cloud-platform-infrastructure icon indicating copy to clipboard operation
cloud-platform-infrastructure copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

chore(deps): bump the cloud-platform-aws-account group across 1 directory with 9 updates

Open dependabot[bot] opened this issue 4 months ago • 0 comments

Bumps the cloud-platform-aws-account group with 9 updates in the /terraform/aws-accounts/cloud-platform-aws/account directory:

Package From To
auth0/auth0 0.50.2 1.6.1
ecr::cloud-platform-terraform-ecr-credentials 6.1.0 7.0.0
ecr_credentials::cloud-platform-terraform-ecr-credentials 6.1.0 7.0.0
hashicorp/aws 5.40.0 5.69.0
hashicorp/http 3.4.4 3.4.5
integrations/github 5.42.0 6.3.0
opensearch-project/opensearch 2.2.1 2.3.1
terraform-aws-modules/acm/aws 5.0.0 5.1.0
terraform-aws-modules/s3-bucket/aws 2.14.0 4.1.2

Updates auth0/auth0 from 0.50.2 to 1.6.1

Release notes

Sourced from auth0/auth0's releases.

v1.6.1

BUG FIXES:

  • resource/auth0_client: Fixed an issue where the default_organization plan failed due to ConflictsWith and RequiredWith clauses in the schema (#1021)

v1.6.0

FEATURES:

  • resource/auth0_prompt_screen_partial: Add new resource to manage customized sign up and login experience. (1:1) (#1013)
  • resource/auth0_prompt_screen_partials: Add new resource to manage customized sign up and login experience. (1:many) (#1013)
  • data_source/auth0_prompt_screen_partials: Add new data source to retrieve screen partials. (#1013)

ENHANCEMENTS:

  • resource/auth0_client: Add Organizations for Client Credentials. (#1009)
  • resource/auth0_prompt_custom_text: Add support for languages being fetched from CDN during Universal Login. (#1006)

BUG FIXES:

  • resource/auth0_connection: Remove MinItems validation for precedence. (#1017)

NOTES:

  • resource/auth0_prompt_partials: Deprecated the resource. (#1013)

v1.5.0

FEATURES:

  • resource/auth0_connection: Add new fields attributes and precedence to ConnectionOptions. (#991)
  • resource/auth0_self_service_profile: Add new resource for managing self-service profiles. (#1008)
  • data-source/auth0_self_service_profile: Add a data source for retrieving self-service profiles. (#1008)

v1.4.0

FEATURES:

  • resource/auth0_connection_scim_configuration: Add a resource for managing SCIM(System for Cross-domain Identity Management) configuration. (#980)
  • resource/auth0_prompt_custom_text: Add new prompt values (captcha, custom-form, customized-consent, passkeys, phone-identifier-challenge, phone-identifier-enrollment) to the auth0_prompt_custom_text resource. (#985)
  • data-source/auth0_connection_scim_configuration: Add a data source for managing SCIM(System for Cross-domain Identity Management) configuration. (#980)

ENHANCEMENTS:

  • resource/auth0_tenant: Add support for enable_sso flag (#972)

NOTES:

  • resource/auth0_tenant: Deprecated the require-pushed-authorization-requests attribute. (#986)

v1.3.0

FEATURES:

... (truncated)

Changelog

Sourced from auth0/auth0's changelog.

v1.6.1

BUG FIXES:

  • resource/auth0_client: Fixed an issue where the default_organization plan failed due to ConflictsWith and RequiredWith clauses in the schema (#1021)

v1.6.0

FEATURES:

  • resource/auth0_prompt_screen_partial: Add new resource to manage customized sign up and login experience. (1:1) (#1013)
  • resource/auth0_prompt_screen_partials: Add new resource to manage customized sign up and login experience. (1:many) (#1013)
  • data_source/auth0_prompt_screen_partials: Add new data source to retrieve prompt screen partials. (#1013)

ENHANCEMENTS:

