From 2fc98f370179cbf10287d5d2e40001ade68cab17 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 29 Aug 2022 17:59:18 -0500
Subject: [PATCH] Update Terraform cloudposse/iam-policy/aws to v0.4.0 (#32)

* Update Terraform cloudposse/iam-policy/aws to v0.4.0

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
---
 README.md                     |  9 +++++----
 docs/terraform.md             |  6 +++---
 examples/complete/main-eks.tf | 23 +++++++++++++----------
 examples/complete/main.tf     |  2 ++
 examples/complete/versions.tf |  8 ++++----
 main.tf                       |  8 ++++----
 variables.tf                  |  6 +++---
 versions.tf                   |  2 +-
 8 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index 7336e1d..3d11a9a 100644
--- a/README.md
+++ b/README.md
@@ -207,7 +207,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.2 |
 
 ## Providers
@@ -220,7 +220,7 @@ Available targets:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.3.0 |
+| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.4.0 |
 | <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 1.1.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -257,8 +257,8 @@ Available targets:
 | <a name="input_force_update"></a> [force\_update](#input\_force\_update) | Force resource update through delete/recreate if needed. Defaults to `false`. | `bool` | `null` | no |
 | <a name="input_iam_policy_statements"></a> [iam\_policy\_statements](#input\_iam\_policy\_statements) | IAM policy for the service account. Required if `var.iam_role_enabled` is `true`. This will not do variable replacements. Please see `var.iam_policy_statements_template_path`. | `any` | `{}` | no |
 | <a name="input_iam_role_enabled"></a> [iam\_role\_enabled](#input\_iam\_role\_enabled) | Whether to create an IAM role. Setting this to `true` will also replace any occurrences of `{service_account_role_arn}` in `var.values_template_path` with the ARN of the IAM role created by this module. | `bool` | `false` | no |
-| <a name="input_iam_source_json"></a> [iam\_source\_json](#input\_iam\_source\_json) | IAM source JSON policy to use as `source_json` argument. This can be used with or instead of the `var.iam_policy_statements`. this cannot be used with `var.iam_source_json_url`. | `string` | `null` | no |
 | <a name="input_iam_source_json_url"></a> [iam\_source\_json\_url](#input\_iam\_source\_json\_url) | IAM source json policy to download. This will be used as the `source_json` meaning the `var.iam_policy_statements` and `var.iam_policy_statements_template_path` can override it. | `string` | `null` | no |
+| <a name="input_iam_source_policy_documents"></a> [iam\_source\_policy\_documents](#input\_iam\_source\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique sids. Statements with the same sid from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. | `list(string)` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_keyring"></a> [keyring](#input\_keyring) | Location of public keys used for verification. Used only if `verify` is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`. | `string` | `null` | no |
 | <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | The namespace to install the release into. Defaults to `default`. | `string` | `null` | no |
@@ -487,7 +487,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
-
+<!-- markdownlint-disable -->
   [logo]: https://cloudposse.com/logo-300x69.svg
   [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-helm-release&utm_content=docs
   [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-helm-release&utm_content=website
@@ -518,3 +518,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-helm-release
   [share_email]: mailto:?subject=terraform-aws-helm-release&body=https://github.com/cloudposse/terraform-aws-helm-release
   [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-helm-release?pixel&cs=github&cm=readme&an=terraform-aws-helm-release
+<!-- markdownlint-restore -->
diff --git a/docs/terraform.md b/docs/terraform.md
index 6e61d9c..06a1472 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.2 |
 
 ## Providers
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.3.0 |
+| <a name="module_eks_iam_policy"></a> [eks\_iam\_policy](#module\_eks\_iam\_policy) | cloudposse/iam-policy/aws | 0.4.0 |
 | <a name="module_eks_iam_role"></a> [eks\_iam\_role](#module\_eks\_iam\_role) | cloudposse/eks-iam-role/aws | 1.1.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -53,8 +53,8 @@
 | <a name="input_force_update"></a> [force\_update](#input\_force\_update) | Force resource update through delete/recreate if needed. Defaults to `false`. | `bool` | `null` | no |
 | <a name="input_iam_policy_statements"></a> [iam\_policy\_statements](#input\_iam\_policy\_statements) | IAM policy for the service account. Required if `var.iam_role_enabled` is `true`. This will not do variable replacements. Please see `var.iam_policy_statements_template_path`. | `any` | `{}` | no |
 | <a name="input_iam_role_enabled"></a> [iam\_role\_enabled](#input\_iam\_role\_enabled) | Whether to create an IAM role. Setting this to `true` will also replace any occurrences of `{service_account_role_arn}` in `var.values_template_path` with the ARN of the IAM role created by this module. | `bool` | `false` | no |
-| <a name="input_iam_source_json"></a> [iam\_source\_json](#input\_iam\_source\_json) | IAM source JSON policy to use as `source_json` argument. This can be used with or instead of the `var.iam_policy_statements`. this cannot be used with `var.iam_source_json_url`. | `string` | `null` | no |
 | <a name="input_iam_source_json_url"></a> [iam\_source\_json\_url](#input\_iam\_source\_json\_url) | IAM source json policy to download. This will be used as the `source_json` meaning the `var.iam_policy_statements` and `var.iam_policy_statements_template_path` can override it. | `string` | `null` | no |
+| <a name="input_iam_source_policy_documents"></a> [iam\_source\_policy\_documents](#input\_iam\_source\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique sids. Statements with the same sid from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. | `list(string)` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_keyring"></a> [keyring](#input\_keyring) | Location of public keys used for verification. Used only if `verify` is true. Defaults to `/.gnupg/pubring.gpg` in the location set by `home`. | `string` | `null` | no |
 | <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | The namespace to install the release into. Defaults to `default`. | `string` | `null` | no |
diff --git a/examples/complete/main-eks.tf b/examples/complete/main-eks.tf
index 406a722..2e1854a 100644
--- a/examples/complete/main-eks.tf
+++ b/examples/complete/main-eks.tf
@@ -4,7 +4,7 @@ provider "aws" {
 
 module "label" {
   source     = "cloudposse/label/null"
-  version    = "0.24.1"
+  version    = "0.25.0"
   attributes = ["cluster"]
 
   context = module.this.context
@@ -34,22 +34,23 @@ locals {
 
 module "vpc" {
   source  = "cloudposse/vpc/aws"
-  version = "0.21.1"
+  version = "1.1.1"
 
-  cidr_block = "172.16.0.0/16"
-  tags       = local.tags
+  ipv4_primary_cidr_block = "172.16.0.0/16"
+
+  tags = local.tags
 
   context = module.this.context
 }
 
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "0.38.0"
+  version = "2.0.3"
 
   availability_zones              = var.availability_zones
   vpc_id                          = module.vpc.vpc_id
-  igw_id                          = module.vpc.igw_id
-  cidr_block                      = module.vpc.vpc_cidr_block
+  igw_id                          = [module.vpc.igw_id]
+  ipv4_cidr_block                 = [module.vpc.vpc_cidr_block]
   nat_gateway_enabled             = true
   nat_instance_enabled            = false
   tags                            = local.tags
@@ -61,7 +62,7 @@ module "subnets" {
 
 module "eks_cluster" {
   source  = "cloudposse/eks-cluster/aws"
-  version = "0.39.0"
+  version = "2.4.0"
 
   region                       = var.region
   vpc_id                       = module.vpc.vpc_id
@@ -96,7 +97,7 @@ data "null_data_source" "wait_for_cluster_and_kubernetes_configmap" {
 
 module "eks_node_group" {
   source  = "cloudposse/eks-node-group/aws"
-  version = "0.19.0"
+  version = "2.4.0"
 
   subnet_ids        = module.subnets.private_subnet_ids
   cluster_name      = data.null_data_source.wait_for_cluster_and_kubernetes_configmap.outputs["cluster_name"]
@@ -105,7 +106,9 @@ module "eks_node_group" {
   min_size          = var.min_size
   max_size          = var.max_size
   kubernetes_labels = var.kubernetes_labels
-  disk_size         = var.disk_size
+
+  # Prevent the node groups from being created before the Kubernetes aws-auth ConfigMap
+  module_depends_on = module.eks_cluster.kubernetes_config_map_id
 
   context = module.this.context
 }
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index c864891..3b0e294 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -24,6 +24,8 @@ module "helm_release" {
   create_namespace     = var.create_namespace
   kubernetes_namespace = var.kubernetes_namespace
 
+  eks_cluster_oidc_issuer_url = module.eks_cluster.eks_cluster_identity_oidc_issuer
+
   atomic          = var.atomic
   cleanup_on_fail = var.cleanup_on_fail
   timeout         = var.timeout
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 86b1b25..1306c1e 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 1.0"
 
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 1.2"
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.2"
     }
   }
 }
diff --git a/main.tf b/main.tf
index 8a787c9..4464aca 100644
--- a/main.tf
+++ b/main.tf
@@ -5,13 +5,13 @@ locals {
 
 module "eks_iam_policy" {
   source  = "cloudposse/iam-policy/aws"
-  version = "0.3.0"
+  version = "0.4.0"
 
   enabled = local.iam_role_enabled
 
-  iam_source_json       = var.iam_source_json
-  iam_source_json_url   = var.iam_source_json_url
-  iam_policy_statements = var.iam_policy_statements
+  iam_source_policy_documents = var.iam_source_policy_documents
+  iam_source_json_url         = var.iam_source_json_url
+  iam_policy_statements       = var.iam_policy_statements
 
   context = module.this.context
 }
diff --git a/variables.tf b/variables.tf
index a8423c4..1503514 100644
--- a/variables.tf
+++ b/variables.tf
@@ -8,9 +8,9 @@ variable "iam_role_enabled" {
 
 ## eks_iam_policy
 
-variable "iam_source_json" {
-  type        = string
-  description = "IAM source JSON policy to use as `source_json` argument. This can be used with or instead of the `var.iam_policy_statements`. this cannot be used with `var.iam_source_json_url`."
+variable "iam_source_policy_documents" {
+  type        = list(string)
+  description = "List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique sids. Statements with the same sid from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements."
   default     = null
 }
 
diff --git a/versions.tf b/versions.tf
index d7ec076..e9c5832 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.0"
 
   required_providers {
     # Update these to reflect the actual requirements of your module