fix: Update bucket references to use `bucket` field as it is known before apply

brittandeyoung commented 12 months ago

Update bucket references to use bucket field as it is known before apply

Description

This PR updates all the references for the s3 bucket to use the bucket field as it is know before apply. This resolves IaC scanning tools false positives as it cannot link the acl and other required settings to the bucket without the bucket field being known. This happens when targeting the plan output for scanning.

Motivation and Context

Closes: #259

Scanning IaC before deploying is best practices. Since values can be changed with variables and conditionals, the best way to scan IaC is usng the plan output. In the current state, this module fails common security requirements as the bucket field is not known until after apply. This PR resolves this by using the bucket field as the source, which is known during the plan.

Breaking Changes

How Has This Been Tested?

[x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
[x] I have tested and validated these changes using one or more of the provided examples/* projects
[x] I have executed pre-commit run -a on my pull request

➜ terraform-aws-s3-bucket (brittandeyoung/fix-known-after-apply-bucket-values) ✗ pre-commit run -a
Terraform fmt............................................................Passed
Terraform wrapper with for_each in module................................Passed
Terraform validate.......................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................Passed

➜ terraform-aws-s3-bucket (brittandeyoung/fix-known-after-apply-bucket-values) ✗ terraform test
bucket_known_before_apply.tftest.hcl... in progress
  run "bucket_value_known_before_apply"... pass
bucket_known_before_apply.tftest.hcl... tearing down
bucket_known_before_apply.tftest.hcl... pass

github-actions[bot] commented 11 months ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

brittandeyoung commented 11 months ago

This is still an active PR, just waiting on a review.

antonbabenko commented 10 months ago

Closed by https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/issues/259#issuecomment-1898057297

github-actions[bot] commented 9 months ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

terraform-aws-modules / terraform-aws-s3-bucket