From 59f6dfd9fd298ed8e5615ca4bc43f2bb45071c31 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Mon, 11 Jul 2022 14:54:21 +1000 Subject: [PATCH 1/6] Expose output artifact type for Source stage of codestar pipeline --- README.md | 1 + docs/terraform.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d946812..931d18f 100644 --- a/README.md +++ b/README.md @@ -275,6 +275,7 @@ Available targets: | [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | | [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | | [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [codestar\_output\_artifact\_format](#input\_codestar\_output\_artifact\_format) | Output artifact type for Source stage in pipeline. Valid values are "CODE\_ZIP" (default) and "CODEBUILD\_CLONE\_REF". See https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html | `string` | `"CODE_ZIP"` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 27aec69..61c64bb 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -71,6 +71,7 @@ | [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | | [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | | [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [codestar\_output\_artifact\_format](#input\_codestar\_output\_artifact\_format) | Output artifact type for Source stage in pipeline. Valid values are "CODE\_ZIP" (default) and "CODEBUILD\_CLONE\_REF". See https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html | `string` | `"CODE_ZIP"` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | diff --git a/main.tf b/main.tf index 308cdc8..9fe2fe7 100644 --- a/main.tf +++ b/main.tf @@ -355,7 +355,7 @@ resource "aws_codepipeline" "bitbucket" { ConnectionArn = var.codestar_connection_arn FullRepositoryId = format("%s/%s", var.repo_owner, var.repo_name) BranchName = var.branch - OutputArtifactFormat = "CODE_ZIP" + OutputArtifactFormat = var.codestar_output_artifact_format } } } diff --git a/variables.tf b/variables.tf index d016cae..fe2e59a 100644 --- a/variables.tf +++ b/variables.tf @@ -180,6 +180,12 @@ variable "codestar_connection_arn" { default = "" } +variable "codestar_output_artifact_format" { + type = string + description = "Output artifact type for Source stage in pipeline. Valid values are \"CODE_ZIP\" (default) and \"CODEBUILD_CLONE_REF\". See https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html" + default = "CODE_ZIP" +} + variable "cache_type" { type = string default = "S3" From 1ec34d7834716f38de5a2026808e32bc8fccd8bc Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Mon, 11 Jul 2022 15:12:24 +1000 Subject: [PATCH 2/6] Assign codestar policy to codebuild role --- main.tf | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 9fe2fe7..bcb39d8 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,7 @@ +locals { + use_codestar = var.codestar_connection_arn != "" +} + module "codepipeline_label" { source = "cloudposse/label/null" version = "0.25.0" @@ -157,7 +161,7 @@ data "aws_iam_policy_document" "codebuild" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-permissions.html resource "aws_iam_role_policy_attachment" "codestar" { - count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && local.use_codestar ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.codestar.*.arn) } @@ -165,20 +169,20 @@ resource "aws_iam_role_policy_attachment" "codestar" { module "codestar_label" { source = "cloudposse/label/null" version = "0.25.0" - enabled = module.this.enabled && var.codestar_connection_arn != "" + enabled = module.this.enabled && local.use_codestar attributes = ["codestar"] context = module.this.context } resource "aws_iam_policy" "codestar" { - count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && local.use_codestar ? 1 : 0 name = module.codestar_label.id policy = join("", data.aws_iam_policy_document.codestar.*.json) } data "aws_iam_policy_document" "codestar" { - count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && local.use_codestar ? 1 : 0 statement { sid = "" @@ -240,6 +244,12 @@ resource "aws_iam_role_policy_attachment" "codebuild_s3" { policy_arn = join("", aws_iam_policy.s3.*.arn) } +resource "aws_iam_role_policy_attachment" "codebuild_codestar" { + count = module.this.enabled && local.use_codestar ? 1 : 0 + role = module.codebuild.role_id + policy_arn = join("", aws_iam_policy.codestar.*.arn) +} + resource "aws_codepipeline" "default" { count = module.this.enabled && var.github_oauth_token != "" ? 