Merge branch 'main' into dependabot/go_modules/github.com/dvsekhvalnov/jose2go-1.6.0

Author: github-actions[bot]

.github/workflows/ci.yml

@@ -1,114 +1,119 @@
 env:
-  AWS_EC2_METADATA_DISABLED: true
+    AWS_EC2_METADATA_DISABLED: true
 jobs:
-  get-modules:
-    outputs:
-      matrix: ${{steps.list_dirs.outputs.matrix}}
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-      - id: list_dirs
-        run: echo "::set-output name=matrix::$(ls -d */|sed -e 's/\///'|grep -v 'bless-ca\|scripts'|jq -cnR '[inputs | select(length>0)]')"
-  lint:
-    name: lint
-    runs-on: ARM64
-    steps:
-      - name: Generate token
-        id: generate_token
-        uses: tibdex/github-app-token@v2
-        with:
-          app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }}
-          private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }}
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ steps.generate_token.outputs.token }}
-          ref: ${{ github.event.pull_request.head.ref }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-          cache: true
-          go-version: '>=1.19.0'
-          cache-dependency-path: |
-            go.sum
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
-        with:
-          version: v1.60.3
-          github-token: ${{ secrets.GITHUB_TOKEN }}  
-
-  test:
-    name: test ${{ matrix.module }}
-    needs: get-modules
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v3
-      - id: filter
-        uses: dorny/paths-filter@v2
-        with:
-          filters: |
-            module:
-              - '${{ matrix.module }}/**'
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: 0.14.5
-          terraform_wrapper: "false"
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        name: Install bless provider
-        run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-bless/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        name: Check bless provider
-        run: ls -al $HOME/.terraform.d/plugins/terraform-provider-bless*
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        name: Install Snowflake provider
-        run: curl -s https://raw.githubusercontent.com/Snowflake-Labs/terraform-provider-snowflake/v0.53.0/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d v0.53.0
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        name: Check Snowflake provider
-        run: ls -al $HOME/.terraform.d/plugins/terraform-provider-snowflake*
-      - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-region: us-west-2
-          role-duration-seconds: 1200
-          role-session-name: cztackCICDModuleTests
-          role-to-assume: "arn:aws:iam::119435350371:role/ci/cztack-1"
-    strategy:
-      fail-fast: false
-      matrix:
-        module:
-          - ${{fromJson(needs.get-modules.outputs.matrix)}}
-          - snowflake-account-grant-all
-          - snowflake-database-grant-all
-          - snowflake-external-table-grant-all
-          - snowflake-file-format-grant-all
-          - snowflake-function-grant-all
-          - snowflake-integration-grant-all
-          - snowflake-masking-policy-grant-all
-          - snowflake-materialized-view-grant-all
-          - snowflake-pipe-grant-all
-          - snowflake-procedure-grant-all
-          - snowflake-resource-monitor-grant-all
-          - snowflake-row-access-policy-grant-all
-          - snowflake-schema-grant-all
-          - snowflake-sequence-grant-all
-          - snowflake-stage-grant-all
-          - snowflake-stream-grant-all
-          - snowflake-table-grant-all
-          - snowflake-task-grant-all
-          - snowflake-view-grant-all
-          - snowflake-warehouse-grant-all
-    timeout-minutes: 45
+    get-modules:
+        permissions: {}
+        outputs:
+            matrix: ${{steps.list_dirs.outputs.matrix}}
+        runs-on: ubuntu-20.04
+        steps:
+            - uses: actions/checkout@v3
+            - id: list_dirs
+              run: echo "::set-output name=matrix::$(ls -d */|sed -e 's/\///'|grep -v 'bless-ca\|scripts'|jq -cnR '[inputs | select(length>0)]')"
+    lint:
+        name: lint
+        runs-on: ARM64
+        permissions:
+            contents: read
+            id-token: write
+        steps:
+            - id: generate_token
+              name: Generate token
+              uses: tibdex/github-app-token@v2
+              with:
+                app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }}
+                private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }}
+            - uses: actions/checkout@v4
+              with:
+                ref: ${{ github.event.pull_request.head.ref }}
+                token: ${{ steps.generate_token.outputs.token }}
+            - uses: actions/setup-go@v5
+              with:
+                cache: true
+                cache-dependency-path: |
+                    go.sum
+                go-version: '>=1.19.0'
+                go-version-file: go.mod
+            - name: golangci-lint
+              uses: golangci/golangci-lint-action@v6
+              with:
+                github-token: ${{ secrets.GITHUB_TOKEN }}
+                version: v1.64.6
+    test:
+        name: test ${{ matrix.module }}
+        needs: get-modules
+        permissions:
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - id: filter
+              uses: dorny/paths-filter@v2
+              with:
+                filters: |
+                    module:
+                      - '${{ matrix.module }}/**'
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              uses: hashicorp/setup-terraform@v1
+              with:
+                terraform_version: 0.14.5
+                terraform_wrapper: "false"
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              uses: actions/setup-go@v2
+              with:
+                go-version: 1.18
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Install bless provider
+              run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-bless/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Check bless provider
+              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-bless*
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Install Snowflake provider
+              run: curl -s https://raw.githubusercontent.com/Snowflake-Labs/terraform-provider-snowflake/v0.53.0/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d v0.53.0
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Check Snowflake provider
+              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-snowflake*
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Configure AWS Credentials
+              uses: aws-actions/configure-aws-credentials@v2
+              with:
+                aws-region: us-west-2
+                role-duration-seconds: 1200
+                role-session-name: cztackCICDModuleTests
+                role-to-assume: arn:aws:iam::119435350371:role/ci/cztack-1
+        strategy:
+            fail-fast: false
+            matrix:
+                module:
+                    - ${{fromJson(needs.get-modules.outputs.matrix)}}
+                    - snowflake-account-grant-all
+                    - snowflake-database-grant-all
+                    - snowflake-external-table-grant-all
+                    - snowflake-file-format-grant-all
+                    - snowflake-function-grant-all
+                    - snowflake-integration-grant-all
+                    - snowflake-masking-policy-grant-all
+                    - snowflake-materialized-view-grant-all
+                    - snowflake-pipe-grant-all
+                    - snowflake-procedure-grant-all
+                    - snowflake-resource-monitor-grant-all
+                    - snowflake-row-access-policy-grant-all
+                    - snowflake-schema-grant-all
+                    - snowflake-sequence-grant-all
+                    - snowflake-stage-grant-all
+                    - snowflake-stream-grant-all
+                    - snowflake-table-grant-all
+                    - snowflake-tag-grant-all
+                    - snowflake-task-grant-all
+                    - snowflake-user-grant-all
+                    - snowflake-view-grant-all
+                    - snowflake-warehouse-grant-all
+        timeout-minutes: 45
 name: CI
 "on":
-  pull_request: null
-  push:
-    branches:
-      - main
+    pull_request: null
+    push:
+        branches:
+            - main

