v6.1.0 - 2024/01/31

rquadling · rquadling · commit e5fc99281f88 · 2024-01-31T13:17:47.000Z
- Added testing for Terraform 1.7+ - FIX : If `var.profile` and `var.assume_role_arn` are used, then continuing to use `var.profile` invalidates the assumed role. The `aws_cli_runner.sh` now no longer uses `var.profile` when a role has been successfully assumed. Thank you [Garrett Blinkhorn](#11).
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -9,7 +9,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform_version: [1.6.6, 1.6.5, 1.6.4, 1.6.3, 1.6.2, 1.6.1, 1.6.0]
+        terraform_version:
+          - 1.7.1
+          - 1.7.0
+          - 1.6.6
+          - 1.6.5
+          - 1.6.4
+          - 1.6.3
+          - 1.6.2
+          - 1.6.1
+          - 1.6.0
 
     steps:
       - name: Checkout code
@@ -31,7 +40,7 @@ jobs:
           tests/tests.sh
 
       - name: Capture logs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: logs-${{ matrix.terraform_version }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+# v6.1.0 - 2024/01/31
+- Added testing for Terraform 1.7+
+- FIX : If `var.profile` and `var.assume_role_arn` are used, then continuing to use `var.profile` invalidates the
+  assumed role. The `aws_cli_runner.sh` now no longer uses `var.profile` when a role has been successfully assumed.
+  Thank you [Garrett Blinkhorn](https://github.com/digitickets/terraform-aws-cli/issues/11).
+
 # v6.0.2 - 2024/01/31
 - FIX : Typo in `aws_cli_runner.sh` when running assuming a role. Thank you [Garrett Blinkhorn](https://github.com/digitickets/terraform-aws-cli/issues/11).
 
diff --git a/scripts/aws_cli_runner.sh b/scripts/aws_cli_runner.sh
@@ -95,6 +95,13 @@ if [ -n "${ASSUME_ROLE_ARN}" ]; then
   export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' "$AWS_STS_JSON")
   export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' "$AWS_STS_JSON")
   export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' "$AWS_STS_JSON")
+
+  ### Having assumed a role, drop the profile as that will override any credentials retrieved by the assumed role when
+  ### reused as part of the AWS CLI call.
+  ### References :
+  ### 1. https://github.com/digitickets/terraform-aws-cli/issues/11 - Thank you Garrett Blinkhorn.
+  ### 2. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html#using-temp-creds-sdk-cli
+  unset AWS_CLI_PROFILE_PARAM
 fi
 
 # Do we have a query?
diff --git a/tests/common.sh b/tests/common.sh
@@ -137,7 +137,7 @@ function run_function() {
   fi
 }
 
-function  common_setup() {
+function common_setup() {
   TEST_PATH=$(dirname "${1}")
   TEST_NAME=$(basename "${TEST_PATH}")
 
@@ -190,7 +190,7 @@ function  common_setup() {
   export MODULE_TERRAFORM_AWS_CLI_RETAIN_LOGS=true
 }
 
-function  run_test() {
+function run_test() {
   if [ "${ALLOW_PLAN}" == "true" ]; then
     # Turn off coloured Terraform output (makes logs a little easier to read in an IDE)
     export TF_CLI_ARGS="-no-color"

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ function run_function() {`
`137`	`137`	`fi`
`138`	`138`	`}`
`139`	`139`
`140`		`-function common_setup() {`
	`140`	`+function common_setup() {`
`141`	`141`	`TEST_PATH=$(dirname "${1}")`
`142`	`142`	`TEST_NAME=$(basename "${TEST_PATH}")`
`143`	`143`
`@@ -190,7 +190,7 @@ function common_setup() {`
`190`	`190`	`export MODULE_TERRAFORM_AWS_CLI_RETAIN_LOGS=true`
`191`	`191`	`}`
`192`	`192`
`193`		`-function run_test() {`
	`193`	`+function run_test() {`
`194`	`194`	`if [ "${ALLOW_PLAN}" == "true" ]; then`
`195`	`195`	`# Turn off coloured Terraform output (makes logs a little easier to read in an IDE)`
`196`	`196`	`export TF_CLI_ARGS="-no-color"`