fix: missing variable defaults for step_function_settings (#48)

* fix: missing variable defaults for step_function_settings * docs(readme): update module usage --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
schubergphilis · Oct 14, 2024 · 0d775f3 · 0d775f3
1 parent f6473bb
commit 0d775f3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -175,7 +175,7 @@ Since a lambda layer is used to provide the aws-lambda-powertools if you want to
 | <a name="input_findings_manager_lambda_iam_role_name"></a> [findings\_manager\_lambda\_iam\_role\_name](#input\_findings\_manager\_lambda\_iam\_role\_name) | The name of the role which will be assumed by both Findings Manager Lambda functions | `string` | `"SecurityHubFindingsManagerLambda"` | no |
 | <a name="input_findings_manager_trigger_lambda"></a> [findings\_manager\_trigger\_lambda](#input\_findings\_manager\_trigger\_lambda) | Findings Manager Lambda settings - Manage Security Hub findings in response to S3 file upload triggers | <pre>object({<br>    name        = optional(string, "securityhub-findings-manager-trigger")<br>    log_level   = optional(string, "INFO")<br>    memory_size = optional(number, 256)<br>    timeout     = optional(number, 120)<br><br>    security_group_egress_rules = optional(list(object({<br>      cidr_ipv4                    = optional(string)<br>      cidr_ipv6                    = optional(string)<br>      description                  = string<br>      from_port                    = optional(number, 0)<br>      ip_protocol                  = optional(string, "-1")<br>      prefix_list_id               = optional(string)<br>      referenced_security_group_id = optional(string)<br>      to_port                      = optional(number, 0)<br>    })), [])<br>  })</pre> | `{}` | no |
 | <a name="input_jira_eventbridge_iam_role_name"></a> [jira\_eventbridge\_iam\_role\_name](#input\_jira\_eventbridge\_iam\_role\_name) | The name of the role which will be assumed by EventBridge rules for Jira integration | `string` | `"SecurityHubFindingsManagerJiraEventBridge"` | no |
-| <a name="input_jira_integration"></a> [jira\_integration](#input\_jira\_integration) | Findings Manager - Jira integration settings | <pre>object({<br>    enabled                               = optional(bool, false)<br>    autoclose_enabled                     = optional(bool, false)<br>    autoclose_comment                     = optional(string, "Security Hub finding has been resolved. Autoclosing the issue.")<br>    autoclose_transition_name             = optional(string, "Close Issue")<br>    credentials_secret_arn                = string<br>    exclude_account_ids                   = optional(list(string), [])<br>    finding_severity_normalized_threshold = optional(number, 70)<br>    issue_type                            = optional(string, "Security Advisory")<br>    project_key                           = string<br><br>    security_group_egress_rules = optional(list(object({<br>      cidr_ipv4                    = optional(string)<br>      cidr_ipv6                    = optional(string)<br>      description                  = string<br>      from_port                    = optional(number, 0)<br>      ip_protocol                  = optional(string, "-1")<br>      prefix_list_id               = optional(string)<br>      referenced_security_group_id = optional(string)<br>      to_port                      = optional(number, 0)<br>    })), [])<br><br>    lambda_settings = optional(object({<br>      name          = optional(string, "securityhub-findings-manager-jira")<br>      iam_role_name = optional(string, "SecurityHubFindingsManagerJiraLambda")<br>      log_level     = optional(string, "INFO")<br>      memory_size   = optional(number, 256)<br>      timeout       = optional(number, 60)<br>      }), {<br>      name                        = "securityhub-findings-manager-jira"<br>      iam_role_name               = "SecurityHubFindingsManagerJiraLambda"<br>      log_level                   = "INFO"<br>      memory_size                 = 256<br>      timeout                     = 60<br>      security_group_egress_rules = []<br>    })<br><br>    step_function_settings = optional(object({<br>      log_level = optional(string, "ERROR")<br>      retention = optional(number, 90)<br>    }))<br><br>  })</pre> | <pre>{<br>  "credentials_secret_arn": null,<br>  "enabled": false,<br>  "project_key": null<br>}</pre> | no |
+| <a name="input_jira_integration"></a> [jira\_integration](#input\_jira\_integration) | Findings Manager - Jira integration settings | <pre>object({<br>    enabled                               = optional(bool, false)<br>    autoclose_enabled                     = optional(bool, false)<br>    autoclose_comment                     = optional(string, "Security Hub finding has been resolved. Autoclosing the issue.")<br>    autoclose_transition_name             = optional(string, "Close Issue")<br>    credentials_secret_arn                = string<br>    exclude_account_ids                   = optional(list(string), [])<br>    finding_severity_normalized_threshold = optional(number, 70)<br>    issue_type                            = optional(string, "Security Advisory")<br>    project_key                           = string<br><br>    security_group_egress_rules = optional(list(object({<br>      cidr_ipv4                    = optional(string)<br>      cidr_ipv6                    = optional(string)<br>      description                  = string<br>      from_port                    = optional(number, 0)<br>      ip_protocol                  = optional(string, "-1")<br>      prefix_list_id               = optional(string)<br>      referenced_security_group_id = optional(string)<br>      to_port                      = optional(number, 0)<br>    })), [])<br><br>    lambda_settings = optional(object({<br>      name          = optional(string, "securityhub-findings-manager-jira")<br>      iam_role_name = optional(string, "SecurityHubFindingsManagerJiraLambda")<br>      log_level     = optional(string, "INFO")<br>      memory_size   = optional(number, 256)<br>      timeout       = optional(number, 60)<br>      }), {<br>      name                        = "securityhub-findings-manager-jira"<br>      iam_role_name               = "SecurityHubFindingsManagerJiraLambda"<br>      log_level                   = "INFO"<br>      memory_size                 = 256<br>      timeout                     = 60<br>      security_group_egress_rules = []<br>    })<br><br>    step_function_settings = optional(object({<br>      log_level = optional(string, "ERROR")<br>      retention = optional(number, 90)<br>      }), {<br>      log_level = "ERROR"<br>      retention = 90<br>    })<br><br>  })</pre> | <pre>{<br>  "credentials_secret_arn": null,<br>  "enabled": false,<br>  "project_key": null<br>}</pre> | no |
 | <a name="input_jira_step_function_iam_role_name"></a> [jira\_step\_function\_iam\_role\_name](#input\_jira\_step\_function\_iam\_role\_name) | The name of the role which will be assumed by AWS Step Function for Jira integration | `string` | `"SecurityHubFindingsManagerJiraStepFunction"` | no |
 | <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | The version of Python to use for the Lambda functions | `string` | `"python3.12"` | no |
 | <a name="input_rules_filepath"></a> [rules\_filepath](#input\_rules\_filepath) | Pathname to the file that stores the manager rules | `string` | `""` | no |

diff --git a/variables.tf b/variables.tf
@@ -105,7 +105,10 @@ variable "jira_integration" {
     step_function_settings = optional(object({
       log_level = optional(string, "ERROR")
       retention = optional(number, 90)
-    }))
+      }), {
+      log_level = "ERROR"
+      retention = 90
+    })
 
   })
   default = {