Update to v5.x of terraform-provider-aws (#27)

emilford · web-flow · commit bab319247c68 · 2025-01-07T10:56:20.000-03:00
Switch this and dependent modules to the v5.x of the Terraform AWS provider to support the latest AWS features, like RDS' io2. - Fix dynamic statement block ``` │ on .terraform/modules/production.auth_token/secret/main.tf line 43, in data "aws_iam_policy_document" "secret": │ 43: identifiers = [statement.arn] │ │ This object does not have an attribute named "arn". ``` https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks - Fix user managed secret environment variables NOTE: This cherry picks a commit from a [PR @jferris opened] to address the same issue. - Terraform was complaining about calling `nonsensitive` when the value wasn't sensitive; this forces the initial value to potentially be sensitive to avoid the error. - We can skip parsing out the environment variables for the user managed secret module, because they are passed in directly. [PR @jferris opened]: #13
diff --git a/secret/main.tf b/secret/main.tf
@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "secret" {
       ]
       principals {
         type        = "AWS"
-        identifiers = [statement.arn]
+        identifiers = [statement.value.arn]
       }
     }
   }
@@ -136,7 +136,7 @@ data "aws_iam_policy_document" "key" {
       resources = ["*"]
       principals {
         type        = "AWS"
-        identifiers = [statement.arn]
+        identifiers = [statement.value.arn]
       }
     }
   }
@@ -288,7 +288,7 @@ locals {
   rotation_role_name = coalesce(var.rotation_role_name, "${var.name}-rotation")
 
   env_vars = nonsensitive([
-    for key in try(keys(jsondecode(var.initial_value)), []) :
+    for key in try(keys(jsondecode(sensitive(var.initial_value))), []) :
     key if upper(key) == key
   ])
 }
diff --git a/user-managed-secret/outputs.tf b/user-managed-secret/outputs.tf
@@ -5,7 +5,7 @@ output "arn" {
 
 output "environment_variables" {
   description = "Environment variables provided by this secret"
-  value       = module.secret.environment_variables
+  value       = var.environment_variables
 }
 
 output "id" {

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "secret" {`
`40`	`40`	`]`
`41`	`41`	`principals {`
`42`	`42`	`type = "AWS"`
`43`		`- identifiers = [statement.arn]`
	`43`	`+ identifiers = [statement.value.arn]`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`	`}`
`@@ -136,7 +136,7 @@ data "aws_iam_policy_document" "key" {`
`136`	`136`	`resources = ["*"]`
`137`	`137`	`principals {`
`138`	`138`	`type = "AWS"`
`139`		`- identifiers = [statement.arn]`
	`139`	`+ identifiers = [statement.value.arn]`
`140`	`140`	`}`
`141`	`141`	`}`
`142`	`142`	`}`
`@@ -288,7 +288,7 @@ locals {`
`288`	`288`	`rotation_role_name = coalesce(var.rotation_role_name, "${var.name}-rotation")`
`289`	`289`
`290`	`290`	`env_vars = nonsensitive([`
`291`		`- for key in try(keys(jsondecode(var.initial_value)), []) :`
	`291`	`+ for key in try(keys(jsondecode(sensitive(var.initial_value))), []) :`
`292`	`292`	`key if upper(key) == key`
`293`	`293`	`])`
`294`	`294`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ output "arn" {`
`5`	`5`
`6`	`6`	`output "environment_variables" {`
`7`	`7`	`description = "Environment variables provided by this secret"`
`8`		`- value = module.secret.environment_variables`
	`8`	`+ value = var.environment_variables`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`output "id" {`