aws-assume-role-policy/main.tf

@@ -52,7 +52,7 @@ data "aws_iam_policy_document" "assume-role" {
 
       actions = ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"]
       condition {
-        test     = "${oidc.value["condition_operator"]}"
+        test     = oidc.value["condition_operator"]
         variable = "${oidc.value["provider"]}:${oidc.value["jwt_condition"]}"
         values   = oidc.value["client_ids"]
       }

aws-aurora-mysql/README.md

@@ -72,13 +72,13 @@ No resources.
 | <a name="input_database_username"></a> [database\_username](#input\_database\_username) | Default user to be created. | `string` | n/a | yes |
 | <a name="input_db_deletion_protection"></a> [db\_deletion\_protection](#input\_db\_deletion\_protection) | n/a | `string` | `false` | no |
 | <a name="input_db_parameters"></a> [db\_parameters](#input\_db\_parameters) | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Instance) | `list(any)` | <pre>[<br>  {<br>    "apply_method": "pending-reboot",<br>    "name": "general_log",<br>    "value": 1<br>  },<br>  {<br>    "apply_method": "pending-reboot",<br>    "name": "slow_query_log",<br>    "value": "1"<br>  },<br>  {<br>    "apply_method": "pending-reboot",<br>    "name": "long_query_time",<br>    "value": "0"<br>  },<br>  {<br>    "apply_method": "pending-reboot",<br>    "name": "log_output",<br>    "value": "file"<br>  },<br>  {<br>    "apply_method": "pending-reboot",<br>    "name": "log_queries_not_using_indexes",<br>    "value": "1"<br>  }<br>]</pre> | no |
-| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | The version of the engine to be used for aurora-mysql. | `string` | `"5.7"` | no |
+| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | The version of the engine to be used for aurora-mysql. | `string` | `"8.0"` | no |
 | <a name="input_env"></a> [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `string` | `false` | no |
-| <a name="iam_roles"></a> [iam\_roles](#input\_iam\roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
+| <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_cidr_blocks"></a> [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
-| <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | `string` | `"db.t2.small"` | no |
+| <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | `string` | `"db.t3.medium"` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of instances to create in this cluster. | `string` | `1` | no |
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | `string` | `""` | no |
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |

aws-aurora-mysql/variables.tf

@@ -165,9 +165,9 @@ variable "iam_database_authentication_enabled" {
 }
 
 variable "iam_roles" {
-    type        = list(string)
-    description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
-    default     = []
+  type        = list(string)
+  description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
+  default     = []
 }
 
 variable "db_deletion_protection" {

aws-aurora-postgres/README.md

@@ -65,7 +65,7 @@ No resources.
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | The version of Postgres to use. This should be a *prefix* if auto version upgrades are enabled. (Docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#engine_version) | `string` | `"10"` | no |
 | <a name="input_env"></a> [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `string` | `false` | no |
-| <a name="iam_roles"></a> [iam\_roles](#input\_iam\roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
+| <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_cidr_blocks"></a> [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
 | <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Managing.html) | `string` | `"db.r4.large"` | no |

aws-aurora-postgres/outputs.tf

@@ -1,40 +1,40 @@
 output "database_name" {
-  value = module.aurora.database_name
+  value     = module.aurora.database_name
   sensitive = false
 }
 
 output "master_username" {
-  value = module.aurora.database_username
+  value     = module.aurora.database_username
   sensitive = false
 }
 
 output "master_password" {
-  value = module.aurora.database_password
+  value     = module.aurora.database_password
   sensitive = true
 }
 
 output "endpoint" {
-  value = module.aurora.endpoint
+  value     = module.aurora.endpoint
   sensitive = false
 }
 
 output "reader_endpoint" {
-  value = module.aurora.reader_endpoint
+  value     = module.aurora.reader_endpoint
   sensitive = false
 }
 
 output "port" {
-  value = module.aurora.port
+  value     = module.aurora.port
   sensitive = false
 }
 
 output "cluster_resource_id" {
-  value = module.aurora.cluster_resource_id
+  value     = module.aurora.cluster_resource_id
   sensitive = false
 }
 
 output "cluster_id" {
-  value = module.aurora.rds_cluster_id
+  value     = module.aurora.rds_cluster_id
   sensitive = false
 }
 

aws-aurora-postgres/variables.tf

@@ -126,9 +126,9 @@ variable "iam_database_authentication_enabled" {
 }
 
 variable "iam_roles" {
-    type        = list(string)
-    description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
-    default     = []
+  type        = list(string)
+  description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
+  default     = []
 }
 
 variable "ca_cert_identifier" {

aws-aurora/README.md

@@ -48,7 +48,7 @@ No modules.
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | n/a | `string` | n/a | yes |
 | <a name="input_env"></a> [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or not mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. | `string` | `true` | no |
-| <a name="iam_roles"></a> [iam\_roles](#input\_iam\roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
+| <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | A list of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_cidr_blocks"></a> [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no |
 | <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | n/a | `string` | `"db.t2.small"` | no |

aws-aurora/variables.tf

@@ -119,9 +119,9 @@ variable "iam_database_authentication_enabled" {
 }
 
 variable "iam_roles" {
-    type        = list(string)
-    description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
-    default     = []
+  type        = list(string)
+  description = "A list of ARNs for the IAM roles to associate to the RDS Cluster."
+  default     = []
 }
 
 variable "enabled_cloudwatch_logs_exports" {

aws-cloudfront-domain-redirect/README.md

@@ -65,6 +65,7 @@ module domain-redirect {
 | <a name="input_lambda_cloudwatch_log_retention_in_days"></a> [lambda\_cloudwatch\_log\_retention\_in\_days](#input\_lambda\_cloudwatch\_log\_retention\_in\_days) | Retention policy (in days) for Lambda function's logs in Cloudwatch | `number` | `null` | no |
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes |
+| <a name="input_redirect_bucket_name"></a> [redirect\_bucket\_name](#input\_redirect\_bucket\_name) | Unique name for the redirect bucket (provide if possible). | `string` | `null` | no |
 | <a name="input_service"></a> [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes |
 | <a name="input_source_domain"></a> [source\_domain](#input\_source\_domain) | The domain that will be redirected from. | `string` | n/a | yes |
 | <a name="input_source_domain_zone_id"></a> [source\_domain\_zone\_id](#input\_source\_domain\_zone\_id) | Route53 zone id for the source domain. | `string` | n/a | yes |