Skip to content

Commit

Permalink
Prepare for v1.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@unfunco
unfunco committed Oct 12, 2022
1 parent 8d15e32 commit 7ecf6a1
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 27 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
Notable changes to this project are documented in this changelog.
This project adheres to the [semantic versioning] specification.

## [1.1.0] – 2022-10-12

- Use a data source to obtain the GitHub thumbprint ([07c4be3](https://github.com/unfunco/terraform-aws-oidc-github/commit/07c4be3c5569461f00209346dca61d5901ea789f))

## [1.0.0] – 2022-10-12

- Fixed an issue that could cause duplicate client IDs ([1e2a908](https://github.com/unfunco/terraform-aws-oidc-github/commit/1e2a9080933a96aaff681082e0878a38cfe787e2))
Expand Down Expand Up @@ -76,4 +80,5 @@ This project adheres to the [semantic versioning] specification.
[0.7.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v0.6.1...v0.7.0
[0.8.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v0.7.0...v0.8.0
[1.0.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v0.8.0...v1.0.0
[1.1.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.0.0...v1.1.0
[semantic versioning]: https://semver.org
34 changes: 17 additions & 17 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ provider "aws" {
module "oidc_github" {
source = "unfunco/oidc-github/aws"
version = "1.0.0"
version = "1.1.0"
github_repositories = [
"org/repo",
Expand Down Expand Up @@ -74,25 +74,25 @@ jobs:
| [aws_iam_openid_connect_provider.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [tls_certificate.github](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
## Inputs
| Name | Description | Type | Default | Required |
| ----------------------------- | --------------------------------------------------------------------------- | -------------- | -------------------------------------------- | :------: |
| attach_admin_policy | Flag to enable/disable the attachment of the AdministratorAccess policy. | `bool` | `false` | no |
| attach_read_only_policy | Flag to enable/disable the attachment of the ReadOnly policy. | `bool` | `true` | no |
| create_oidc_provider | Flag to enable/disable the creation of the GitHub OIDC provider. | `bool` | `true` | no |
| enabled | Flag to enable/disable the creation of resources. | `bool` | `true` | no |
| force_detach_policies | Flag to force detachment of policies attached to the IAM role. | `bool` | `false` | no |
| github_repositories | List of GitHub organization/repository names authorized to assume the role. | `list(string)` | n/a | yes |
| github_thumbprint | GitHub OpenID TLS certificate thumbprint. | `string` | `"6938fd4d98bab03faadb97b34396831e3780aea1"` | no |
| iam_role_inline_policies | Inline policies map with policy name as key and json as value. | `map(string)` | `{}` | no |
| iam_role_name | Name of the IAM role to be created. This will be assumable by GitHub. | `string` | `"github"` | no |
| iam_role_path | Path under which to create IAM role. | `string` | `"/"` | no |
| iam_role_permissions_boundary | ARN of the permissions boundary to be used by the IAM role. | `string` | `""` | no |
| iam_role_policy_arns | List of IAM policy ARNs to attach to the IAM role. | `list(string)` | `[]` | no |
| max_session_duration | Maximum session duration in seconds. | `number` | `3600` | no |
| tags | Map of tags to be applied to all resources. | `map(string)` | `{}` | no |
| Name | Description | Type | Default | Required |
| ----------------------------- | --------------------------------------------------------------------------- | -------------- | ---------- | :------: |
| attach_admin_policy | Flag to enable/disable the attachment of the AdministratorAccess policy. | `bool` | `false` | no |
| attach_read_only_policy | Flag to enable/disable the attachment of the ReadOnly policy. | `bool` | `true` | no |
| create_oidc_provider | Flag to enable/disable the creation of the GitHub OIDC provider. | `bool` | `true` | no |
| enabled | Flag to enable/disable the creation of resources. | `bool` | `true` | no |
| force_detach_policies | Flag to force detachment of policies attached to the IAM role. | `bool` | `false` | no |
| github_repositories | List of GitHub organization/repository names authorized to assume the role. | `list(string)` | n/a | yes |
| iam_role_inline_policies | Inline policies map with policy name as key and json as value. | `map(string)` | `{}` | no |
| iam_role_name | Name of the IAM role to be created. This will be assumable by GitHub. | `string` | `"github"` | no |
| iam_role_path | Path under which to create IAM role. | `string` | `"/"` | no |
| iam_role_permissions_boundary | ARN of the permissions boundary to be used by the IAM role. | `string` | `""` | no |
| iam_role_policy_arns | List of IAM policy ARNs to attach to the IAM role. | `list(string)` | `[]` | no |
| max_session_duration | Maximum session duration in seconds. | `number` | `3600` | no |
| tags | Map of tags to be applied to all resources. | `map(string)` | `{}` | no |

## Outputs

Expand Down
10 changes: 0 additions & 10 deletions examples/complete/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,16 +43,6 @@ variable "github_repositories" {
}
}

// Refer to the README for information on obtaining the thumbprint.
// This is specified as a variable to allow it to be updated quickly if it is
// unexpectedly changed by GitHub.
// See: https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/
variable "github_thumbprint" {
default = "6938fd4d98bab03faadb97b34396831e3780aea1"
description = "GitHub OpenID TLS certificate thumbprint."
type = string
}

variable "iam_role_name" {
default = "github"
description = "Name of the IAM role to be created. This will be assumable by GitHub."
Expand Down
5 changes: 5 additions & 0 deletions examples/complete/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ terraform {
source = "hashicorp/aws"
version = "~> 4.0"
}

tls = {
source = "hashicorp/tls"
version = "~> 4.0"
}
}

required_version = "~> 1.0"
Expand Down
5 changes: 5 additions & 0 deletions versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ terraform {
source = "hashicorp/aws"
version = "~> 4.0"
}

tls = {
source = "hashicorp/tls"
version = "~> 4.0"
}
}

required_version = "~> 1.0"
Expand Down

0 comments on commit 7ecf6a1

Please sign in to comment.