fix: Add context tags to the IAM resources (#45)

natemccurdy · web-flow · commit 127b10ba07d5 · 2023-10-11T13:42:34.000-04:00
* fix: Add context tags to the IAM resources

Prior to this, the `aws_iam_role` and the `aws_iam_policy` created by this
module did not include any of the tags passed via `tags` or via `context`.

This fixes that problem by specifying `tags = module.this.tags` on each of
those resources so that they use the tags specified determined by the
null/label context.

* chore: update module boilerplate and docs

```
make init
make github/init
make readme
```
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,13 +1,14 @@
 {
   "extends": [
     "config:base",
-    ":preserveSemverRanges"
+    ":preserveSemverRanges",
+    ":rebaseStalePrs"
   ],
-  "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+  "baseBranches": ["main"],
   "labels": ["auto-update"],
   "dependencyDashboardAutoclose": true,
   "enabledManagers": ["terraform"],
   "terraform": {
-    "ignorePaths": ["**/context.tf", "examples/**"]
+    "ignorePaths": ["**/context.tf"]
   }
 }
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/README.md b/README.md
@@ -90,10 +90,6 @@ We highly recommend that in your code you pin the version to the exact version y
 using so that your infrastructure remains stable, and update versions in a
 systematic way so that they do not catch you by surprise.
 
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
 
 For a complete example, see [examples/complete](examples/complete).
 For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest)
diff --git a/iam-role.tf b/iam-role.tf
@@ -2,8 +2,10 @@ resource "aws_iam_role" "this" {
   count = local.enabled ? 1 : 0
 
   name                 = "${var.function_name}-${local.region_name}"
-  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role_policy.*.json)
+  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role_policy[*].json)
   permissions_boundary = var.permissions_boundary
+
+  tags = module.this.tags
 }
 
 data "aws_iam_policy_document" "assume_role_policy" {
@@ -68,6 +70,8 @@ resource "aws_iam_policy" "ssm" {
   name        = "${var.function_name}-ssm-policy-${local.region_name}"
   description = var.iam_policy_description
   policy      = data.aws_iam_policy_document.ssm[count.index].json
+
+  tags = module.this.tags
 }
 
 resource "aws_iam_role_policy_attachment" "ssm" {

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,14 @@`
`1`	`1`	`{`
`2`	`2`	`"extends": [`
`3`	`3`	`"config:base",`
`4`		`- ":preserveSemverRanges"`
	`4`	`+ ":preserveSemverRanges",`
	`5`	`+ ":rebaseStalePrs"`
`5`	`6`	`],`
`6`		`- "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],`
	`7`	`+ "baseBranches": ["main"],`
`7`	`8`	`"labels": ["auto-update"],`
`8`	`9`	`"dependencyDashboardAutoclose": true,`
`9`	`10`	`"enabledManagers": ["terraform"],`
`10`	`11`	`"terraform": {`
`11`		`- "ignorePaths": ["/context.tf", "examples/"]`
	`12`	`+ "ignorePaths": ["**/context.tf"]`
`12`	`13`	`}`
`13`	`14`	`}`