Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update terraform cloudposse/s3-bucket/aws to v0.44.1 #13

Merged
merged 14 commits into from
Nov 25, 2021
Merged

chore(deps): update terraform cloudposse/s3-bucket/aws to v0.44.1 #13

merged 14 commits into from
Nov 25, 2021

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 18, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-bucket/aws (source) module minor 0.38.0 -> 0.44.1

Release Notes

cloudposse/terraform-aws-s3-bucket

v0.44.1

Compare Source

🚀 Enhancements
Dynamic block for versioning added @​nnsense (#​118) ##### what Enabling `versioning` on a bucket is a permanent action that cannot be disabled. For this reason, when `versioning` attribute is added to the s3 resource, the bucket is prepared to be `versioned` and put in suspended mode. The only way to avoid this and keep the versioning disabled is to not add the `versioning` attribute at all.

We were discussing this in this bug and @​aknysh posted a snipped which is removing the attribute, making it possible to set versioning off instead of enabled but suspended.

I'm just adding that snippet, there's another PR which is apparently changing more than just the versioning and it seems abandoned (opened in February 2021, had no updates from August).

Note: there's a comment into this module's main:

#bridgecrew:skip=BC_AWS_S3_16:Skipping `Ensure S3 bucket versioning is enabled` because dynamic blocks are not supported by checkov

But I see that some basic handling for dynamic blocks has been added in checkov
bridgecrewio/checkov#​836

So if you're using checkov it would be interesting to remove the comment and see if it works now

why
  • In a very quick deployment, where versioning is less important than speed, having a delay before an object can be written could be an issue (See the note here)
  • If the buckets are created by terraform and deleted by a script, the versioned bucket's deletion is much more complex than a non-versioned one.
  • User's preference

v0.44.0

Compare Source

Allow specifying aws_s3_bucket_ownership_controls @​max-lobur (#​109) ##### what * Allow setting aws_s3_bucket_ownership_controls ##### why * Per [docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) this setting will let object uploader decide ownership. If `bucket-owner-full-control` ACL is specified, the bucket account take ownership, otherwise the writer account keeps ownership. Bucket on its side may enforce presence of the `bucket-owner-full-control` ACL which we already do when needed. So this setting was the only missing piece to make ownership work like we expected * I found no use cases for the other value of this resource: `ObjectWriter`. It corresponds to legacy S3 behavior which was broken for us. * However, giving the broad use of this module, I suspect there might be use cases that rely on previous S3 behavior: They set the ACL `bucket-owner-full-control` in their request and then still expect to own the object. To preserve legacy behavior I made this a variable, and the default corresponds to S3 legacy behavior. This is a new feature of AWS and we should wait for some time before enforcing the new default. ##### references * https://aws.amazon.com/blogs/storage/enforcing-ownership-of-amazon-s3-objects-in-a-multi-account-environment/ * https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls#ObjectWriter

v0.43.4

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-s3-user/aws to v0.15.7 @​renovate (#​113)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-s3-user/aws (source) module patch 0.15.6 -> 0.15.7
Release Notes
cloudposse/terraform-aws-iam-s3-user ##### [`v0.15.7`](https://togithub.com/cloudposse/terraform-aws-iam-s3-user/releases/0.15.7)

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-system-user/aws to v0.22.5 @​&#​8203;renovate (#&#​8203;39)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-system-user/aws (source) module patch 0.22.4 -> 0.22.5
Release Notes
cloudposse/terraform-aws-iam-system-user ##### [`v0.22.5`](https://togithub.com/cloudposse/terraform-aws-iam-system-user/releases/0.22.5)

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.3 @​&#​8203;&#&#​8203;8203;renovate (#&#&#​8203;8203;57)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.2 -> 0.8.3
Release Notes
cloudposse/terraform-aws-ssm-parameter-store ##### [`v0.8.3`](https://togithub.com/cloudposse/terraform-aws-ssm-parameter-store/releases/0.8.3)

Compare Source

🚀 Enhancements
feat: Template provider removed from versions.tf @​&#​8203;&#&#​8203;8203;&#&#&#​8203;8203;8203;DovnarAlexander (#&#&#&#​8203;8203;8203;36) ##### what * Template provider removed from versions.tf ##### why * This provider is not used and deprecated. On ARM platforms Terraform raises an exception (because it does not have a build for it) ##### references * https://registry.terraform.io/providers/hashicorp/template/latest/docs
Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.43.3

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-s3-user/aws to v0.15.6 @​renovate (#​112)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-s3-user/aws (source) module patch 0.15.5 -> 0.15.6
Release Notes
cloudposse/terraform-aws-iam-s3-user ##### [`v0.15.6`](https://togithub.com/cloudposse/terraform-aws-iam-s3-user/releases/0.15.6)

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-system-user/aws to v0.22.4 @​&#​8203;renovate (#&#​8203;38)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-system-user/aws (source) module patch 0.22.3 -> 0.22.4
Release Notes
cloudposse/terraform-aws-iam-system-user ##### [`v0.22.4`](https://togithub.com/cloudposse/terraform-aws-iam-system-user/releases/0.22.4)

Compare Source

🚀 Enhancements
Disable writing to store when create_iam_access_key is set to false @​&#​8203;&#&#​8203;8203;FilipNikolovski (#&#&#​8203;8203;56)

Setting the create_iam_access_key parameter to false throws an error when running terraform plan.

references
Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.43.2

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-s3-user/aws to v0.15.5 @​renovate (#​110)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-s3-user/aws (source) module patch 0.15.4 -> 0.15.5
Release Notes
cloudposse/terraform-aws-iam-s3-user ##### [`v0.15.5`](https://togithub.com/cloudposse/terraform-aws-iam-s3-user/releases/0.15.5)

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-system-user/aws to v0.22.3 @​&#​8203;renovate (#&#​8203;36)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-system-user/aws (source) module patch 0.22.2 -> 0.22.3
Release Notes
cloudposse/terraform-aws-iam-system-user ##### [`v0.22.3`](https://togithub.com/cloudposse/terraform-aws-iam-system-user/releases/0.22.3)

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.2 @​&#​8203;&#&#​8203;8203;renovate (#&#&#​8203;8203;53)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.1 -> 0.8.2
Release Notes
cloudposse/terraform-aws-ssm-parameter-store ##### [`v0.8.2`](https://togithub.com/cloudposse/terraform-aws-ssm-parameter-store/releases/0.8.2)

Compare Source

🚀 Enhancements
Fix: `var.enabled` for Parameter Read, Testing Suite Overhaul @​&#​8203;&#&#​8203;8203;&#&#&#​8203;8203;8203;korenyoni (#&#&#&#​8203;8203;8203;33) ##### what * Fix `var.parameter_read` not honoring `var.enabled`. * Overhaul tests to properly test for `map` output. * Overhaul tests to have a parallel test for a disabled context. * Test that module outputs work as expected in both enabled and disabled contexts. * Misc: Fix README snippets. * Misc: Bump module in examples/complete. ##### why * This module will still read from SSM Parameter Store even if `var.enabled` is `false`. * Tests are not sufficient to test for the use case described above. * Tests do not properly test `map` output. * Misc: README is out of date (git source instead of Terraform registry). ##### references * N/A
Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.43.1

Compare Source

🚀 Enhancements
Chore: run `make github/init`, bump module dependencies @​korenyoni (#​108) ##### what * Run `make github/init`. * Bump module dependencies. ##### why * Updates GHA-workflow-related files to their latest distribution. * The old modules do not contain the latest `context.tf` distribution, which makes them incompatible with features such as the `tenant` label. ##### references * https://github.com/cloudposse/terraform-null-label/releases/tag/0.25.0

v0.43.0

Compare Source

Add additional variable enable_noncurrent_version_expiration @​wszychta (#​90) ##### what * Enable possibility to disable `noncurrent_version_expiration` ##### why * Sometimes there is no need to have that lifecycle option * The rest of options are also configurable

v0.42.3

Compare Source

🚀 Enhancements
Conditionally create aws_s3_bucket_public_access_block @​alexjurkiewicz (#​94)

It's not needed if none of its options are enabled.

v0.42.2

Compare Source

🤖 Automatic Updates
Update Terraform cloudposse/iam-s3-user/aws to v0.15.3 @​renovate (#​106)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-s3-user/aws (source) module patch 0.15.2 -> 0.15.3
Release Notes
cloudposse/terraform-aws-iam-s3-user ##### [`v0.15.3`](https://togithub.com/cloudposse/terraform-aws-iam-s3-user/releases/0.15.3)

Compare Source

🤖 Automatic Updates
Update context.tf @​&#​8203;cloudpossebot (#&#​8203;34) ##### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` ##### why To support all the features of the `context` interface.
Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.42.1

Compare Source

🤖 Automatic Updates
Update context.tf @​cloudpossebot (#​105) ##### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` ##### why To support all the features of the `context` interface.

