Skip to content

Releases: cloudposse/terraform-aws-eks-iam-role

v0.10.3

28 Sep 15:19
5022028
Compare
Choose a tag to compare

🚀 Enhancements

Fix: bump `null-label` module version @korenyoni (#21)

what

  • Bump verion of null-label module instantiation.

why

  • A null-label instantiation is incompatible with context.tf (version mismatch, with the lower version missing the tenant label).

references

v0.10.2

28 Sep 14:41
ac7f124
Compare
Choose a tag to compare

🚀 Enhancements

NOTE: this release has a bug where the tenant label cannot be used, since not all null-label instantiations are at 0.25.0 or above. Please use 0.10.3.

Chore: run 'make github/init' @korenyoni (#20)

what

why

  • The auto-context job was disabled because this repository was inactive for 90 days. This manually updates context.tf as it allows for the new tenant label.
  • make github/init updates GitHub Actions Workflow files to their latest reference counterparts.
  • validation rules were introduced in Terraform 0.13 and are used in the latest context.tf distribution. This PR drops support for Terraform 0.12 and below in order to enable updating to the latest context.tf distribution.

references

v0.10.1

08 Sep 15:06
4702679
Compare
Choose a tag to compare

🚀 Enhancements

tag-policy @nitrocode (#19)

what

  • tag-policy

why

  • tag everything

references

N/A

v0.10.0

09 Jul 17:56
5d5bba1
Compare
Choose a tag to compare
Make `aws_account_number` optional @nitrocode (#18)

what

  • Make aws_account_number optional

why

  • Sometimes you want to use the aws account number that the aws provider profile is using.

references

N/A

v0.9.0

06 Jul 12:48
76104eb
Compare
Choose a tag to compare
Make `aws_iam_policy_document` optional @nitrocode (#16)

what

  • Empty aws_iam_policy_document

why

  • Create a role without any policy document

references

test

module "eks_iam_role" {
  # source = "cloudposse/eks-iam-role/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  source = "git::https://github.com/cloudposse/terraform-aws-eks-iam-role.git?ref=null_aws_iam_policy_document"

  aws_account_number          = local.account_id
  eks_cluster_oidc_issuer_url = module.eks_cluster.eks_cluster_identity_oidc_issuer

  # Create a role for the service account named `autoscaler` in the Kubernetes namespace `kube-system`
  service_account_name      = "autoscaler"
  service_account_namespace = "kube-system"
}

v0.8.0

30 Apr 14:03
debd970
Compare
Choose a tag to compare
Allow using a ServiceAccount in any Kubernetes namespace. Allow scoping IAM role to an entire Kubernetes namespace @aknysh (#14)

what

  • Allow using a ServiceAccount in any Kubernetes namespace
  • Allow scoping IAM role to an entire Kubernetes namespace

why

  • Allow using a ServiceAccount in any Kubernetes namespace (wildcard service_account_namespace). Useful for unlimited preview environments where we deploy each pull request into a separate Kubernetes namespace
  • Allow scoping IAM role to a Kubernetes namespace (wildcard service_account_name). Provides the ability to scope the role to an entire namespace (use the namespace as a boundary) to allow any ServiceAccount in the namespace to assume the role

related

  • Closes #6

references

notes

  # If both var.service_account_namespace and var.service_account_name are provided,
  # then the role ARM will have one of the following formats:
  # 1. if var.service_account_namespace != var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@<service_account_namespace>
  # 2. if var.service_account_namespace == var.service_account_name: arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>

  # 3. If var.service_account_namespace == "" and var.service_account_name is provided,
  # then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-<service_account_name>@all,
  # and the policy will use a wildcard for the namespace in the test condition to allow ServiceAccounts in any Kubernetes namespace to assume the role (useful for unlimited preview environments)

  # 4. If var.service_account_name == "" and var.service_account_namespace is provided,
  # then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@<service_account_namespace>,
  # and the policy will use a wildcard for the service account name in the test condition to allow any ServiceAccount in the given namespace to assume the role.
  # For more details, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html#iam-role-configuration

  # 5. If both var.service_account_name == "" and var.service_account_namespace == "",
  # then the role ARM will have format arn:aws:iam::<account_number>:role/<namespace>-<environment>-<stage>-<optional_name>-all@all,
  # and the policy will use wildcards for both the namespace and the service account name in the test condition to allow all ServiceAccounts
  # in all Kubernetes namespaces to assume the IAM role (not recommended).

v0.7.1

05 Feb 07:43
0405968
Compare
Choose a tag to compare

🤖 Automatic Updates

Update Terraform cloudposse/label/null to v0.24.1 @renovate (#13)

This PR contains the following updates:

Package Type Update Change
cloudposse/label/null (source) terraform minor 0.22.1 -> 0.24.1

Release Notes

cloudposse/terraform-null-label

v0.24.1

Compare Source

Allow control of letter case of outputs @​SweetOps (#​107)

You now have control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id.

Labels are the elements you can include in label_order, namely namespace, environment, stage, name, and attributes. For every non-empty label, a corresponding tag name is generated. For namespace, environment, stage, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars.), For attributes, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter (defaults to hyphen). For name, which is special, the output is the same as id, which is the joining of the labels in the order specified by label_order and separated by delimiter.