  • resource/auth0_client: Add Organizations for Client Credentials. (#1009)
  • resource/auth0_prompt_custom_text: Add support for fetching the language list from a CDN for prompt custom text. (#1006)

BUG FIXES:

  • resource/auth0_connection: Remove MinItems validation for precedence. (#1017)

NOTES:

  • resource/auth0_prompt_partials: Deprecated in favor of resource/auth0_prompt_screen_partial and resource/auth0_prompt_screen_partials. (#1013)

v1.5.0

FEATURES:

  • resource/auth0_connection: Add new fields attributes and precedence to ConnectionOptions. (#991)
  • resource/auth0_self_service_profile: Add new resource for managing self-service profiles. (#1008)
  • data-source/auth0_self_service_profile: Add a data source for retrieving self-service profiles. (#1008)

v1.4.0

FEATURES:

  • resource/auth0_connection_scim_configuration: Add a resource for managing SCIM(System for Cross-domain Identity Management) configuration. (#980)
  • resource/auth0_prompt_custom_text: Add new prompt values (captcha, custom-form, customized-consent, passkeys, phone-identifier-challenge, phone-identifier-enrollment) to the auth0_prompt_custom_text resource. (#985)
  • data-source/auth0_connection_scim_configuration: Add a data source for managing SCIM(System for Cross-domain Identity Management) configuration. (#980)

ENHANCEMENTS:

  • resource/auth0_tenant: Add support for enable_sso flag (#972)

... (truncated)

Commits
  • 94db0ac Add changelog for v1.6.1 (#1022)
  • c2d1a1d Patch: default_organization on Client Creds (#1021)
  • 3b87a8f Add changelog for v1.6.0 (#1020)
  • b41136d Add Sorting to screen_partials Flattening Logic to Resolve Indexing Issues ...
  • e12f8b4 Add Organizations for Client Credentials (#1009)
  • cbe29fc Bump github.com/hashicorp/terraform-plugin-testing from 1.9.0 to 1.10.0 (#999)
  • b026516 Add Support for auth0_prompt_screen_partial and `auth0_prompt_screen_partia...
  • f156db8 Add support for all languages for Universal Login (#1016)
  • 24105b4 Patch: Removed MinItems validation for precedence on Connection Resource (#1017)
  • beba4b9 Add changelog for v1.5.0 (#1010)
  • Additional commits viewable in compare view

Updates ecr::cloud-platform-terraform-ecr-credentials from 6.1.0 to 7.0.0

Release notes

Sourced from ecr::cloud-platform-terraform-ecr-credentials's releases.

v7.0.0

What's Changed

Full Changelog: https://github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials/compare/6.1.1...7.0.0

Breaking Changes

Headline: If optional github_environments field is set, any pre-existing default repository ECR secrets and variables will be deleted.

This release introduces functionality that could potentially break some existing GitHub Actions pipelines that utilise GitHub Secrets and Variables. Please read this guidance thoroughly and check that your GitHub Actions workflows are configured correctly.

Action required

If you’re using the ECR module in your environment, and are not setting the optional github_environments field, then this 7.0.0 update will have no impact on your CI/CD workflows and you can ignore this guidance.

If you are setting the github_environments field, then you should be accessing your ECR secrets and variables:

ECR_ROLE_TO_ASSUME ECR_REGION ECR_REPOSITORY
(these will vary if you are setting github_actions_prefix in your module call)

from your own defined GitHub environments within your repository workflows. This can be verified by reviewing your GitHub Actions yaml ECR build configurations and verifying that your ECR secrets and variables are scoped within an environment block, similar to the below workflow snippet:

on:
  push:
    branches: [main]

jobs:
ecr:
environment: development          # <-- Your environment name here
runs-on: ubuntu-latest
...
...
steps:
...
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}          # <-- environment scoped secret
aws-region: ${{ vars.ECR_REGION }}          # <-- environment scoped variable

... (truncated)