1 : 0 name = module.codepipeline_label.id @@ -323,7 +333,7 @@ resource "aws_codepipeline" "default" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-example resource "aws_codepipeline" "bitbucket" { - count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && local.use_codestar ? 1 : 0 name = module.codepipeline_label.id role_arn = join("", aws_iam_role.default.*.arn) From ec0ea1a9de0d9df1d4cbbb6574c5f310e797a01b Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Mon, 11 Jul 2022 16:06:24 +1000 Subject: [PATCH 3/6] Attach codestar policy to codebuild service role if 'full clone' option is selected --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index bcb39d8..416e6b5 100644 --- a/main.tf +++ b/main.tf @@ -245,7 +245,7 @@ resource "aws_iam_role_policy_attachment" "codebuild_s3" { } resource "aws_iam_role_policy_attachment" "codebuild_codestar" { - count = module.this.enabled && local.use_codestar ? 1 : 0 + count = module.this.enabled && local.use_codestar && var.codestar_output_artifact_format == "CODEBUILD_CLONE_REF" ? 1 : 0 role = module.codebuild.role_id policy_arn = join("", aws_iam_policy.codestar.*.arn) } From 5d651604e77a247fd5786e913f8a3151e49a368b Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Wed, 13 Jul 2022 12:03:07 +0000 Subject: [PATCH 4/6] Auto Format --- README.md | 1 + docs/terraform.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 931d18f..c3c9ed9 100644 --- a/README.md +++ b/README.md @@ -244,6 +244,7 @@ Available targets: | [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | diff --git a/docs/terraform.md b/docs/terraform.md index 61c64bb..253360a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -40,6 +40,7 @@ | [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | From 701988675e03d8f3642971fc30ea700f37ab49d4 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Fri, 15 Jul 2022 08:00:55 +1000 Subject: [PATCH 5/6] Implement @aknysh suggested changes --- main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 416e6b5..33368b8 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ locals { - use_codestar = var.codestar_connection_arn != "" + codestar_enabled = module.this.enabled && var.codestar_connection_arn != "" && var.codestar_connection_arn != null } module "codepipeline_label" { @@ -161,7 +161,7 @@ data "aws_iam_policy_document" "codebuild" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-permissions.html resource "aws_iam_role_policy_attachment" "codestar" { - count = module.this.enabled && local.use_codestar ? 1 : 0 + count = local.codestar_enabled ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.codestar.*.arn) } @@ -169,20 +169,20 @@ resource "aws_iam_role_policy_attachment" "codestar" { module "codestar_label" { source = "cloudposse/label/null" version = "0.25.0" - enabled = module.this.enabled && local.use_codestar + enabled = local.codestar_enabled attributes = ["codestar"] context = module.this.context } resource "aws_iam_policy" "codestar" { - count = module.this.enabled && local.use_codestar ? 1 : 0 + count = local.codestar_enabled ? 1 : 0 name = module.codestar_label.id policy = join("", data.aws_iam_policy_document.codestar.*.json) } data "aws_iam_policy_document" "codestar" { - count = module.this.enabled && local.use_codestar ? 1 : 0 + count = local.codestar_enabled ? 1 : 0 statement { sid = "" @@ -245,7 +245,7 @@ resource "aws_iam_role_policy_attachment" "codebuild_s3" { } resource "aws_iam_role_policy_attachment" "codebuild_codestar" { - count = module.this.enabled && local.use_codestar && var.codestar_output_artifact_format == "CODEBUILD_CLONE_REF" ? 1 : 0 + count = local.codestar_enabled && var.codestar_output_artifact_format == "CODEBUILD_CLONE_REF" ? 1 : 0 role = module.codebuild.role_id policy_arn = join("", aws_iam_policy.codestar.*.arn) } @@ -333,7 +333,7 @@ resource "aws_codepipeline" "default" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-example resource "aws_codepipeline" "bitbucket" { - count = module.this.enabled && local.use_codestar ? 1 : 0 + count = local.codestar_enabled ? 1 : 0 name = module.codepipeline_label.id role_arn = join("", aws_iam_role.default.*.arn) From cd4832e98a73ba6769e191a4331a0e4e5a7aba22 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Thu, 14 Jul 2022 22:02:05 +0000 Subject: [PATCH 6/6] Auto Format --- .github/auto-release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/auto-release.yml b/.github/auto-release.yml index b45efb7..17cd39c 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,7 +17,6 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' - - 'no-release' default: 'minor' categories: