Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add support for setting the condition field in Event Bus permissions #84

Merged
merged 6 commits into from
Apr 28, 2023

Conversation

cadrake
Copy link
Contributor

@cadrake cadrake commented Mar 30, 2023

Description

This PR adds a new condition_org field to the permissions maps that will be used to set the condition section of the aws_cloudwatch_event_permission resource to allow limiting access to an EventBridge bus.

Motivation and Context

I wanted to be able to support more narrow permissions on an EventBridge bus akin to the examples shown in the terraform provider docs. Since complete map of key, type and value can't be passed in without making the entire variable an object, but key and type only have a single value, I opted to make the value the only field and set the remaining ones to their defaults when generating.

Breaking Changes

This change is backwards compatible

How Has This Been Tested?

I modified the examples/with-permission module to deploy an event bus with access limited to only a single organization and then used the cli to produce an event to the bus.

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@cadrake cadrake changed the title Add support for setting the condition field in Event Bus permissions feat: Add support for setting the condition field in Event Bus permissions Mar 30, 2023
Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good. Could you please verify and confirm that my proposed changes work?

main.tf Outdated
@@ -216,6 +216,18 @@ resource "aws_cloudwatch_event_permission" "this" {

action = lookup(each.value, "action", null)
event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, var.bus_name, null)

dynamic "condition" {
for_each = lookup(each.value, "condition_org", null) != null ? [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
for_each = lookup(each.value, "condition_org", null) != null ? [
for_each = try([each.value.condition_org], [])

main.tf Outdated

dynamic "condition" {
for_each = lookup(each.value, "condition_org", null) != null ? [
each.value.condition_org
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
each.value.condition_org

main.tf Outdated
dynamic "condition" {
for_each = lookup(each.value, "condition_org", null) != null ? [
each.value.condition_org
] : []
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
] : []

@cadrake
Copy link
Contributor Author

cadrake commented Apr 10, 2023

I made your changes and applied the example again, everything looks good.

@antonbabenko antonbabenko merged commit 49f1dff into terraform-aws-modules:master Apr 28, 2023
antonbabenko pushed a commit that referenced this pull request Apr 28, 2023
## [2.1.0](v2.0.0...v2.1.0) (2023-04-28)

### Features

* Add support for setting the condition field in Event Bus permissions ([#84](#84)) ([49f1dff](49f1dff))
@antonbabenko
Copy link
Member

This PR is included in version 2.1.0 🎉

KamranBiglari pushed a commit to KamranBiglari/terraform-aws-eventbridge that referenced this pull request Jan 10, 2024
## 1.0.0 (2024-01-10)

### ⚠ BREAKING CHANGES

* Upgraded AWS provider to v5 (required for Pipes) (terraform-aws-modules#94)
* Bump Terraform version to 1.0 and updated `ecs_target` arguments (terraform-aws-modules#85)

### Features

* Add attach_sns_policy ([terraform-aws-modules#89](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/89)) ([6e09aa1](6e09aa1))
* Add example for ECS + scheduled events ([terraform-aws-modules#14](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/14)) ([32ea196](32ea196))
* Add schema discoverer ([terraform-aws-modules#64](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/64)) ([0099c43](0099c43))
* Add support for EventBridge Pipes ([terraform-aws-modules#92](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/92)) ([ff131eb](ff131eb))
* Add support for setting the condition field in Event Bus permissions ([terraform-aws-modules#84](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/84)) ([49f1dff](49f1dff))
* Added Name tag for IAM policies and roles ([terraform-aws-modules#62](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/62)) ([8ca8835](8ca8835))
* Added support for API destinations ([terraform-aws-modules#27](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/27)) ([b4f1ef8](b4f1ef8))
* Added support for custom role_arn in targets ([terraform-aws-modules#42](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/42)) ([45311f7](45311f7))
* Bump Terraform version to 1.0 and updated `ecs_target` arguments ([terraform-aws-modules#85](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/85)) ([04a3249](04a3249))
* first commit ([terraform-aws-modules#1](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/1)) ([48eeb94](48eeb94))
* Simplified outputs (no this_) ([terraform-aws-modules#6](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/6)) ([eb8051c](eb8051c))
* Some refactoring and added ability to handle default bus ([terraform-aws-modules#5](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/5)) ([32f75c1](32f75c1))
* Support for Eventbridge Scheduler Schedules ([terraform-aws-modules#83](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/83)) ([e3c4ffe](e3c4ffe))
* Support for existing event buses ([terraform-aws-modules#22](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/22)) ([6a499b6](6a499b6))
* support http_target argument ([terraform-aws-modules#11](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/11)) ([ee5d963](ee5d963))
* Upgraded AWS provider to v5 (required for Pipes) ([terraform-aws-modules#94](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/94)) ([ba4d055](ba4d055))
* Upgraded AWS provider version to 4.7 ([terraform-aws-modules#66](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/66)) ([7690287](7690287))

### Bug Fixes

* `create_rules = false` causes error ([terraform-aws-modules#19](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/19)) ([6d8b8d7](6d8b8d7))
* Add explicit to_map for empty object for aws_cloudwatch_event_target ([terraform-aws-modules#24](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/24)) ([9b49848](9b49848))
* Amend batch_target to be correct value ([terraform-aws-modules#35](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/35)) ([babb4d6](babb4d6))
* Amend ecs_target network_configuration to work when no ecs_target supplied ([terraform-aws-modules#25](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/25)) ([852ea30](852ea30))
* Enable adding event_source_name to an Event Bus to enable receiving events from an SaaS partner ([terraform-aws-modules#82](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/82)) ([f92a78c](f92a78c))
* Enable run_command_targets support for target ([terraform-aws-modules#54](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/54)) ([e153898](e153898))
* Fix tomap call for terraform 0.15 ([terraform-aws-modules#10](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/10)) ([d303324](d303324))
* Fixed function name from to_map to tomap ([terraform-aws-modules#26](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/26)) ([e601dec](e601dec))
* Fixed inappropriate values for subnets and security_groups in example ([terraform-aws-modules#63](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/63)) ([fd7a25b](fd7a25b))
* Fixed incorrect tomap() ([terraform-aws-modules#39](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/39)) ([05bceba](05bceba))
* Fixed misleading descriptions of IAM role (not Lambda) ([terraform-aws-modules#76](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/76)) ([aa92195](aa92195))
* Fixed outputs when create=false ([terraform-aws-modules#33](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/33)) ([3dcc882](3dcc882))
* Make it optional to append postfix to the name, connection, or API destination  ([terraform-aws-modules#58](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/58)) ([980b910](980b910))
* Problems found when importing resources previously already created ([terraform-aws-modules#61](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/61)) ([015122e](015122e))
* property lookup in ecs_target block ([terraform-aws-modules#8](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/8)) ([af29da3](af29da3))
* remove create_bus as a blocker for role_arn ([terraform-aws-modules#13](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/13)) ([5453970](5453970))
* update CI/CD process to enable auto-release workflow ([terraform-aws-modules#31](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/31)) ([ad31225](ad31225))
* update sqs access policy ([terraform-aws-modules#16](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/16)) ([2de06bd](2de06bd))
* Use a version for  to avoid GitHub API rate limiting on CI workflows ([terraform-aws-modules#75](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/75)) ([e9a7813](e9a7813))
* Wrong value of api destination output ([terraform-aws-modules#79](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/79)) ([03ef4ff](03ef4ff))
Copy link

github-actions bot commented Mar 9, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants