From beb56674a6e5db7dfa6cf70c9e953183d6574472 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Tue, 5 Sep 2023 04:45:54 -0400 Subject: [PATCH 01/16] feat!: Added `custom_key_store_id`, bump version of AWS provider to 4.x (#23) Co-authored-by: magreenbaum --- README.md | 7 ++++--- examples/complete/README.md | 6 +++--- examples/complete/versions.tf | 4 ++-- main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 4 ++-- 6 files changed, 18 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a3a3048..0e813f0 100644 --- a/README.md +++ b/README.md @@ -146,14 +146,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.72 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.33 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.72 | +| [aws](#provider\_aws) | >= 4.33 | ## Modules @@ -185,6 +185,7 @@ No modules. | [create\_external](#input\_create\_external) | Determines whether an external CMK (externally provided material) will be created or a standard CMK (AWS provided material) | `bool` | `false` | no | | [create\_replica](#input\_create\_replica) | Determines whether a replica standard CMK will be created (AWS provided material) | `bool` | `false` | no | | [create\_replica\_external](#input\_create\_replica\_external) | Determines whether a replica external CMK will be created (externally provided material) | `bool` | `false` | no | +| [custom\_key\_store\_id](#input\_custom\_key\_store\_id) | ID of the KMS Custom Key Store where the key will be stored instead of KMS (eg CloudHSM). | `string` | `null` | no | | [customer\_master\_key\_spec](#input\_customer\_master\_key\_spec) | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT` | `string` | `null` | no | | [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30` | `number` | `null` | no | | [description](#input\_description) | The description of the key as viewed in AWS console | `string` | `null` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 8a4297f..48d306d 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -24,14 +24,14 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.72 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.33 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.72 | +| [aws](#provider\_aws) | >= 4.33 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 22e8d72..14a7ee2 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 4.33" } } } diff --git a/main.tf b/main.tf index b25763c..2b3ac10 100644 --- a/main.tf +++ b/main.tf @@ -10,6 +10,7 @@ resource "aws_kms_key" "this" { bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check customer_master_key_spec = var.customer_master_key_spec + custom_key_store_id = var.custom_key_store_id deletion_window_in_days = var.deletion_window_in_days description = var.description enable_key_rotation = var.enable_key_rotation diff --git a/variables.tf b/variables.tf index ab860a3..0eb9b90 100644 --- a/variables.tf +++ b/variables.tf @@ -32,6 +32,12 @@ variable "customer_master_key_spec" { default = null } +variable "custom_key_store_id" { + description = "ID of the KMS Custom Key Store where the key will be stored instead of KMS (eg CloudHSM)." + type = string + default = null +} + variable "deletion_window_in_days" { description = "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`" type = number diff --git a/versions.tf b/versions.tf index 22e8d72..14a7ee2 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 4.33" } } } From a84cb7030ec31f3504f1d0bb175d11a4922e781a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 5 Sep 2023 08:46:28 +0000 Subject: [PATCH 02/16] chore(release): version 2.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [2.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v1.5.0...v2.0.0) (2023-09-05) ### ⚠ BREAKING CHANGES * Added `custom_key_store_id`, bump version of AWS provider to 4.x (#23) ### Features * Added `custom_key_store_id`, bump version of AWS provider to 4.x ([#23](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/23)) ([beb5667](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/beb56674a6e5db7dfa6cf70c9e953183d6574472)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0928047..f040f1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [2.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v1.5.0...v2.0.0) (2023-09-05) + + +### ⚠ BREAKING CHANGES + +* Added `custom_key_store_id`, bump version of AWS provider to 4.x (#23) + +### Features + +* Added `custom_key_store_id`, bump version of AWS provider to 4.x ([#23](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/23)) ([beb5667](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/beb56674a6e5db7dfa6cf70c9e953183d6574472)) + ## [1.5.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v1.4.0...v1.5.0) (2023-02-09) From c975efda5686fd7c9fb98518332617e4876e5317 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Mon, 18 Sep 2023 18:39:07 -0400 Subject: [PATCH 03/16] fix: Default admin permissions for special keys (#24) Co-authored-by: magreenbaum --- main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.tf b/main.tf index 2b3ac10..261e5a2 100644 --- a/main.tf +++ b/main.tf @@ -140,6 +140,8 @@ data "aws_iam_policy_document" "this" { "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", + "kms:ReplicateKey", + "kms:ImportKeyMaterial" ] resources = ["*"] From 21bd8b28521014d673c3116c9f4a6c107274b6e4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 18 Sep 2023 22:39:32 +0000 Subject: [PATCH 04/16] chore(release): version 2.0.1 [skip ci] ### [2.0.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.0...v2.0.1) (2023-09-18) ### Bug Fixes * Default admin permissions for special keys ([#24](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/24)) ([c975efd](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/c975efda5686fd7c9fb98518332617e4876e5317)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f040f1b..0fe5523 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [2.0.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.0...v2.0.1) (2023-09-18) + + +### Bug Fixes + +* Default admin permissions for special keys ([#24](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/24)) ([c975efd](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/c975efda5686fd7c9fb98518332617e4876e5317)) + ## [2.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v1.5.0...v2.0.0) (2023-09-05) From 4951c38f3cd569411eb53476ac8502981083f5d2 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 3 Nov 2023 18:39:51 -0400 Subject: [PATCH 05/16] feat: Do not call data resources when `create` is `false` (#25) --- .pre-commit-config.yaml | 4 ++-- main.tf | 24 +++++++++++++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 071427d..145baf9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.83.5 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/main.tf b/main.tf index 261e5a2..5f3d7bb 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,15 @@ -data "aws_partition" "current" {} -data "aws_caller_identity" "current" {} +data "aws_partition" "current" { + count = var.create ? 1 : 0 +} +data "aws_caller_identity" "current" { + count = var.create ? 1 : 0 +} + +locals { + account_id = try(data.aws_caller_identity.current[0].account_id, "") + partition = try(data.aws_partition.current[0].partition, "") + dns_suffix = try(data.aws_partition.current[0].dns_suffix, "") +} ################################################################################ # Key @@ -98,7 +108,7 @@ data "aws_iam_policy_document" "this" { principals { type = "AWS" - identifiers = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"] + identifiers = ["arn:${local.partition}:iam::${local.account_id}:root"] } } } @@ -342,7 +352,7 @@ data "aws_iam_policy_document" "this" { principals { type = "Service" - identifiers = ["dnssec-route53.${data.aws_partition.current.dns_suffix}"] + identifiers = ["dnssec-route53.${local.dns_suffix}"] } } } @@ -358,7 +368,7 @@ data "aws_iam_policy_document" "this" { principals { type = "Service" - identifiers = ["dnssec-route53.${data.aws_partition.current.dns_suffix}"] + identifiers = ["dnssec-route53.${local.dns_suffix}"] } condition { @@ -373,7 +383,7 @@ data "aws_iam_policy_document" "this" { content { test = "StringEquals" variable = "aws:SourceAccount" - values = try(condition.value.account_ids, [data.aws_caller_identity.current.account_id]) + values = try(condition.value.account_ids, [local.account_id]) } } @@ -383,7 +393,7 @@ data "aws_iam_policy_document" "this" { content { test = "ArnLike" variable = "aws:SourceArn" - values = [try(condition.value.hosted_zone_arn, "arn:${data.aws_partition.current.partition}:route53:::hostedzone/*")] + values = [try(condition.value.hosted_zone_arn, "arn:${local.partition}:route53:::hostedzone/*")] } } } From 5508c9cdd6fdb0ed4dcf399f54ba02fb8c31bd4b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 3 Nov 2023 22:40:13 +0000 Subject: [PATCH 06/16] chore(release): version 2.1.0 [skip ci] ## [2.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.1...v2.1.0) (2023-11-03) ### Features * Do not call data resources when `create` is `false` ([#25](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/25)) ([4951c38](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/4951c38f3cd569411eb53476ac8502981083f5d2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fe5523..0f63e9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.1...v2.1.0) (2023-11-03) + + +### Features + +* Do not call data resources when `create` is `false` ([#25](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/25)) ([4951c38](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/4951c38f3cd569411eb53476ac8502981083f5d2)) + ### [2.0.