feat(circleci-oidc): Add support for the provider and the role

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦

https://registry.terraform.io/modules/terraform-aws-modules/iam/aws

Apache License 2.0

787 stars 996 forks source link

feat(circleci-oidc): Add support for the provider and the role #501

Open simonweil opened 2 months ago

simonweil commented 2 months ago

Description

Created a CircleCI OIDC provider and role

Motivation and Context

It's hard to do it on your own and I'm happy to contribute it to the community

Breaking Changes

None

How Has This Been Tested?

[x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
[x] I have tested and validated these changes using one or more of the provided examples/* projects
[x] I have executed pre-commit run -a on my pull request

Closes: #500

simonweil commented 2 months ago

@antonbabenko why does CI fail on nullable = false in variables? This is very useful to make sure defaults are used and unexpected nulls are not passed to the module.

simonweil commented 2 months ago

@antonbabenko ping...

simonweil commented 2 months ago

@bryantbiggs @antonbabenko any chance to get a go or no go? I'm using my version of this module now for a around a month and all is good.

antonbabenko commented 2 months ago

nullable requires terraform >= 1.1.0 but the module you add requires 1.0+.

If we decide that we need nullable, we need to update versions.tf to get pre-commit green. @bryantbiggs WDYT?

bryantbiggs commented 2 months ago

in general - I don't like the idea of having a module per CI/CD provider. I know in the past I have pushed back when someone wanted to add a new module for Bamboo CI.

If we went forward, I would rather we create a module that is generic, and lets users opt into the different 3rd party provider (default) functionality. Something like iam-3rd-party-oidc-role or iam-integration-oidc-role and then we can support various integrations such as GitHub, GitHub Enterprise, Bamboo CI, CircleCI, etc. @antonbabenko what are your thoughts

antonbabenko commented 2 months ago

I agree that we don't want to have a module per CI/CD provider, so let's update this PR to bring generic iam-integration-oidc-role and have a set of predifined properties per provider and a way to specify custom ones. It is also important to show the usages in examples.

In the longer run, we may discontinue the one we already have for GitHub.

simonweil commented 1 month ago

I agree that we don't want to have a module per CI/CD provider, so let's update this PR to bring generic iam-integration-oidc-role and have a set of predifined properties per provider and a way to specify custom ones. It is also important to show the usages in examples.

In the longer run, we may discontinue the one we already have for GitHub.

Sounds good to me, I'll sketch up a direction for discussion

github-actions[bot] commented 3 weeks ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

simonweil commented 3 weeks ago

Don't close, I'm planning to get to it