Restore Terraform 0.13 support, fix #12

.github/CODEOWNERS

@@ -15,8 +15,8 @@
 
 # Cloud Posse must review any changes to standard context definition,
 # but some changes can be rubber-stamped.
-**/*.tf       @cloudposse/engineering @cloudposse/approvers
-README.yaml   @cloudposse/engineering @cloudposse/approvers
+**/*.tf       @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml   @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 README.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 docs/*.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 

.github/auto-release.yml

@@ -46,7 +46,7 @@ template: |
 
 replacers:
 # Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s+)+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
   replace: ''
 # Remove Renovate bot banner image
 - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'

.github/workflows/auto-format.yml

@@ -29,6 +29,8 @@ jobs:
     - name: Auto Format
       if: github.event.pull_request.state == 'open'
       shell: bash
+      env:
+        GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
       run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
 
     # Commit changes (if any) to the PR branch

.github/workflows/auto-release.yml

@@ -3,17 +3,25 @@ name: auto-release
 on:
   push:
     branches:
-    - master
+      - main
+      - master
+      - production
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-    # Drafts your next Release notes as Pull Requests are merged into "master"
-    - uses: release-drafter/release-drafter@v5
-      with:
-        publish: true
-        prerelease: false
-        config-name: auto-release.yml
-      env:
-        GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Get PR from merged commit to master
+      - uses: actions-ecosystem/action-get-merged-pull-request@v1
+        id: get-merged-pull-request
+        with:
+          github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')"
+        with:
+          publish: true
+          prerelease: false
+          config-name: auto-release.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}

.github/workflows/validate-codeowners.yml

@@ -1,5 +1,7 @@
 name: Validate Codeowners
 on:
+  workflow_dispatch:
+
   pull_request:
 
 jobs:

README.md

@@ -94,6 +94,24 @@ The table below correctly indicates which inputs are required.
 
 
 
+Note: Terraform requires that all the elements of the `rules` list be exactly
+the same type. This means you must supply all the same keys and, for each key,
+all the values for that key must be the same type. Any optional key, such as
+`ipv6_cidr_blocks`, can be omitted from all the rules without problem. However,
+if some rules have a key and other rules would omit the key if that were allowed
+(e.g one rule has `cidr_blocks` and another rule has `self = true`, and neither
+rule can include both `cidr_blocks` and `self`), instead of omitting the key,
+include the key with value of `null`, unless the value is a list type, in which case
+set the value to `[]` (an empty list).
+
+Although `description` is optional, if you do not include a description,
+the rule will be deleted and recreated if the index of the rule in the `rules`
+list changes, which usually happens as a result of adding or removing a rule. Rules
+that include a description will only be modified if the rule itself changes.
+Also, if 2 rules specify the same `type`, `protocol`, `from_port`, and `to_port`,
+they must not also have the same `description` (although if one or both rules
+have no description supplied, that will work).
+
 ```hcl
 module "label" {
   source = "cloudposse/label/null"
@@ -124,20 +142,35 @@ module "sg" {
   source = "cloudposse/security-group/aws"
   # Cloud Posse recommends pinning every module to a specific version
   # version = "x.x.x"
+
   rules = [
     {
       type        = "ingress"
       from_port   = 22
       to_port     = 22
       protocol    = "tcp"
       cidr_blocks = ["0.0.0.0/0"]
+      self        = null
+      description = "Allow SSH from anywhere"
+    },
+    {
+      type        = "ingress"
+      from_port   = 80
+      to_port     = 80
+      protocol    = "tcp"
+      cidr_blocks = []
+      self        = true
+      description = "Allow HTTP from inside the security group"
     },
+
     {
       type        = "egress"
       from_port   = 0
       to_port     = 65535
       protocol    = "all"
       cidr_blocks = ["0.0.0.0/0"]
+      self        = null
+      description = "Allow egress to anywhere"
     }
   ]
 
@@ -151,7 +184,7 @@ module "sg" {
 ## Examples
 
 Here is an example of using this module:
-- [`examples/complete`](https://github.com/cloudposse/terraform-aws-security-group/) - complete example of using this module
+- [`examples/complete`](https://github.com/cloudposse/terraform-aws-security-group/examples/complete) - complete example of using this module
 
 
 
@@ -172,7 +205,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
 
 ## Providers
@@ -239,15 +272,14 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud
 Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
 
 
+
 ## Related Projects
 
 Check out these related projects.
 
 - [terraform-null-label](https://github.com/cloudposse/terraform-null-label) - Terraform module designed to generate consistent names and tags for resources. Use terraform-null-label to implement a strict naming convention.
 
 
-
-
 ## References
 
 For additional context, refer to some of these links.

README.yaml

@@ -61,6 +61,24 @@ description: |-
 # How to use this module. Should be an easy example to copy and paste.
 usage: |-
 
+  Note: Terraform requires that all the elements of the `rules` list be exactly
+  the same type. This means you must supply all the same keys and, for each key,
+  all the values for that key must be the same type. Any optional key, such as
+  `ipv6_cidr_blocks`, can be omitted from all the rules without problem. However,
+  if some rules have a key and other rules would omit the key if that were allowed
+  (e.g one rule has `cidr_blocks` and another rule has `self = true`, and neither
+  rule can include both `cidr_blocks` and `self`), instead of omitting the key,
+  include the key with value of `null`, unless the value is a list type, in which case
+  set the value to `[]` (an empty list).
+
+  Although `description` is optional, if you do not include a description,
+  the rule will be deleted and recreated if the index of the rule in the `rules`
+  list changes, which usually happens as a result of adding or removing a rule. Rules
+  that include a description will only be modified if the rule itself changes.
+  Also, if 2 rules specify the same `type`, `protocol`, `from_port`, and `to_port`,
+  they must not also have the same `description` (although if one or both rules
+  have no description supplied, that will work).
+
   ```hcl
   module "label" {
     source = "cloudposse/label/null"
@@ -91,20 +109,35 @@ usage: |-
     source = "cloudposse/security-group/aws"
     # Cloud Posse recommends pinning every module to a specific version
     # version = "x.x.x"
+
     rules = [
       {
         type        = "ingress"
         from_port   = 22
         to_port     = 22
         protocol    = "tcp"
         cidr_blocks = ["0.0.0.0/0"]
+        self        = null
+        description = "Allow SSH from anywhere"
       },
+      {
+        type        = "ingress"
+        from_port   = 80
+        to_port     = 80
+        protocol    = "tcp"
+        cidr_blocks = []
+        self        = true
+        description = "Allow HTTP from inside the security group"
+      },
+
       {
         type        = "egress"
         from_port   = 0
         to_port     = 65535
         protocol    = "all"
         cidr_blocks = ["0.0.0.0/0"]
+        self        = null
+        description = "Allow egress to anywhere"
       }
     ]
 
@@ -115,7 +148,7 @@ usage: |-
 # Example usage
 examples: |-
   Here is an example of using this module:
-  - [`examples/complete`](https://github.com/cloudposse/terraform-aws-security-group/) - complete example of using this module
+  - [`examples/complete`](https://github.com/cloudposse/terraform-aws-security-group/examples/complete) - complete example of using this module
 
 # How to get started quickly
 #quickstart: |-
@@ -131,4 +164,4 @@ contributors:
   - name: "Erik Osterman"
     github: "osterman"
   - name: "Vladimir"
-    github: "SweetOps"
+    github: "SweetOps"

docs/terraform.md

@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
 
 ## Providers

examples/complete/main.tf

@@ -24,26 +24,43 @@ module "new_security_group" {
       to_port                  = 22
       protocol                 = "tcp"
       cidr_blocks              = []
+      ipv6_cidr_blocks         = null
       source_security_group_id = aws_security_group.external.id
-      description              = "Allow SSH access form the external SG"
+      description              = "Allow SSH access from the external SG"
+      self                     = false
+    },
+    {
+      type                     = "ingress"
+      from_port                = 22
+      to_port                  = 22
+      protocol                 = "tcp"
+      cidr_blocks              = []
+      ipv6_cidr_blocks         = null
+      source_security_group_id = null
+      description              = "Allow SSH access from our own SG"
+      self                     = true
     },
     {
       type                     = "ingress"
       from_port                = 443
       to_port                  = 443
       protocol                 = "all"
       cidr_blocks              = ["0.0.0.0/0"]
+      ipv6_cidr_blocks         = null
       source_security_group_id = null
       description              = null
+      self                     = null
     },
     {
       type                     = "egress"
       from_port                = 0
       to_port                  = 65535
       protocol                 = "all"
       cidr_blocks              = ["0.0.0.0/0"]
+      ipv6_cidr_blocks         = null
       source_security_group_id = null
       description              = "Allow all outbound traffic"
+      self                     = null
     }
   ]
 

examples/complete/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.14.0"
+  required_version = ">= 0.13.0"
 
   required_providers {
     aws = {