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.0...v2.0.1) (2023-09-18) From e6eba07467818a27670db60b3eb46f98dff19ef9 Mon Sep 17 00:00:00 2001 From: Gareth Denny <37297485+gpdenny@users.noreply.github.com> Date: Fri, 2 Feb 2024 12:36:54 +0000 Subject: [PATCH 07/16] feat: Add wrapper modules (#26) --- .pre-commit-config.yaml | 3 +- wrappers/README.md | 100 ++++++++++++++++++++++++++++++++++++++++ wrappers/main.tf | 44 ++++++++++++++++++ wrappers/outputs.tf | 5 ++ wrappers/variables.tf | 11 +++++ wrappers/versions.tf | 3 ++ 6 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 wrappers/README.md create mode 100644 wrappers/main.tf create mode 100644 wrappers/outputs.tf create mode 100644 wrappers/variables.tf create mode 100644 wrappers/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 145baf9..c56e063 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,10 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.5 + rev: v1.86.0 hooks: - id: terraform_fmt - id: terraform_validate + - id: terraform_wrapper_module_for_each - id: terraform_docs args: - '--args=--lockfile=false' diff --git a/wrappers/README.md b/wrappers/README.md new file mode 100644 index 0000000..891b5dd --- /dev/null +++ b/wrappers/README.md @@ -0,0 +1,100 @@ +# Wrapper for the root module + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/kms/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-kms.git//wrappers?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/kms/aws//wrappers" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/main.tf b/wrappers/main.tf new file mode 100644 index 0000000..c9f4f98 --- /dev/null +++ b/wrappers/main.tf @@ -0,0 +1,44 @@ +module "wrapper" { + source = "../" + + for_each = var.items + + aliases = try(each.value.aliases, var.defaults.aliases, []) + aliases_use_name_prefix = try(each.value.aliases_use_name_prefix, var.defaults.aliases_use_name_prefix, false) + bypass_policy_lockout_safety_check = try(each.value.bypass_policy_lockout_safety_check, var.defaults.bypass_policy_lockout_safety_check, null) + computed_aliases = try(each.value.computed_aliases, var.defaults.computed_aliases, {}) + create = try(each.value.create, var.defaults.create, true) + create_external = try(each.value.create_external, var.defaults.create_external, false) + create_replica = try(each.value.create_replica, var.defaults.create_replica, false) + create_replica_external = try(each.value.create_replica_external, var.defaults.create_replica_external, false) + custom_key_store_id = try(each.value.custom_key_store_id, var.defaults.custom_key_store_id, null) + customer_master_key_spec = try(each.value.customer_master_key_spec, var.defaults.customer_master_key_spec, null) + deletion_window_in_days = try(each.value.deletion_window_in_days, var.defaults.deletion_window_in_days, null) + description = try(each.value.description, var.defaults.description, null) + enable_default_policy = try(each.value.enable_default_policy, var.defaults.enable_default_policy, true) + enable_key_rotation = try(each.value.enable_key_rotation, var.defaults.enable_key_rotation, true) + enable_route53_dnssec = try(each.value.enable_route53_dnssec, var.defaults.enable_route53_dnssec, false) + grants = try(each.value.grants, var.defaults.grants, {}) + is_enabled = try(each.value.is_enabled, var.defaults.is_enabled, null) + key_administrators = try(each.value.key_administrators, var.defaults.key_administrators, []) + key_asymmetric_public_encryption_users = try(each.value.key_asymmetric_public_encryption_users, var.defaults.key_asymmetric_public_encryption_users, []) + key_asymmetric_sign_verify_users = try(each.value.key_asymmetric_sign_verify_users, var.defaults.key_asymmetric_sign_verify_users, []) + key_hmac_users = try(each.value.key_hmac_users, var.defaults.key_hmac_users, []) + key_material_base64 = try(each.value.key_material_base64, var.defaults.key_material_base64, null) + key_owners = try(each.value.key_owners, var.defaults.key_owners, []) + key_service_roles_for_autoscaling = try(each.value.key_service_roles_for_autoscaling, var.defaults.key_service_roles_for_autoscaling, []) + key_service_users = try(each.value.key_service_users, var.defaults.key_service_users, []) + key_statements = try(each.value.key_statements, var.defaults.key_statements, {}) + key_symmetric_encryption_users = try(each.value.key_symmetric_encryption_users, var.defaults.key_symmetric_encryption_users, []) + key_usage = try(each.value.key_usage, var.defaults.key_usage, null) + key_users = try(each.value.key_users, var.defaults.key_users, []) + multi_region = try(each.value.multi_region, var.defaults.multi_region, false) + override_policy_documents = try(each.value.override_policy_documents, var.defaults.override_policy_documents, []) + policy = try(each.value.policy, var.defaults.policy, null) + primary_external_key_arn = try(each.value.primary_external_key_arn, var.defaults.primary_external_key_arn, null) + primary_key_arn = try(each.value.primary_key_arn, var.defaults.primary_key_arn, null) + route53_dnssec_sources = try(each.value.route53_dnssec_sources, var.defaults.route53_dnssec_sources, []) + source_policy_documents = try(each.value.source_policy_documents, var.defaults.source_policy_documents, []) + tags = try(each.value.tags, var.defaults.tags, {}) + valid_to = try(each.value.valid_to, var.defaults.valid_to, null) +} diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf new file mode 100644 index 0000000..ec6da5f --- /dev/null +++ b/wrappers/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/variables.tf b/wrappers/variables.tf new file mode 100644 index 0000000..a6ea096 --- /dev/null +++ b/wrappers/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/versions.tf b/wrappers/versions.tf new file mode 100644 index 0000000..51cad10 --- /dev/null +++ b/wrappers/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} From 6d15cf7045cdf0763d027f1a1d4f63b3b7bd6836 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 2 Feb 2024 12:37:28 +0000 Subject: [PATCH 08/16] chore(release): version 2.2.0 [skip ci] ## [2.2.