v0.42.0

Compare Source

fix privileged_principal_arns not creating bucket policy @​avendretter (#​101) ##### what * The `privileged_principal_arns` option is not creating a bucket policy. ##### why * A check at the `s3_bucket_policy is missing` ##### references * https://github.com/cloudposse/terraform-aws-s3-bucket/issues/100

v0.41.0

Compare Source

Allow user to enable S3 Transfer Acceleration @​alexjurkiewicz (#​98)

v0.40.1

Compare Source

🐛 Bug Fixes
Properly type the default replication filter object @​alexjurkiewicz (#​96) ##### what Properly type the default replication filter object ##### why An error exists — likely introduced during some rewriting in #​93 — where the default replication filter object is not properly typed, and causes issues with the ternary operator.

v0.40.0

Compare Source

Feat: Support Allowing Actions from Specific Principal ARNs in Bucket Policy. @​korenyoni (#​95) ##### what * Support allowing actions from specific principal ARNs in bucket policy. * Reorganize `examples/complete` (split up into multiple files to keep `main.tf` simple) * Misc: use `local.enabled` where possible ##### why * Some buckets that are used by CI/CD systems may need to allow actions from cross-account IAM principals in their bucket policy. ##### references * https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/160

v0.39.0

Compare Source

🚀 Enhancements
S3 Replication Improvements @​alexjurkiewicz (#​93) ##### Terraform plan impact

In order to support multiple S3 Bucket replication destinations, we must use the filter in the replication rule, even if there is nothing to filter. The filter, even if empty, conflicts with the prefix attribute of the rule (a v1 feature replaced in v2 with the filter). So we moved all prefix settings into the filter. Therefore, you may see Terraform make a change like this:

Click to show plan 
- rules {
  - id       = "replication-test"
  - prefix   = "/main"
  - priority = 0
  - status   = "Enabled"

  - destination {
    - bucket        = "arn:aws:s3:::replication-target"
    - storage_class = "STANDARD"
  }

  - filter {}
- }

+ rules {
    + id       = "replication-test"
    + priority = 0
    + status   = "Enabled"

    + destination {
        + bucket        = "arn:aws:s3:::replication-target"
        + storage_class = "STANDARD"
      }

    + filter {
        + prefix = "/main"
        + tags   = {}
    + }
+ }
This change is harmless and can be applied without impact. ##### Deprecation

To provide consistency in naming, the replication_rules input has been deprecated in favor of s3_replication_rules. Existing code will continue to work, but new users should use s3_replication_rules and current users of replication_rules should update their code to use s3_replication_rules at their convenience.

what
@​alexjurkiewicz
  • Add support for multi-bucket S3 replication
  • Add support for easily adding cross-account replication destination bucket policy statements
@​korenyoni
  • Add test for S3 bucket replication configuration to provide better code coverage
@​Nuru
  • Convert v1 prefix to v2 filter to support multiple replication destinations
  • Rename replication_rules to s3_replication_rules for consistency
  • Move testing to us-east-2 region because that is where Cloud Posse prefers to do testing
why
  • Module currently does not support multi-bucket S3 replication
  • Adding cross-account replication destination bucket policy statements is currently a manual task with no site-specific uniqueness
references

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested review from a team as code owners October 18, 2021 21:26
@renovate renovate bot requested review from florian0410 and milldr October 18, 2021 21:26
@renovate renovate bot added the auto-update This PR was automatically generated label Oct 18, 2021
@renovate renovate bot changed the title chore(deps): update terraform cloudposse/s3-bucket/aws to v0.43.1 chore(deps): update terraform cloudposse/s3-bucket/aws to v0.44.1 Nov 20, 2021
@renovate renovate bot force-pushed the renovate/cloudposse-s3-bucket-aws-0.x branch from 1d5f89e to 30bff19 Compare November 20, 2021 05:24
@mergify
Copy link

mergify bot commented Nov 22, 2021

This pull request is now in conflict. Could you fix it @renovate[bot]? 🙏

@renovate renovate bot force-pushed the renovate/cloudposse-s3-bucket-aws-0.x branch from 5171acb to 397c774 Compare November 25, 2021 20:25
@nitrocode
Copy link
Member

/test test/bats

@nitrocode
Copy link
Member

/test test/terratest

@nitrocode
Copy link
Member

/test test/terratest

@nitrocode
Copy link
Member

/test all

@nitrocode
Copy link
Member

/test all

@nitrocode
Copy link
Member

/test all

@nitrocode
Copy link
Member

test/bats will hopefully be fixed in the test harness PR cloudposse/test-harness#37

@nitrocode nitrocode merged commit 833d1e5 into master Nov 25, 2021
@nitrocode nitrocode deleted the renovate/cloudposse-s3-bucket-aws-0.x branch November 25, 2021 22:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nitrocode nitrocode nitrocode approved these changes

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 was automatically assigned from cloudposse/contributors

@milldr milldr Awaiting requested review from milldr milldr was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
auto-update This PR was automatically generated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nitrocode @renovate-bot @cloudpossebot