chore!: Rename default IAM role to GitHubActions (#77)

Author: unfunco

examples/complete/main.tf

@@ -1,26 +1,27 @@
+// SPDX-FileCopyrightText: 2024 Daniel Morris <[email protected]>
+// SPDX-License-Identifier: MIT
+
 provider "aws" {
-  region = var.region
+  default_tags {}
 }
 
 module "aws_oidc_github" {
   source = "../../"
 
-  enabled = var.enabled
-
-  additional_audiences          = var.additional_audiences
-  additional_thumbprints        = var.additional_thumbprints
-  attach_admin_policy           = var.attach_admin_policy
-  attach_read_only_policy       = var.attach_read_only_policy
-  create_oidc_provider          = var.create_oidc_provider
-  enterprise_slug               = var.enterprise_slug
-  force_detach_policies         = var.force_detach_policies
-  iam_role_name                 = var.iam_role_name
-  iam_role_path                 = var.iam_role_path
-  iam_role_permissions_boundary = var.iam_role_permissions_boundary
-  iam_role_policy_arns          = var.iam_role_policy_arns
-  github_repositories           = var.github_repositories
-  max_session_duration          = var.max_session_duration
-  tags                          = var.tags
+  additional_audiences            = var.additional_audiences
+  additional_thumbprints          = var.additional_thumbprints
+  attach_read_only_policy         = var.attach_read_only_policy
+  create_oidc_provider            = var.create_oidc_provider
+  dangerously_attach_admin_policy = var.dangerously_attach_admin_policy
+  enterprise_slug                 = var.enterprise_slug
+  force_detach_policies           = var.force_detach_policies
+  iam_role_name                   = var.iam_role_name
+  iam_role_path                   = var.iam_role_path
+  iam_role_permissions_boundary   = var.iam_role_permissions_boundary
+  iam_role_policy_arns            = var.iam_role_policy_arns
+  github_repositories             = var.github_repositories
+  max_session_duration            = var.max_session_duration
+  tags                            = var.tags
 
   iam_role_inline_policies = {
     "example_inline_policy" : data.aws_iam_policy_document.example.json

examples/complete/outputs.tf

@@ -1,3 +1,6 @@
+// SPDX-FileCopyrightText: 2024 Daniel Morris <[email protected]>
+// SPDX-License-Identifier: MIT
+
 output "iam_role_arn" {
   description = "ARN of the IAM role."
   value       = module.aws_oidc_github.iam_role_arn

examples/complete/variables.tf

@@ -1,3 +1,6 @@
+// SPDX-FileCopyrightText: 2024 Daniel Morris <[email protected]>
+// SPDX-License-Identifier: MIT
+
 variable "additional_audiences" {
   default     = null
   description = "List of additional OIDC audiences allowed to assume the role."
@@ -15,14 +18,8 @@ variable "additional_thumbprints" {
   }
 }
 
-variable "attach_admin_policy" {
-  default     = false
-  description = "Flag to enable/disable the attachment of the AdministratorAccess policy."
-  type        = bool
-}
-
 variable "attach_read_only_policy" {
-  default     = true
+  default     = false
   description = "Flag to enable/disable the attachment of the ReadOnly policy."
   type        = bool
 }
@@ -33,9 +30,9 @@ variable "create_oidc_provider" {
   type        = bool
 }
 
-variable "enabled" {
-  default     = true
-  description = "Flag to enable/disable the creation of resources."
+variable "dangerously_attach_admin_policy" {
+  default     = false
+  description = "Flag to enable/disable the attachment of the AdministratorAccess policy."
   type        = bool
 }
 
@@ -60,15 +57,15 @@ variable "github_repositories" {
     // organization/repository format used by GitHub.
     condition = length([
       for repo in var.github_repositories : 1
-      if length(regexall("^[A-Za-z0-9_.-]+?/([A-Za-z0-9_.:/-]+[*]?|\\*)$", repo)) > 0
+      if length(regexall("^[A-Za-z0-9_.-]+?/([A-Za-z0-9_.:/\\-\\*]+)$", repo)) > 0
     ]) == length(var.github_repositories)
     error_message = "Repositories must be specified in the organization/repository format."
   }
 }
 
 variable "iam_role_name" {
-  default     = "github"
-  description = "Name of the IAM role to be created. This will be assumable by GitHub."
+  default     = "GitHubActions"
+  description = "The name of the IAM role to be created and made assumable by GitHub Actions."
   type        = string
 }
 
@@ -90,6 +87,12 @@ variable "iam_role_policy_arns" {
   type        = list(string)
 }
 
+variable "iam_role_inline_policies" {
+  default     = {}
+  description = "Inline policies map with policy name as key and json as value."
+  type        = map(string)
+}
+
 variable "max_session_duration" {
   default     = 3600
   description = "Maximum session duration in seconds."
@@ -101,11 +104,6 @@ variable "max_session_duration" {
   }
 }
 
-variable "region" {
-  description = "AWS region in which to apply resources."
-  type        = string
-}
-
 variable "tags" {
   default     = {}
   description = "Map of tags to be applied to all resources."

examples/complete/versions.tf

@@ -1,15 +1,18 @@
+// SPDX-FileCopyrightText: 2024 Daniel Morris <[email protected]>
+// SPDX-License-Identifier: MIT
+
 terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 5.0"
     }
 
     tls = {
       source  = "hashicorp/tls"
-      version = ">= 3.0"
+      version = ">= 4.0"
     }
   }
 
-  required_version = "~> 1.0"
+  required_version = "~> 1.10"
 }

variables.tf

@@ -64,8 +64,8 @@ variable "github_repositories" {
 }
 
 variable "iam_role_name" {
-  default     = "github"
-  description = "Name of the IAM role to be created. This will be assumable by GitHub."
+  default     = "GitHubActions"
+  description = "The name of the IAM role to be created and made assumable by GitHub Actions."
   type        = string
 }