Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add module variable to allow write permission #47

Merged
merged 7 commits into from
Sep 25, 2024
Merged

Add module variable to allow write permission #47

merged 7 commits into from
Sep 25, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Sep 24, 2024
edited
Loading

🗣 Description

This pull request adds a module variable (var.read_only) that allows for the addition of write permissions to the IAM role being created.

💭 Motivation and context

This change is required in order to create a read-write role that allows access to a particular COOL environment's remote state.

Note also that these changes have been made in a way that is backward compatible with the role's previous behavior, so this is a non-breaking change.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • All new and existing tests pass.

@jsf9k
Add a variable that determines whether the role will be read-only or not
d565d76 
By the default the value if true, indicating that the role should be
read-only.  This agrees with the way the role functioned previously,
so the change should cause no surprises.

If the value is set to false then the role created will allow for
writing in addition to reading.
@jsf9k
Sort variable attributes alphabetically
f772dcb
@jsf9k
Update code to allow for writing based on the value of var.read_only
7348823
@jsf9k
Rename role and policy to use "access" instead of "read"
900cc72 
This is because the role and policy may allow for writing based on the
value of var.read_only.
@jsf9k jsf9k added documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code labels Sep 24, 2024
@jsf9k jsf9k self-assigned this Sep 24, 2024
@jsf9k
Update the role name to take into account whether it is read-only or not
f951719 
Also update variable descriptions to use "access" instead of "read"
since writing may be allowed based on the value of read_only.
@jsf9k
Update README via terraform-docs for recent commits
0e7acae
@jsf9k jsf9k force-pushed the feature/add-option-for-write-permission branch from 29a4d82 to 0e7acae Compare September 24, 2024 20:40
@jsf9k jsf9k marked this pull request as ready for review September 24, 2024 20:41
@jsf9k jsf9k requested a review from a team September 24, 2024 20:42
dav3r
dav3r approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, with one request. 👍

locals.tf Outdated Show resolved Hide resolved
@jsf9k @dav3r
Update role description to mention "read-only" or "read-write"
3722ace 
The phrase that is used depends on the value of the read_only
variable.

Co-authored-by: Dave Redmin <[email protected]>
@jsf9k jsf9k force-pushed the feature/add-option-for-write-permission branch from 137746d to 3722ace Compare September 25, 2024 19:27
@jsf9k jsf9k merged commit 4a4561c into develop Sep 25, 2024
4 checks passed
@jsf9k jsf9k deleted the feature/add-option-for-write-permission branch September 25, 2024 19:41
This was referenced Sep 27, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

Labels
documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @dav3r @dv4harr10