Skip to content

feat: pass tags to permission sets #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: pass tags to permission sets #51

wants to merge 1 commit into from
+8 −8

Conversation

@johncblandii
Copy link
Contributor

@johncblandii johncblandii commented Oct 28, 2025
edited by coderabbitai bot
Loading

what

  • Added module.this.tags to permission sets

why

  • We were passing in nothing so this will help provide tags in AWS based on the component, etc

references

Summary by CodeRabbit

  • Chores
    • Updated IAM permission set configurations to inherit tags from module settings, enabling consistent metadata management across AdministratorAccess, BillingAdministratorAccess, BillingReadOnlyAccess, DNSAdministratorAccess, TeamAccess, PoweruserAccess, ReadOnlyAccess, and TerraformUpdateAccess permission sets.

@coderabbitai
Copy link

coderabbitai bot commented Oct 28, 2025
edited
Loading

Walkthrough

Module-level tags from module.this.tags are now propagated to all permission set configurations across eight IAM policy files, replacing previously empty tag maps. No other policy attachments, inline policies, or session configurations are modified.

Changes

Cohort / File(s) Summary
Permission set tags configuration
src/policy-AdministratorAccess.tf, src/policy-BillingAdministratorAccess.tf, src/policy-BillingReadOnlyAccess.tf, src/policy-DNSAdministratorAccess.tf, src/policy-Identity-role-TeamAccess.tf, src/policy-PoweruserAccess.tf, src/policy-ReadOnlyAccess.tf, src/policy-TerraformUpdateAccess.tf		 Changed tags assignment in permission set locals from tags = {} to tags = module.this.tags, propagating module-level tags to all permission sets without affecting other fields or control flow.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • All eight files follow an identical pattern with no structural or logic changes; verification focuses on consistency of the tag source change across files.

Poem

🐰 Tags now flow from module on high,
Eight permission sets catch the eye,
No empty maps, just tags so true,
Metadata shared, a cohesive crew! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The pull request title "feat: pass tags to permission sets" accurately and concisely describes the primary change across all modified files. Each of the eight policy files consistently updates the tags assignment from an empty map to module.this.tags, which directly aligns with what the title conveys. The title is specific enough that a teammate reviewing the commit history would immediately understand the intent is to propagate module tags to permission set configurations, and it follows conventional commit conventions with the "feat:" prefix.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff345bc and a6ef70e.

📒 Files selected for processing (8)
  • src/policy-AdminstratorAccess.tf (1 hunks)
  • src/policy-BillingAdministratorAccess.tf (1 hunks)
  • src/policy-BillingReadOnlyAccess.tf (1 hunks)
  • src/policy-DNSAdministratorAccess.tf (1 hunks)
  • src/policy-Identity-role-TeamAccess.tf (1 hunks)
  • src/policy-PoweruserAccess.tf (1 hunks)
  • src/policy-ReadOnlyAccess.tf (1 hunks)
  • src/policy-TerraformUpdateAccess.tf (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
src/**/*.tf

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.tf: Use 2-space indentation for all Terraform code
In Terraform, prefer lower_snake_case for variables and locals; keep resource/data source names descriptive and aligned with Cloud Posse null-label patterns
Run terraform fmt and adhere to formatting (do not commit formatting violations)
Adhere to TFLint rules defined for the project (do not commit lint violations)

Files:

  • src/policy-TerraformUpdateAccess.tf
  • src/policy-AdminstratorAccess.tf
  • src/policy-PoweruserAccess.tf
  • src/policy-BillingAdministratorAccess.tf
  • src/policy-Identity-role-TeamAccess.tf
  • src/policy-ReadOnlyAccess.tf
  • src/policy-DNSAdministratorAccess.tf
  • src/policy-BillingReadOnlyAccess.tf
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Summary
🔇 Additional comments (8)
src/policy-ReadOnlyAccess.tf (1)

7-7: ✓ Clean tag propagation using standard Cloud Posse pattern.

Assigning module.this.tags enables dynamic tag management for this permission set. The change is minimal, focused, and consistent across all permission sets in this PR.

src/policy-PoweruserAccess.tf (1)

7-7: ✓ Consistent tag propagation.

Tag assignment mirrors the pattern applied across all permission sets in this PR.

src/policy-BillingReadOnlyAccess.tf (1)

7-7: ✓ Consistent tag propagation.

Tag assignment mirrors the pattern applied across all permission sets in this PR.

src/policy-AdminstratorAccess.tf (1)

7-7: ✓ Consistent tag propagation with proper field alignment.

Tag assignment maintains the field alignment style used in this file while applying the standard module.this.tags pattern.

src/policy-Identity-role-TeamAccess.tf (1)

57-57: ✓ Appropriate tag propagation for dynamically created permission sets.

Within the for-each loop, each permission set correctly receives module.this.tags, ensuring consistent metadata across all dynamically created team access permission sets.

src/policy-BillingAdministratorAccess.tf (1)

7-7: ✓ Consistent tag propagation.

Tag assignment mirrors the pattern applied across all permission sets in this PR.

src/policy-TerraformUpdateAccess.tf (1)

56-56: ✓ Tag propagation appropriately applied within conditional permission set creation.

Tags are correctly assigned only when the TerraformUpdateAccess permission set is conditionally created (line 51), ensuring consistent behavior with the permission set's lifecycle.

src/policy-DNSAdministratorAccess.tf (1)

34-34: ✓ Consistent tag propagation.

Tag assignment mirrors the pattern applied across all permission sets in this PR.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mergify mergify bot requested review from a team October 28, 2025 15:16
@mergify mergify bot added the triage Needs triage label Oct 28, 2025
@johncblandii
Copy link
Contributor Author

@coderabbitai generate docstrings

@coderabbitai
Copy link

coderabbitai bot commented Oct 28, 2025

✅ Actions performed

Initiated docstring generation; will generate only if new commits exist.

@coderabbitai
Copy link

coderabbitai bot commented Oct 28, 2025
edited
Loading

Caution

Docstrings generation - FAILED

No docstrings were generated.

@mergify mergify bot requested a review from a team October 29, 2025 15:31
@mergify mergify bot removed the triage Needs triage label Oct 29, 2025
@mergify
Copy link

mergify bot commented Oct 29, 2025

Thanks @johncblandii for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osterman osterman osterman approved these changes

@milldr milldr milldr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@johncblandii @osterman @milldr