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.1.0...v2.2.0) (2024-02-02) ### Features * Add wrapper modules ([#26](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/26)) ([e6eba07](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/e6eba07467818a27670db60b3eb46f98dff19ef9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f63e9e..efb2377 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.2.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.1.0...v2.2.0) (2024-02-02) + + +### Features + +* Add wrapper modules ([#26](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/26)) ([e6eba07](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/e6eba07467818a27670db60b3eb46f98dff19ef9)) + ## [2.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.0.1...v2.1.0) (2023-11-03) From 866950f91b3bc4411fa14d1f5c2c304145540d7f Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Wed, 6 Mar 2024 14:13:19 -0500 Subject: [PATCH 09/16] fix: Update CI workflow versions to remove deprecated runtime warnings (#28) --- .github/workflows/lock.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 36 ++++++++++++++++++++-------- .github/workflows/release.yml | 12 +++++----- .github/workflows/stale-actions.yaml | 2 +- .pre-commit-config.yaml | 6 +++-- 6 files changed, 39 insertions(+), 21 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 6b6c9ce..bd5f2df 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v4 + - uses: dessant/lock-threads@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} issue-comment: > diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index cb32a0f..3973df4 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.0.2 + - uses: amannn/action-semantic-pull-request@v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb82671..c2632d1 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.44.1 + TFLINT_VERSION: v0.50.3 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,19 +32,27 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -53,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -64,18 +72,26 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 81f6747..4a94226 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v3 + uses: cycjimmy/semantic-release-action@v4 with: - semantic_version: 18.0.0 + semantic_version: 23.0.2 extra_plugins: | - @semantic-release/changelog@6.0.0 - @semantic-release/git@10.0.0 - conventional-changelog-conventionalcommits@4.6.3 + @semantic-release/changelog@6.0.3 + @semantic-release/git@10.0.1 + conventional-changelog-conventionalcommits@7.0.2 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 5037995..6ccd0ed 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c56e063..7c0a310 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,8 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.88.0 hooks: - id: terraform_fmt - - id: terraform_validate - id: terraform_wrapper_module_for_each - id: terraform_docs args: @@ -23,8 +22,11 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' + - '--args=--only=terraform_unused_required_providers' + - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer + - id: trailing-whitespace From 22226b6b6841a26e99c5e122ba947d10a43c8321 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 6 Mar 2024 19:13:44 +0000 Subject: [PATCH 10/16] chore(release): version 2.2.1 [skip ci] ## [2.2.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.0...v2.2.1) (2024-03-06) ### Bug Fixes * Update CI workflow versions to remove deprecated runtime warnings ([#28](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/28)) ([866950f](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/866950f91b3bc4411fa14d1f5c2c304145540d7f)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index efb2377..2147103 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.2.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.0...v2.2.1) (2024-03-06) + + +### Bug Fixes + +* Update CI workflow versions to remove deprecated runtime warnings ([#28](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/28)) ([866950f](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/866950f91b3bc4411fa14d1f5c2c304145540d7f)) + ## [2.2.