Commits
  • 6e9c083 Merge pull request #109 from ministryofjustice/repo-vars-condition
  • b09aa1e readme update
  • 79ccaaf readme update
  • 073f0e3 set repo vars resource creation dependency on environments list
  • 0b52bb9 Merge pull request #103 from ministryofjustice/ecr-example-01
  • 4a5633d Update example to use the latest release
  • 0386403 Merge pull request #101 from ministryofjustice/tf-validation
  • 2dc4c13 feat(action): add setup go to pipeline
  • 5915061 feat(action): add action for unit test
  • 115f8bd feat(Go): add unit tests for validation of tf
  • Additional commits viewable in compare view

Updates ecr_credentials::cloud-platform-terraform-ecr-credentials from 6.1.0 to 7.0.0

Release notes

Sourced from ecr_credentials::cloud-platform-terraform-ecr-credentials's releases.

v7.0.0

What's Changed

Full Changelog: https://github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials/compare/6.1.1...7.0.0

Breaking Changes

Headline: If optional github_environments field is set, any pre-existing default repository ECR secrets and variables will be deleted.

This release introduces functionality that could potentially break some existing GitHub Actions pipelines that utilise GitHub Secrets and Variables. Please read this guidance thoroughly and check that your GitHub Actions workflows are configured correctly.

Action required

If you’re using the ECR module in your environment, and are not setting the optional github_environments field, then this 7.0.0 update will have no impact on your CI/CD workflows and you can ignore this guidance.

If you are setting the github_environments field, then you should be accessing your ECR secrets and variables:

ECR_ROLE_TO_ASSUME ECR_REGION ECR_REPOSITORY
(these will vary if you are setting github_actions_prefix in your module call)

from your own defined GitHub environments within your repository workflows. This can be verified by reviewing your GitHub Actions yaml ECR build configurations and verifying that your ECR secrets and variables are scoped within an environment block, similar to the below workflow snippet:

on:
  push:
    branches: [main]

jobs:
ecr:
environment: development          # <-- Your environment name here
runs-on: ubuntu-latest
...
...
steps:
...
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}          # <-- environment scoped secret
aws-region: ${{ vars.ECR_REGION }}          # <-- environment scoped variable

... (truncated)

Commits
  • 6e9c083 Merge pull request #109 from ministryofjustice/repo-vars-condition
  • b09aa1e readme update
  • 79ccaaf readme update
  • 073f0e3 set repo vars resource creation dependency on environments list
  • 0b52bb9 Merge pull request #103 from ministryofjustice/ecr-example-01
  • 4a5633d Update example to use the latest release
  • 0386403 Merge pull request #101 from ministryofjustice/tf-validation
  • 2dc4c13 feat(action): add setup go to pipeline
  • 5915061 feat(action): add action for unit test
  • 115f8bd feat(Go): add unit tests for validation of tf
  • Additional commits viewable in compare view

Updates hashicorp/aws from 5.40.0 to 5.69.0

Release notes

Sourced from hashicorp/aws's releases.

v5.69.0

NOTES:

  • provider: This release contains an upstream AWS SDK for Go v2 change to DynamoDB service endpoints. The Terraform AWS Provider will now connect to a DynamoDB endpoint in the format (account-id).ddb.(region).amazonaws.com instead of dynamodb.(region).amazonaws.com. If your network configuration blocks outgoing traffic to DynamoDB based on DNS names or endpoint URLs, you must adjust your configuration, because the service's DNS name will change. You may instead disable account-based endpoints for DynamoDB by setting account_id_endpoint_mode = disabled in a shared config file or setting the AWS_ACCOUNT_ID_ENDPOINT_MODE environment variable to disabled (#39505)
  • provider: Updates to Go 1.23.1. The issue with AWS Network Firewall dropping TLS handshake ClientHello messages after the v5.65.0 upgrade to Go 1.23.0, temporarily resolved by the v5.67.0 downgrade to Go 1.22.7, has been addressed by removing the X25519Kyber768Draft00 key exchange mechanism from the HTTP client used to make AWS API calls (#39432)
  • resource/aws_alb_listener: When importing a listener that has either a default action top-level target group ARN or a default action defining a forward action defining a target group with an ARN, include both in the configuration to avoid import differences (#39413)
  • resource/aws_lb_listener: When importing a listener that has either a default action top-level target group ARN or a default action defining a forward action defining a target group with an ARN, include both in the configuration to avoid import differences (#39413)

