feat: Add support for setting the condition field in Event Bus permissions #84
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cadrake
changed the title
main.tf
Outdated
| @@ -216,6 +216,18 @@ resource "aws_cloudwatch_event_permission" "this" { | |||
|
|
|||
| action = lookup(each.value, "action", null) | |||
| event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, var.bus_name, null) | |||
|
|
|||
| dynamic "condition" { | |||
| for_each = lookup(each.value, "condition_org", null) != null ? [ | |||
There was a problem hiding this comment.
Suggested change
| for_each = lookup(each.value, "condition_org", null) != null ? [ | |
| for_each = try([each.value.condition_org], []) |
main.tf
Outdated
|
|
||
| dynamic "condition" { | ||
| for_each = lookup(each.value, "condition_org", null) != null ? [ | ||
| each.value.condition_org |
There was a problem hiding this comment.
Suggested change
| each.value.condition_org |
main.tf
Outdated
| dynamic "condition" { | ||
| for_each = lookup(each.value, "condition_org", null) != null ? [ | ||
| each.value.condition_org | ||
| ] : [] |
|
I made your changes and applied the example again, everything looks good. |
antonbabenko
pushed a commit
that referenced
this pull request
Apr 28, 2023
## [2.1.0](v2.0.0...v2.1.0) (2023-04-28) ### Features * Add support for setting the condition field in Event Bus permissions ([#84](#84)) ([49f1dff](49f1dff))
|
This PR is included in version 2.1.0 🎉 |
KamranBiglari
pushed a commit
to KamranBiglari/terraform-aws-eventbridge
that referenced
this pull request
Jan 10, 2024
## 1.0.0 (2024-01-10) ### ⚠ BREAKING CHANGES * Upgraded AWS provider to v5 (required for Pipes) (terraform-aws-modules#94) * Bump Terraform version to 1.0 and updated `ecs_target` arguments (terraform-aws-modules#85) ### Features * Add attach_sns_policy ([terraform-aws-modules#89](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/89)) ([6e09aa1](6e09aa1)) * Add example for ECS + scheduled events ([terraform-aws-modules#14](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/14)) ([32ea196](32ea196)) * Add schema discoverer ([terraform-aws-modules#64](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/64)) ([0099c43](0099c43)) * Add support for EventBridge Pipes ([terraform-aws-modules#92](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/92)) ([ff131eb](ff131eb)) * Add support for setting the condition field in Event Bus permissions ([terraform-aws-modules#84](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/84)) ([49f1dff](49f1dff)) * Added Name tag for IAM policies and roles ([terraform-aws-modules#62](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/62)) ([8ca8835](8ca8835)) * Added support for API destinations ([terraform-aws-modules#27](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/27)) ([b4f1ef8](b4f1ef8)) * Added support for custom role_arn in targets ([terraform-aws-modules#42](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/42)) ([45311f7](45311f7)) * Bump Terraform version to 1.0 and updated `ecs_target` arguments ([terraform-aws-modules#85](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/85)) ([04a3249](04a3249)) * first commit ([terraform-aws-modules#1](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/1)) ([48eeb94](48eeb94)) * Simplified outputs (no this_) ([terraform-aws-modules#6](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/6)) ([eb8051c](eb8051c)) * Some refactoring and added ability to handle default bus ([terraform-aws-modules#5](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/5)) ([32f75c1](32f75c1)) * Support for Eventbridge Scheduler Schedules ([terraform-aws-modules#83](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/83)) ([e3c4ffe](e3c4ffe)) * Support for existing event buses ([terraform-aws-modules#22](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/22)) ([6a499b6](6a499b6)) * support http_target argument ([terraform-aws-modules#11](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/11)) ([ee5d963](ee5d963)) * Upgraded AWS provider to v5 (required for Pipes) ([terraform-aws-modules#94](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/94)) ([ba4d055](ba4d055)) * Upgraded AWS provider version to 4.7 ([terraform-aws-modules#66](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/66)) ([7690287](7690287)) ### Bug Fixes * `create_rules = false` causes error ([terraform-aws-modules#19](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/19)) ([6d8b8d7](6d8b8d7)) * Add explicit to_map for empty object for aws_cloudwatch_event_target ([terraform-aws-modules#24](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/24)) ([9b49848](9b49848)) * Amend batch_target to be correct value ([terraform-aws-modules#35](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/35)) ([babb4d6](babb4d6)) * Amend ecs_target network_configuration to work when no ecs_target supplied ([terraform-aws-modules#25](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/25)) ([852ea30](852ea30)) * Enable adding event_source_name to an Event Bus to enable receiving events from an SaaS partner ([terraform-aws-modules#82](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/82)) ([f92a78c](f92a78c)) * Enable run_command_targets support for target ([terraform-aws-modules#54](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/54)) ([e153898](e153898)) * Fix tomap call for terraform 0.15 ([terraform-aws-modules#10](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/10)) ([d303324](d303324)) * Fixed function name from to_map to tomap ([terraform-aws-modules#26](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/26)) ([e601dec](e601dec)) * Fixed inappropriate values for subnets and security_groups in example ([terraform-aws-modules#63](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/63)) ([fd7a25b](fd7a25b)) * Fixed incorrect tomap() ([terraform-aws-modules#39](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/39)) ([05bceba](05bceba)) * Fixed misleading descriptions of IAM role (not Lambda) ([terraform-aws-modules#76](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/76)) ([aa92195](aa92195)) * Fixed outputs when create=false ([terraform-aws-modules#33](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/33)) ([3dcc882](3dcc882)) * Make it optional to append postfix to the name, connection, or API destination ([terraform-aws-modules#58](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/58)) ([980b910](980b910)) * Problems found when importing resources previously already created ([terraform-aws-modules#61](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/61)) ([015122e](015122e)) * property lookup in ecs_target block ([terraform-aws-modules#8](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/8)) ([af29da3](af29da3)) * remove create_bus as a blocker for role_arn ([terraform-aws-modules#13](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/13)) ([5453970](5453970)) * update CI/CD process to enable auto-release workflow ([terraform-aws-modules#31](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/31)) ([ad31225](ad31225)) * update sqs access policy ([terraform-aws-modules#16](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/16)) ([2de06bd](2de06bd)) * Use a version for to avoid GitHub API rate limiting on CI workflows ([terraform-aws-modules#75](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/75)) ([e9a7813](e9a7813)) * Wrong value of api destination output ([terraform-aws-modules#79](https://github.com/KamranBiglari/terraform-aws-eventbridge/issues/79)) ([03ef4ff](03ef4ff))
1 task
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a new
condition_orgfield to thepermissionsmaps that will be used to set theconditionsection of theaws_cloudwatch_event_permissionresource to allow limiting access to an EventBridge bus.Motivation and Context
I wanted to be able to support more narrow permissions on an EventBridge bus akin to the examples shown in the terraform provider docs. Since complete map of
key,typeandvaluecan't be passed in without making the entire variable an object, butkeyandtypeonly have a single value, I opted to make thevaluethe only field and set the remaining ones to their defaults when generating.Breaking Changes
This change is backwards compatible
How Has This Been Tested?
I modified the examples/with-permission module to deploy an event bus with access limited to only a single organization and then used the cli to produce an event to the bus.
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request