-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for setting the condition field in Event Bus permissions #84
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good. Could you please verify and confirm that my proposed changes work?
main.tf
Outdated
@@ -216,6 +216,18 @@ resource "aws_cloudwatch_event_permission" "this" { | |||
|
|||
action = lookup(each.value, "action", null) | |||
event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, var.bus_name, null) | |||
|
|||
dynamic "condition" { | |||
for_each = lookup(each.value, "condition_org", null) != null ? [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for_each = lookup(each.value, "condition_org", null) != null ? [ | |
for_each = try([each.value.condition_org], []) |
main.tf
Outdated
|
||
dynamic "condition" { | ||
for_each = lookup(each.value, "condition_org", null) != null ? [ | ||
each.value.condition_org |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
each.value.condition_org |
main.tf
Outdated
dynamic "condition" { | ||
for_each = lookup(each.value, "condition_org", null) != null ? [ | ||
each.value.condition_org | ||
] : [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
] : [] |
I made your changes and applied the example again, everything looks good. |
## [2.1.0](v2.0.0...v2.1.0) (2023-04-28) ### Features * Add support for setting the condition field in Event Bus permissions ([#84](#84)) ([49f1dff](49f1dff))
This PR is included in version 2.1.0 🎉 |
## 1.0.0 (2024-01-10) ### ⚠ BREAKING CHANGES * Upgraded AWS provider to v5 (required for Pipes) (terraform-aws-modules#94) * Bump Terraform version to 1.0 and updated `ecs_target` arguments (terraform-aws-modules#85) ### Features * Add attach_sns_policy ([terraform-aws-modules#89](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/89)) ([6e09aa1](6e09aa1)) * Add example for ECS + scheduled events ([terraform-aws-modules#14](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/14)) ([32ea196](32ea196)) * Add schema discoverer ([terraform-aws-modules#64](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/64)) ([0099c43](0099c43)) * Add support for EventBridge Pipes ([terraform-aws-modules#92](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/92)) ([ff131eb](ff131eb)) * Add support for setting the condition field in Event Bus permissions ([terraform-aws-modules#84](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/84)) ([49f1dff](49f1dff)) * Added Name tag for IAM policies and roles ([terraform-aws-modules#62](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/62)) ([8ca8835](8ca8835)) * Added support for API destinations ([terraform-aws-modules#27](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/27)) ([b4f1ef8](b4f1ef8)) * Added support for custom role_arn in targets ([terraform-aws-modules#42](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/42)) ([45311f7](45311f7)) * Bump Terraform version to 1.0 and updated `ecs_target` arguments ([terraform-aws-modules#85](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/85)) ([04a3249](04a3249)) * first commit ([terraform-aws-modules#1](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/1)) ([48eeb94](48eeb94)) * Simplified outputs (no this_) ([terraform-aws-modules#6](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/6)) ([eb8051c](eb8051c)) * Some refactoring and added ability to handle default bus ([terraform-aws-modules#5](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/5)) ([32f75c1](32f75c1)) * Support for Eventbridge Scheduler Schedules ([terraform-aws-modules#83](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/83)) ([e3c4ffe](e3c4ffe)) * Support for existing event buses ([terraform-aws-modules#22](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/22)) ([6a499b6](6a499b6)) * support http_target argument ([terraform-aws-modules#11](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/11)) ([ee5d963](ee5d963)) * Upgraded AWS provider to v5 (required for Pipes) ([terraform-aws-modules#94](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/94)) ([ba4d055](ba4d055)) * Upgraded AWS provider version to 4.7 ([terraform-aws-modules#66](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/66)) ([7690287](7690287)) ### Bug Fixes * `create_rules = false` causes error ([terraform-aws-modules#19](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/19)) ([6d8b8d7](6d8b8d7)) * Add explicit to_map for empty object for aws_cloudwatch_event_target ([terraform-aws-modules#24](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/24)) ([9b49848](9b49848)) * Amend batch_target to be correct value ([terraform-aws-modules#35](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/35)) ([babb4d6](babb4d6)) * Amend ecs_target network_configuration to work when no ecs_target supplied ([terraform-aws-modules#25](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/25)) ([852ea30](852ea30)) * Enable adding event_source_name to an Event Bus to enable receiving events from an SaaS partner ([terraform-aws-modules#82](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/82)) ([f92a78c](f92a78c)) * Enable run_command_targets support for target ([terraform-aws-modules#54](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/54)) ([e153898](e153898)) * Fix tomap call for terraform 0.15 ([terraform-aws-modules#10](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/10)) ([d303324](d303324)) * Fixed function name from to_map to tomap ([terraform-aws-modules#26](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/26)) ([e601dec](e601dec)) * Fixed inappropriate values for subnets and security_groups in example ([terraform-aws-modules#63](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/63)) ([fd7a25b](fd7a25b)) * Fixed incorrect tomap() ([terraform-aws-modules#39](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/39)) ([05bceba](05bceba)) * Fixed misleading descriptions of IAM role (not Lambda) ([terraform-aws-modules#76](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/76)) ([aa92195](aa92195)) * Fixed outputs when create=false ([terraform-aws-modules#33](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/33)) ([3dcc882](3dcc882)) * Make it optional to append postfix to the name, connection, or API destination ([terraform-aws-modules#58](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/58)) ([980b910](980b910)) * Problems found when importing resources previously already created ([terraform-aws-modules#61](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/61)) ([015122e](015122e)) * property lookup in ecs_target block ([terraform-aws-modules#8](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/8)) ([af29da3](af29da3)) * remove create_bus as a blocker for role_arn ([terraform-aws-modules#13](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/13)) ([5453970](5453970)) * update CI/CD process to enable auto-release workflow ([terraform-aws-modules#31](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/31)) ([ad31225](ad31225)) * update sqs access policy ([terraform-aws-modules#16](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/16)) ([2de06bd](2de06bd)) * Use a version for to avoid GitHub API rate limiting on CI workflows ([terraform-aws-modules#75](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/75)) ([e9a7813](e9a7813)) * Wrong value of api destination output ([terraform-aws-modules#79](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/79)) ([03ef4ff](03ef4ff))
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This PR adds a new
condition_org
field to thepermissions
maps that will be used to set thecondition
section of theaws_cloudwatch_event_permission
resource to allow limiting access to an EventBridge bus.Motivation and Context
I wanted to be able to support more narrow permissions on an EventBridge bus akin to the examples shown in the terraform provider docs. Since complete map of
key
,type
andvalue
can't be passed in without making the entire variable an object, butkey
andtype
only have a single value, I opted to make thevalue
the only field and set the remaining ones to their defaults when generating.Breaking Changes
This change is backwards compatible
How Has This Been Tested?
I modified the examples/with-permission module to deploy an event bus with access limited to only a single organization and then used the cli to produce an event to the bus.
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request