From 991cf59e80c312c09627403cc3de53deb99fe161 Mon Sep 17 00:00:00 2001
From: Leonardo Zavala <dlz2157@gmail.com>
Date: Sat, 28 Sep 2019 22:02:12 -0700
Subject: [PATCH] T12 update (#1)

* Fixes pipeline s3 reference.
* Additonal index fixes.
* Updates label module.
* Default to *
---
 bg.tf   | 30 ++++++++++++++----------------
 main.tf | 42 +++++++++++++++++++++---------------------
 2 files changed, 35 insertions(+), 37 deletions(-)

diff --git a/bg.tf b/bg.tf
index acacba1..36daff5 100644
--- a/bg.tf
+++ b/bg.tf
@@ -1,11 +1,11 @@
 resource "aws_iam_role_policy_attachment" "ecs_limited" {
-  role       = "${aws_iam_role.default.id}"
+  role       = "${element(concat(aws_iam_role.default.*.id, list("")), 0)}"
   policy_arn = "${aws_iam_policy.ecs_limited.arn}"
 }
 
 module "codepipeline_ecs_limited_policy_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codepipeline", "ecs", "limited")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codepipeline", "ecs", "limited")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -36,7 +36,7 @@ data "aws_iam_policy_document" "ecs_limited" {
 
   statement {
     actions   = ["sns:publish"]
-    resources = ["${var.code_deploy_sns_topic_arn == "" ? "" : var.code_deploy_sns_topic_arn}", "arn:aws:sns:*:*:CodeDeployTopic_*"]
+    resources = ["${var.code_deploy_sns_topic_arn == "" ? "*" : var.code_deploy_sns_topic_arn}", "arn:aws:sns:*:*:CodeDeployTopic_*"]
     effect    = "Allow"
   }
 
@@ -58,7 +58,7 @@ data "aws_iam_policy_document" "ecs_limited" {
       "lambda:InvokeFunction"
     ]
 
-    resources = ["${var.code_deploy_lambda_hook_arns == "" ? "" : var.code_deploy_lambda_hook_arns}"]
+    resources = ["${var.code_deploy_lambda_hook_arns == "" ? "*" : var.code_deploy_lambda_hook_arns}"]
     effect    = "Allow"
   }
 
@@ -83,15 +83,13 @@ data "aws_iam_policy_document" "ecs_limited" {
   statement {
     actions = ["iam:PassRole"]
 
-    resources = [
-      "*"
-    ]
+    resources = ["*"]
   }
 }
 
 module "codepipeline_codedeploy_policy_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codepipeline", "codedeploy")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codepipeline", "codedeploy")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -100,7 +98,7 @@ module "codepipeline_codedeploy_policy_label" {
 }
 
 resource "aws_iam_role_policy_attachment" "deploy" {
-  role       = "${aws_iam_role.default.id}"
+  role       = "${element(concat(aws_iam_role.default.*.id, list("")), 0)}"
   policy_arn = "${aws_iam_policy.deploy.arn}"
 }
 
@@ -133,10 +131,10 @@ data "aws_iam_policy_document" "deploy" {
 resource "aws_codepipeline" "source_build_deploy_bg" {
   count    = "${local.enabled ? 1 : 0}"
   name     = "${module.codepipeline_label.id}"
-  role_arn = "${aws_iam_role.default.arn}"
+  role_arn = "${element(concat(aws_iam_role.default.*.arn, list("")), 0)}"
 
   artifact_store {
-    location = "${aws_s3_bucket.default.bucket}"
+    location = "${element(concat(aws_s3_bucket.default.*.bucket, list("")), 0)}"
     type     = "S3"
   }
 
@@ -160,7 +158,7 @@ resource "aws_codepipeline" "source_build_deploy_bg" {
       version          = "1"
       output_artifacts = ["code"]
 
-      configuration {
+      configuration = {
         OAuthToken           = "${var.github_oauth_token}"
         Owner                = "${var.repo_owner}"
         Repo                 = "${var.repo_name}"
@@ -183,7 +181,7 @@ resource "aws_codepipeline" "source_build_deploy_bg" {
       input_artifacts  = ["code"]
       output_artifacts = ["task"]
 
-      configuration {
+      configuration = {
         ProjectName = "${module.build.project_name}"
       }
     }
@@ -200,7 +198,7 @@ resource "aws_codepipeline" "source_build_deploy_bg" {
       input_artifacts = ["task"]
       version         = "1"
 
-      configuration {
+      configuration = {
         ApplicationName                = "${var.code_deploy_application_name}"
         DeploymentGroupName            = "${var.code_deploy_deployment_group_name}"
         TaskDefinitionTemplateArtifact = "task"
diff --git a/main.tf b/main.tf
index 9e8c8a6..7837072 100644
--- a/main.tf
+++ b/main.tf
@@ -3,8 +3,8 @@ locals {
 }
 
 module "codepipeline_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codepipeline")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codepipeline")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -51,8 +51,8 @@ resource "aws_s3_bucket" "default" {
 }
 
 module "codepipeline_assume_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codepipeline", "assume")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codepipeline", "assume")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -85,8 +85,8 @@ data "aws_iam_policy_document" "assume" {
 
 resource "aws_iam_role_policy_attachment" "default" {
   count      = "${local.enabled ? 1 : 0}"
-  role       = "${aws_iam_role.default.id}"
-  policy_arn = "${aws_iam_policy.default.arn}"
+  role       = "${element(concat(aws_iam_role.default.*.id, list("")), 0)}"
+  policy_arn = "${element(concat(aws_iam_policy.default.*.arn, list("")), 0)}"
 }
 
 resource "aws_iam_policy" "default" {
@@ -120,13 +120,13 @@ data "aws_iam_policy_document" "default" {
 
 resource "aws_iam_role_policy_attachment" "s3" {
   count      = "${local.enabled ? 1 : 0}"
-  role       = "${aws_iam_role.default.id}"
-  policy_arn = "${aws_iam_policy.s3.arn}"
+  role       = "${element(concat(aws_iam_role.default.*.id, list("")), 0)}"
+  policy_arn = "${element(concat(aws_iam_policy.s3.*.arn, list("")), 0)}"
 }
 
 module "codepipeline_s3_policy_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codepipeline", "s3")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codepipeline", "s3")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -137,7 +137,7 @@ module "codepipeline_s3_policy_label" {
 resource "aws_iam_policy" "s3" {
   count  = "${local.enabled ? 1 : 0}"
   name   = "${module.codepipeline_s3_policy_label.id}"
-  policy = "${data.aws_iam_policy_document.s3.json}"
+  policy = "${element(concat(data.aws_iam_policy_document.s3.*.json, list("")), 0)}"
 }
 
 data "aws_iam_policy_document" "s3" {
@@ -154,8 +154,8 @@ data "aws_iam_policy_document" "s3" {
     ]
 
     resources = [
-      "${aws_s3_bucket.default.arn}",
-      "${aws_s3_bucket.default.arn}/*",
+      "${element(concat(aws_s3_bucket.default.*.arn, list("")), 0)}",
+      "${format("%s/*", element(concat(aws_s3_bucket.default.*.arn, list("")), 0))}"
     ]
 
     effect = "Allow"
@@ -164,13 +164,13 @@ data "aws_iam_policy_document" "s3" {
 
 resource "aws_iam_role_policy_attachment" "codebuild" {
   count      = "${local.enabled ? 1 : 0}"
-  role       = "${aws_iam_role.default.id}"
-  policy_arn = "${aws_iam_policy.codebuild.arn}"
+  role       = "${element(concat(aws_iam_role.default.*.id, list("")), 0)}"
+  policy_arn = "${element(concat(aws_iam_policy.codebuild.*.arn, list("")), 0)}"
 }
 
 module "codebuild_label" {
-  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.2.1"
-  attributes = ["${compact(concat(var.attributes, list("codebuild")))}"]
+  source     = "github.com/cloudposse/terraform-terraform-label.git?ref=0.4.0"
+  attributes = "${compact(concat(var.attributes, list("codebuild")))}"
   delimiter  = "${var.delimiter}"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
@@ -202,7 +202,7 @@ data "aws_caller_identity" "default" {}
 data "aws_region" "default" {}
 
 module "build" {
-  source                = "git::https://github.com/cloudposse/terraform-aws-codebuild.git?ref=tags/0.16.0"
+  source                = "git::https://github.com/cloudposse/terraform-aws-codebuild.git?ref=tags/0.17.0"
   enabled               = "${var.enabled}"
   namespace             = "${var.namespace}"
   name                  = "${var.name}"
@@ -227,7 +227,7 @@ module "build" {
 resource "aws_iam_role_policy_attachment" "codebuild_s3" {
   count      = "${local.enabled ? 1 : 0}"
   role       = "${module.build.role_id}"
-  policy_arn = "${aws_iam_policy.s3.arn}"
+  policy_arn = "${element(concat(aws_iam_policy.s3.*.arn, list("")), 0)}"
 }
 
 resource "random_string" "webhook_secret" {
@@ -261,7 +261,7 @@ resource "aws_codepipeline_webhook" "webhook" {
 }
 
 module "github_webhooks" {
-  source               = "git::https://github.com/cloudposse/terraform-github-repository-webhooks.git?ref=tags/0.4.0"
+  source               = "git::https://github.com/cloudposse/terraform-github-repository-webhooks.git?ref=terraform-0.12"
   enabled              = "${local.enabled && var.webhook_enabled == "true" ? "true" : "false"}"
   github_organization  = "${var.repo_owner}"
   github_repositories  = ["${var.repo_name}"]
@@ -269,5 +269,5 @@ module "github_webhooks" {
   webhook_url          = "${local.webhook_url}"
   webhook_secret       = "${local.webhook_secret}"
   webhook_content_type = "json"
-  events               = ["${var.github_webhook_events}"]
+  events               = "${var.github_webhook_events}"
 }