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.1.0...v2.2.0) (2024-02-02) From f8c96ce4bfc45fa2cb2e2cfa346d0d1930cdfce3 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sat, 11 May 2024 08:42:00 -0400 Subject: [PATCH 11/16] feat!: Support `rotation_period_in_days`, AWS Provider v5, Terraform MSV 1.3 (#32) * rotation_period_in_days * terraform MSV 1.3 --- README.md | 7 ++++--- examples/complete/README.md | 6 +++--- examples/complete/versions.tf | 4 ++-- main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 4 ++-- wrappers/main.tf | 1 + 7 files changed, 19 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 0e813f0..ed5ecd5 100644 --- a/README.md +++ b/README.md @@ -146,14 +146,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.33 | +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 5.49 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.33 | +| [aws](#provider\_aws) | >= 5.49 | ## Modules @@ -211,6 +211,7 @@ No modules. | [policy](#input\_policy) | A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws_iam_policy_document`, in the form that designates a principal, can be used | `string` | `null` | no | | [primary\_external\_key\_arn](#input\_primary\_external\_key\_arn) | The primary external key arn of a multi-region replica external key | `string` | `null` | no | | [primary\_key\_arn](#input\_primary\_key\_arn) | The primary key arn of a multi-region replica key | `string` | `null` | no | +| [rotation\_period\_in\_days](#input\_rotation\_period\_in\_days) | Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive) | `number` | `null` | no | | [route53\_dnssec\_sources](#input\_route53\_dnssec\_sources) | A list of maps containing `account_ids` and Route53 `hosted_zone_arn` that will be allowed to sign DNSSEC records | `list(any)` | `[]` | no | | [source\_policy\_documents](#input\_source\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 48d306d..c8147aa 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -24,14 +24,14 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.33 | +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 5.49 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.33 | +| [aws](#provider\_aws) | >= 5.49 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 14a7ee2..f96e1b1 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.33" + version = ">= 5.49" } } } diff --git a/main.tf b/main.tf index 5f3d7bb..819de11 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,7 @@ resource "aws_kms_key" "this" { key_usage = var.key_usage multi_region = var.multi_region policy = coalesce(var.policy, data.aws_iam_policy_document.this[0].json) + rotation_period_in_days = var.rotation_period_in_days tags = var.tags } diff --git a/variables.tf b/variables.tf index 0eb9b90..b66b126 100644 --- a/variables.tf +++ b/variables.tf @@ -182,6 +182,12 @@ variable "route53_dnssec_sources" { default = [] } +variable "rotation_period_in_days" { + description = "Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive)" + type = number + default = null +} + ################################################################################ # Replica Key ################################################################################ diff --git a/versions.tf b/versions.tf index 14a7ee2..f96e1b1 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.33" + version = ">= 5.49" } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index c9f4f98..6e2ebca 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -37,6 +37,7 @@ module "wrapper" { policy = try(each.value.policy, var.defaults.policy, null) primary_external_key_arn = try(each.value.primary_external_key_arn, var.defaults.primary_external_key_arn, null) primary_key_arn = try(each.value.primary_key_arn, var.defaults.primary_key_arn, null) + rotation_period_in_days = try(each.value.rotation_period_in_days, var.defaults.rotation_period_in_days, null) route53_dnssec_sources = try(each.value.route53_dnssec_sources, var.defaults.route53_dnssec_sources, []) source_policy_documents = try(each.value.source_policy_documents, var.defaults.source_policy_documents, []) tags = try(each.value.tags, var.defaults.tags, {}) From 8478d2dcaa81d60e6a21adeee4bc428290244f11 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 11 May 2024 12:42:30 +0000 Subject: [PATCH 12/16] chore(release): version 3.0.0 [skip ci] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.1...v3.0.0) (2024-05-11) ### ⚠ BREAKING CHANGES * Support `rotation_period_in_days`, AWS Provider v5, Terraform MSV 1.3 (#32) ### Features * Support `rotation_period_in_days`, AWS Provider v5, Terraform MSV 1.3 ([#32](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/32)) ([f8c96ce](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/f8c96ce4bfc45fa2cb2e2cfa346d0d1930cdfce3)) --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2147103..2953deb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. +## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.1...v3.0.0) (2024-05-11) + + +### ⚠ BREAKING CHANGES + +* Support `rotation_period_in_days`, AWS Provider v5, Terraform MSV 1.3 (#32) + +### Features + +* Support `rotation_period_in_days`, AWS Provider v5, Terraform MSV 1.3 ([#32](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/32)) ([f8c96ce](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/f8c96ce4bfc45fa2cb2e2cfa346d0d1930cdfce3)) + ## [2.2.