Feat: Add Support for DB Instance Role Associations #132

korenyoni · 2021-12-26T16:53:51Z

what

Add support for DB Instance Role Associations
Add BridgeCrew exceptions for errors stemming from this module parameterizing some resource attributes (false positives).
Expand Terratest tests.
Bump minimum supported Terraform version to 1.0.0 (see below).

why

Some RDS DB engines support different features depending on the engine. These should be supported by the module.
The comprehensive Terratest suite in examples/complete and test/src will only work with Terraform 1.0.0 and above, and otherwise will result in "count cannot be determined before apply" errors.

references

Closes Add support for RDS DB Instance role associations #131

bridgecrew

Bridgecrew has found infrastructure configuration errors in this PR ⬇️

main.tf

bridgecrew

⚠️ Due to 1babcf5 - WIP: initial commit. - 2 new errors were added

Change details

Error ID	Change	Path	Resource
BC_AWS_IAM_60	Added	/main.tf	aws_db_instance.default
BC_AWS_GENERAL_46	Added	/main.tf	aws_db_instance.default

main.tf

bridgecrew

⚠️ Due to 4558d73 - Auto Format - 2 new errors were added

Change details

Error ID	Change	Path	Resource
BC_AWS_GENERAL_46	Added	/main.tf	aws_db_instance.default
BC_AWS_IAM_60	Added	/main.tf	aws_db_instance.default

korenyoni · 2021-12-26T20:00:26Z

/test all

…ing known before apply).

korenyoni · 2021-12-26T20:13:25Z

/test all

…s not being known before apply)." This reverts commit fe2d3ad.

korenyoni · 2021-12-26T20:55:59Z

/test all

korenyoni · 2021-12-26T21:18:33Z

/test all

…orm-aws-rds into feat/role-associations

korenyoni · 2021-12-26T21:44:49Z

/test all

korenyoni · 2021-12-26T22:55:53Z

/test all

korenyoni · 2021-12-27T11:35:20Z

/test all

examples/complete/main.tf

… terraform_docs).

…orm-aws-rds into feat/role-associations

korenyoni · 2021-12-27T15:51:17Z

/test all

nitrocode · 2021-12-27T16:08:14Z

versions.tf

@@ -1,14 +1,10 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.0.0"


Woah. This is the first time we're doing this I believe.

We still have engagements using older versions. I think we'll need another approval on this if this is needed. Could you explain why this is being bumped to 1.0 ?

There's an issue with https://github.com/cloudposse/terraform-aws-s3-bucket/blob/6947cac37cdf809192f803d02cb87bce87dee35d/main.tf#L376 not being able to be determined when the module enabled=false

But yes, this is not ideal

I did explain it briefly in the why section of my PR description

The comprehensive Terratest suite in examples/complete and test/src will only work with Terraform 1.0.0 and above, and otherwise will result in "count cannot be determined before apply" errors.

…le temporarily.

…orm-aws-rds into feat/role-associations

korenyoni · 2021-12-28T15:13:38Z

/test all

…runners.

…orm-aws-rds into feat/role-associations

korenyoni · 2021-12-28T15:26:47Z

/test all

adamantike · 2022-04-16T22:07:51Z

Bump! Is there anything blocking this PR from being merged, that we can help with?

Gowiem · 2022-04-17T17:33:42Z

/test terratest

Gowiem · 2022-04-17T17:34:13Z

/test test/terratest

mergify · 2022-06-17T15:09:00Z

This pull request is now in conflict. Could you fix it @korenyoni? 🙏

nitrocode · 2022-06-19T13:03:51Z

examples/complete/main.tf

+
+module "role" {
+  source  = "cloudposse/iam-role/aws"
+  version = "0.14.0"


Suggested change

version = "0.14.0"

version = "0.16.2"

nitrocode · 2022-06-19T13:04:05Z

examples/complete/main.tf

+  #source  = "cloudposse/s3-bucket/aws"
+  #version = "0.44.1"
+  # TODO: remove


Shouldn't we set these ?

nitrocode

Please see comments

nitrocode · 2022-06-19T13:06:17Z

/test test/terratest

nitrocode · 2022-06-19T13:25:38Z

examples/complete/main.tf

+  enabled = local.s3_integration_enabled
+
+  acl    = "private"
+  policy = join("", data.aws_iam_policy_document.bucket_policy.*.json)


I think this may be causing the failure