#pr-reviews (2022-07)

what

• adds the ability to give push-only access to the repository

why

• full access was more than we wanted in our situation (CI pushing images to the repo) so we added a principals_push_access to give push-only access.

references

• policy is based on this AWS doc

what

• Adding missing required db_cluster_instance_class variable when creating a provisioned multi a-z rds cluster.

why

• Prevent failure when doing a terraform apply to create the multi a-z rds cluster.

references

• Closed #146

what

• Added inputs, deprecated source_json • Use latest tests

why

• Use non-deprecated input

references

• Closes #12 • This works for aws 3.x too https://registry.terraform.io/providers/hashicorp/aws/3.75.2/docs/data-sources/iam_policy_document#override_policy_documents • After this PR, we want to update https://github.com/cloudposse/terraform-aws-helm-release

what

• For a multi a-z rds cluster skip creating aws_rds_cluster_instance resource when engine type is NOT aurora, aurora-mysql, aurora-postgresql

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster.

references

• closes #148

what

• Allow specifying the output artifact format for the source stage of the Codestar pipeline • Small optimisation for checking when to create Codestar related resources • Assign Codestar policy to Codebuild service role if artifact format is ‘full clone’, as it is required for Codebuild to pull from the git repo

why

• To allow flexibility • Previously the artifact format was hard-coded to ‘CODE_ZIP’. Occasionally this fails with Bitbucket (due to some kind of internal error)

references

• N/A

what

• I was getting deprecation warning for data.aws_iam_policy_document.resource.source_json attribute:

    │ Warning: Argument is deprecated
    │
    │   with module.ecr_public.module.ecr_public.data.aws_iam_policy_document.resource,
    │   on .terraform-devops/modules/ecr_public.ecr_public/main.tf line 43, in data "aws_iam_policy_document" "resource":
    │   43:   source_json = local.principals_full_access_non_empty ? join("", [data.aws_iam_policy_document.resource_full_access[0].json]) : join("", [data.aws_iam_policy_document.empty[0].json])
    │
    │ Use the attribute "source_policy_documents" instead.
    │
    │ (and one more similar warning elsewhere)
    

why

• Simple fix for deprecated attribute, please see docs here!

references

• Documentation on source_json being deprecated

what

• Allow specifying the output artifact format for the source stage of the Codestar pipeline • Small optimisation for checking when to create Codestar related resources • Assign Codestar policy to Codebuild service role if artifact format is ‘full clone’, as it is required for Codebuild to pull from the git repo

why

• To allow flexibility • Previously the artifact format was hard-coded to ‘CODE_ZIP’. Occasionally this fails with Bitbucket (due to some kind of internal error)

references

• N/A