v3.5.0

add mq configurations @danushkaf (#67)

## what

This change is to allow users to configure MQ configurations with this module

why

With current version there is no way to attach configurations to brokers

references

#66

🤖 Automatic Updates

Migrate new test account @osterman (#99)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#98)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#97)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#96)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#93)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#92)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#91)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#90)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#87)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Bump github.com/hashicorp/go-getter from 1.5.11 to 1.7.0 in /test/src @[dependabot[bot]](https://github.com/apps/dependabot) (#85)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.11 to 1.7.0.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.0

What's Changed

• docs: provide logging recommendations by @​mickael-hc in hashicorp/go-getter#371
• Update aws sdk version by @​Jukie in hashicorp/go-getter#384
• Update S3 URL in README by @​twelvelabs in hashicorp/go-getter#378
• Migrate to GHA by @​claire-labry in hashicorp/go-getter#379
• [COMPLIANCE] Update MPL 2.0 LICENSE by @​hashicorp-copywrite in hashicorp/go-getter#386
• remove codesign entirely from go-getter by @​claire-labry in hashicorp/go-getter#408
• Add decompression bomb mitigation options for v1 by @​picatz in hashicorp/go-getter#412
• v1: decompressors: add LimitedDecompressors helper by @​shoenig in hashicorp/go-getter#413

New Contributors

• @​mickael-hc made their first contribution in hashicorp/go-getter#371
• @​Jukie made their first contribution in hashicorp/go-getter#384
• @​twelvelabs made their first contribution in hashicorp/go-getter#378
• @​hashicorp-copywrite made their first contribution in hashicorp/go-getter#386

Full Changelog: hashicorp/go-getter@v1.6.2...v1.7.0

v1.6.2

What's Changed

• Fix no getter available for X-Terraform-Get source protocol when using bare github or bitbucket hostnames: #370

v1.6.1

No release notes provided.

Commits

• 0edab85 Merge pull request #413 from hashicorp/limited-decompressors-helper
• b38771f decompressors: add LimitedDecompressors helper
• 78e6721 Merge pull request #412 from hashicorp/mitigate-decompression-bomb
• cf15d84 Add decompression bomb mitigation options
• d229395 Merge pull request #408 from hashicorp/remove-codesign
• b55f8f7 remove codesign entirely from go-getter
• 611343a Merge pull request #386 from hashicorp/compliance/add-license
• 7220a3d Merge pull request #379 from hashicorp/migrate-to-gha
• 2daac52 Update get_gcs_test.go
• 95c5f2d Update get_s3_test.go
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can...

v3.4.0

🤖 Automatic Updates

chore(deps): update terraform cloudposse/security-group/aws to v2.2.0 (main) @renovate (#58)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/security-group/aws (source)	module	minor	2.0.1 -> 2.2.0

---

Release Notes

cloudposse/terraform-aws-security-group (cloudposse/security-group/aws)

v2.2.0

Compare Source

`.editorconfig` Typo @​milldr (#​50)

what

fixed intent typo

why

should be spelled "indent"

references

https://cloudposse.slack.com/archives/C01EY65H1PA/p1685638634845009

Sync github @​max-lobur (#​47)

Rebuild github dir from the template

v2.1.0

Compare Source

• No changes

---

v3.3.0

remove deprecated overwrite_ssm_parameter @andruccho (#71)

Removed deprecated overwrite_ssm_parameter.

v3.2.0

update vpc and broker versions @hans-d (#73)

what

• bump example vpc module version
• bump default engine version (variables.tf and example vars)

why

• terratest failing
• very outdated vpc module version
• current default engine version not supported anymore

references

• #71

Sync github @max-lobur (#57)

Rebuild github dir from the template

v3.1.0

• No changes

v3.0.0 Breaking Changes

Breaking Changes

This module includes breaking changes due to upgrading from terraform-aws-security-group v1 to v2. You can read the full details of the security group changes and how to migrate in migration notes linked below under "references", but the short story is this:

• If you were using this modules default value of true for security_group_create_before_destroy then you need not make any changes. If you were explicitly setting it to false, we strongly advise you to read the migration notes because that setting previously did not work, raising the question of whether you want to pay the price of converting to the new module with working false behavior or perform the recommended upgrade to the true.
• If you are referring by ID to the security group created by this module in other security group's rules outside the Terraform plan that controls this one, then you should read the security group migration notes discussion of the new input preserve_security_group_id and probably set it to true

Upgrade versions @johncblandii (#54)

what

• Upgrade versions to the latest

Key changes in terraform-aws-security-group v2.0 affecting this release

• create_before_destory default changed from false to true
• preserve_security_group_id added, defaults to false
• Terraform version 1.0.0 or later required

why

• The module fails when used with the latest https://github.com/cloudposse/terraform-aws-components

references

• cloudposse/terraform-aws-components#602
• Migration Notes for Security Group v2.0

v2.0.1

🚀 Enhancements

Updating sg egress to use input variable @joshmello (#48)

what

Egress was hardcoded to true when there was an input for it.

why

Full egress is not always warranted.

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use closes #123, if this PR closes a GitHub issue #123

v2.0.0 Breaking changes

This PR introduces breaking changes. Please review the migration documentation before upgrading.

Update to use Security Group module @milldr (#45)

what

• Use the new Security Group module version
• Incorporate open PRs
• Update test framework

why

• Unblocking further enhancements
• Open PRs were based on incompatible pre-release versions
• Test framework maintenance is not automated

notes

This PR introduces breaking changes and will be released as version 2.0. Migration document is here.

references

• required for updating https://github.com/cloudposse/terraform-aws-components/tree/master/modules/mq-broker
• supersedes and closes #34
• closes #35
• closes #37
• closes #41
• closes #46
• closes #47

v0.15.1 Unstable pre-release

🚀 Enhancements

fix: set security_group_enabled false when publicly_accessible is true @luizbossoi (#42)

what

Added a condition to security_group_enabled variable to avoid issues when a broker is created using publicly_accessible true.
By default security_group_enabled is set to true and if you try to create a public broker, you cannot create a security group.

│ Message_: "Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]"

why

This PR was made to avoid a less-experienced when creating a public broker.

references

Terraform error:
│ Message_: "Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]"

v0.15.0 Unstable Pre-Release

We are revising and standardizing our handling of security groups and security group rules across all our Terraform modules. This is an early attempt with significant breaking changes. We will make further breaking changes soon, so using this version is not recommended.

Breaking changes

If there is something not documented here, please let us know by filing a ticket.

• var.allowed_security_groups is removed in favor of the security group module's var.security_group_rules which can contain a single source_security_group_id per rule

• var.allowed_cidr_blocks is removed in favor of the security group module's var.security_group_rules which can contain a cidr_blocks

• var.use_existing_security_groups is replaced with var.security_group_enabled (note that if the former was true, the latter should be false)

• var.existing_security_groups is replaced with var.security_groups

• security group has moved

  terraform state mv \
    "module.mq_broker.aws_security_group.default[0]" \
    "module.mq_broker.module.security_group.aws_security_group.default[0]"

• default security_group_rules does not allow ingress but this can be added manually.

  Note: The list must have the same json keys per index

  security_group_rules = [
    {
      type                     = "egress"
      from_port                = 0
      to_port                  = 65535
      protocol                 = "-1"
      cidr_blocks              = ["0.0.0.0/0"]
      source_security_group_id = null
      description              = "Allow all outbound traffic"
    },
    {
      type                     = "ingress"
      from_port                = 0
      to_port                  = 65535
      protocol                 = "-1"
      cidr_blocks              = []
      source_security_group_id = local.security_group_id # provide existing security group or comment out this rule
      description              = "Allow inbound traffic from existing security groups"
    },
    {
      type                     = "ingress"
      from_port                = 0
      to_port                  = 65535
      protocol                 = "-1"
      cidr_blocks              = [] # provide cidr blocks or comment out this rule
      source_security_group_id = null 
      description              = "Allow inbound traffic from CIDR blocks"
    }
  ]

• security group rules have been moved

  Note: since the new security group rule names are generated upon a plan, the plan will need to be run first to generate the new names in order to move the rules. Replace someguid with the appropriate value.

  terraform state mv \
    'module.mq_broker.aws_security_group_rule.egress[0]' \
    'module.mq_broker.module.security_group.aws_security_group_rule.default["egress--1-0-65535-someguid"]'
  terraform state mv \
    'module.mq_broker.aws_security_group_rule.ingress_security_groups[0]' \
    'module.mq_broker.module.security_group.aws_security_group_rule.default["ingress-tcp--1-0-65535-someguid"]'
  terraform state mv \
    'module.mq_broker.aws_security_group_rule.ingress_cidr_blocks[0]' \
    'module.mq_broker.module.security_group.aws_security_group_rule.default["ingress-tcp--1-0-65535-someguid"]'

feat: use security-group module instead of resource @SweetOps (#32)

what

• use security-group module instead of resource
• update tests

why

• more flexible than current implementation
• bring configuration of security group/rules to one standard

references

• CPCO-409