ENHANCEMENTS:

  • data-source/aws_connect_instance: Add tags attribute (#39402)
  • data-source/aws_ec2_transit_gateway: Add security_group_referencing_support attribute (#34542)
  • data-source/aws_ec2_transit_gateway_vpc_attachment: Add security_group_referencing_support attribute (#34542)
  • data-source/aws_opensearchserverless_collection: Add failure_code and failure_reason attributes (#38995)
  • resource/aws_bedrockagent_agent: Add guardrail_configuration argument (#39440)
  • resource/aws_connect_instance: Add tags argument and tags_all attribute (#39402)
  • resource/aws_ec2_transit_gateway: Add security_group_referencing_support argument (#34542)
  • resource/aws_ec2_transit_gateway_vpc_attachment: Add security_group_referencing_support argument (#34542)
  • resource/aws_ec2_transit_gateway_vpc_attachment_accepter: Add security_group_referencing_support argument (#34542)
  • resource/aws_ecs_service: Add volume_configuration.managed_ebs_volume.tag_specifications attribute (#38662)
  • resource/aws_identitystore_group: Allow display_name to be updated in-place (#39416)
  • resource/aws_kinesis_stream: Tag on Create to support attribute-based access control (ABAC) (#39504)
  • resource/aws_quicksight_data_source: Add credentials.secret_arn argument (#29034)

BUG FIXES:

  • data-source/aws_opensearchserverless_vpc_endpoint: Correctly set security_group_ids. This requires a call to the EC2 DescribeVpcEndpoints API (#39454)
  • data-source/aws_region: Fix lookups for the ap-southeast-5 Region (#39389)
  • resource/aws_alb_listener: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_alb_listener: Remove the limitation preventing setting both default_action.0.target_group_arn and default_action.0.forward to align with the AWS API which allows you to specify both a target group list and a top-level target group ARN if the ARNs match (#39413)
  • resource/aws_db_instance: Allow replica database to be added to domain on create (#39448)
  • resource/aws_db_instance_role_association: Fix intermittent failure when instance is not in an available state (#39457)
  • resource/aws_dynamodb_tag: Fix propagation timeout when multiple tags exist (#39491)
  • resource/aws_ecs_cluster: Fix validation error with name attribute. (#38993)
  • resource/aws_ecs_cluster_capacity_providers: Fix validation error with name attribute. (#38993)
  • resource/aws_iam_role: Retry ConcurrentModificationExceptions during role creation (#39429)
  • resource/aws_inspector2_enabler: Fix AccessDeniedException: Lambda code scanning is not supported in ... errors (#38254)
  • resource/aws_inspector2_member_association: Improve handling of AccessDeniedException errors during creation (#38254)
  • resource/aws_lb_listener: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_lb_listener: Remove the limitation preventing setting both default_action.0.target_group_arn and default_action.0.forward to align with the AWS API which allows you to specify both a target group list and a top-level target group ARN if the ARNs match (#39413)
  • resource/aws_lb_listener_rule: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_lb_target_group: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_medialive_multiplex: Fix to properly handle read failures during delete operations which were previously ignored (#39498)
  • resource/aws_opensearchserverless_vpc_endpoint: Change name and vpc_id to ForceNew (#39454)
  • resource/aws_opensearchserverless_vpc_endpoint: Correctly set security_group_ids. This requires a call to the EC2 DescribeVpcEndpoints API (#39454)
  • resource/aws_rds_cluster_role_association: Fix intermittent failure when cluster is not in an available state (#39457)
  • resource/aws_vpc_dhcp_options: Fix a bug causing a panic crash when an option is absent (#39427)

v5.68.0

NOTES:

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

5.69.0 (September 26, 2024)

NOTES:

  • provider: This release contains an upstream AWS SDK for Go v2 change to DynamoDB service endpoints. The Terraform AWS Provider will now connect to a DynamoDB endpoint in the format (account-id).ddb.(region).amazonaws.com instead of dynamodb.(region).amazonaws.com. If your network configuration blocks outgoing traffic to DynamoDB based on DNS names or endpoint URLs, you must adjust your configuration, because the service's DNS name will change. You may instead disable account-based endpoints for DynamoDB by setting account_id_endpoint_mode = disabled in a shared config file or setting the AWS_ACCOUNT_ID_ENDPOINT_MODE environment variable to disabled (#39505)
  • provider: Updates to Go 1.23.1. The issue with AWS Network Firewall dropping TLS handshake ClientHello messages after the v5.65.0 upgrade to Go 1.23.0, temporarily resolved by the v5.67.0 downgrade to Go 1.22.7, has been addressed by removing the X25519Kyber768Draft00 key exchange mechanism from the HTTP client used to make AWS API calls (#39432)
  • resource/aws_alb_listener: When importing a listener that has either a default action top-level target group ARN or a default action defining a forward action defining a target group with an ARN, include both in the configuration to avoid import differences (#39413)
  • resource/aws_lb_listener: When importing a listener that has either a default action top-level target group ARN or a default action defining a forward action defining a target group with an ARN, include both in the configuration to avoid import differences (#39413)

ENHANCEMENTS:

  • data-source/aws_connect_instance: Add tags attribute (#39402)
  • data-source/aws_ec2_transit_gateway: Add security_group_referencing_support attribute (#34542)
  • data-source/aws_ec2_transit_gateway_vpc_attachment: Add security_group_referencing_support attribute (#34542)
  • data-source/aws_opensearchserverless_collection: Add failure_code and failure_reason attributes (#38995)
  • resource/aws_bedrockagent_agent: Add guardrail_configuration argument (#39440)
  • resource/aws_connect_instance: Add tags argument and tags_all attribute (#39402)
  • resource/aws_ec2_transit_gateway: Add security_group_referencing_support argument (#34542)
  • resource/aws_ec2_transit_gateway_vpc_attachment: Add security_group_referencing_support argument (#34542)
  • resource/aws_ec2_transit_gateway_vpc_attachment_accepter: Add security_group_referencing_support argument (#34542)
  • resource/aws_ecs_service: Add volume_configuration.managed_ebs_volume.tag_specifications attribute (#38662)
  • resource/aws_identitystore_group: Allow display_name to be updated in-place (#39416)
  • resource/aws_kinesis_stream: Tag on Create to support attribute-based access control (ABAC) (#39504)
  • resource/aws_quicksight_data_source: Add credentials.secret_arn argument (#29034)

BUG FIXES:

  • data-source/aws_opensearchserverless_vpc_endpoint: Correctly set security_group_ids. This requires a call to the EC2 DescribeVpcEndpoints API (#39454)
  • data-source/aws_region: Fix lookups for the ap-southeast-5 Region (#39389)
  • resource/aws_alb_listener: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_alb_listener: Remove the limitation preventing setting both default_action.0.target_group_arn and default_action.0.forward to align with the AWS API which allows you to specify both a target group list and a top-level target group ARN if the ARNs match (#39413)
  • resource/aws_db_instance: Allow replica database to be added to domain on create (#39448)
  • resource/aws_db_instance_role_association: Fix intermittent failure when instance is not in an available state (#39457)
  • resource/aws_dynamodb_tag: Fix propagation timeout when multiple tags exist (#39491)
  • resource/aws_ecs_cluster: Fix validation error with name attribute. (#38993)
  • resource/aws_ecs_cluster_capacity_providers: Fix validation error with name attribute. (#38993)
  • resource/aws_iam_role: Retry ConcurrentModificationExceptions during role creation (#39429)
  • resource/aws_inspector2_enabler: Fix AccessDeniedException: Lambda code scanning is not supported in ... errors (#38254)
  • resource/aws_inspector2_member_association: Improve handling of AccessDeniedException errors during creation (#38254)
  • resource/aws_lb_listener: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_lb_listener: Remove the limitation preventing setting both default_action.0.target_group_arn and default_action.0.forward to align with the AWS API which allows you to specify both a target group list and a top-level target group ARN if the ARNs match (#39413)
  • resource/aws_lb_listener_rule: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_lb_target_group: Fix several of the arguments to avoiding setting zero-values in situations where they shouldn't causing warnings and import differences (#39413)
  • resource/aws_medialive_multiplex: Fix to properly handle read failures during delete operations which were previously ignored (#39498)
  • resource/aws_opensearchserverless_vpc_endpoint: Change name and vpc_id to ForceNew (#39454)
  • resource/aws_opensearchserverless_vpc_endpoint: Correctly set security_group_ids. This requires a call to the EC2 DescribeVpcEndpoints API (#39454)
  • resource/aws_rds_cluster_role_association: Fix intermittent failure when cluster is not in an available state (#39457)
  • resource/aws_vpc_dhcp_options: Fix a bug causing a panic crash when an option is absent (#39427)

5.68.0 (September 19, 2024)

... (truncated)

Commits

Updates hashicorp/http from 3.4.4 to 3.4.5

Release notes

Sourced from hashicorp/http's releases.

v3.4.5

NOTES:

  • all: This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#452)
Changelog

Sourced from hashicorp/http's changelog.

3.4.5 (September 10, 2024)

NOTES:

  • all: This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#452)
Commits
  • 22679bc Update changelog
  • 173f5fc all: Bump minimum Go module version to 1.22 (#452)
  • a021d57 Result of tsccr-helper -log-level=info gha update -latest . (#453)
  • 08ecf12 build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#451)
  • 5e21d7a build(deps): bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#449)
  • f38748c Result of tsccr-helper -log-level=info gha update -latest . (#448)
  • 3bb8f61 Result of tsccr-helper -log-level=info gha update -latest . (#447)
  • 8a2d0c3 build(deps): bump github.com/hashicorp/terraform-plugin-testing (#446)
  • b3558ff build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 (#445)
  • 7b99cb6 build(deps): bump github.com/hashicorp/terraform-plugin-framework (#444)
  • See full diff in compare view

Updates integrations/github from 5.42.0 to 6.3.0

Release notes

Sourced from integrations/github's releases.

v6.3.0

What's Changed

🚀 New Features

🛠️ Maintenance

🏷 Other Changes

New Contributors

Full Changelog: https://github.com/integrations/terraform-provider-github/compare/v6.2.3...v6.3.0

v6.2.3

What's Changed

🛠️ Maintenance

🏷 Other Changes

New Contributors

... (truncated)

Commits
  • 2c5b3af handle emu idp group 404 (#2385)
  • af9cf3d feat: allow filtering on permission in repo collaborator datasource (#2382)
  • f3792c8 build(deps): bump github/codeql-action in the github-actions group (#2367)
  • c3b7085 docs: fix markdown for repository
  • 67dda09 feat: Adding summary_only field to the organization data source (#2326)
  • ced7639 build(deps): bump github/codeql-action in the github-actions group (#2353)
  • 6006b74 build(deps): bump golang.org/x/crypto in the gomod group (#2354)
  • ab2839d feat: add ruleset target push (#2351)
  • 0f84a2a Rate limit (#2345)
  • 7e83094 build(deps): bump github/codeql-action in the github-actions group (#2346)
  • Additional commits viewable in compare view

Updates opensearch-project/opensearch from 2.2.1 to 2.3.1

Release notes

Sourced from opensearch-project/opensearch's releases.

Description has been truncated

dependabot[bot] avatar Oct 02 '24 09:10 dependabot[bot]