  • You can set label_key_case to one of upper, lower, or title, which will result in generated tag names in the corresponding case: NAME, name, or Name. For backwards compatibility, title is the default
  • You can set label_value_case to one of upper, lower, title, or none, which will result in output label values in the corresponding case (with none meaning no case conversion of any kind will be done, though the labels will still be subject to regex_replace_chars). The case converted labels will show up not just in the module output of the labels themselves, but also in the tag values and in the id string.

You can look at the test cases in examples/complete and the expected results in test/src/examples_complete_test.go to see examples of how this is supposed to work.

One interesting example is that you can create ids in Pascal case by setting label_value_case = "title" and delimiter = "".

Include updates to exports/context.tf @​Nuru (#​122 and #​123) ##### what - Include updates to `exports/context.tf` - Update README with features and compatibilty - Add validation for `id_length_limit` ##### why - The `exports/context.tf` is what gets distributed and needs to be in sync - Replace outdated information - Was not validated earlier because validators are not supported in TF 0.12 but now we are dropping support for TF 0.12 and so we can add validators
Restore backward compatibility with v0.22.1 and earlier @​Nuru (#​121) ##### what - Restore backward compatibility with v0.22.1 and earlier - Allow setting of `label_key_case` and `label_value_case` by vars, not just by context attributes. ##### why - Allow interoperability of old and new modules - Normally, root modules make settings via individual variables, not by setting an entire context block.

Incorporates and closes #​120

v0.24.0

Compare Source

Restore backward compatibility with v0.22.1 and earlier @​Nuru (#​121) ##### what - Restore backward compatibility with v0.22.1 and earlier - Allow setting of `label_key_case` and `label_value_case` by vars, not just by context attributes. ##### why - Allow interoperability of old and new modules - Normally, root modules make settings via individual variables, not by setting an entire context block.

Incorporates and closes #​120

Allow control of letter case of outputs @​SweetOps (#​107)

You now have control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id.

Labels are the elements you can include in label_order, namely namespace, environment, stage, name, and attributes. For every non-empty label, a corresponding tag name is generated. For namespace, environment, stage, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars.), For attributes, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter (defaults to hyphen). For name, which is special, the output is the same as id, which is the joining of the labels in the order specified by label_order and separated by delimiter.

  • You can set label_key_case to one of upper, lower, or title, which will result in generated tag names in the corresponding case: NAME, name, or Name. For backwards compatibility, title is the default
  • You can set label_value_case to one of upper, lower, title, or none, which will result in output label values in the corresponding case (with none meaning no case conversion of any kind will be done, though the labels will still be subject to regex_replace_chars). The case converted labels will show up not just in the module output of the labels themselves, but also in the tag values and in the id string.

You can look at the test cases in examples/complete and the expected results in test/src/examples_complete_test.go to see examples of how this is supposed to work.

One interesting example is that you can create ids in Pascal case by setting label_value_case = "title" and delimiter = "".

##### Known issues - `exports/context.tf` still not backwards compatible - Validation for `id_length` not included in `exports/context.tf`

v0.23.0

Compare Source

Known issues
  • Does not interoperate with earlier versions of null-label. The canonical context = module.this.context fails if module.this.context is an older version
  • context.tf does not incorporate var.label_key_case and var.label_value_case into the module.this object, preventing those variables from taking effect in the root module's module.this.
feat: add support for setting letter case of context tags @​SweetOps (#​107)

With this release, you gain control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id.

Labels are the elements you can include in label_order, namely namespace, environment, stage, name, and attributes. For every non-empty label, a corresponding tag name is generated. For namespace, environment, stage, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars.), For attributes, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter (defaults to hyphen). For name, which is special, the output is the same as id, which is the joining of the labels in the order specified by label_order and separated by delimiter.

  • You can set label_key_case to one of upper, lower, or title, which will result in generated tag names in the corresponding case: NAME, name, or Name. For backwards compatibility, title is the default
  • You can set label_value_case to one of upper, lower, title, or none, which will result in output label values in the corresponding case (with none meaning no case conversion of any kind will be done, though the labels will still be subject to regex_replace_chars). The case converted labels will show up not just in the module output of the labels themselves, but also in the tag values and in the id string.

You can look at the test cases in examples/complete and the expected results in test/src/examples_complete_test.go to see examples of how this is supposed to work.

One interesting example is that you can create ids in Pascal case by setting label_value_case = "title" and delimiter = "".

v0.7.0

05 Feb 07:38
1bf0100
Compare
Choose a tag to compare
context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated @maximmi (#12)

what

  • update context.tf to v0.24.1
  • minimum required Terraform version bumped to 0.13.0
  • readme updated, Bridgecrew compliance badges added

why

  • It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
  • we have dropped support for Terraform 0.12
  • To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant

closes #11

v0.6.0

04 Feb 06:54
ae25fb1
Compare
Choose a tag to compare
Terraform 0.14 upgrade @maximmi (#10)

what

  • Upgrade to support Terraform 0.14 and bring up to current Cloud Posse standard

why

  • Support Terraform 0.14

v0.5.1

06 Jan 16:50
f3458aa
Compare
Choose a tag to compare

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#9)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates