Merge branch 'main' into mvenkatakrishnan/cloudfront_logs_kms

chanzuckerberg · Jun 12, 2024 · fab9a8b · fab9a8b
2 parents cdae88a + c540f4e
commit fab9a8b
Show file tree

Hide file tree

Showing 13 changed files with 59 additions and 24 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,8 +22,9 @@ jobs:
         run: make setup
       - uses: golangci/golangci-lint-action@v3
         with:
-          version: latest
+          version: v1.56.2
           args: --timeout=5m
+          github-token: ${{ secrets.GITHUB_TOKEN }}
   test:
     name: test ${{ matrix.module }}
     needs: get-modules

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,40 @@
 # Changelog
 
+## [0.71.0](https://github.com/chanzuckerberg/cztack/compare/v0.70.0...v0.71.0) (2024-06-03)
+
+
+### Features
+
+* Update default CA identifier for aws-aurora modules to rds-ca-rsa2048-g1 ([#591](https://github.com/chanzuckerberg/cztack/issues/591)) ([61cf124](https://github.com/chanzuckerberg/cztack/commit/61cf124e8721bf43a6c78f181c1f05d1da8a57a0))
+
+## [0.70.0](https://github.com/chanzuckerberg/cztack/compare/v0.69.4...v0.70.0) (2024-05-31)
+
+
+### Features
+
+* Upgrade RDS CAs to rds-ca-ecc384-g1 ([#589](https://github.com/chanzuckerberg/cztack/issues/589)) ([5f5e7b4](https://github.com/chanzuckerberg/cztack/commit/5f5e7b48176332f5855dae2cc81afa7983d00b23))
+
+## [0.69.4](https://github.com/chanzuckerberg/cztack/compare/v0.69.3...v0.69.4) (2024-05-02)
+
+
+### Bug Fixes
+
+* Add more tags for single node ([#587](https://github.com/chanzuckerberg/cztack/issues/587)) ([a71d74c](https://github.com/chanzuckerberg/cztack/commit/a71d74c0d72a3631696e47207b50ba54e6ef5e77))
+
+## [0.69.3](https://github.com/chanzuckerberg/cztack/compare/v0.69.2...v0.69.3) (2024-05-01)
+
+
+### Bug Fixes
+
+* don't allow dashes in sids ([7959ea0](https://github.com/chanzuckerberg/cztack/commit/7959ea0c3e716be46f6e10ec3ec02ba7cd5bdfa4))
+
+## [0.69.2](https://github.com/chanzuckerberg/cztack/compare/v0.69.1...v0.69.2) (2024-04-30)
+
+
+### Bug Fixes
+
+* key the sid so they are unique ([219cc4c](https://github.com/chanzuckerberg/cztack/commit/219cc4c55e6cf4af2e9a6d03091422c8564a20c2))
+
 ## [0.69.1](https://github.com/chanzuckerberg/cztack/compare/v0.69.0...v0.69.1) (2024-04-24)
 
 

diff --git a/aws-aurora-mysql/README.md b/aws-aurora-mysql/README.md
@@ -58,7 +58,7 @@ No resources.
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | If false changes will not be applied until next maintenance window. | `string` | `false` | no |
 | <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no |
 | <a name="input_backtrack_window"></a> [backtrack\_window](#input\_backtrack\_window) | Turns on Backgrack for this many seconds. [Doc](https://aws.amazon.com/blogs/aws/amazon-aurora-backtrack-turn-back-time/) | `string` | `0` | no |
-| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. rds-ca-2019 is the latest available version. | `string` | `"rds-ca-2019"` | no |
+| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. rds-ca-rsa2048-g1 is the latest available version. | `string` | `"rds-ca-rsa2048-g1"` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | The name of the database to be created in the cluster. | `string` | n/a | yes |
 | <a name="input_database_password"></a> [database\_password](#input\_database\_password) | Password for user that will be created. | `string` | n/a | yes |
 | <a name="input_database_subnet_group"></a> [database\_subnet\_group](#input\_database\_subnet\_group) | The name of an existing database subnet group to use. | `string` | n/a | yes |

diff --git a/aws-aurora-mysql/variables.tf b/aws-aurora-mysql/variables.tf
@@ -177,8 +177,8 @@ variable "engine_version" {
 
 variable "ca_cert_identifier" {
   type        = string
-  description = "Identifier for the certificate authority. rds-ca-2019 is the latest available version."
-  default     = "rds-ca-2019"
+  description = "Identifier for the certificate authority. rds-ca-rsa2048-g1 is the latest available version."
+  default     = "rds-ca-rsa2048-g1"
 }
 
 variable "auto_minor_version_upgrade" {

diff --git a/aws-aurora-postgres/README.md b/aws-aurora-postgres/README.md
@@ -56,7 +56,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | If false changes will not be applied until next maintenance window. | `string` | `false` | no |
 | <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. WARNING - if this is enabled, make sure engine\_version is set to a *prefix* rather that a specific version so that TF won't try to downgrade DB's that have been auto-upgraded. Docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#engine_version | `bool` | `false` | no |
-| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. | `string` | `"rds-ca-2019"` | no |
+| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. | `string` | `"rds-ca-rsa2048-g1"` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | The name of the database to be created in the cluster. | `string` | n/a | yes |
 | <a name="input_database_password"></a> [database\_password](#input\_database\_password) | Password for user that will be created. | `string` | n/a | yes |
 | <a name="input_database_subnet_group"></a> [database\_subnet\_group](#input\_database\_subnet\_group) | The name of an existing database subnet group to use. | `string` | n/a | yes |

diff --git a/aws-aurora-postgres/variables.tf b/aws-aurora-postgres/variables.tf
@@ -128,7 +128,7 @@ variable "iam_database_authentication_enabled" {
 variable "ca_cert_identifier" {
   type        = string
   description = "Identifier for the certificate authority."
-  default     = "rds-ca-2019"
+  default     = "rds-ca-rsa2048-g1"
 }
 
 variable "auto_minor_version_upgrade" {

diff --git a/aws-aurora/README.md b/aws-aurora/README.md
@@ -36,7 +36,7 @@ No modules.
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | n/a | `bool` | `false` | no |
 | <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no |
 | <a name="input_backtrack_window"></a> [backtrack\_window](#input\_backtrack\_window) | n/a | `number` | `0` | no |
-| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. Use rds-ca-2019 for anything new. | `string` | `"rds-ca-2019"` | no |
+| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. Use rds-ca-rsa2048-g1 for anything new. | `string` | `"rds-ca-rsa2048-g1"` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | n/a | `string` | n/a | yes |
 | <a name="input_database_password"></a> [database\_password](#input\_database\_password) | n/a | `string` | n/a | yes |
 | <a name="input_database_subnet_group"></a> [database\_subnet\_group](#input\_database\_subnet\_group) | n/a | `string` | n/a | yes |

diff --git a/aws-aurora/variables.tf b/aws-aurora/variables.tf
@@ -135,8 +135,8 @@ variable "db_deletion_protection" {
 
 variable "ca_cert_identifier" {
   type        = string
-  description = "Identifier for the certificate authority. Use rds-ca-2019 for anything new."
-  default     = "rds-ca-2019"
+  description = "Identifier for the certificate authority. Use rds-ca-rsa2048-g1 for anything new."
+  default     = "rds-ca-rsa2048-g1"
 }
 
 variable "auto_minor_version_upgrade" {

diff --git a/aws-iam-role-github-action/main.tf b/aws-iam-role-github-action/main.tf
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "assume_role" {
     for_each = var.authorized_github_repos
 
     content {
-      sid = "AllowGithubActionsToAssumeRole"
+      sid = replace("Allow${statement.key}ToAssumeRole", "-", "")
       principals {
         type        = "Federated"
         identifiers = [local.idp_arn]

diff --git a/databricks-default-cluster-policies/main.tf b/databricks-default-cluster-policies/main.tf
@@ -462,16 +462,15 @@ module "single_node_cluster_policy" {
       "defaultValue": "STANDARD",
       "hidden": false
     },
-    "autoscale.max_workers" : {
-      "type" : "fixed",
-      "value" : 0,
-      "hidden" : true
-    },
-    "autoscale.min_workers" : {
-      "type" : "fixed",
-      "value" : 0,
-      "hidden" : true
-    },
+    "spark_conf.spark.databricks.cluster.profile":{
+      "type":"fixed",
+      "value":"singleNode",
+      "hidden":true
+    },
+    "num_workers":{
+      "type":"range",
+      "maxValue":0
+    }
     "data_security_mode" : {
       "type" : "whitelist",
       "values" : [

diff --git a/go.mod b/go.mod
@@ -78,7 +78,7 @@ require (
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 // indirect
-	github.com/hashicorp/go-getter v1.7.0 // indirect
+	github.com/hashicorp/go-getter v1.7.4 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.8 // indirect

diff --git a/go.sum b/go.sum
@@ -496,8 +496,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 h1:Ud/6/AdmJ1R7ibdS0Wo5MWPj0T1R0fkpaD087bBaW8I=
 github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
-github.com/hashicorp/go-getter v1.7.0 h1:bzrYP+qu/gMrL1au7/aDvkoOVGUJpeKBgbqRHACAFDY=
-github.com/hashicorp/go-getter v1.7.0/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0=
+github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
 github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I=
 github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.69.1
+0.71.0