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.0...v2.2.1) (2024-03-06) From 965a52d6686898897bce31d2f409e2ff9e8d5268 Mon Sep 17 00:00:00 2001 From: Jose Alfredo Alvarez Aldana <58990899+JoseAlvarezSonos@users.noreply.github.com> Date: Wed, 12 Jun 2024 10:19:40 +0200 Subject: [PATCH 13/16] feat: Grants output marked as sensitive data (#33) --- outputs.tf | 1 + wrappers/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 5f48c55..d002a3c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -48,4 +48,5 @@ output "aliases" { output "grants" { description = "A map of grants created and their attributes" value = aws_kms_grant.this + sensitive = true } diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf index ec6da5f..39779a5 100644 --- a/wrappers/outputs.tf +++ b/wrappers/outputs.tf @@ -1,5 +1,5 @@ output "wrapper" { description = "Map of outputs of a wrapper." value = module.wrapper - # sensitive = false # No sensitive module output found + sensitive = true # At least one sensitive module output (grants) found (requires Terraform 0.14+) } From fe1beca2118c0cb528526e022a53381535bb93cd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 12 Jun 2024 08:20:15 +0000 Subject: [PATCH 14/16] chore(release): version 3.1.0 [skip ci] ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v3.0.0...v3.1.0) (2024-06-12) ### Features * Grants output marked as sensitive data ([#33](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/33)) ([965a52d](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/965a52d6686898897bce31d2f409e2ff9e8d5268)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2953deb..efd06c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v3.0.0...v3.1.0) (2024-06-12) + + +### Features + +* Grants output marked as sensitive data ([#33](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/33)) ([965a52d](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/965a52d6686898897bce31d2f409e2ff9e8d5268)) + ## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v2.2.1...v3.0.0) (2024-05-11) From c2480502618251c45ab8bcf6c57ec37bd08a8370 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 11 Oct 2024 16:07:59 +0000 Subject: [PATCH 15/16] fix: Update CI workflow versions to latest (#35) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 14 +++++++------- .pre-commit-config.yaml | 5 ++--- README.md | 4 ++-- examples/complete/README.md | 4 ++-- wrappers/versions.tf | 9 ++++++++- 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df4..1e50760 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c2632d1..a19ff83 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.19.0 + TFLINT_VERSION: v0.53.0 jobs: collectInputs: @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7c0a310..7e4e7da 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.0 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -22,10 +22,9 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - - '--args=--only=terraform_unused_required_providers' - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index ed5ecd5..8616254 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module - [Complete](https://github.com/terraform-aws-modules/terraform-aws-kms/tree/master/examples/complete) - + ## Requirements | Name | Version | @@ -229,7 +229,7 @@ No modules. | [key\_arn](#output\_key\_arn) | The Amazon Resource Name (ARN) of the key | | [key\_id](#output\_key\_id) | The globally unique identifier for the key | | [key\_policy](#output\_key\_policy) | The IAM resource policy set on the key | - + ## License diff --git a/examples/complete/README.md b/examples/complete/README.md index c8147aa..5eb9a53 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -19,7 +19,7 @@ $ terraform apply Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources. - + ## Requirements | Name | Version | @@ -103,6 +103,6 @@ No inputs. | [replica\_key\_policy](#output\_replica\_key\_policy) | The IAM resource policy set on the key | | [replica\_key\_state](#output\_replica\_key\_state) | The state of the CMK | | [replica\_key\_usage](#output\_replica\_key\_usage) | The cryptographic operations for which you can use the CMK | - + Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-kms/blob/master/LICENSE). diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 51cad10..f96e1b1 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,3 +1,10 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.49" + } + } } From c20bffd41ce9716140cb9938faf0aa147b38ca2a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 11 Oct 2024 16:08:24 +0000 Subject: [PATCH 16/16] chore(release): version 3.1.1 [skip ci] ## [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v3.1.0...v3.1.1) (2024-10-11) ### Bug Fixes * Update CI workflow versions to latest ([#35](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/35)) ([c248050](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/c2480502618251c45ab8bcf6c57ec37bd08a8370)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index efd06c1..ccbba5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v3.1.0...v3.1.1) (2024-10-11) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#35](https://github.com/terraform-aws-modules/terraform-aws-kms/issues/35)) ([c248050](https://github.com/terraform-aws-modules/terraform-aws-kms/commit/c2480502618251c45ab8bcf6c57ec37bd08a8370)) + ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-kms/compare/v3.0.0...v3.1.0) (2024-06-12)