diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 0000000..94d3246
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,72 @@
+---
+name: Bug report
+description: Create a report to help us improve
+labels: ["bug"]
+assignees: [""]
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Found a bug?
+
+ Please checkout our [Slack Community](https://slack.cloudposse.com)
+ or visit our [Slack Archive](https://archive.sweetops.com/).
+
+ [](https://slack.cloudposse.com)
+
+ - type: textarea
+ id: concise-description
+ attributes:
+ label: Describe the Bug
+ description: A clear and concise description of what the bug is.
+ placeholder: What is the bug about?
+ validations:
+ required: true
+
+ - type: textarea
+ id: expected
+ attributes:
+ label: Expected Behavior
+ description: A clear and concise description of what you expected.
+ placeholder: What happened?
+ validations:
+ required: true
+
+ - type: textarea
+ id: reproduction-steps
+ attributes:
+ label: Steps to Reproduce
+ description: Steps to reproduce the behavior.
+ placeholder: How do we reproduce it?
+ validations:
+ required: true
+
+ - type: textarea
+ id: screenshots
+ attributes:
+ label: Screenshots
+ description: If applicable, add screenshots or logs to help explain.
+ validations:
+ required: false
+
+ - type: textarea
+ id: environment
+ attributes:
+ label: Environment
+ description: Anything that will help us triage the bug.
+ placeholder: |
+ - OS: [e.g. Linux, OSX, WSL, etc]
+ - Version [e.g. 10.15]
+ - Module version
+ - Terraform version
+ validations:
+ required: false
+
+ - type: textarea
+ id: additional
+ attributes:
+ label: Additional Context
+ description: |
+ Add any other context about the problem here.
+ validations:
+ required: false
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 0000000..7b86672
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,71 @@
+---
+name: Feature Request
+description: Suggest an idea for this project
+labels: ["feature request"]
+assignees: [""]
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Have a question?
+
+ Please checkout our [Slack Community](https://slack.cloudposse.com)
+ or visit our [Slack Archive](https://archive.sweetops.com/).
+
+ [](https://slack.cloudposse.com)
+
+ - type: textarea
+ id: concise-description
+ attributes:
+ label: Describe the Feature
+ description: A clear and concise description of what the feature is.
+ placeholder: What is the feature about?
+ validations:
+ required: true
+
+ - type: textarea
+ id: expected
+ attributes:
+ label: Expected Behavior
+ description: A clear and concise description of what you expected.
+ placeholder: What happened?
+ validations:
+ required: true
+
+ - type: textarea
+ id: use-case
+ attributes:
+ label: Use Case
+ description: |
+ Is your feature request related to a problem/challenge you are trying
+ to solve?
+
+ Please provide some additional context of why this feature or
+ capability will be valuable.
+ validations:
+ required: true
+
+ - type: textarea
+ id: ideal-solution
+ attributes:
+ label: Describe Ideal Solution
+ description: A clear and concise description of what you want to happen.
+ validations:
+ required: true
+
+ - type: textarea
+ id: alternatives-considered
+ attributes:
+ label: Alternatives Considered
+ description: Explain alternative solutions or features considered.
+ validations:
+ required: false
+
+ - type: textarea
+ id: additional
+ attributes:
+ label: Additional Context
+ description: |
+ Add any other context about the problem here.
+ validations:
+ required: false
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 4b8f32d..8944933 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,13 +1,21 @@
## what
-* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
-* Use bullet points to be concise and to the point.
+
+
## why
-* Provide the justifications for the changes (e.g. business case).
-* Describe why these changes were made (e.g. why do these commits fix the problem?)
-* Use bullet points to be concise and to the point.
+
+
## references
-* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
-* Use `closes #123`, if this PR closes a GitHub issue `#123`
+
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml
index 665833a..831e7fa 100644
--- a/.github/workflows/auto-context.yml
+++ b/.github/workflows/auto-context.yml
@@ -27,7 +27,7 @@ jobs:
make init
make github/init/context.tf
make readme/build
- echo "::set-output name=create_pull_request::true"
+ echo "create_pull_request=true" >> "$GITHUB_OUTPUT"
fi
else
echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
@@ -37,7 +37,7 @@ jobs:
if: steps.update.outputs.create_pull_request == 'true'
uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
commit-message: Update context.tf from origin source
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
index c600d60..b8c2064 100644
--- a/.github/workflows/auto-format.yml
+++ b/.github/workflows/auto-format.yml
@@ -19,7 +19,7 @@ jobs:
if: github.event.pull_request.state == 'open'
name: Privileged Checkout
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
@@ -30,7 +30,7 @@ jobs:
if: github.event.pull_request.state == 'open'
shell: bash
env:
- GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
+ GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}"
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
# Commit changes (if any) to the PR branch
@@ -54,10 +54,10 @@ jobs:
[[ $SENDER == "cloudpossebot" ]] || git push
# Set status to fail, because the push should trigger another status check,
# and we use success to indicate the checks are finished.
- printf "::set-output name=%s::%s\n" "changed" "true"
+ echo "changed=true" >> "$GITHUB_OUTPUT"
exit 1
else
- printf "::set-output name=%s::%s\n" "changed" "false"
+ echo "changed=false" >> "$GITHUB_OUTPUT"
echo "No changes detected"
fi
@@ -75,7 +75,7 @@ jobs:
contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
&& steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
repository: cloudposse/actions
event-type: test-command
client-payload: |-
diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml
index 6f25b8d..b2db520 100644
--- a/.github/workflows/auto-readme.yml
+++ b/.github/workflows/auto-readme.yml
@@ -29,7 +29,7 @@ jobs:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name)
- printf "::set-output name=defaultBranch::%s\n" "${default_branch}"
+ echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT"
printf "defaultBranchRef.name=%s\n" "${default_branch}"
- name: Update readme
@@ -52,7 +52,7 @@ jobs:
# If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
commit-message: Update README.md and docs
title: Update README.md and docs
body: |-
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 3a38fae..17d6cab 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -15,7 +15,7 @@ jobs:
- uses: actions-ecosystem/action-get-merged-pull-request@v1
id: get-merged-pull-request
with:
- github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
# Drafts your next Release notes as Pull Requests are merged into "main"
- uses: release-drafter/release-drafter@v5
with:
@@ -23,4 +23,4 @@ jobs:
prerelease: false
config-name: auto-release.yml
env:
- GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
index 23f96d8..0f64574 100644
--- a/.github/workflows/chatops.yml
+++ b/.github/workflows/chatops.yml
@@ -11,7 +11,7 @@ jobs:
- name: "Handle common commands"
uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: rebuild-readme, terraform-fmt
@@ -26,7 +26,7 @@ jobs:
- name: "Run tests"
uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: test
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 70f829e..b3f7c32 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -10,6 +10,7 @@ jobs:
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
+ # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved
- uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
@@ -20,7 +21,7 @@ jobs:
checks: "syntax,owners,duppatterns"
owner_checker_allow_unowned_patterns: "false"
# GitHub access token is required only if the `owners` check is enabled
- github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
+ github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}"
- uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
diff --git a/README.md b/README.md
index 48bd586..88fb35d 100644
--- a/README.md
+++ b/README.md
@@ -194,6 +194,7 @@ Available targets:
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [path](#input\_path) | Path in which to create the user | `string` | `"/"` | no |
+| [permissions\_boundary](#input\_permissions\_boundary) | Permissions Boundary ARN to attach to our created user | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [s3\_actions](#input\_s3\_actions) | Actions to allow in the policy | `list(string)` | [
"s3:GetObject"
]
| no |
| [s3\_resources](#input\_s3\_resources) | S3 resources to apply the actions specified in the policy | `list(string)` | n/a | yes |
@@ -307,7 +308,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
## Copyright
-Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
diff --git a/docs/terraform.md b/docs/terraform.md
index 12d18d8..3014daf 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -47,6 +47,7 @@
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [path](#input\_path) | Path in which to create the user | `string` | `"/"` | no |
+| [permissions\_boundary](#input\_permissions\_boundary) | Permissions Boundary ARN to attach to our created user | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [s3\_actions](#input\_s3\_actions) | Actions to allow in the policy | `list(string)` | [
"s3:GetObject"
]
| no |
| [s3\_resources](#input\_s3\_resources) | S3 resources to apply the actions specified in the policy | `list(string)` | n/a | yes |
diff --git a/main.tf b/main.tf
index c0abc0e..40dc3df 100644
--- a/main.tf
+++ b/main.tf
@@ -22,6 +22,7 @@ module "s3_user" {
ssm_enabled = var.ssm_enabled
ssm_base_path = var.ssm_base_path
path = var.path
+ permissions_boundary = var.permissions_boundary
context = module.this.context
}
diff --git a/variables.tf b/variables.tf
index 7907c4c..2373d67 100644
--- a/variables.tf
+++ b/variables.tf
@@ -49,3 +49,9 @@ variable "ssm_base_path" {
description = "The base path for SSM parameters where secrets are stored"
default = "/s3_user/"
}
+
+variable "permissions_boundary" {
+ type = string
+ description = "Permissions Boundary ARN to attach to our created user"
+ default = null
+}