Skip to content

Chore/partitions and condition overrides #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 7, 2024
Merged

Chore/partitions and condition overrides #44

merged 4 commits into from
Mar 7, 2024

Conversation

tsaucier-sf
Copy link
Contributor

@tsaucier-sf tsaucier-sf commented Jan 23, 2024
edited
Loading

what

  • Add partition support for sns_kms_key_policy IAM policy.
  • Add additional condition for local.enabled_standards_arns securityhub arn.

why

  • Needs to support multiple available partitions
  • format function fails when local.enabled is false due to data lookups not existing.

references

  • Add dynamic partition to IAM ARN in KMS Key Policy #33
  • Discovered when module is disabled 
    Error: Error in function call │  │   on .terraform/modules/cloud_security.security_hub/main.tf line 43, in locals: │   43:     
format("arn:%s:securityhub:%s::%s", one(data.aws_partition.this[*].partition), length(regexall("ruleset", standard)) == 0 
? one(data.aws_region.this[*].name) : "", standard) │     ├──────────────── │     │ data.aws_partition.this 
is empty tuple │     │ data.aws_region.this is empty tuple │  │ Call to function "format" failed: unsupported value for "%s" at 
4: null value cannot be formatted. ╵ ╷ │ Error: Error in function call │  │   on 
.terraform/modules/cloud_security.security_hub/main.tf line 43, in locals: │   43:     format("arn:%s:securityhub:%s::%s", 
one(data.aws_partition.this[*].partition), length(regexall("ruleset", standard)) == 0 ? one(data.aws_region.this[*].name) : 
"", standard) │     ├──────────────── │     │ data.aws_partition.this is empty tuple │     │ 
data.aws_region.this is empty tuple │  │ Call to function "format" failed: unsupported value for "%s" at 4: null value 
cannot be formatted.

@tsaucier-sf tsaucier-sf requested review from a team as code owners January 23, 2024 17:43
@hans-d
Copy link

hans-d commented Mar 2, 2024

/terratest

@hans-d hans-d added terratest-failing stale This PR has gone stale labels Mar 2, 2024
@hans-d hans-d removed the stale This PR has gone stale label Mar 5, 2024
@hans-d
Copy link

hans-d commented Mar 5, 2024

/terratest

@hans-d hans-d merged commit 02d0954 into cloudposse:main Mar 7, 2024
@hans-d
Copy link

hans-d commented Mar 7, 2024

@tsaucier-sf https://github.com/cloudposse/terraform-aws-security-hub/releases/tag/0.12.0 Thanks !

@tsaucier-sf tsaucier-sf deleted the chore/partitions-and-condition-overrides branch March 7, 2024 14:24
@tsaucier-sf tsaucier-sf restored the chore/partitions-and-condition-overrides branch March 7, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hans-d hans-d hans-d approved these changes

@jamengual jamengual Awaiting requested review from jamengual jamengual is a code owner automatically assigned from cloudposse/contributors

@woz5999 woz5999 Awaiting requested review from woz5999 woz5999 is a code owner automatically assigned from cloudposse/contributors

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tsaucier-sf @hans-d