From 18b60a5178c1610086c80b98564ad6a4b0d5a013 Mon Sep 17 00:00:00 2001 From: Nuru Date: Sun, 25 Sep 2022 18:02:48 -0700 Subject: [PATCH 1/6] workflow updates --- .github/auto-release.yml | 1 - .github/renovate.json | 2 +- .github/workflows/validate-codeowners.yml | 1 + README.md | 3 ++- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/auto-release.yml b/.github/auto-release.yml index b45efb7..17cd39c 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,7 +17,6 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' - - 'no-release' default: 'minor' categories: diff --git a/.github/renovate.json b/.github/renovate.json index ae4f0aa..a780298 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -4,9 +4,9 @@ ":preserveSemverRanges" ], "labels": ["auto-update"], + "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], "terraform": { "ignorePaths": ["**/context.tf", "examples/**"] } } - diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 70f829e..4b4a226 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -10,6 +10,7 @@ jobs: steps: - name: "Checkout source code at current commit" uses: actions/checkout@v2 + # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name == github.repository name: "Full check of CODEOWNERS" diff --git a/README.md b/README.md index d7f2e41..704457f 100644 --- a/README.md +++ b/README.md @@ -413,7 +413,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] - + [logo]: https://cloudposse.com/logo-300x69.svg [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-utils&utm_content=docs [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-utils&utm_content=website @@ -444,3 +444,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-utils [share_email]: mailto:?subject=terraform-aws-utils&body=https://github.com/cloudposse/terraform-aws-utils [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-utils?pixel&cs=github&cm=readme&an=terraform-aws-utils + From 7621db3eab90cf6d2db378e776fee9dd366399ed Mon Sep 17 00:00:00 2001 From: Nuru Date: Sun, 25 Sep 2022 23:21:33 -0700 Subject: [PATCH 2/6] Add me-central-1, ELB Logging S3 Policy, local zones, display names --- README.md | 48 ++- README.yaml | 40 +- docs/terraform.md | 8 +- elb.tf | 100 +++++ examples/complete/fixtures.us-east-2.tfvars | 2 +- examples/complete/main.tf | 12 + examples/complete/outputs.tf | 22 + main.tf | 435 +++++++------------- outputs.tf | 19 + test/src/examples_complete_test.go | 12 +- test/src/go.mod | 13 +- test/src/go.sum | 24 +- variables.tf | 17 +- 13 files changed, 418 insertions(+), 334 deletions(-) create mode 100644 elb.tf diff --git a/README.md b/README.md index 704457f..4af5277 100644 --- a/README.md +++ b/README.md @@ -70,29 +70,55 @@ This module's primary function is to provide compact alternative codes for Regio and Local Zones, codes which are guaranteed to use only digits and lower case letters: no hyphens. Conversions to and from official codes and alternative codes are handled via lookup maps. -- The `short` abbreviations are variable length (generally 4-6 characters, but length limits not guaranteed) +- The `short` abbreviations for regions are variable length (generally 4-6 characters, but length limits not guaranteed) and strictly algorithmically derived so that people can more easily interpret them. The `short` region code abbreviations typically match the prefix of the Availability Zone IDs in that region, but this is -not guaranteed. +not guaranteed. The `short` abbreviations for local regions are generally of the form AWS uses, with +the region prefix and dashes removed. - The `fixed` abbreviations are always exactly 3 characters for regions and 4 characters for availability zones and local zones, but have some exceptional cases (China, Africa, Asia-Pacific South, US GovCloud) -that have non-obvious abbreviations. +that have non-obvious abbreviations. If a future new region causes a conflict with an established local zone +abbreviation, we may change the local zone abbreviation to to keep the region mappings consistent. For example, +the local zone `us-east-1-mci-1a` would have been abbreviated `mc1a` had we released it earlier, and that would have +conflicted with the new (in 2022) `me-central-1a` which would also be abbreviated `mc1a` in keeping with the general +pattern of using the first letter of each of the first 2 parts. We might have chosen to change the abbreviation +for `us-east-1-mci-1` so we could use `mc1a` for `me-central-1a`. (As it happens, we added them both at the same +time and avoided this collision.) If we were to make such a change, this +would be a breaking change for people using the affected local zone, so we recommend using the `short` +abbreviations if you are using local zones, which are far less likely to have conflicts in the future. - The `identity` "abbreviations" are not abbreviations but are instead the official codes (output equals input, which is why it is called "identity"). This map is provided to simplify algorithmic choice of region code abbreviation when you want to include a "no abbreviation" option. We currently support Local Zones but not Wavelength Zones. If we support Wavelength Zones in the future, -it is likely that the fixed-length abbreviations for them will be non-intuitive. +it is likely that the fixed-length abbreviations for them will be non-intuitive, or we may only provide +`short` and not `fixed` abbreviations for them. -The intention is that existing mappings will never change, and if new regions or zones are created that -conflict with existing ones, they will be given non-standard mappings so as not to conflict. +The intention is that existing region mappings will never change, and if new regions or zones are created that +conflict with existing ones, they will be given non-standard mappings so as not to conflict. However, as +stated above, we may choose to change a local region abbreviation if it conflicts with the obvious abbreviation +for a newly created region. We have picked abbreviations for local zones with avoiding such future +collisions in mind, but we cannot predict the future. (Both `bos` and `den` fit the pattern for region abbreviations, +but we do not envision a future `bo-south-1` or `de-north-1` region.) -### ELB Logging Account IDs +### ELB Logging This module provides Elastic Load Balancing Account IDs per region to be used in configuring [S3 Bucket Permissions](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions) to allow access logs to be stored in S3. +However, the account IDs have no other purpose, and as AWS expands, it has become more complicated to create +the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1` and +both are different from the policy to be used with a local zone. So now this module has a new feature: you +provide the full AWS region code for the region where logging is to take place (`elb_logging_region`), and the S3 bucket ARN for +where logs are to be stored (`elb_logging_bucket_resource_arn`), and this module will output the appropriate +S3 bucket policy (in JSON) to attach to your S3 bucket. + +### Region Display Names + +There is no AWS API that reliably returns the human-friendly display name (e.g. "Europe (Stockholm)") given +the API-friendly region name. So this module provides `region_display_name_map` to implement this functionality. + ### Enabled and Disabled Regions For convenience, this module provides lists of enabled and disabled regions in the current account. Note that @@ -204,6 +230,9 @@ Available targets: | Name | Type | |------|------| +| [aws_iam_policy_document.by_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.by_outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.by_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_regions.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.not_opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | @@ -217,9 +246,10 @@ Available targets: | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [elb\_logging\_bucket\_resource\_arn](#input\_elb\_logging\_bucket\_resource\_arn) | The AWS Resource ARN to use in the policy granting access to Load Balancer Logging.
Typically of the form `arn:aws:s3:::_bucket-name_/_prefix_/AWSLogs/_your-aws-account-id_/*`.
Required to generate `elb_logging_s3_bucket_policy_json`.
See [AWS Documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy). | `string` | `""` | no | +| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`. | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [example](#input\_example) | Example variable | `string` | `"hello world"` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | @@ -238,8 +268,10 @@ Available targets: |------|-------------| | [disabled\_regions](#output\_disabled\_regions) | A list of regions that are disabled in the account | | [elb\_logging\_account](#output\_elb\_logging\_account) | Map of full region to ELB logging account | +| [elb\_logging\_s3\_bucket\_policy\_json](#output\_elb\_logging\_s3\_bucket\_policy\_json) | The S3 bucket policy (in JSON) to attach to the S3 bucket to allow Load Balancer logs to be added.
Requires `elb_logging_bucket_resource_arn` and `elb_logging_region` inputs. | | [enabled\_regions](#output\_enabled\_regions) | A list of regions that are enabled in the account | | [region\_az\_alt\_code\_maps](#output\_region\_az\_alt\_code\_maps) | Collection of maps converting between official AWS Region, Availability Zone, and Local Zone codes and shorter unofficial codes using only lower case letters and digits. Inspired for use in naming and tagging so that region or AZ code will be 1 semantic unit.

- `to_fixed` = Map of regions to 3-character codes and Availability Zones to 4-character codes
- `to_short` = Map of regions and Availability Zones to compact (usually 4-6 characters) codes
- `from_fixed` = Map of `fixed` codes back to full region or Availability Zone codes
- `from_short` = Map of `short` codes back to full region or Availability Zone codes
- `identity` = Identity map of full region and Availability Zone codes back to themselves | +| [region\_display\_name\_map](#output\_region\_display\_name\_map) | Map of full region names to user-friendly display names (e.g. "eu-west-3" = "Europe (Paris)"). | diff --git a/README.yaml b/README.yaml index a92731d..4a3f8c7 100644 --- a/README.yaml +++ b/README.yaml @@ -72,29 +72,55 @@ introduction: |- and Local Zones, codes which are guaranteed to use only digits and lower case letters: no hyphens. Conversions to and from official codes and alternative codes are handled via lookup maps. - - The `short` abbreviations are variable length (generally 4-6 characters, but length limits not guaranteed) + - The `short` abbreviations for regions are variable length (generally 4-6 characters, but length limits not guaranteed) and strictly algorithmically derived so that people can more easily interpret them. The `short` region code abbreviations typically match the prefix of the Availability Zone IDs in that region, but this is - not guaranteed. + not guaranteed. The `short` abbreviations for local regions are generally of the form AWS uses, with + the region prefix and dashes removed. - The `fixed` abbreviations are always exactly 3 characters for regions and 4 characters for availability zones and local zones, but have some exceptional cases (China, Africa, Asia-Pacific South, US GovCloud) - that have non-obvious abbreviations. + that have non-obvious abbreviations. If a future new region causes a conflict with an established local zone + abbreviation, we may change the local zone abbreviation to to keep the region mappings consistent. For example, + the local zone `us-east-1-mci-1a` would have been abbreviated `mc1a` had we released it earlier, and that would have + conflicted with the new (in 2022) `me-central-1a` which would also be abbreviated `mc1a` in keeping with the general + pattern of using the first letter of each of the first 2 parts. We might have chosen to change the abbreviation + for `us-east-1-mci-1` so we could use `mc1a` for `me-central-1a`. (As it happens, we added them both at the same + time and avoided this collision.) If we were to make such a change, this + would be a breaking change for people using the affected local zone, so we recommend using the `short` + abbreviations if you are using local zones, which are far less likely to have conflicts in the future. - The `identity` "abbreviations" are not abbreviations but are instead the official codes (output equals input, which is why it is called "identity"). This map is provided to simplify algorithmic choice of region code abbreviation when you want to include a "no abbreviation" option. We currently support Local Zones but not Wavelength Zones. If we support Wavelength Zones in the future, - it is likely that the fixed-length abbreviations for them will be non-intuitive. + it is likely that the fixed-length abbreviations for them will be non-intuitive, or we may only provide + `short` and not `fixed` abbreviations for them. - The intention is that existing mappings will never change, and if new regions or zones are created that - conflict with existing ones, they will be given non-standard mappings so as not to conflict. + The intention is that existing region mappings will never change, and if new regions or zones are created that + conflict with existing ones, they will be given non-standard mappings so as not to conflict. However, as + stated above, we may choose to change a local region abbreviation if it conflicts with the obvious abbreviation + for a newly created region. We have picked abbreviations for local zones with avoiding such future + collisions in mind, but we cannot predict the future. (Both `bos` and `den` fit the pattern for region abbreviations, + but we do not envision a future `bo-south-1` or `de-north-1` region.) - ### ELB Logging Account IDs + ### ELB Logging This module provides Elastic Load Balancing Account IDs per region to be used in configuring [S3 Bucket Permissions](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions) to allow access logs to be stored in S3. + However, the account IDs have no other purpose, and as AWS expands, it has become more complicated to create + the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1` and + both are different from the policy to be used with a local zone. So now this module has a new feature: you + provide the full AWS region code for the region where logging is to take place (`elb_logging_region`), and the S3 bucket ARN for + where logs are to be stored (`elb_logging_bucket_resource_arn`), and this module will output the appropriate + S3 bucket policy (in JSON) to attach to your S3 bucket. + + ### Region Display Names + + There is no AWS API that reliably returns the human-friendly display name (e.g. "Europe (Stockholm)") given + the API-friendly region name. So this module provides `region_display_name_map` to implement this functionality. + ### Enabled and Disabled Regions For convenience, this module provides lists of enabled and disabled regions in the current account. Note that diff --git a/docs/terraform.md b/docs/terraform.md index 9daffef..d4ca820 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -22,6 +22,9 @@ | Name | Type | |------|------| +| [aws_iam_policy_document.by_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.by_outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.by_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_regions.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.not_opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | @@ -35,9 +38,10 @@ | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [elb\_logging\_bucket\_resource\_arn](#input\_elb\_logging\_bucket\_resource\_arn) | The AWS Resource ARN to use in the policy granting access to Load Balancer Logging.
Typically of the form `arn:aws:s3:::_bucket-name_/_prefix_/AWSLogs/_your-aws-account-id_/*`.
Required to generate `elb_logging_s3_bucket_policy_json`.
See [AWS Documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy). | `string` | `""` | no | +| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`. | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [example](#input\_example) | Example variable | `string` | `"hello world"` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | @@ -56,6 +60,8 @@ |------|-------------| | [disabled\_regions](#output\_disabled\_regions) | A list of regions that are disabled in the account | | [elb\_logging\_account](#output\_elb\_logging\_account) | Map of full region to ELB logging account | +| [elb\_logging\_s3\_bucket\_policy\_json](#output\_elb\_logging\_s3\_bucket\_policy\_json) | The S3 bucket policy (in JSON) to attach to the S3 bucket to allow Load Balancer logs to be added.
Requires `elb_logging_bucket_resource_arn` and `elb_logging_region` inputs. | | [enabled\_regions](#output\_enabled\_regions) | A list of regions that are enabled in the account | | [region\_az\_alt\_code\_maps](#output\_region\_az\_alt\_code\_maps) | Collection of maps converting between official AWS Region, Availability Zone, and Local Zone codes and shorter unofficial codes using only lower case letters and digits. Inspired for use in naming and tagging so that region or AZ code will be 1 semantic unit.

- `to_fixed` = Map of regions to 3-character codes and Availability Zones to 4-character codes
- `to_short` = Map of regions and Availability Zones to compact (usually 4-6 characters) codes
- `from_fixed` = Map of `fixed` codes back to full region or Availability Zone codes
- `from_short` = Map of `short` codes back to full region or Availability Zone codes
- `identity` = Identity map of full region and Availability Zone codes back to themselves | +| [region\_display\_name\_map](#output\_region\_display\_name\_map) | Map of full region names to user-friendly display names (e.g. "eu-west-3" = "Europe (Paris)"). | diff --git a/elb.tf b/elb.tf new file mode 100644 index 0000000..7f427b1 --- /dev/null +++ b/elb.tf @@ -0,0 +1,100 @@ +locals { + elb_policy_enabled = (module.this.enabled && + try(length(var.elb_logging_bucket_resource_arn), 0) > 0 && + try(length(var.elb_logging_region), 0) > 0 + ) + region_is_outpost = try(length(split("-", var.elb_logging_region)), 0) > 3 + + elb_policy_by_account = local.elb_policy_enabled && try(length(local.elb_logging_account[var.elb_logging_region]), 0) > 0 + elb_policy_by_outpost = local.elb_policy_enabled && local.region_is_outpost + elb_policy_by_region = local.elb_policy_enabled && ! local.elb_policy_by_account && ! local.elb_policy_by_outpost + + # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy + elb_logging_account = { + # For ease of maintenance, list accounts in same order as documentation does, + # which is mostly alphabetical by display name, with exceptions. + "us-east-1" = "127311923021" # "US East (N. Virginia)" + "us-east-2" = "033677994240" # "US East (Ohio)" + "us-west-1" = "027434742980" # "US West (N. California)" + "us-west-2" = "797873946194" # "US West (Oregon)" + "af-south-1" = "098369216593" # "Africa (Cape Town)" + "ap-east-1" = "754344448648" # "Asia Pacific (Hong Kong)" + "ap-southeast-3" = "589379963580" # "Asia Pacific (Jakarta)" + "ap-south-1" = "718504428378" # "Asia Pacific (Mumbai)" + "ap-northeast-3" = "383597477331" # "Asia Pacific (Osaka)" + "ap-northeast-2" = "600734575887" # "Asia Pacific (Seoul)" + "ap-southeast-1" = "114774131450" # "Asia Pacific (Singapore)" + "ap-southeast-2" = "783225319266" # "Asia Pacific (Sydney)" + "ap-northeast-1" = "582318560864" # "Asia Pacific (Tokyo)" + "ca-central-1" = "985666609251" # "Canada (Central)" + "eu-central-1" = "054676820928" # "Europe (Frankfurt)" + "eu-west-1" = "156460612806" # "Europe (Ireland)" + "eu-west-2" = "652711504416" # "Europe (London)" + "eu-south-1" = "635631232127" # "Europe (Milan)" + "eu-west-3" = "009996457667" # "Europe (Paris)" + "eu-north-1" = "897822967062" # "Europe (Stockholm)" + "me-south-1" = "076674570225" # "Middle East (Bahrain)" + "sa-east-1" = "507241528517" # "South America (Sao Paulo)" + "us-gov-west-1" = "048591011584" # "AWS GovCloud (US-West)" + "us-gov-east-1" = "190560391635" # "AWS GovCloud (US-East)" + + # 2022-09-25: The `cn-*` account numbers are from the Chinese Language version of + # https://docs.amazonaws.cn/elasticloadbalancing/latest/application/load-balancer-access-logs.html + # and it is not clear if they should be used or if the new "by_region" policy + # should be used instead. For now we continue to use the older "by_account" policy. + "cn-north-1" = "638102146993" + "cn-northwest-1" = "037604701340" + } +} + +data "aws_iam_policy_document" "by_account" { + count = local.elb_policy_by_account ? 1 : 0 + statement { + sid = "LoadBalancerLoggingAccess" + effect = "Allow" + resources = [var.elb_logging_bucket_resource_arn] + actions = ["s3:PutObject"] + + principals { + type = "AWS" + identifiers = ["arn:aws:iam::${local.elb_logging_account[var.elb_logging_region]}:root"] + } + } +} + +data "aws_iam_policy_document" "by_region" { + count = local.elb_policy_by_region ? 1 : 0 + statement { + sid = "LoadBalancerLoggingAccess" + effect = "Allow" + resources = [var.elb_logging_bucket_resource_arn] + actions = ["s3:PutObject"] + + principals { + type = "Service" + identifiers = ["logdelivery.elasticloadbalancing.amazonaws.com"] + } + } +} + +# Policy for outposts (local regions) according to +# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy +data "aws_iam_policy_document" "by_outpost" { + statement { + sid = "LoadBalancerLoggingAccess" + effect = "Allow" + resources = [var.elb_logging_bucket_resource_arn] + actions = ["s3:PutObject"] + + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + + principals { + type = "Service" + identifiers = ["logdelivery.elb.amazonaws.com"] + } + } +} diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 1e0ce68..baf054e 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -6,5 +6,5 @@ environment = "ue2" stage = "test" -name = "example" +name = "aws-utils" diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 9c6bdaf..782fbd9 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,4 +10,16 @@ module "example" { locals { code_maps = module.example.region_az_alt_code_maps + + identity_size = length(local.code_maps.identity) + to_short_size = length(local.code_maps.to_short) + to_fixed_size = length(local.code_maps.to_fixed) + from_fixed_size = length(local.code_maps.from_fixed) + from_short_size = length(local.code_maps.from_short) + + # The Display Name map is generated from another source, + # so we can check that all of its keys are in + # one of the maps, which should ensure they are in all of the maps. + # This should fail with a runtime error if a key is missing. + ux_check = [for k, v in module.example.region_display_name_map : local.code_maps.to_short[k]] } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 8a2d1d8..174d82a 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -13,6 +13,28 @@ output "short" { value = local.code_maps.to_short[var.region] } +output "identity_size" { + description = "Size of identity map" + value = local.identity_size +} +output "to_short_size" { + description = "Size of to_short map" + value = local.to_short_size +} +output "to_fixed_size" { + description = "Size of to_fixed map" + value = local.to_fixed_size +} +output "from_short_size" { + description = "Size of from_short map" + value = local.from_short_size +} + +output "from_fixed_size" { + description = "Size of from_fixed map" + value = local.from_fixed_size +} + output "fixed_round_trip" { description = "Configured region mapped to fixed code and back" value = local.code_maps.from_fixed[local.code_maps.to_fixed[var.region]] diff --git a/main.tf b/main.tf index efe7bfa..f29e17d 100644 --- a/main.tf +++ b/main.tf @@ -2,11 +2,58 @@ locals { # Key can be a region, availability zone, or local zone. # Key CANNOT be an Availability Zone ID or Wavelength Zone. + # Local zone keys may be incomplete. + # WARNING: If a current local zone mapping conflicts with a future region mapping, + # we may change the local zone mapping in order to keep the region mappings consistent. + # This is particularly likely to happen with the "fixed" mappings, so we recommend using + # the "short" mappings if you plan to use local zones. # For some degree of future proofing, we provide mappings for some AZs that do not yet exist. # INCLUSION IN THE MAP does NOT necessarily mean the region or AZ exists. # See https://github.com/jsonmaur/aws-regions for complete list of regions + # to_display_name maps full region names to geographic display names + # using https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-core/src/main/resources/com/amazonaws/partitions/endpoints.json + # as a reference source, since there is appears to be no API available. + # Note that https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html + # claims you can get display names from `aws lightsail`, but Lightsail is not available in + # all regions, so its list is incomplete. + # + # The map contents can be regenerated (will need to be reformatted with `terraform fmt`) with: + # curl -sSL https://raw.githubusercontent.com/aws/aws-sdk-java/master/aws-java-sdk-core/src/main/resources/com/amazonaws/partitions/endpoints.json \ + # | jq -r '.partitions[] |select( .partition | test("aws(-cn|-us-gov)?$") ) | .regions | to_entries |.[] | "\"\(.key)\" = \"\(.value.description)\""' + + + to_display_name = { + "af-south-1" = "Africa (Cape Town)" + "ap-east-1" = "Asia Pacific (Hong Kong)" + "ap-northeast-1" = "Asia Pacific (Tokyo)" + "ap-northeast-2" = "Asia Pacific (Seoul)" + "ap-northeast-3" = "Asia Pacific (Osaka)" + "ap-south-1" = "Asia Pacific (Mumbai)" + "ap-southeast-1" = "Asia Pacific (Singapore)" + "ap-southeast-2" = "Asia Pacific (Sydney)" + "ap-southeast-3" = "Asia Pacific (Jakarta)" + "ca-central-1" = "Canada (Central)" + "eu-central-1" = "Europe (Frankfurt)" + "eu-north-1" = "Europe (Stockholm)" + "eu-south-1" = "Europe (Milan)" + "eu-west-1" = "Europe (Ireland)" + "eu-west-2" = "Europe (London)" + "eu-west-3" = "Europe (Paris)" + "me-central-1" = "Middle East (UAE)" + "me-south-1" = "Middle East (Bahrain)" + "sa-east-1" = "South America (Sao Paulo)" + "us-east-1" = "US East (N. Virginia)" + "us-east-2" = "US East (Ohio)" + "us-west-1" = "US West (N. California)" + "us-west-2" = "US West (Oregon)" + "cn-north-1" = "China (Beijing)" + "cn-northwest-1" = "China (Ningxia)" + "us-gov-east-1" = "AWS GovCloud (US-East)" + "us-gov-west-1" = "AWS GovCloud (US-West)" + } + to_fixed = { "ap-east-1" = "ae1" "ap-east-1a" = "ae1a" @@ -183,6 +230,16 @@ locals { "us-gov-west-1g" = "gw1g" "us-gov-west-1h" = "gw1h" + "me-central-1" = "mc1" + "me-central-1a" = "mc1a" + "me-central-1b" = "mc1b" + "me-central-1c" = "mc1c" + "me-central-1d" = "mc1d" + "me-central-1e" = "mc1e" + "me-central-1f" = "mc1f" + "me-central-1g" = "mc1g" + "me-central-1h" = "mc1h" + "me-south-1" = "ms1" "me-south-1a" = "ms1a" "me-south-1b" = "ms1b" @@ -233,6 +290,31 @@ locals { "us-east-1g" = "ue1g" "us-east-1h" = "ue1h" + "us-east-1-atl-1" = "at1" + "us-east-1-atl-1a" = "at1a" + "us-east-1-bos-1" = "bo1" + "us-east-1-bos-1a" = "bo1a" + "us-east-1-chi-1" = "ch1" + "us-east-1-chi-1a" = "ch1a" + "us-east-1-dfw-1" = "df1" + "us-east-1-dfw-1a" = "df1a" + "us-east-1-iah-1" = "ia1" + "us-east-1-iah-1a" = "ia1a" + # Cannot use mc for mci, taken by me-central + # Want to avoid second letter "c" as it may be a future "central" + "us-east-1-mci-1" = "ks1" + "us-east-1-mci-1a" = "ks1a" + "us-east-1-mia-1" = "mi1" + "us-east-1-mia-1a" = "mi1a" + # Want to avoid second letter "s" as it may be a future "south" + "us-east-1-msp-1" = "mn1" + "us-east-1-msp-1a" = "mn1a" + "us-east-1-nyc-1" = "ny1" + "us-east-1-nyc-1a" = "ny1a" + # Use pl for phl to avoid clash with phx + "us-east-1-phl-1" = "pl1" + "us-east-1-phl-1a" = "pl1a" + "us-east-2" = "ue2" "us-east-2a" = "ue2a" "us-east-2b" = "ue2b" @@ -263,10 +345,23 @@ locals { "us-west-2g" = "uw2g" "us-west-2h" = "uw2h" + # Want to avoid second letter "e" or "n" in case of future "east" or "north" + "us-west-2-den-1" = "dv1" + "us-west-2-den-1a" = "dv1a" + # use lv for Las Vegas and lx for Los Angeles (LAX) to reduce confusion + "us-west-2-las-1" = "lv1" + "us-west-2-las-1a" = "lv1a" + "us-west-2-lax-1" = "lx1" "us-west-2-lax-1a" = "lx1a" "us-west-2-lax-1b" = "lx1b" - "us-west-2-lax-1c" = "lx1c" - "us-west-2-lax-1d" = "lx1d" + "us-west-2-pdx-1" = "pd1" + "us-west-2-pdx-1a" = "pd1a" + # Use px for phl to avoid clash with phl + "us-west-2-phx-1" = "px1" + "us-west-2-phx-1a" = "px1a" + # Cannot use se for sea, taken by sa-east + "us-west-2-sea-1" = "st1" + "us-west-2-sea-1a" = "st1a" } to_short = { @@ -445,6 +540,16 @@ locals { "us-gov-west-1g" = "usgw1g" "us-gov-west-1h" = "usgw1h" + "me-central-1" = "mec1" + "me-central-1a" = "mec1a" + "me-central-1b" = "mec1b" + "me-central-1c" = "mec1c" + "me-central-1d" = "mec1d" + "me-central-1e" = "mec1e" + "me-central-1f" = "mec1f" + "me-central-1g" = "mec1g" + "me-central-1h" = "mec1h" + "me-south-1" = "mes1" "me-south-1a" = "mes1a" "me-south-1b" = "mes1b" @@ -495,6 +600,27 @@ locals { "us-east-1g" = "use1g" "us-east-1h" = "use1h" + "us-east-1-atl-1" = "atl1" + "us-east-1-atl-1a" = "atl1a" + "us-east-1-bos-1" = "bos1" + "us-east-1-bos-1a" = "bos1a" + "us-east-1-chi-1" = "chi1" + "us-east-1-chi-1a" = "chi1a" + "us-east-1-dfw-1" = "dfw1" + "us-east-1-dfw-1a" = "dfw1a" + "us-east-1-iah-1" = "iah1" + "us-east-1-iah-1a" = "iah1a" + "us-east-1-mci-1" = "mci1" + "us-east-1-mci-1a" = "mci1a" + "us-east-1-mia-1" = "mia1" + "us-east-1-mia-1a" = "mia1a" + "us-east-1-msp-1" = "msp1" + "us-east-1-msp-1a" = "msp1a" + "us-east-1-nyc-1" = "nyc1" + "us-east-1-nyc-1a" = "nyc1a" + "us-east-1-phl-1" = "phi1" + "us-east-1-phl-1a" = "phi1a" + "us-east-2" = "use2" "us-east-2a" = "use2a" "us-east-2b" = "use2b" @@ -525,306 +651,25 @@ locals { "us-west-2g" = "usw2g" "us-west-2h" = "usw2h" + "us-west-2-den-1" = "den1" + "us-west-2-den-1a" = "den1a" + "us-west-2-las-1" = "las1" + "us-west-2-las-1a" = "las1a" + "us-west-2-lax-1" = "lax1" "us-west-2-lax-1a" = "lax1a" "us-west-2-lax-1b" = "lax1b" - "us-west-2-lax-1c" = "lax1c" - "us-west-2-lax-1d" = "lax1d" + "us-west-2-pdx-1" = "pdx1" + "us-west-2-pdx-1a" = "pdx1a" + "us-west-2-phx-1" = "phx1" + "us-west-2-phx-1a" = "phx1a" + "us-west-2-sea-1" = "sea1" + "us-west-2-sea-1a" = "sea1a" } from_fixed = zipmap(values(local.to_fixed), keys(local.to_fixed)) from_short = zipmap(values(local.to_short), keys(local.to_short)) - identity = { - "ap-east-1" = "ap-east-1" - "ap-east-1a" = "ap-east-1a" - "ap-east-1b" = "ap-east-1b" - "ap-east-1c" = "ap-east-1c" - "ap-east-1d" = "ap-east-1d" - "ap-east-1e" = "ap-east-1e" - "ap-east-1f" = "ap-east-1f" - "ap-east-1g" = "ap-east-1g" - "ap-east-1h" = "ap-east-1h" - - "ap-northeast-1" = "ap-northeast-1" - "ap-northeast-1a" = "ap-northeast-1a" - "ap-northeast-1b" = "ap-northeast-1b" - "ap-northeast-1c" = "ap-northeast-1c" - "ap-northeast-1d" = "ap-northeast-1d" - "ap-northeast-1e" = "ap-northeast-1e" - "ap-northeast-1f" = "ap-northeast-1f" - "ap-northeast-1g" = "ap-northeast-1g" - "ap-northeast-1h" = "ap-northeast-1h" - - "ap-northeast-2" = "ap-northeast-2" - "ap-northeast-2a" = "ap-northeast-2a" - "ap-northeast-2b" = "ap-northeast-2b" - "ap-northeast-2c" = "ap-northeast-2c" - "ap-northeast-2d" = "ap-northeast-2d" - "ap-northeast-2e" = "ap-northeast-2e" - "ap-northeast-2f" = "ap-northeast-2f" - "ap-northeast-2g" = "ap-northeast-2g" - "ap-northeast-2h" = "ap-northeast-2h" - - "ap-northeast-3" = "ap-northeast-3" - "ap-northeast-3a" = "ap-northeast-3a" - "ap-northeast-3b" = "ap-northeast-3b" - "ap-northeast-3c" = "ap-northeast-3c" - - "ap-south-1" = "ap-south-1" - "ap-south-1a" = "ap-south-1a" - "ap-south-1b" = "ap-south-1b" - "ap-south-1c" = "ap-south-1c" - "ap-south-1d" = "ap-south-1d" - "ap-south-1e" = "ap-south-1e" - "ap-south-1f" = "ap-south-1f" - "ap-south-1g" = "ap-south-1g" - "ap-south-1h" = "ap-south-1h" - - "ap-southeast-1" = "ap-southeast-1" - "ap-southeast-1a" = "ap-southeast-1a" - "ap-southeast-1b" = "ap-southeast-1b" - "ap-southeast-1c" = "ap-southeast-1c" - "ap-southeast-1d" = "ap-southeast-1d" - "ap-southeast-1e" = "ap-southeast-1e" - "ap-southeast-1f" = "ap-southeast-1f" - "ap-southeast-1g" = "ap-southeast-1g" - "ap-southeast-1h" = "ap-southeast-1h" - - "ap-southeast-2" = "ap-southeast-2" - "ap-southeast-2a" = "ap-southeast-2a" - "ap-southeast-2b" = "ap-southeast-2b" - "ap-southeast-2c" = "ap-southeast-2c" - "ap-southeast-2d" = "ap-southeast-2d" - "ap-southeast-2e" = "ap-southeast-2e" - "ap-southeast-2f" = "ap-southeast-2f" - "ap-southeast-2g" = "ap-southeast-2g" - "ap-southeast-2h" = "ap-southeast-2h" - - "ap-southeast-3" = "ap-southeast-3" - "ap-southeast-3a" = "ap-southeast-3a" - "ap-southeast-3b" = "ap-southeast-3b" - "ap-southeast-3c" = "ap-southeast-3c" - "ap-southeast-3d" = "ap-southeast-3d" - "ap-southeast-3e" = "ap-southeast-3e" - "ap-southeast-3f" = "ap-southeast-3f" - "ap-southeast-3g" = "ap-southeast-3g" - "ap-southeast-3h" = "ap-southeast-3h" - - "ca-central-1" = "ca-central-1" - "ca-central-1a" = "ca-central-1a" - "ca-central-1b" = "ca-central-1b" - "ca-central-1c" = "ca-central-1c" - "ca-central-1d" = "ca-central-1d" - "ca-central-1e" = "ca-central-1e" - "ca-central-1f" = "ca-central-1f" - "ca-central-1g" = "ca-central-1g" - "ca-central-1h" = "ca-central-1h" - - "eu-central-1" = "eu-central-1" - "eu-central-1a" = "eu-central-1a" - "eu-central-1b" = "eu-central-1b" - "eu-central-1c" = "eu-central-1c" - "eu-central-1d" = "eu-central-1d" - "eu-central-1e" = "eu-central-1e" - "eu-central-1f" = "eu-central-1f" - "eu-central-1g" = "eu-central-1g" - "eu-central-1h" = "eu-central-1h" - - "eu-north-1" = "eu-north-1" - "eu-north-1a" = "eu-north-1a" - "eu-north-1b" = "eu-north-1b" - "eu-north-1c" = "eu-north-1c" - "eu-north-1d" = "eu-north-1d" - "eu-north-1e" = "eu-north-1e" - "eu-north-1f" = "eu-north-1f" - "eu-north-1g" = "eu-north-1g" - "eu-north-1h" = "eu-north-1h" - - "eu-south-1" = "eu-south-1" - "eu-south-1a" = "eu-south-1a" - "eu-south-1b" = "eu-south-1b" - "eu-south-1c" = "eu-south-1c" - "eu-south-1d" = "eu-south-1d" - "eu-south-1e" = "eu-south-1e" - "eu-south-1f" = "eu-south-1f" - "eu-south-1g" = "eu-south-1g" - "eu-south-1h" = "eu-south-1h" - - "eu-west-1" = "eu-west-1" - "eu-west-1a" = "eu-west-1a" - "eu-west-1b" = "eu-west-1b" - "eu-west-1c" = "eu-west-1c" - "eu-west-1d" = "eu-west-1d" - "eu-west-1e" = "eu-west-1e" - "eu-west-1f" = "eu-west-1f" - "eu-west-1g" = "eu-west-1g" - "eu-west-1h" = "eu-west-1h" - - "eu-west-2" = "eu-west-2" - "eu-west-2a" = "eu-west-2a" - "eu-west-2b" = "eu-west-2b" - "eu-west-2c" = "eu-west-2c" - "eu-west-2d" = "eu-west-2d" - "eu-west-2e" = "eu-west-2e" - "eu-west-2f" = "eu-west-2f" - "eu-west-2g" = "eu-west-2g" - "eu-west-2h" = "eu-west-2h" - - "eu-west-3" = "eu-west-3" - "eu-west-3a" = "eu-west-3a" - "eu-west-3b" = "eu-west-3b" - "eu-west-3c" = "eu-west-3c" - "eu-west-3d" = "eu-west-3d" - "eu-west-3e" = "eu-west-3e" - "eu-west-3f" = "eu-west-3f" - "eu-west-3g" = "eu-west-3g" - "eu-west-3h" = "eu-west-3h" - - "af-south-1" = "af-south-1" - "af-south-1a" = "af-south-1a" - "af-south-1b" = "af-south-1b" - "af-south-1c" = "af-south-1c" - "af-south-1d" = "af-south-1d" - "af-south-1e" = "af-south-1e" - "af-south-1f" = "af-south-1f" - "af-south-1g" = "af-south-1g" - "af-south-1h" = "af-south-1h" - - "us-gov-east-1" = "us-gov-east-1" - "us-gov-east-1a" = "us-gov-east-1a" - "us-gov-east-1b" = "us-gov-east-1b" - "us-gov-east-1c" = "us-gov-east-1c" - "us-gov-east-1d" = "us-gov-east-1d" - "us-gov-east-1e" = "us-gov-east-1e" - "us-gov-east-1f" = "us-gov-east-1f" - "us-gov-east-1g" = "us-gov-east-1g" - "us-gov-east-1h" = "us-gov-east-1h" - - "us-gov-west-1" = "us-gov-west-1" - "us-gov-west-1a" = "us-gov-west-1a" - "us-gov-west-1b" = "us-gov-west-1b" - "us-gov-west-1c" = "us-gov-west-1c" - "us-gov-west-1d" = "us-gov-west-1d" - "us-gov-west-1e" = "us-gov-west-1e" - "us-gov-west-1f" = "us-gov-west-1f" - "us-gov-west-1g" = "us-gov-west-1g" - "us-gov-west-1h" = "us-gov-west-1h" - - "me-south-1" = "me-south-1" - "me-south-1a" = "me-south-1a" - "me-south-1b" = "me-south-1b" - "me-south-1c" = "me-south-1c" - "me-south-1d" = "me-south-1d" - "me-south-1e" = "me-south-1e" - "me-south-1f" = "me-south-1f" - "me-south-1g" = "me-south-1g" - "me-south-1h" = "me-south-1h" - - "cn-north-1" = "cn-north-1" - "cn-north-1a" = "cn-north-1a" - "cn-north-1b" = "cn-north-1b" - "cn-north-1c" = "cn-north-1c" - "cn-north-1d" = "cn-north-1d" - "cn-north-1e" = "cn-north-1e" - "cn-north-1f" = "cn-north-1f" - "cn-north-1g" = "cn-north-1g" - "cn-north-1h" = "cn-north-1h" - - "cn-northwest-1" = "cn-northwest-1" - "cn-northwest-1a" = "cn-northwest-1a" - "cn-northwest-1b" = "cn-northwest-1b" - "cn-northwest-1c" = "cn-northwest-1c" - "cn-northwest-1d" = "cn-northwest-1d" - "cn-northwest-1e" = "cn-northwest-1e" - "cn-northwest-1f" = "cn-northwest-1f" - "cn-northwest-1g" = "cn-northwest-1g" - "cn-northwest-1h" = "cn-northwest-1h" - - "sa-east-1" = "sa-east-1" - "sa-east-1a" = "sa-east-1a" - "sa-east-1b" = "sa-east-1b" - "sa-east-1c" = "sa-east-1c" - "sa-east-1d" = "sa-east-1d" - "sa-east-1e" = "sa-east-1e" - "sa-east-1f" = "sa-east-1f" - "sa-east-1g" = "sa-east-1g" - "sa-east-1h" = "sa-east-1h" - - "us-east-1" = "us-east-1" - "us-east-1a" = "us-east-1a" - "us-east-1b" = "us-east-1b" - "us-east-1c" = "us-east-1c" - "us-east-1d" = "us-east-1d" - "us-east-1e" = "us-east-1e" - "us-east-1f" = "us-east-1f" - "us-east-1g" = "us-east-1g" - "us-east-1h" = "us-east-1h" - - "us-east-2" = "us-east-2" - "us-east-2a" = "us-east-2a" - "us-east-2b" = "us-east-2b" - "us-east-2c" = "us-east-2c" - "us-east-2d" = "us-east-2d" - "us-east-2e" = "us-east-2e" - "us-east-2f" = "us-east-2f" - "us-east-2g" = "us-east-2g" - "us-east-2h" = "us-east-2h" - - "us-west-1" = "us-west-1" - "us-west-1a" = "us-west-1a" - "us-west-1b" = "us-west-1b" - "us-west-1c" = "us-west-1c" - "us-west-1d" = "us-west-1d" - "us-west-1e" = "us-west-1e" - "us-west-1f" = "us-west-1f" - "us-west-1g" = "us-west-1g" - "us-west-1h" = "us-west-1h" - - "us-west-2" = "us-west-2" - "us-west-2a" = "us-west-2a" - "us-west-2b" = "us-west-2b" - "us-west-2c" = "us-west-2c" - "us-west-2d" = "us-west-2d" - "us-west-2e" = "us-west-2e" - "us-west-2f" = "us-west-2f" - "us-west-2g" = "us-west-2g" - "us-west-2h" = "us-west-2h" - - "us-west-2-lax-1a" = "us-west-2-lax-1a" - "us-west-2-lax-1b" = "us-west-2-lax-1b" - "us-west-2-lax-1c" = "us-west-2-lax-1c" - "us-west-2-lax-1d" = "us-west-2-lax-1d" - } - - # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions - elb_logging_account = { - "us-east-1" = "127311923021" - "us-east-2" = "033677994240" - "us-west-1" = "027434742980" - "us-west-2" = "797873946194" - "af-south-1" = "098369216593" - "ca-central-1" = "985666609251" - "eu-central-1" = "054676820928" - "eu-west-1" = "156460612806" - "eu-west-2" = "652711504416" - "eu-south-1" = "635631232127" - "eu-west-3" = "009996457667" - "eu-north-1" = "897822967062" - "ap-east-1" = "754344448648" - "ap-northeast-1" = "582318560864" - "ap-northeast-2" = "600734575887" - "ap-northeast-3" = "383597477331" - "ap-southeast-1" = "114774131450" - "ap-southeast-2" = "783225319266" - "ap-southeast-3" = "589379963580" - "ap-south-1" = "718504428378" - "me-south-1" = "076674570225" - "sa-east-1" = "507241528517" - "us-gov-west-1" = "048591011584" - "us-gov-east-1" = "190560391635" - "cn-north-1" = "638102146993" - "cn-northwest-1" = "037604701340" - } + identity = { for k, v in local.to_short : k => k } } data "aws_regions" "default" { diff --git a/outputs.tf b/outputs.tf index 9086a8b..43b7e93 100644 --- a/outputs.tf +++ b/outputs.tf @@ -17,11 +17,30 @@ output "region_az_alt_code_maps" { } } +output "region_display_name_map" { + description = <<-EOT + Map of full region names to user-friendly display names (e.g. "eu-west-3" = "Europe (Paris)"). + EOT + value = local.to_display_name +} + output "elb_logging_account" { description = "Map of full region to ELB logging account" value = local.elb_logging_account } +output "elb_logging_s3_bucket_policy_json" { + description = <<-EOT + The S3 bucket policy (in JSON) to attach to the S3 bucket to allow Load Balancer logs to be added. + Requires `elb_logging_bucket_resource_arn` and `elb_logging_region` inputs. + EOT + value = join("", + data.aws_iam_policy_document.by_account.*.json, + data.aws_iam_policy_document.by_region.*.json, + data.aws_iam_policy_document.by_outpost.*.json, + ) +} + output "enabled_regions" { description = "A list of regions that are enabled in the account" value = setunion(data.aws_regions.default.names, data.aws_regions.opted_in.names) diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index c5976d0..6c7a7b6 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -29,7 +29,8 @@ func TestExamplesComplete(t *testing.T) { fixedRoundTrip := terraform.Output(t, terraformOptions, "fixed_round_trip") shortRoundTrip := terraform.Output(t, terraformOptions, "short_round_trip") enabledRegions := terraform.OutputList(t, terraformOptions, "enabled_regions") - disabledRegions := terraform.OutputList(t, terraformOptions, "disabled_regions") + //disabledRegions := terraform.OutputList(t, terraformOptions, "disabled_regions") + idSize := terraform.Output(t, terraformOptions, "identity_size") // Verify we're getting back the outputs we expect assert.Len(t, fixed, 3) @@ -38,5 +39,12 @@ func TestExamplesComplete(t *testing.T) { assert.Equal(t, region, fixedRoundTrip) assert.Equal(t, region, shortRoundTrip) assert.Contains(t, enabledRegions, "us-east-1") - assert.Contains(t, disabledRegions, "af-south-1") + // We may enable all regions in the test account + //assert.Contains(t, disabledRegions, "af-south-1") + + assert.Equal(t, idSize, terraform.Output(t, terraformOptions, "to_short_size"), "Transformation maps are different sizes") + assert.Equal(t, idSize, terraform.Output(t, terraformOptions, "to_fixed_size"), "Transformation maps are different sizes") + assert.Equal(t, idSize, terraform.Output(t, terraformOptions, "from_short_size"), "Transformation maps are different sizes") + assert.Equal(t, idSize, terraform.Output(t, terraformOptions, "from_fixed_size"), "Transformation maps are different sizes") + } diff --git a/test/src/go.mod b/test/src/go.mod index f703040..7ce6a50 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -1,10 +1,11 @@ module github.com/cloudposse/terraform-aws-utils -go 1.17 +go 1.19 require ( - github.com/gruntwork-io/terratest v0.39.0 - github.com/stretchr/testify v1.7.0 + // Known security flaws in terratest dependencies prior to v0.40.15 + github.com/gruntwork-io/terratest v0.40.20 + github.com/stretchr/testify v1.8.0 ) require ( @@ -21,7 +22,7 @@ require ( github.com/googleapis/gax-go/v2 v2.0.5 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-getter v1.5.11 // indirect + github.com/hashicorp/go-getter v1.6.1 // indirect github.com/hashicorp/go-multierror v1.1.0 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.3.0 // indirect @@ -45,7 +46,7 @@ require ( golang.org/x/mod v0.4.2 // indirect golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect - golang.org/x/sys v0.0.0-20210603125802-9665404d3644 // indirect + golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect golang.org/x/text v0.3.6 // indirect golang.org/x/tools v0.1.2 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect @@ -55,5 +56,5 @@ require ( google.golang.org/grpc v1.38.0 // indirect google.golang.org/protobuf v1.26.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/test/src/go.sum b/test/src/go.sum index 5badac5..d9c2eeb 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -127,8 +127,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -152,14 +152,14 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gruntwork-io/terratest v0.39.0 h1:Lq7aNCoFxhhmdQIyuBFBf8N87aCnypmNBFYgvsdIfCQ= -github.com/gruntwork-io/terratest v0.39.0/go.mod h1:CjHsEgP1Pe987X5N8K5qEqCuLtu1bqERGIAF8bTj1s0= +github.com/gruntwork-io/terratest v0.40.20 h1:pco6s3b62h2Yd13N+HvHQVTAk3aPRz4sdoVwErPCBzQ= +github.com/gruntwork-io/terratest v0.40.20/go.mod h1:JGeIGgLbxbG9/Oqm06z6YXVr76CfomdmLkV564qov+8= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-getter v1.5.11 h1:wioTuNmaBU3IE9vdFtFMcmZWj0QzLc6DYaP6sNe5onY= -github.com/hashicorp/go-getter v1.5.11/go.mod h1:9i48BP6wpWweI/0/+FBjqLrp9S8XtwUGjiu0QkWHEaY= +github.com/hashicorp/go-getter v1.6.1 h1:NASsgP4q6tL94WH6nJxKWj8As2H/2kop/bB1d8JMyRY= +github.com/hashicorp/go-getter v1.6.1/go.mod h1:IZCrswsZPeWv9IkVnLElzRU/gz/QPi6pZHn4tv6vbwA= github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= @@ -223,13 +223,15 @@ github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdk github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= @@ -403,8 +405,8 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e h1:w36l2Uw3dRan1K3TyXriXvY+6T56GNmlKGcqiQUJDfM= +golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -592,8 +594,8 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/variables.tf b/variables.tf index ff9b03b..bbc66b3 100644 --- a/variables.tf +++ b/variables.tf @@ -1,4 +1,15 @@ -variable "example" { - description = "Example variable" - default = "hello world" +variable "elb_logging_bucket_resource_arn" { + type = string + description = <<-EOT + The AWS Resource ARN to use in the policy granting access to Load Balancer Logging. + Typically of the form `arn:aws:s3:::_bucket-name_/_prefix_/AWSLogs/_your-aws-account-id_/*`. + Required to generate `elb_logging_s3_bucket_policy_json`. + See [AWS Documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy). + EOT + default = "" +} + +variable "elb_logging_region" { + description = "Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`." + default = "" } From 8e8ce664b5f3ac9471ec9835b34fb4cab8d6cfb6 Mon Sep 17 00:00:00 2001 From: Nuru Date: Mon, 26 Sep 2022 14:33:14 -0700 Subject: [PATCH 3/6] Make reviewer-requested changes --- README.md | 2 +- README.yaml | 2 +- examples/complete/outputs.tf | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4af5277..9b21929 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ the region prefix and dashes removed. - The `fixed` abbreviations are always exactly 3 characters for regions and 4 characters for availability zones and local zones, but have some exceptional cases (China, Africa, Asia-Pacific South, US GovCloud) that have non-obvious abbreviations. If a future new region causes a conflict with an established local zone -abbreviation, we may change the local zone abbreviation to to keep the region mappings consistent. For example, +abbreviation, we may change the local zone abbreviation to keep the region mappings consistent. For example, the local zone `us-east-1-mci-1a` would have been abbreviated `mc1a` had we released it earlier, and that would have conflicted with the new (in 2022) `me-central-1a` which would also be abbreviated `mc1a` in keeping with the general pattern of using the first letter of each of the first 2 parts. We might have chosen to change the abbreviation diff --git a/README.yaml b/README.yaml index 4a3f8c7..216553c 100644 --- a/README.yaml +++ b/README.yaml @@ -80,7 +80,7 @@ introduction: |- - The `fixed` abbreviations are always exactly 3 characters for regions and 4 characters for availability zones and local zones, but have some exceptional cases (China, Africa, Asia-Pacific South, US GovCloud) that have non-obvious abbreviations. If a future new region causes a conflict with an established local zone - abbreviation, we may change the local zone abbreviation to to keep the region mappings consistent. For example, + abbreviation, we may change the local zone abbreviation to keep the region mappings consistent. For example, the local zone `us-east-1-mci-1a` would have been abbreviated `mc1a` had we released it earlier, and that would have conflicted with the new (in 2022) `me-central-1a` which would also be abbreviated `mc1a` in keeping with the general pattern of using the first letter of each of the first 2 parts. We might have chosen to change the abbreviation diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 174d82a..fef977b 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -17,14 +17,17 @@ output "identity_size" { description = "Size of identity map" value = local.identity_size } + output "to_short_size" { description = "Size of to_short map" value = local.to_short_size } + output "to_fixed_size" { description = "Size of to_fixed map" value = local.to_fixed_size } + output "from_short_size" { description = "Size of from_short map" value = local.from_short_size From 75a1eeaa759c1496b627f5bd33a84dad15dfb082 Mon Sep 17 00:00:00 2001 From: Nuru Date: Tue, 27 Sep 2022 13:03:49 -0700 Subject: [PATCH 4/6] Remove outpost policy, which is not region dependent --- README.md | 15 +-- README.yaml | 12 ++- docs/terraform.md | 3 +- elb.tf | 28 +----- examples/complete/main.tf | 12 +++ examples/complete/outputs.tf | 8 ++ outputs.tf | 1 - test/src/examples_complete_test.go | 29 +++++- test/src/go.mod | 31 +++++- test/src/go.sum | 152 +++++++++++++++++++++++++++++ variables.tf | 5 +- 11 files changed, 250 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 9b21929..c1d77fe 100644 --- a/README.md +++ b/README.md @@ -108,11 +108,13 @@ configuring [S3 Bucket Permissions](https://docs.aws.amazon.com/elasticloadbalan to allow access logs to be stored in S3. However, the account IDs have no other purpose, and as AWS expands, it has become more complicated to create -the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1` and -both are different from the policy to be used with a local zone. So now this module has a new feature: you -provide the full AWS region code for the region where logging is to take place (`elb_logging_region`), and the S3 bucket ARN for -where logs are to be stored (`elb_logging_bucket_resource_arn`), and this module will output the appropriate -S3 bucket policy (in JSON) to attach to your S3 bucket. +the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1`. +So now this module has a new feature: you provide the full AWS region code for the region where logging +is to take place (`elb_logging_region`), and the S3 bucket ARN for where logs are to be stored (`elb_logging_bucket_resource_arn`), +and this module will output the appropriate S3 bucket policy (in JSON) to attach to your S3 bucket. + +NOTE: The region must be known at Terraform "plan" time. Use a configuration input, such as what you used +to configure the Terraform AWS Provider, not an output from some resource or module. ### Region Display Names @@ -231,7 +233,6 @@ Available targets: | Name | Type | |------|------| | [aws_iam_policy_document.by_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.by_outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.by_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_regions.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.not_opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | @@ -247,7 +248,7 @@ Available targets: | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [elb\_logging\_bucket\_resource\_arn](#input\_elb\_logging\_bucket\_resource\_arn) | The AWS Resource ARN to use in the policy granting access to Load Balancer Logging.
Typically of the form `arn:aws:s3:::_bucket-name_/_prefix_/AWSLogs/_your-aws-account-id_/*`.
Required to generate `elb_logging_s3_bucket_policy_json`.
See [AWS Documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy). | `string` | `""` | no | -| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`. | `string` | `""` | no | +| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`.
Must be known at "plan" time. | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | diff --git a/README.yaml b/README.yaml index 216553c..f50f4d5 100644 --- a/README.yaml +++ b/README.yaml @@ -110,11 +110,13 @@ introduction: |- to allow access logs to be stored in S3. However, the account IDs have no other purpose, and as AWS expands, it has become more complicated to create - the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1` and - both are different from the policy to be used with a local zone. So now this module has a new feature: you - provide the full AWS region code for the region where logging is to take place (`elb_logging_region`), and the S3 bucket ARN for - where logs are to be stored (`elb_logging_bucket_resource_arn`), and this module will output the appropriate - S3 bucket policy (in JSON) to attach to your S3 bucket. + the correct bucket policy. The policy for region `me-central-1` is different than the policy for `us-east-1`. + So now this module has a new feature: you provide the full AWS region code for the region where logging + is to take place (`elb_logging_region`), and the S3 bucket ARN for where logs are to be stored (`elb_logging_bucket_resource_arn`), + and this module will output the appropriate S3 bucket policy (in JSON) to attach to your S3 bucket. + + NOTE: The region must be known at Terraform "plan" time. Use a configuration input, such as what you used + to configure the Terraform AWS Provider, not an output from some resource or module. ### Region Display Names diff --git a/docs/terraform.md b/docs/terraform.md index d4ca820..0248388 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,6 @@ | Name | Type | |------|------| | [aws_iam_policy_document.by_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.by_outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.by_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_regions.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | | [aws_regions.not_opted_in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source | @@ -39,7 +38,7 @@ | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [elb\_logging\_bucket\_resource\_arn](#input\_elb\_logging\_bucket\_resource\_arn) | The AWS Resource ARN to use in the policy granting access to Load Balancer Logging.
Typically of the form `arn:aws:s3:::_bucket-name_/_prefix_/AWSLogs/_your-aws-account-id_/*`.
Required to generate `elb_logging_s3_bucket_policy_json`.
See [AWS Documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy). | `string` | `""` | no | -| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`. | `string` | `""` | no | +| [elb\_logging\_region](#input\_elb\_logging\_region) | Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`.
Must be known at "plan" time. | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | diff --git a/elb.tf b/elb.tf index 7f427b1..b4ce3bf 100644 --- a/elb.tf +++ b/elb.tf @@ -1,13 +1,11 @@ locals { + // Do not base policy availability on resource ARN, as it may not be available at plan time elb_policy_enabled = (module.this.enabled && - try(length(var.elb_logging_bucket_resource_arn), 0) > 0 && try(length(var.elb_logging_region), 0) > 0 ) - region_is_outpost = try(length(split("-", var.elb_logging_region)), 0) > 3 elb_policy_by_account = local.elb_policy_enabled && try(length(local.elb_logging_account[var.elb_logging_region]), 0) > 0 - elb_policy_by_outpost = local.elb_policy_enabled && local.region_is_outpost - elb_policy_by_region = local.elb_policy_enabled && ! local.elb_policy_by_account && ! local.elb_policy_by_outpost + elb_policy_by_region = local.elb_policy_enabled && ! local.elb_policy_by_account # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy elb_logging_account = { @@ -76,25 +74,3 @@ data "aws_iam_policy_document" "by_region" { } } } - -# Policy for outposts (local regions) according to -# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy -data "aws_iam_policy_document" "by_outpost" { - statement { - sid = "LoadBalancerLoggingAccess" - effect = "Allow" - resources = [var.elb_logging_bucket_resource_arn] - actions = ["s3:PutObject"] - - condition { - test = "StringEquals" - variable = "s3:x-amz-acl" - values = ["bucket-owner-full-control"] - } - - principals { - type = "Service" - identifiers = ["logdelivery.elb.amazonaws.com"] - } - } -} diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 782fbd9..23fffd3 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,9 +2,21 @@ provider "aws" { region = var.region } +data "aws_caller_identity" "current" {} + +module "s3_bucket" { + source = "cloudposse/s3-bucket/aws" + version = "3.0.0" + + context = module.this.context +} + module "example" { source = "../.." + elb_logging_bucket_resource_arn = "${module.s3_bucket.bucket_arn}/prefix/AWSLogs/${data.aws_caller_identity.current.account_id}/*}" + elb_logging_region = var.region + context = module.this.context } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index fef977b..d4cdfcf 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -57,3 +57,11 @@ output "disabled_regions" { description = "A list of regions that are disabled in the account" value = module.example.disabled_regions } + +output "elb_logging_s3_bucket_policy_json" { + description = <<-EOT + The S3 bucket policy (in JSON) to attach to the S3 bucket to allow Load Balancer logs to be added. + Requires `elb_logging_bucket_resource_arn` and `elb_logging_region` inputs. + EOT + value = module.example.elb_logging_s3_bucket_policy_json +} diff --git a/outputs.tf b/outputs.tf index 43b7e93..c2517b7 100644 --- a/outputs.tf +++ b/outputs.tf @@ -37,7 +37,6 @@ output "elb_logging_s3_bucket_policy_json" { value = join("", data.aws_iam_policy_document.by_account.*.json, data.aws_iam_policy_document.by_region.*.json, - data.aws_iam_policy_document.by_outpost.*.json, ) } diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 6c7a7b6..9aa9643 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -1,23 +1,46 @@ package test import ( + "os" + "strings" "testing" + "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + testStructure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/assert" ) +func cleanup(t *testing.T, terraformOptions *terraform.Options, tempTestFolder string) { + terraform.Destroy(t, terraformOptions) + os.RemoveAll(tempTestFolder) +} + // Test the Terraform module in examples/complete using Terratest. func TestExamplesComplete(t *testing.T) { + t.Parallel() + randID := strings.ToLower(random.UniqueId()) + attributes := []string{randID} + + rootFolder := "../../" + terraformFolderRelativeToRoot := "examples/complete" + varFiles := []string{"fixtures.us-east-2.tfvars"} + + tempTestFolder := testStructure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) + terraformOptions := &terraform.Options{ // The path to where our Terraform code is located - TerraformDir: "../../examples/complete", + TerraformDir: tempTestFolder, Upgrade: true, // Variables to pass to our Terraform code using -var-file options - VarFiles: []string{"fixtures.us-east-2.tfvars"}, + VarFiles: varFiles, + Vars: map[string]interface{}{ + "attributes": attributes, + }, } + // At the end of the test, run `terraform destroy` to clean up any resources that were created - defer terraform.Destroy(t, terraformOptions) + defer cleanup(t, terraformOptions, tempTestFolder) // This will run `terraform init` and `terraform apply` and fail the test if there are any errors terraform.InitAndApply(t, terraformOptions) diff --git a/test/src/go.mod b/test/src/go.mod index 7ce6a50..a10e69b 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -15,11 +15,22 @@ require ( github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/aws/aws-sdk-go v1.40.56 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-logr/logr v0.2.0 // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.3 // indirect + github.com/google/gofuzz v1.1.0 // indirect + github.com/google/uuid v1.2.0 // indirect github.com/googleapis/gax-go/v2 v2.0.5 // indirect + github.com/googleapis/gnostic v0.4.1 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.6.1 // indirect @@ -28,17 +39,25 @@ require ( github.com/hashicorp/go-version v1.3.0 // indirect github.com/hashicorp/hcl/v2 v2.9.1 // indirect github.com/hashicorp/terraform-json v0.13.0 // indirect + github.com/imdario/mergo v0.3.11 // indirect github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/json-iterator/go v1.1.11 // indirect github.com/jstemmer/go-junit-report v0.9.1 // indirect github.com/klauspost/compress v1.13.0 // indirect github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pquerna/otp v1.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect github.com/tmccombs/hcl2json v0.3.3 // indirect github.com/ulikunitz/xz v0.5.8 // indirect + github.com/urfave/cli v1.22.2 // indirect github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.23.0 // indirect golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect @@ -47,7 +66,9 @@ require ( golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect golang.org/x/text v0.3.6 // indirect + golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect golang.org/x/tools v0.1.2 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/api v0.47.0 // indirect @@ -55,6 +76,14 @@ require ( google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect google.golang.org/grpc v1.38.0 // indirect google.golang.org/protobuf v1.26.0 // indirect - gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.20.6 // indirect + k8s.io/apimachinery v0.20.6 // indirect + k8s.io/client-go v0.20.6 // indirect + k8s.io/klog/v2 v2.4.0 // indirect + k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.0.3 // indirect + sigs.k8s.io/yaml v1.2.0 // indirect ) diff --git a/test/src/go.sum b/test/src/go.sum index d9c2eeb..5b21c8e 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -39,8 +39,20 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -48,11 +60,15 @@ github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:o github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.40.56 h1:FM2yjR0UUYFzDTMx+mH9Vyw1k1EUUxsAFzk+BjkzANA= github.com/aws/aws-sdk-go v1.40.56/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -62,10 +78,21 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c h1:ZfSZ3P3BedhKGUhzj7BQlPSU4OvT6tfOKe3DVHzOA7s= +github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -73,13 +100,36 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY= +github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= +github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= +github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= +github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -129,6 +179,9 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -148,10 +201,18 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= +github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I= +github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= github.com/gruntwork-io/terratest v0.40.20 h1:pco6s3b62h2Yd13N+HvHQVTAk3aPRz4sdoVwErPCBzQ= github.com/gruntwork-io/terratest v0.40.20/go.mod h1:JGeIGgLbxbG9/Oqm06z6YXVr76CfomdmLkV564qov+8= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -173,8 +234,12 @@ github.com/hashicorp/hcl/v2 v2.9.1 h1:eOy4gREY0/ZQHNItlfuEZqtcQbXIxzojlP301hDpna github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/terraform-json v0.13.0 h1:Li9L+lKD1FO5RVFRM1mMMIBDoUHslOniyEi5CM+FWGY= github.com/hashicorp/terraform-json v0.13.0/go.mod h1:y5OdLBCT+rxbwnpxZs9kGL7R9ExU76+cpdY8zHwoazk= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -182,26 +247,40 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -213,16 +292,44 @@ github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eI github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -236,6 +343,8 @@ github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uL github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= @@ -262,8 +371,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -306,6 +417,7 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -313,9 +425,11 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -366,16 +480,22 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -393,6 +513,7 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -421,6 +542,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s= +golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -431,6 +554,7 @@ golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -458,6 +582,7 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= @@ -466,6 +591,7 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= @@ -590,9 +716,16 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogR gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -603,6 +736,25 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/api v0.20.6 h1:bgdZrW++LqgrLikWYNruIKAtltXbSCX2l5mJu11hrVE= +k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= +k8s.io/apimachinery v0.20.6 h1:R5p3SlhaABYShQSO6LpPsYHjV05Q+79eBUR0Ut/f4tk= +k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= +k8s.io/client-go v0.20.6 h1:nJZOfolnsVtDtbGJNCxzOtKUAu7zvXjB8+pMo9UNxZo= +k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= +k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ= +k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= +k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw= +k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/structured-merge-diff/v4 v4.0.3 h1:4oyYo8NREp49LBBhKxEqCulFjg26rawYKrnCmg+Sr6c= +sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/variables.tf b/variables.tf index bbc66b3..66549bd 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,9 @@ variable "elb_logging_bucket_resource_arn" { } variable "elb_logging_region" { - description = "Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`." + description = <<-EOT + Full region (e.g. `us-east-1`) where ELB logging is taking place. Required to generate `elb_s3_bucket_policy_json`. + Must be known at "plan" time. + EOT default = "" } From 6af6a45f819a20c0b33b6cd9484c50cf798d3862 Mon Sep 17 00:00:00 2001 From: Nuru Date: Fri, 30 Sep 2022 16:20:51 -0700 Subject: [PATCH 5/6] Update Terraform version used in tests --- examples/complete/main.tf | 5 +++++ examples/complete/versions.tf | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 23fffd3..ee2dced 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -35,3 +35,8 @@ locals { # This should fail with a runtime error if a key is missing. ux_check = [for k, v in module.example.region_display_name_map : local.code_maps.to_short[k]] } + +resource "aws_s3_bucket_policy" "allow_access_logging" { + bucket = module.s3_bucket.bucket_id + policy = module.example.elb_logging_s3_bucket_policy_json +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 450c502..2ca8470 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,3 +1,4 @@ terraform { - required_version = ">= 0.13.0" + # S3 bucket module requires at least Terraform v1.0 + required_version = ">= 1.0.0" } From 7e5a93ed73756641033d27a0050283f4ff8fd19b Mon Sep 17 00:00:00 2001 From: Nuru Date: Fri, 30 Sep 2022 16:31:36 -0700 Subject: [PATCH 6/6] Update Terraform requirement to >=0.14.0 --- README.md | 2 +- docs/terraform.md | 2 +- elb.tf | 2 +- versions.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c1d77fe..de1b66c 100644 --- a/README.md +++ b/README.md @@ -213,7 +213,7 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 0.14.0 | | [aws](#requirement\_aws) | >= 2 | ## Providers diff --git a/docs/terraform.md b/docs/terraform.md index 0248388..b0385dc 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 0.14.0 | | [aws](#requirement\_aws) | >= 2 | ## Providers diff --git a/elb.tf b/elb.tf index b4ce3bf..1036f0c 100644 --- a/elb.tf +++ b/elb.tf @@ -5,7 +5,7 @@ locals { ) elb_policy_by_account = local.elb_policy_enabled && try(length(local.elb_logging_account[var.elb_logging_region]), 0) > 0 - elb_policy_by_region = local.elb_policy_enabled && ! local.elb_policy_by_account + elb_policy_by_region = local.elb_policy_enabled && !local.elb_policy_by_account # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#attach-bucket-policy elb_logging_account = { diff --git a/versions.tf b/versions.tf index 41f439f..67f5376 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.14.0" required_providers { aws = {