect = optional(string, "") | |
| actions = optional(list(string), []) | |
| not_actions = optional(list(string), []) | |
| resources = optional(list(string), []) | |
| not_resources = optional(list(string), []) | |
| type = object({ | |
| version = optional(string, null) | |
| statement = list(object({ | |
| sid = optional(string, null) | |
| effect = optional(string, null) | |
| actions = optional(list(string), null) | |
| not_actions = optional(list(string), null) | |
| resources = optional(list(string), null) | |
| not_resources = optional(list(string), null) | |
| })), []) |
There was a problem hiding this comment.
@Nuru thanks a lot for your review!
- Version arguments should be set for data source
aws_iam_policy_document, so I added it as a separate variable. - I updated statements to the map of objects - that's what is expected in the example.
- Inputs were updated.
- Lookups were replaced👍
Please let me know your thoughts.
There was a problem hiding this comment.
@gberenice I forgot we want this to be backward compatible and that means the input is a map. I will take it from here. Thank you very much for your contributions.
There was a problem hiding this comment.
@Nuru sounds good, thank you!
gberenice
force-pushed
the
feature/support_optional_attributes
branch
from
36cf1ff to
43364f4
Compare
|
/terratest |
aknysh
reviewed
Jun 10, 2023
aknysh
reviewed
Jun 10, 2023
aknysh
reviewed
Jun 10, 2023
aknysh
reviewed
Jun 10, 2023
|
/terratest |
aknysh
reviewed
Jun 10, 2023
examples/complete/variables.tf
Outdated
| @@ -8,8 +8,68 @@ variable "iam_source_json_url" { | |||
| default = null | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
please update the description for the iam_source_json_url variable in the example as well
description = <<-EOT
URL of the IAM policy (in JSON format) to download and use as `source_json` argument.
This is useful when using a 3rd party service that provides their own policy.
This can be used with or instead of `var.iam_policy`.
EOT
|
/terratest |
aknysh
approved these changes
Jun 10, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
iam_policy_statementsvariable definition to take Terraform object with optional attributes rather thantype = any. Provider version is bumped sinceoptional, as a non-experimental feature, was introduced in 1.3.why
references