-
-
Notifications
You must be signed in to change notification settings - Fork 692
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Extended trusted_entities
variable to support multiple types
#143
feat: Extended trusted_entities
variable to support multiple types
#143
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the proposal and it will be even better if you actually update code in examples/complete
to show this for real.
variables.tf
Outdated
@@ -437,8 +437,11 @@ variable "attach_policy_statements" { | |||
|
|||
variable "trusted_entities" { | |||
description = "Lambda Function additional trusted entities for assuming roles (trust relationship)" | |||
type = list(string) | |||
default = [] | |||
type = list(object({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you change this to list(any)
and use try()
to make this PR backward compatible and support previous values also.
I think it should be rather straightforward. Let me know if you have questions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It’s a very good idea, I will try this and keep you informed on this, thank you very much !
194c55d
to
3123d8e
Compare
3123d8e
to
0c5ff91
Compare
I’ve updated the pull request using |
trusted_entities
variabletrusted_entities
variable to support multiple types
Thanks @flibustier ! I have updated the code and examples. v1.47.0 has been just released. |
Great job! I successfully tested it in our project! Thanks so much!! 🎉 |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This change allows a better customization for the
trusted entities
used in the assume role policyFor example :
Motivation and Context
Currently,
trusted_entities
input variable only accepts a list of strings which is added to the typeService
of the assume role Principal.For example:
Will be interpreted as :
In the issue #138 I explain that we need a
AWS
Principal in our assume role (the goal is to execute lambda in local using its assume role).Breaking Changes
This first version overwrites
trusted_entities
input variable. It was previously a list of (service only) strings, and now becomes a list of objects consisting of atype
string (likeService
orAWS
) and anidentifiers
array of strings (like an array of services URL as before or a list of ARNs), which will break previous usages of this variable as a list of strings.But It could also be moved to another input variable so it doesn’t break the current
trusted_entities
input variable. The only thing that is missing is a good variable name which reflects the openness of the input variable compared to the currenttrusted_entities
, which actually seems to be atrusted_services_entities
.How Has This Been Tested?
examples/*
projectsThank you for your help and your fantastic work on this module 👏