Releases: cloudposse/terraform-aws-eks-iam-role
v0.10.3
🚀 Enhancements
Fix: bump `null-label` module version @korenyoni (#21)
what
- Bump verion of
null-label
module instantiation.
why
- A
null-label
instantiation is incompatible withcontext.tf
(version mismatch, with the lower version missing thetenant
label).
references
v0.10.2
🚀 Enhancements
NOTE: this release has a bug where the tenant
label cannot be used, since not all null-label
instantiations are at 0.25.0
or above. Please use 0.10.3
.
Chore: run 'make github/init' @korenyoni (#20)
what
- Update
context.tf
to that of null-label:0.25.0 - Run
make github/init
.
why
- The
auto-context
job was disabled because this repository was inactive for 90 days. This manually updatescontext.tf
as it allows for the newtenant
label. make github/init
updates GitHub Actions Workflow files to their latest reference counterparts.- validation rules were introduced in Terraform
0.13
and are used in the latestcontext.tf
distribution. This PR drops support for Terraform 0.12 and below in order to enable updating to the latestcontext.tf
distribution.
references
v0.10.1
🚀 Enhancements
v0.10.0
Make `aws_account_number` optional @nitrocode (#18)
what
- Make
aws_account_number
optional
why
- Sometimes you want to use the aws account number that the aws provider profile is using.
references
N/A
v0.9.0
Make `aws_iam_policy_document` optional @nitrocode (#16)
what
- Empty
aws_iam_policy_document
why
- Create a role without any policy document
references
- See #15
test
module "eks_iam_role" {
# source = "cloudposse/eks-iam-role/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
source = "git::https://github.com/cloudposse/terraform-aws-eks-iam-role.git?ref=null_aws_iam_policy_document"
aws_account_number = local.account_id
eks_cluster_oidc_issuer_url = module.eks_cluster.eks_cluster_identity_oidc_issuer
# Create a role for the service account named `autoscaler` in the Kubernetes namespace `kube-system`
service_account_name = "autoscaler"
service_account_namespace = "kube-system"
}
v0.8.0
Allow using a ServiceAccount in any Kubernetes namespace. Allow scoping IAM role to an entire Kubernetes namespace @aknysh (#14)
what
- Allow using a ServiceAccount in any Kubernetes namespace
- Allow scoping IAM role to an entire Kubernetes namespace
why
- Allow using a ServiceAccount in any Kubernetes namespace (wildcard
service_account_namespace
). Useful for unlimited preview environments where we deploy each pull request into a separate Kubernetes namespace - Allow scoping IAM role to a Kubernetes namespace (wildcard
service_account_name
). Provides the ability to scope the role to an entire namespace (use the namespace as a boundary) to allow any ServiceAccount in the namespace to assume the role
related
- Closes #6
references
notes
# If both var.service_account_namespace and var.service_account_name are provided,
# then the role ARM will have one of the following formats:
# 1. if var.service_account_namespace != var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@<service_account_namespace>
# 2. if var.service_account_namespace == var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>
# 3. If var.service_account_namespace == "" and var.service_account_name is provided,
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@all,
# and the policy will use a wildcard for the namespace in the test condition to allow ServiceAccounts in any Kubernetes namespace to assume the role (useful for unlimited preview environments)
# 4. If var.service_account_name == "" and var.service_account_namespace is provided,
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@<service_account_namespace>,
# and the policy will use a wildcard for the service account name in the test condition to allow any ServiceAccount in the given namespace to assume the role.
# For more details, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html#iam-role-configuration
# 5. If both var.service_account_name == "" and var.service_account_namespace == "",
# then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@all,
# and the policy will use wildcards for both the namespace and the service account name in the test condition to allow all ServiceAccounts
# in all Kubernetes namespaces to assume the IAM role (not recommended).
v0.7.1
🤖 Automatic Updates
Update Terraform cloudposse/label/null to v0.24.1 @renovate (#13)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/label/null (source) | terraform | minor | 0.22.1 -> 0.24.1 |
Release Notes
cloudposse/terraform-null-label
v0.24.1
Allow control of letter case of outputs @SweetOps (#107)
You now have control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id
.
Labels are the elements you can include in label_order
, namely namespace
, environment
, stage
, name
, and attributes
. For every non-empty label, a corresponding tag name is generated. For namespace
, environment
, stage
, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars
.), For attributes
, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter
(defaults to hyphen). For name
, which is special, the output is the same as id
, which is the joining of the labels in the order specified by label_order
and separated by delimiter
.
- You can set
label_key_case
to one ofupper
,lower
, ortitle
, which will result in generatedtag
names in the corresponding case:NAME
,name
, orName
. For backwards compatibility,title
is the default - You can set
label_value_case
to one ofupper
,lower
,title
, ornone
, which will result in output label values in the corresponding case (withnone
meaning no case conversion of any kind will be done, though the labels will still be subject toregex_replace_chars
). The case converted labels will show up not just in the module output of the labels themselves, but also in thetag
values and in theid
string.
You can look at the test cases in examples/complete
and the expected results in test/src/examples_complete_test.go
to see examples of how this is supposed to work.
One interesting example is that you can create id
s in Pascal case by setting label_value_case = "title"
and delimiter = ""
.
Include updates to exports/context.tf @Nuru (#122 and #123)
##### what - Include updates to `exports/context.tf` - Update README with features and compatibilty - Add validation for `id_length_limit` ##### why - The `exports/context.tf` is what gets distributed and needs to be in sync - Replace outdated information - Was not validated earlier because validators are not supported in TF 0.12 but now we are dropping support for TF 0.12 and so we can add validatorsRestore backward compatibility with v0.22.1 and earlier @Nuru (#121)
##### what - Restore backward compatibility with v0.22.1 and earlier - Allow setting of `label_key_case` and `label_value_case` by vars, not just by context attributes. ##### why - Allow interoperability of old and new modules - Normally, root modules make settings via individual variables, not by setting an entire context block.Incorporates and closes #120
v0.24.0
Restore backward compatibility with v0.22.1 and earlier @Nuru (#121)
##### what - Restore backward compatibility with v0.22.1 and earlier - Allow setting of `label_key_case` and `label_value_case` by vars, not just by context attributes. ##### why - Allow interoperability of old and new modules - Normally, root modules make settings via individual variables, not by setting an entire context block.Incorporates and closes #120
Allow control of letter case of outputs @SweetOps (#107)
You now have control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id
.
Labels are the elements you can include in label_order
, namely namespace
, environment
, stage
, name
, and attributes
. For every non-empty label, a corresponding tag name is generated. For namespace
, environment
, stage
, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars
.), For attributes
, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter
(defaults to hyphen). For name
, which is special, the output is the same as id
, which is the joining of the labels in the order specified by label_order
and separated by delimiter
.
- You can set
label_key_case
to one ofupper
,lower
, ortitle
, which will result in generatedtag
names in the corresponding case:NAME
,name
, orName
. For backwards compatibility,title
is the default - You can set
label_value_case
to one ofupper
,lower
,title
, ornone
, which will result in output label values in the corresponding case (withnone
meaning no case conversion of any kind will be done, though the labels will still be subject toregex_replace_chars
). The case converted labels will show up not just in the module output of the labels themselves, but also in thetag
values and in theid
string.
You can look at the test cases in examples/complete
and the expected results in test/src/examples_complete_test.go
to see examples of how this is supposed to work.
One interesting example is that you can create id
s in Pascal case by setting label_value_case = "title"
and delimiter = ""
.
v0.23.0
Known issues
- Does not interoperate with earlier versions of
null-label
. The canonicalcontext = module.this.context
fails ifmodule.this.context
is an older version context.tf
does not incorporatevar.label_key_case
andvar.label_value_case
into themodule.this
object, preventing those variables from taking effect in the root module'smodule.this
.
feat: add support for setting letter case of context tags @SweetOps (#107)
With this release, you gain control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id
.
Labels are the elements you can include in label_order
, namely namespace
, environment
, stage
, name
, and attributes
. For every non-empty label, a corresponding tag name is generated. For namespace
, environment
, stage
, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars
.), For attributes
, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter
(defaults to hyphen). For name
, which is special, the output is the same as id
, which is the joining of the labels in the order specified by label_order
and separated by delimiter
.
- You can set
label_key_case
to one ofupper
,lower
, ortitle
, which will result in generatedtag
names in the corresponding case:NAME
,name
, orName
. For backwards compatibility,title
is the default - You can set
label_value_case
to one ofupper
,lower
,title
, ornone
, which will result in output label values in the corresponding case (withnone
meaning no case conversion of any kind will be done, though the labels will still be subject toregex_replace_chars
). The case converted labels will show up not just in the module output of the labels themselves, but also in thetag
values and in theid
string.
You can look at the test cases in examples/complete
and the expected results in test/src/examples_complete_test.go
to see examples of how this is supposed to work.
One interesting example is that you can create id
s in Pascal case by setting label_value_case = "title"
and delimiter = ""
.
v0.7.0
context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated @maximmi (#12)
what
- update context.tf to v0.24.1
- minimum required Terraform version bumped to 0.13.0
- readme updated, Bridgecrew compliance badges added
why
- It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
- we have dropped support for Terraform 0.12
- To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
closes #11
v0.6.0
v0.5.1
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#9)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates