Terraform Provider v5 Support (#48)

* tf provider v5 changes, make readme, updated example

* make commands

* tflint brackets for lists

* reset .github dir

* reset lambda and codeowner workflows

* added versions.tf to example

* updated versions

* corrected inputs for tests

* handle external git

* extend terratest

* make readme

* update correct Makefile

* remove duplicated strings for test assertions

* remove duplicated strings for test assertions

README.md

@@ -94,10 +94,6 @@ We highly recommend that in your code you pin the version to the exact version y
 using so that your infrastructure remains stable, and update versions in a
 systematic way so that they do not catch you by surprise.
 
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
 
 
 For a complete example, see [examples/complete](examples/complete).
@@ -179,21 +175,21 @@ is given
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_artifact"></a> [artifact](#module\_artifact) | cloudposse/module-artifact/external | 0.7.1 |
+| <a name="module_artifact"></a> [artifact](#module\_artifact) | cloudposse/module-artifact/external | 0.8.0 |
 | <a name="module_label"></a> [label](#module\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -354,7 +350,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
@@ -429,7 +425,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
-
+<!-- markdownlint-disable -->
   [logo]: https://cloudposse.com/logo-300x69.svg
   [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-lambda-elasticsearch-cleanup&utm_content=docs
   [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-lambda-elasticsearch-cleanup&utm_content=website
@@ -460,3 +456,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-lambda-elasticsearch-cleanup
   [share_email]: mailto:?subject=terraform-aws-lambda-elasticsearch-cleanup&body=https://github.com/cloudposse/terraform-aws-lambda-elasticsearch-cleanup
   [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-lambda-elasticsearch-cleanup?pixel&cs=github&cm=readme&an=terraform-aws-lambda-elasticsearch-cleanup
+<!-- markdownlint-restore -->

docs/terraform.md

@@ -10,21 +10,21 @@ is given
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_artifact"></a> [artifact](#module\_artifact) | cloudposse/module-artifact/external | 0.7.1 |
+| <a name="module_artifact"></a> [artifact](#module\_artifact) | cloudposse/module-artifact/external | 0.8.0 |
 | <a name="module_label"></a> [label](#module\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 

examples/complete/main.tf

@@ -4,21 +4,21 @@ provider "aws" {
 
 module "vpc" {
   source  = "cloudposse/vpc/aws"
-  version = "0.17.0"
+  version = "2.1.0"
 
-  cidr_block = "172.16.0.0/16"
+  ipv4_primary_cidr_block = "172.16.0.0/16"
 
   context = module.this.context
 }
 
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "0.30.0"
+  version = "2.4.1"
 
   availability_zones   = var.availability_zones
   vpc_id               = module.vpc.vpc_id
-  igw_id               = module.vpc.igw_id
-  cidr_block           = module.vpc.vpc_cidr_block
+  igw_id               = [module.vpc.igw_id]
+  ipv4_cidr_block      = [module.vpc.vpc_cidr_block]
   nat_gateway_enabled  = true
   nat_instance_enabled = false
 
@@ -27,7 +27,7 @@ module "subnets" {
 
 module "elasticsearch" {
   source  = "cloudposse/elasticsearch/aws"
-  version = "0.24.0"
+  version = "0.44.0"
 
   security_groups                = [module.vpc.vpc_default_security_group_id]
   vpc_id                         = module.vpc.vpc_id

examples/complete/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
+  }
+}

main.tf

@@ -76,8 +76,8 @@ data "aws_iam_policy_document" "sns" {
 data "aws_iam_policy_document" "default" {
   count = local.enabled ? 1 : 0
 
-  source_json   = join("", data.aws_iam_policy_document.es_logs.*.json)
-  override_json = length(var.sns_arn) > 0 ? join("", data.aws_iam_policy_document.sns.*.json) : "{}"
+  source_policy_documents   = [join("", data.aws_iam_policy_document.es_logs[*].json)]
+  override_policy_documents = length(var.sns_arn) > 0 ? [join("", data.aws_iam_policy_document.sns[*].json)] : ["{}"]
 }
 
 locals {
@@ -98,7 +98,7 @@ module "label" {
 
 module "artifact" {
   source      = "cloudposse/module-artifact/external"
-  version     = "0.7.1"
+  version     = "0.8.0"
   enabled     = module.this.enabled
   filename    = "lambda.zip"
   module_name = "terraform-aws-lambda-elasticsearch-cleanup"
@@ -122,7 +122,7 @@ resource "aws_lambda_function" "default" {
   description      = local.function_name
   timeout          = var.timeout
   runtime          = "python${var.python_version}"
-  role             = join("", aws_iam_role.default.*.arn)
+  role             = join("", aws_iam_role.default[*].arn)
   handler          = "es-cleanup.lambda_handler"
   source_code_hash = module.artifact.base64sha256
   tags             = module.label.tags
@@ -140,7 +140,7 @@ resource "aws_lambda_function" "default" {
 
   vpc_config {
     subnet_ids         = var.subnet_ids
-    security_group_ids = [join("", aws_security_group.default.*.id)]
+    security_group_ids = [join("", aws_security_group.default[*].id)]
   }
 }
 
@@ -160,7 +160,7 @@ resource "aws_security_group_rule" "udp_dns_egress_from_lambda" {
   to_port           = 53
   protocol          = "udp"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "tcp_dns_egress_from_lambda" {
@@ -171,7 +171,7 @@ resource "aws_security_group_rule" "tcp_dns_egress_from_lambda" {
   to_port           = 53
   protocol          = "tcp"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "egress_from_lambda_to_es_cluster" {
@@ -182,7 +182,7 @@ resource "aws_security_group_rule" "egress_from_lambda_to_es_cluster" {
   to_port                  = 443
   protocol                 = "tcp"
   source_security_group_id = var.es_security_group_id
-  security_group_id        = join("", aws_security_group.default.*.id)
+  security_group_id        = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "ingress_to_es_cluster_from_lambda" {
@@ -192,27 +192,27 @@ resource "aws_security_group_rule" "ingress_to_es_cluster_from_lambda" {
   from_port                = 443
   to_port                  = 443
   protocol                 = "tcp"
-  source_security_group_id = join("", aws_security_group.default.*.id)
+  source_security_group_id = join("", aws_security_group.default[*].id)
   security_group_id        = var.es_security_group_id
 }
 
 resource "aws_iam_role" "default" {
   count              = local.enabled ? 1 : 0
   name               = local.function_name
-  assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
+  assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json)
   tags               = module.label.tags
 }
 
 resource "aws_iam_role_policy" "default" {
   count  = local.enabled ? 1 : 0
   name   = local.function_name
-  role   = join("", aws_iam_role.default.*.name)
-  policy = join("", data.aws_iam_policy_document.default.*.json)
+  role   = join("", aws_iam_role.default[*].name)
+  policy = join("", data.aws_iam_policy_document.default[*].json)
 }
 
 resource "aws_iam_role_policy_attachment" "default" {
   count      = local.enabled ? 1 : 0
-  role       = join("", aws_iam_role.default.*.name)
+  role       = join("", aws_iam_role.default[*].name)
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
 }
 
@@ -227,14 +227,14 @@ resource "aws_lambda_permission" "default" {
   count         = local.enabled ? 1 : 0
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"
-  function_name = join("", aws_lambda_function.default.*.arn)
+  function_name = join("", aws_lambda_function.default[*].arn)
   principal     = "events.amazonaws.com"
-  source_arn    = join("", aws_cloudwatch_event_rule.default.*.arn)
+  source_arn    = join("", aws_cloudwatch_event_rule.default[*].arn)
 }
 
 resource "aws_cloudwatch_event_target" "default" {
   count     = local.enabled ? 1 : 0
   target_id = local.function_name
-  rule      = join("", aws_cloudwatch_event_rule.default.*.name)
-  arn       = join("", aws_lambda_function.default.*.arn)
+  rule      = join("", aws_cloudwatch_event_rule.default[*].name)
+  arn       = join("", aws_lambda_function.default[*].arn)
 }

outputs.tf

@@ -1,14 +1,14 @@
 output "security_group_id" {
-  value       = join("", aws_security_group.default.*.id)
+  value       = join("", aws_security_group.default[*].id)
   description = "Security Group ID of the Lambda Function"
 }
 
 output "lambda_function_arn" {
-  value       = join("", aws_lambda_function.default.*.arn)
+  value       = join("", aws_lambda_function.default[*].arn)
   description = "ARN of the Lambda Function"
 }
 
 output "lambda_function_source_code_size" {
-  value       = join("", aws_lambda_function.default.*.source_code_size)
+  value       = join("", aws_lambda_function.default[*].source_code_size)
   description = "The size in bytes of the function .zip file"
 }

test/src/Makefile

@@ -15,6 +15,8 @@ init:
 .PHONY : test
 ## Run tests
 test: init
+	# This project runs `git` externally, so it needs extra permissions when run by a GitHub Action
+	[[ -n "$$GITHUB_WORKSPACE" ]] && git config --global --add safe.directory "$$GITHUB_WORKSPACE" || true
 	go mod download
 	go test -v -timeout 60m -run TestExamplesComplete
 

test/src/go.mod

@@ -1,14 +1,59 @@
 module github.com/cloudposse/terraform-aws-lambda-elasticsearch-cleanup
 
-go 1.14
+go 1.20
 
 require (
-	github.com/aws/aws-sdk-go v1.35.4 // indirect
+	github.com/gruntwork-io/terratest v0.43.8
+	github.com/stretchr/testify v1.8.4
+)
+
+require (
+	cloud.google.com/go v0.105.0 // indirect
+	cloud.google.com/go/compute v1.12.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.1 // indirect
+	cloud.google.com/go/iam v0.7.0 // indirect
+	cloud.google.com/go/storage v1.27.0 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/aws/aws-sdk-go v1.44.122 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/uuid v1.1.2 // indirect
-	github.com/gruntwork-io/terratest v0.16.0
-	github.com/pquerna/otp v1.2.0 // indirect
-	github.com/stretchr/testify v1.3.0
-	golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f // indirect
-	golang.org/x/sys v0.0.0-20190527104216-9cd6430ef91e // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-getter v1.7.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.9.1 // indirect
+	github.com/hashicorp/terraform-json v0.13.0 // indirect
+	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/klauspost/compress v1.15.11 // indirect
+	github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/tmccombs/hcl2json v0.3.3 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/zclconf/go-cty v1.9.1 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/oauth2 v0.1.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/api v0.103.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c // indirect
+	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )