From 74b6c04071960becede7b374e8c64b80dffd8ed2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:27:23 +0000 Subject: [PATCH 1/2] Bump terraform-docs/gh-actions from 1.2.2 to 1.3.0 Bumps [terraform-docs/gh-actions](https://github.com/terraform-docs/gh-actions) from 1.2.2 to 1.3.0. - [Release notes](https://github.com/terraform-docs/gh-actions/releases) - [Commits](https://github.com/terraform-docs/gh-actions/compare/v1.2.2...v1.3.0) --- updated-dependencies: - dependency-name: terraform-docs/gh-actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-tests.yml | 2 +- .github/workflows/manual-test-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-tests.yml b/.github/workflows/dependency-tests.yml index 561da7c..192e47d 100644 --- a/.github/workflows/dependency-tests.yml +++ b/.github/workflows/dependency-tests.yml @@ -56,7 +56,7 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} - name: Render terraform docs inside the README.md and push changes back to PR branch - uses: terraform-docs/gh-actions@v1.2.2 + uses: terraform-docs/gh-actions@v1.3.0 with: find-dir: . output-file: README.md diff --git a/.github/workflows/manual-test-release.yml b/.github/workflows/manual-test-release.yml index 4cc52d8..e078105 100644 --- a/.github/workflows/manual-test-release.yml +++ b/.github/workflows/manual-test-release.yml @@ -52,7 +52,7 @@ jobs: run: git pull origin master - name: Render terraform docs inside the README.md and push changes back to PR branch - uses: terraform-docs/gh-actions@v1.2.2 + uses: terraform-docs/gh-actions@v1.3.0 with: find-dir: . output-file: README.md From 1b1a0c31c23b3b579b36308c7aa942ea320b3471 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 23 Sep 2024 21:42:50 +0000 Subject: [PATCH 2/2] terraform-docs: automated action --- README.md | 2 +- examples/azure_rbac_exising_resources/README.md | 4 ++-- examples/azure_rbac_new_resources/README.md | 8 ++++---- tests/auto_test1/README.md | 8 ++++---- tests/auto_test2/README.md | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5dea334..e903038 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC role assignment (permissions) configuration. | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | +| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC role assignment (permissions) configuration. | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | ## Outputs diff --git a/examples/azure_rbac_exising_resources/README.md b/examples/azure_rbac_exising_resources/README.md index 374aa75..273e687 100644 --- a/examples/azure_rbac_exising_resources/README.md +++ b/examples/azure_rbac_exising_resources/README.md @@ -57,8 +57,8 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [aadGroup](#input\_aadGroup) | The name of the AAD group that will be created. | `string` | `"AAD-group-to-create"` | no | -| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | -| [groupOwners](#input\_groupOwners) | The names of the of the users that will be added as owners to the AD groups. | `list(string)` | 
[
  "aadGroupOwner@company.com"
]
| no | +| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | +| [groupOwners](#input\_groupOwners) | The names of the of the users that will be added as owners to the AD groups. | `list(string)` | 
[
  "aadGroupOwner@company.com"
]
| no | | [keyVaultName](#input\_keyVaultName) | Name of the key vault. | `string` | `"existing-kv-name"` | no | | [resourceGroupName](#input\_resourceGroupName) | Name of the resource group where resources are hosted. | `string` | `"existing-rg-name"` | no | diff --git a/examples/azure_rbac_new_resources/README.md b/examples/azure_rbac_new_resources/README.md index 7ab6eea..4f6bb2e 100644 --- a/examples/azure_rbac_new_resources/README.md +++ b/examples/azure_rbac_new_resources/README.md @@ -55,12 +55,12 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | -| [kv\_config](#input\_kv\_config) | Key Vault configuration object to create azure key vault. | 
object({
    name = string
    sku  = string
  })
| 
{
  "name": "rbactestkv",
  "sku": "standard"
}
| no | -| [kv\_net\_rules](#input\_kv\_net\_rules) | n/a | 
list(object({
    default_action             = string
    bypass                     = string
    ip_rules                   = list(string)
    virtual_network_subnet_ids = list(string)
  }))
| 
[
  {
    "bypass": "AzureServices",
    "default_action": "Deny",
    "ip_rules": [
      "0.0.0.0/0"
    ],
    "virtual_network_subnet_ids": []
  }
]
| no | +| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | +| [kv\_config](#input\_kv\_config) | Key Vault configuration object to create azure key vault. | 
object({
    name = string
    sku  = string
  })
| 
{
  "name": "rbactestkv",
  "sku": "standard"
}
| no | +| [kv\_net\_rules](#input\_kv\_net\_rules) | n/a | 
list(object({
    default_action             = string
    bypass                     = string
    ip_rules                   = list(string)
    virtual_network_subnet_ids = list(string)
  }))
| 
[
  {
    "bypass": "AzureServices",
    "default_action": "Deny",
    "ip_rules": [
      "0.0.0.0/0"
    ],
    "virtual_network_subnet_ids": []
  }
]
| no | | [location](#input\_location) | Azure region to deploy resources to. | `string` | `"uksouth"` | no | | [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group where resources will be hosted. | `string` | `"resource-group-name-to-create"` | no | -| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | 
{
  "Author": "Marcel Lupo",
  "Description": "Automated test for RBAC administration module.",
  "GitHub": "https://registry.terraform.io/modules/Pwd9000-ML/rbac-administration/azurerm/latest",
  "Terraform": "True"
}
| no | +| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | 
{
  "Author": "Marcel Lupo",
  "Description": "Automated test for RBAC administration module.",
  "GitHub": "https://registry.terraform.io/modules/Pwd9000-ML/rbac-administration/azurerm/latest",
  "Terraform": "True"
}
| no | ## Outputs diff --git a/tests/auto_test1/README.md b/tests/auto_test1/README.md index 497deba..de8a4db 100644 --- a/tests/auto_test1/README.md +++ b/tests/auto_test1/README.md @@ -33,12 +33,12 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | -| [kv\_config](#input\_kv\_config) | Key Vault configuration object to create azure key vault. | 
object({
    name = string
    sku  = string
  })
| 
{
  "name": "rbactestkv",
  "sku": "standard"
}
| no | -| [kv\_net\_rules](#input\_kv\_net\_rules) | n/a | 
list(object({
    default_action             = string
    bypass                     = string
    ip_rules                   = list(string)
    virtual_network_subnet_ids = list(string)
  }))
| 
[
  {
    "bypass": "AzureServices",
    "default_action": "Deny",
    "ip_rules": [
      "0.0.0.0/0"
    ],
    "virtual_network_subnet_ids": []
  }
]
| no | +| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | +| [kv\_config](#input\_kv\_config) | Key Vault configuration object to create azure key vault. | 
object({
    name = string
    sku  = string
  })
| 
{
  "name": "rbactestkv",
  "sku": "standard"
}
| no | +| [kv\_net\_rules](#input\_kv\_net\_rules) | n/a | 
list(object({
    default_action             = string
    bypass                     = string
    ip_rules                   = list(string)
    virtual_network_subnet_ids = list(string)
  }))
| 
[
  {
    "bypass": "AzureServices",
    "default_action": "Deny",
    "ip_rules": [
      "0.0.0.0/0"
    ],
    "virtual_network_subnet_ids": []
  }
]
| no | | [location](#input\_location) | Azure region to deploy resources to. | `string` | `"uksouth"` | no | | [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group where resources will be hosted. | `string` | n/a | yes | -| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | 
{
  "Author": "Marcel Lupo",
  "Description": "Automated test for RBAC administration module.",
  "GitHub": "https://registry.terraform.io/modules/Pwd9000-ML/rbac-administration/azurerm/latest",
  "Terraform": "True"
}
| no | +| [tags](#input\_tags) | A map of key value pairs that is used to tag resources created. | `map(string)` | 
{
  "Author": "Marcel Lupo",
  "Description": "Automated test for RBAC administration module.",
  "GitHub": "https://registry.terraform.io/modules/Pwd9000-ML/rbac-administration/azurerm/latest",
  "Terraform": "True"
}
| no | ## Outputs diff --git a/tests/auto_test2/README.md b/tests/auto_test2/README.md index 186f708..58f1b1d 100644 --- a/tests/auto_test2/README.md +++ b/tests/auto_test2/README.md @@ -35,7 +35,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [aadGroup](#input\_aadGroup) | The name of the AAD group that will be created. | `string` | `"Azure-RBAC-Test-Group"` | no | -| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | +| [azure\_rbac\_config](#input\_azure\_rbac\_config) | Azure RBAC permision configuration | 
list(object({
    description          = string
    scope                = string
    role_definition_name = string
    principal_id         = string
  }))
| 
[
  {
    "description": "Example - Azure RBAC permision on Subscription",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000"
  },
  {
    "description": "Example - Azure RBAC permision on Resource Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup"
  },
  {
    "description": "Example - Azure RBAC permision on Resource",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM"
  },
  {
    "description": "Example - Azure RBAC permision on Management Group",
    "principal_id": "00000000-0000-0000-0000-000000000000",
    "role_definition_name": "Contributor",
    "scope": "/providers/Microsoft.Management/managementGroups/myMG"
  }
]
| no | | [groupOwners](#input\_groupOwners) | The names of the of the users that will be added as owners to the AD groups. | `list(string)` | `[]` | no | | [keyVaultName](#input\_keyVaultName) | Name of the key vault. | `string` | n/a | yes | | [resourceGroupName](#input\_resourceGroupName) | Name of the resource group where resources are hosted. | `string` | n/a | yes |