Merge pull request #7 from dasmeta/DMVP-4099-fix-filter-deprecation

fix(DMVP-4099)): Fixed filter deprecation

.github/workflows/checkov.yaml

@@ -19,7 +19,7 @@ jobs:
           - modules/sso
           - modules/sso/modules/account-assignments
           - modules/sso/modules/permission-sets
-     
+
     steps:
     - uses: dasmeta/reusable-actions-workflows/checkov@main
       with:

.github/workflows/terraform-test.yaml

@@ -16,7 +16,7 @@ jobs:
       matrix:
         path:
           - /
-     
+
     steps:
     - uses: dasmeta/reusable-actions-workflows/terraform-test@main
       with:

.github/workflows/tflint.yaml

@@ -20,7 +20,7 @@ jobs:
           - modules/sso
           - modules/sso/modules/account-assignments
           - modules/sso/modules/permission-sets
-     
+
     steps:
     - uses: dasmeta/reusable-actions-workflows/tflint@main
       with:

modules/sso/README.md

@@ -1,11 +1,11 @@
-## This module configures AWS Single Sign-On (SSO). AWS SSO makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. 
+## This module configures AWS Single Sign-On (SSO). AWS SSO makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.
 
 ### Usage
 
-This module contains two sub-modules that can be used in conjunction to provision AWS SSO Permission Sets and to 
+This module contains two sub-modules that can be used in conjunction to provision AWS SSO Permission Sets and to
 assign AWS SSO Users and Groups to Permissions Sets in accounts.
 
-- [modules/account-assignments](/modules/account-assignments) - a module for assigning groups to permission 
+- [modules/account-assignments](/modules/account-assignments) - a module for assigning groups to permission
 sets in particular accounts
 - [modules/permission-sets](/modules/permission-sets) - a module for provisioning AWS SSO permission sets
 
@@ -17,16 +17,48 @@ module "sso_setup" {
 
   associations = [
     {
-      group  = "AWSMarketplaceFullAccess"
-      policy = "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess" s"
-      // You can set AWS account id (default is current account)
-      account_id = ""
+      group  = "Administrators", //Group name
+      policy = ["arn:aws:iam::aws:policy/AdministratorAccess"]
     },
     {
-      group  = "AmazonGlacierReadOnlyAccess"
-      policy = "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess"
-    },
+      group  = "Developers", //Group name
+      policy = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
+    }
   ]
 }
 ```
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_permission_sets"></a> [permission\_sets](#module\_permission\_sets) | ./modules/permission-sets | n/a |
+| <a name="module_sso_account_assignments"></a> [sso\_account\_assignments](#module\_sso\_account\_assignments) | ./modules/account-assignments | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | n/a | `string` | `""` | no |
+| <a name="input_associations"></a> [associations](#input\_associations) | n/a | `any` | n/a | yes |
+
+## Outputs
 
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/sso/modules/account-assignments/README.md

@@ -47,14 +47,14 @@ module "sso_account_assignments" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.26.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.26.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
 
 ## Modules
 

modules/sso/modules/account-assignments/data.tf

@@ -4,18 +4,21 @@ data "aws_identitystore_group" "this" {
   for_each          = local.group_list
   identity_store_id = local.identity_store_id
 
-  filter {
-    attribute_path  = "DisplayName"
-    attribute_value = each.key
+  alternate_identifier {
+    unique_attribute {
+      attribute_path  = "DisplayName"
+      attribute_value = each.key
+    }
   }
 }
 
 data "aws_identitystore_user" "this" {
   for_each          = local.user_list
   identity_store_id = local.identity_store_id
-
-  filter {
-    attribute_path  = "UserName"
-    attribute_value = each.key
+  alternate_identifier {
+    unique_attribute {
+      attribute_path  = "UserName"
+      attribute_value = each.key
+    }
   }
 }

modules/sso/modules/account-assignments/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.26.0"
+      version = "~> 4.0"
     }
   }
 }

modules/sso/modules/permission-sets/README.md

@@ -68,14 +68,14 @@ resource "aws_iam_policy" "S3Access" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.30.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.30.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
 
 ## Modules
 

modules/sso/modules/permission-sets/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.30.0"
+      version = "~> 4.0"
     }
   }
 }

modules/sso/tests/basic/0-setup.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.41"
+    }
+  }
+
+  required_version = ">= 1.3.0"
+}
+
+/**
+ * set the following env vars so that aws provider will get authenticated before apply:
+
+ export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
+ export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
+*/
+provider "aws" {
+  region = "eu-central-1"
+}

modules/sso/tests/basic/1-example.tf

@@ -0,0 +1,14 @@
+module "this" {
+  source = "../.."
+
+  associations = [
+    {
+      group  = "Administrators", //Group name
+      policy = ["arn:aws:iam::aws:policy/AdministratorAccess"]
+    },
+    {
+      group  = "Developers", //Group name
+      policy = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
+    }
+  ]
+}

modules/sso/tests/basic/README.md

@@ -0,0 +1,32 @@
+# basic
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.41 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_this"></a> [this](#module\_this) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->