Add new feature - 'bypass_policy_lockout_safety_check' (#4)

Abdul Wahid · web-flow · commit ebdf3ddb65de · 2021-08-18T14:24:59.000+01:00
* Set provider limit (#5) * Add new parameter 'bypass_policy_lockout_safety_check'
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,4 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+*.vscode
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.3.0
+  rev: v4.0.1
   hooks:
   - id: check-added-large-files
     args: ['--maxkb=500']
@@ -18,7 +18,7 @@ repos:
     args: ['--allow-missing-credentials']
   - id: trailing-whitespace
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.44.0
+  rev: v1.50.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,26 @@ All notable changes to this project will be documented in this file.
 <a name="unreleased"></a>
 ## [Unreleased]
 
-- Update module versions to support v3 provider
+- Add new parameter 'bypass_policy_lockout_safety_check'
+
+
+<a name="1.0.3"></a>
+## [1.0.3] - 2021-08-17
+
+- Set provider limit ([#5](https://github.com/umotif-public/terraform-aws-kms/issues/5))
+- Update README.md
+
+
+<a name="1.0.2"></a>
+## [1.0.2] - 2020-11-09
+
+- Update module to remove terraform 0.14 limit ([#3](https://github.com/umotif-public/terraform-aws-kms/issues/3))
+
+
+<a name="1.0.1"></a>
+## [1.0.1] - 2020-08-05
+
+- Feature/v3 provider support ([#2](https://github.com/umotif-public/terraform-aws-kms/issues/2))
 - Feature/updates ([#1](https://github.com/umotif-public/terraform-aws-kms/issues/1))
 
 
@@ -18,4 +37,7 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/umotif-public/terraform-aws-kms/compare/1.0.0...HEAD
+[Unreleased]: https://github.com/umotif-public/terraform-aws-kms/compare/1.0.3...HEAD
+[1.0.3]: https://github.com/umotif-public/terraform-aws-kms/compare/1.0.2...1.0.3
+[1.0.2]: https://github.com/umotif-public/terraform-aws-kms/compare/1.0.1...1.0.2
+[1.0.1]: https://github.com/umotif-public/terraform-aws-kms/compare/1.0.0...1.0.1
diff --git a/README.md b/README.md
@@ -1,19 +1,20 @@
-![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/umotif-public/terraform-aws-kms?style=social)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/umotif-public/terraform-aws-kms)](https://github.com/umotif-public/terraform-aws-kms/releases/latest)
 
 # terraform-aws-kms
 
 Terraform module to configure a KMS Customer Master Key (CMK) and its alias.
 
 ## Terraform versions
 
-Terraform 0.12. Pin module version to `~> v1.0`. Submit pull-requests to `master` branch.
+Terraform 0.12 and provider version < 3.53.0. Pin module version to `~> v1.0`.
+For Terraform 0.12 with provider version >= 3.53.0. Pin module version to `~> v2.0`. Submit pull-requests to `main` branch.
 
 ## Usage
 
 ```hcl
 module "kms" {
   source = "umotif-public/kms/aws"
-  version = "~> 1.0.0"
+  version = "~> 2.0.0"
 
   enabled = true
   description             = "KMS test description"
@@ -33,50 +34,63 @@ Module is to be used with Terraform > 0.12.
 
 ## Examples
 
-* [KMS](https://github.com/umotif-public/terraform-aws-kms/tree/master/examples/core)
+* [KMS](https://github.com/umotif-public/terraform-aws-kms/tree/main/examples/core)
 
 ## Authors
 
-Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](https://www.linkedin.com/in/marcincuber/).
+Module managed by [Marcin Cuber](https://github.com/marcincuber) ([LinkedIn](https://www.linkedin.com/in/marcincuber/)).\
+Module managed by [Abdul Wahid](https://github.com/Ohid25) ([LinkedIn](https://www.linkedin.com/in/abdul-wahid/)).\
+Module managed by [Sean Pascual](https://github.com/seanpascual) ([LinkedIn](https://www.linkedin.com/in/sean-edward-pascual/)).
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6 |
-| aws | >= 2.41 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.53.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.41 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.53.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_kms_alias.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
+| [aws_kms_key.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| alias\_name | The display name of the alias. | `string` | n/a | yes |
-| customer\_master\_key\_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\_DEFAULT, RSA\_2048, RSA\_3072, RSA\_4096, ECC\_NIST\_P256, ECC\_NIST\_P384, ECC\_NIST\_P521, or ECC\_SECG\_P256K1. Defaults to SYMMETRIC\_DEFAULT. | `string` | `"SYMMETRIC_DEFAULT"` | no |
-| deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource. | `number` | `10` | no |
-| description | The description of the key as viewed in AWS console. | `string` | `"Parameter Store KMS master key"` | no |
-| enable\_key\_rotation | Specifies whether key rotation is enabled. | `bool` | `true` | no |
-| enabled | Specifies whether to create resources within this module. | `bool` | `true` | no |
-| is\_enabled | Specifies whether the key is enabled. | `bool` | `true` | no |
-| key\_usage | Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
-| policy | A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform. | `string` | `""` | no |
-| tags | Mapping of additional tags. | `map(string)` | `{}` | no |
+| <a name="input_alias_name"></a> [alias\_name](#input\_alias\_name) | The display name of the alias. | `string` | n/a | yes |
+| <a name="input_bypass_policy_lockout_safety_check"></a> [bypass\_policy\_lockout\_safety\_check](#input\_bypass\_policy\_lockout\_safety\_check) | Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. | `bool` | `false` | no |
+| <a name="input_customer_master_key_spec"></a> [customer\_master\_key\_spec](#input\_customer\_master\_key\_spec) | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\_DEFAULT, RSA\_2048, RSA\_3072, RSA\_4096, ECC\_NIST\_P256, ECC\_NIST\_P384, ECC\_NIST\_P521, or ECC\_SECG\_P256K1. Defaults to SYMMETRIC\_DEFAULT. | `string` | `"SYMMETRIC_DEFAULT"` | no |
+| <a name="input_deletion_window_in_days"></a> [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | Duration in days after which the key is deleted after destruction of the resource. | `number` | `10` | no |
+| <a name="input_description"></a> [description](#input\_description) | The description of the key as viewed in AWS console. | `string` | `"Parameter Store KMS master key"` | no |
+| <a name="input_enable_key_rotation"></a> [enable\_key\_rotation](#input\_enable\_key\_rotation) | Specifies whether key rotation is enabled. | `bool` | `true` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | Specifies whether to create resources within this module. | `bool` | `true` | no |
+| <a name="input_is_enabled"></a> [is\_enabled](#input\_is\_enabled) | Specifies whether the key is enabled. | `bool` | `true` | no |
+| <a name="input_key_usage"></a> [key\_usage](#input\_key\_usage) | Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
+| <a name="input_policy"></a> [policy](#input\_policy) | A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform. | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Mapping of additional tags. | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| alias\_arn | KMS Key Alias ARN. |
-| alias\_name | KMS Key Alias name. |
-| key\_arn | KMS Key ARN. |
-| key\_id | KMS Key ID. |
-
+| <a name="output_alias_arn"></a> [alias\_arn](#output\_alias\_arn) | KMS Key Alias ARN. |
+| <a name="output_alias_name"></a> [alias\_name](#output\_alias\_name) | KMS Key Alias name. |
+| <a name="output_key_arn"></a> [key\_arn](#output\_key\_arn) | KMS Key ARN. |
+| <a name="output_key_id"></a> [key\_id](#output\_key\_id) | KMS Key ID. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## License
diff --git a/main.tf b/main.tf
@@ -1,14 +1,15 @@
 resource "aws_kms_key" "main" {
   count = var.enabled ? 1 : 0
 
-  description              = var.description
-  key_usage                = var.key_usage
-  customer_master_key_spec = var.customer_master_key_spec
-  deletion_window_in_days  = var.deletion_window_in_days
-  is_enabled               = var.is_enabled
-  enable_key_rotation      = var.enable_key_rotation
-  policy                   = var.policy != "" ? var.policy : null
-  tags                     = var.tags
+  description                        = var.description
+  key_usage                          = var.key_usage
+  customer_master_key_spec           = var.customer_master_key_spec
+  deletion_window_in_days            = var.deletion_window_in_days
+  bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
+  is_enabled                         = var.is_enabled
+  enable_key_rotation                = var.enable_key_rotation
+  policy                             = var.policy != "" ? var.policy : null
+  tags                               = var.tags
 }
 
 resource "aws_kms_alias" "main" {
diff --git a/variables.tf b/variables.tf
@@ -57,3 +57,8 @@ variable "alias_name" {
   description = "The display name of the alias."
 }
 
+variable "bypass_policy_lockout_safety_check" {
+  type        = bool
+  default     = false
+  description = "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy."
+}
diff --git a/versions.tf b/versions.tf
@@ -1,7 +1,7 @@
 terraform {
-  required_version = ">= 0.12.6"
+  required_version = ">= 0.12.31"
 
   required_providers {
-    aws = ">= 2.41"
+    aws = ">= 3.53.0"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -27,3 +27,4 @@ override.tf.json`
`27`	`27`
`28`	`28`	`# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan`
`29`	`29`	`# example: tfplan`
	`30`	`+*.vscode`
Original file line number	Diff line number	Diff line change
`@@ -57,3 +57,8 @@ variable "alias_name" {`
`57`	`57`	`description = "The display name of the alias."`
`58`	`58`	`}`
`59`	`59`
	`60`	`+variable "bypass_policy_lockout_safety_check" {`
	`61`	`+ type = bool`
	`62`	`+ default = false`
	`63`	`+ description = "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy."`
	`64`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 0.12.6"`
	`2`	`+ required_version = ">= 0.12.31"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`		`- aws = ">= 2.41"`
	`5`	`+ aws = ">= 3.53.0"`
`6`	`6`	`}`
`7`	`7`	`}`