Updated to support Terraform 1.3.X and latest

[martwana]

Proposed changes

Updated to support Terraform > v1.3.X. A few AWS resources that generated warnings have also been updated.

Swapped from data.template_file for templatefile() as there is no M1 support for the templates provider.

Added a TF output for the CodeBuild IAM role. If using a custom nuke config in a custom S3 bucket, you need to be able to grant this role access to the bucket. By outputting the name, you can create and IAM policy and attach it to the role.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (changes to code, which do not change application behavior)

Checklist

• I have filled out this PR template
• I have read the CONTRIBUTING doc
• I have added automated tests that prove my fix is effective or that my feature works
• I have added necessary documentation (README.md, inline comments, etc.)
• I have updated the CHANGELOG.md under a ## next release, with a short summary of my changes

Relevant Links

N/A

Further comments

N/A

[CLAassistant]

All committers have signed the CLA.

[shubydo]

Left some comments. Any particular reason for 1.2.X instead of 1.3.X?

[martwana]

@shubydo Think we may be good to merge this now?

[shubydo]

LGTM. Thanks for the contribution @martwana !

There's a status check that is still pending that appears to not be triggering the current pipeline that runs during PRs. This may be due to the current pipeline not automatically running for forked branches or another reason (given my current understanding). Once we can get that triggered and it passes, let's merge this.

CC: @jrsholly

[shubydo]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).

[martwana]

Ah, your Azure Pipeline needs updated to use the new terraform version

[shubydo]

Current pipeline(s) failed because an earlier version of terraform is being used. Can you update the Terraform version in the following files as well?

• dce/pipelines/pipeline.yml

  Line 12 in 7a22c7f

  TERRAFORM_VERSION: 0.12.31

• dce/pipelines/destroy-pr-env.yml

  Line 47 in 7a22c7f

  terraformVersion: "0.12.18"

I'd suggest using the version that matches the new version constraint you defined here

[shubydo]

@martwana the pipeline is failing on a certain step which is why the status checks aren't passing for this PR. #433 should fix it hopefully :)

Edit: Looks like it failed, but the check isn't reflecting this

[dutsmiller]

Can this be merged?

[martwana]

@shubydo What are the steps left to take to get this into master. I'd really like to ditch my fork and start tracking Optum/dce.

[shubydo]

@shubydo What are the steps left to take to get this into master. I'd really like to ditch my fork and start tracking Optum/dce.

@martwana sorry for the very delayed response. I am no longer actively on this project, so I'll defer to @dilip0515.

@dilip0515 since this is a larger, potentially breaking, change for certain users if they are pointing at the master branch, it might be good to bump the next release version to v0.40.0 or v0.35.0

[stv-io]

As someone "coming from the internet" and a new user of DCE, I would like to nudge this conversation, as my organisation would benefit from this PR being merged as well.

FWIW the terraform changes LGTM and the README changes are also complete.

[stv-io]

@martwana it seems like the syntax here isn't working:

❯ terraform plan
╷
│ Error: Incorrect attribute value type
│
│   on .terraform/modules/dce/modules/gateway.tf line 115, in resource "aws_api_gateway_deployment" "gateway_deployment":
│  115:   variables = {
│  116:     // API Changes won't get deployed, without a trigger in TF
│  117:     // See https://medium.com/coryodaniel/til-forcing-terraform-to-deploy-a-aws-api-gateway-deployment-ed36a9f60c1a
│  118:     // and https://github.com/terraform-providers/terraform-provider-aws/issues/162#issuecomment-475323730
│  119:   triggers = {
│  120:     redeployment = sha1(jsonencode(aws_api_gateway_rest_api.gateway_api.body))
│  121:   }
│  122:   }
│
│ Inappropriate value for attribute "variables": element "triggers": string required.

fixed (or removed the error on plan) by removing the "reployment" key:

resource "aws_api_gateway_deployment" "gateway_deployment" {
  rest_api_id = aws_api_gateway_rest_api.gateway_api.id

  variables = {
    triggers = sha1(jsonencode(aws_api_gateway_rest_api.gateway_api.body))
  }

  lifecycle {
    create_before_destroy = true
  }
}

[jfrconley]

I am also hoping this gets merged soon, 0.13.7 is too old for our use case

[bjfish25]

This pr has been accomplished at least in part by the prs:

• Switch from deny and allow config, to only deny and allow everything … #467
• Upgrade terraform in pipeline, allow greater than 0.13.7 for user #480

@martwana If there is something you still want merged be free to request my review. Otherwise I'll look to close this as accomplished in by other prs.