feat: Updated to support Terraform 0.13 also (#103)

.pre-commit-config.yaml

@@ -4,6 +4,21 @@ repos:
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
   - repo: git://github.com/pre-commit/pre-commit-hooks
     rev: v3.2.0
     hooks:

README.md

@@ -14,7 +14,7 @@ These types of resources are supported:
 
 ## Terraform versions
 
-Terraform 0.12. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch.
+Terraform 0.12 or newer. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch.
 
 Terraform 0.11. Pin module version to `~> v1.0`. Submit pull-requests to `terraform011` branch.
 
@@ -117,7 +117,6 @@ module "iam_assumable_roles_with_saml" {
 
   create_readonly_role = true
 
-  provider_name = "idp_saml"
   provider_id   = "arn:aws:iam::235367859851:saml-provider/idp_saml"
 }
 ```

examples/iam-account/README.md

@@ -17,7 +17,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 

examples/iam-account/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-assumable-role-with-oidc/README.md

@@ -17,7 +17,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 

examples/iam-assumable-role-with-oidc/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-assumable-role/README.md

@@ -19,7 +19,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 

examples/iam-assumable-role/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-assumable-roles-with-saml/README.md

@@ -17,13 +17,16 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 2.23 |
 
 ## Inputs
 

examples/iam-assumable-roles-with-saml/main.tf

@@ -21,7 +21,6 @@ module "iam_assumable_roles_with_saml" {
 
   create_readonly_role = true
 
-  provider_name = aws_iam_saml_provider.idp_saml.name
   provider_id = aws_iam_saml_provider.idp_saml.id
 }
 
@@ -35,6 +34,5 @@ module "iam_assumable_roles_with_saml_custom" {
   poweruser_role_name        = "Billing-And-Support-Access"
   poweruser_role_policy_arns = ["arn:aws:iam::aws:policy/job-function/Billing", "arn:aws:iam::aws:policy/AWSSupportAccess"]
 
-  provider_name = aws_iam_saml_provider.idp_saml.name
   provider_id = aws_iam_saml_provider.idp_saml.id
 }

examples/iam-assumable-roles-with-saml/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-assumable-roles/README.md

@@ -17,7 +17,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 

examples/iam-assumable-roles/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-group-complete/README.md

@@ -19,7 +19,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 

examples/iam-group-complete/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-group-with-assumable-roles-policy/README.md

@@ -17,14 +17,17 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
-| aws.production | n/a |
+| aws | >= 2.23 |
+| aws.production | >= 2.23 |
 
 ## Inputs
 

examples/iam-group-with-assumable-roles-policy/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-group-with-policies/README.md

@@ -17,13 +17,16 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 2.23 |
 
 ## Inputs
 

examples/iam-group-with-policies/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-policy/README.md

@@ -17,13 +17,16 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 2.23 |
 
 ## Inputs
 

examples/iam-policy/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.23"
+  }
+}

examples/iam-user/README.md

@@ -18,7 +18,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.50 |
 
 ## Providers
 
@@ -32,10 +35,10 @@ No input.
 
 | Name | Description |
 |------|-------------|
-| keybase\_password\_decrypt\_command | n/a |
-| keybase\_password\_pgp\_message | n/a |
-| keybase\_secret\_key\_decrypt\_command | n/a |
-| keybase\_secret\_key\_pgp\_message | n/a |
+| keybase\_password\_decrypt\_command | Decrypt user password command |
+| keybase\_password\_pgp\_message | Encrypted password |
+| keybase\_secret\_key\_decrypt\_command | Decrypt access secret key command |
+| keybase\_secret\_key\_pgp\_message | Encrypted access secret key |
 | pgp\_key | PGP key used to encrypt sensitive data for this user (if empty - secrets are not encrypted) |
 | this\_iam\_access\_key\_encrypted\_secret | The encrypted secret, base64 encoded |
 | this\_iam\_access\_key\_id | The access key ID |

examples/iam-user/outputs.tf

@@ -59,17 +59,21 @@ output "pgp_key" {
 }
 
 output "keybase_password_decrypt_command" {
+  description = "Decrypt user password command"
   value       = module.iam_user.keybase_password_decrypt_command
 }
 
 output "keybase_password_pgp_message" {
+  description = "Encrypted password"
   value       = module.iam_user.keybase_password_pgp_message
 }
 
 output "keybase_secret_key_decrypt_command" {
+  description = "Decrypt access secret key command"
   value       = module.iam_user.keybase_secret_key_decrypt_command
 }
 
 output "keybase_secret_key_pgp_message" {
+  description = "Encrypted access secret key"
   value       = module.iam_user.keybase_secret_key_pgp_message
 }

examples/iam-user/versions.tf

+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.50"
+  }
+}

modules/iam-account/README.md

@@ -26,14 +26,14 @@ Import successful!
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-account/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-assumable-role-with-oidc/README.md

@@ -11,14 +11,14 @@ This module supports IAM Roles for kubernetes service accounts as described in t
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 
@@ -32,8 +32,8 @@ This module supports IAM Roles for kubernetes service accounts as described in t
 | oidc\_subjects\_with\_wildcards | The OIDC subject using wildcards to be added to the role policy | `set(string)` | `[]` | no |
 | provider\_url | URL of the OIDC Provider. Use provider\_urls to specify several URLs. | `string` | `""` | no |
 | provider\_urls | List of URLs of the OIDC Providers | `list(string)` | `[]` | no |
-| role\_name | IAM role name | `string` | `""` | no |
 | role\_description | IAM Role description | `string` | `""` | no |
+| role\_name | IAM role name | `string` | `""` | no |
 | role\_path | Path of IAM role | `string` | `"/"` | no |
 | role\_permissions\_boundary\_arn | Permissions boundary ARN to use for IAM role | `string` | `""` | no |
 | role\_policy\_arns | List of ARNs of IAM policies to attach to IAM role | `list(string)` | `[]` | no |

modules/iam-assumable-role-with-oidc/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-assumable-role/README.md

@@ -9,14 +9,14 @@ Trusted resources can be any [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/U
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-assumable-role/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-assumable-roles-with-saml/README.md

@@ -11,14 +11,14 @@ Creates predefined IAM roles (admin, poweruser and readonly) which can be assume
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 
@@ -41,7 +41,6 @@ Creates predefined IAM roles (admin, poweruser and readonly) which can be assume
 | poweruser\_role\_policy\_arns | List of policy ARNs to use for poweruser role | `list(string)` | <pre>[<br>  "arn:aws:iam::aws:policy/PowerUserAccess"<br>]</pre> | no |
 | poweruser\_role\_tags | A map of tags to add to poweruser role resource. | `map(string)` | `{}` | no |
 | provider\_id | ID of the SAML Provider | `string` | n/a | yes |
-| provider\_name | Name of the SAML Provider | `string` | n/a | yes |
 | readonly\_role\_name | IAM role with readonly access | `string` | `"readonly"` | no |
 | readonly\_role\_path | Path of readonly IAM role | `string` | `"/"` | no |
 | readonly\_role\_permissions\_boundary\_arn | Permissions boundary ARN to use for readonly role | `string` | `""` | no |

modules/iam-assumable-roles-with-saml/variables.tf

-variable "provider_name" {
-  description = "Name of the SAML Provider"
-  type        = string
-}
-
 variable "provider_id" {
   description = "ID of the SAML Provider"
   type        = string

modules/iam-assumable-roles-with-saml/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-assumable-roles/README.md

@@ -9,14 +9,14 @@ Trusted resources can be any [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/U
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-assumable-roles/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-group-with-assumable-roles-policy/README.md

@@ -7,14 +7,14 @@ Creates IAM group with users who are allowed to assume IAM roles. This is typica
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-group-with-assumable-roles-policy/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-group-with-policies/README.md

@@ -7,14 +7,14 @@ Creates IAM group with specified IAM policies, and add users into a group.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-group-with-policies/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-policy/README.md

@@ -7,14 +7,14 @@ Creates IAM policy.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.23, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.23, < 4.0 |
+| aws | >= 2.23 |
 
 ## Inputs
 

modules/iam-policy/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23, < 4.0"
+    aws = ">= 2.23"
   }
 }

modules/iam-user/README.md

@@ -23,14 +23,14 @@ This module outputs commands and PGP messages which can be decrypted either usin
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.6, < 0.14 |
-| aws | >= 2.50, < 4.0 |
+| terraform | >= 0.12.6 |
+| aws | >= 2.50 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.50, < 4.0 |
+| aws | >= 2.50 |
 
 ## Inputs
 
@@ -55,10 +55,10 @@ This module outputs commands and PGP messages which can be decrypted either usin
 
 | Name | Description |
 |------|-------------|
-| keybase\_password\_decrypt\_command | n/a |
-| keybase\_password\_pgp\_message | n/a |
-| keybase\_secret\_key\_decrypt\_command | n/a |
-| keybase\_secret\_key\_pgp\_message | n/a |
+| keybase\_password\_decrypt\_command | Decrypt user password command |
+| keybase\_password\_pgp\_message | Encrypted password |
+| keybase\_secret\_key\_decrypt\_command | Decrypt access secret key command |
+| keybase\_secret\_key\_pgp\_message | Encrypted access secret key |
 | pgp\_key | PGP key used to encrypt sensitive data for this user (if empty - secrets are not encrypted) |
 | this\_iam\_access\_key\_encrypted\_secret | The encrypted secret, base64 encoded |
 | this\_iam\_access\_key\_id | The access key ID |

modules/iam-user/outputs.tf

@@ -86,6 +86,7 @@ output "pgp_key" {
 }
 
 output "keybase_password_decrypt_command" {
+  description = "Decrypt user password command"
   value = <<EOF
 echo "${element(
   concat(aws_iam_user_login_profile.this.*.encrypted_password, [""]),
@@ -96,6 +97,7 @@ EOF
 }
 
 output "keybase_password_pgp_message" {
+  description = "Encrypted password"
   value = <<EOF
 -----BEGIN PGP MESSAGE-----
 Version: Keybase OpenPGP v2.0.76
@@ -111,6 +113,7 @@ EOF
 }
 
 output "keybase_secret_key_decrypt_command" {
+  description = "Decrypt access secret key command"
   value       = <<EOF
 echo "${element(concat(aws_iam_access_key.this.*.encrypted_secret, [""]), 0)}" | base64 --decode | keybase pgp decrypt
 EOF
@@ -118,6 +121,7 @@ EOF
 }
 
 output "keybase_secret_key_pgp_message" {
+  description = "Encrypted access secret key"
   value       = <<EOF
 -----BEGIN PGP MESSAGE-----
 Version: Keybase OpenPGP v2.0.76

modules/iam-user/versions.tf

 terraform {
-  required_version = ">= 0.12.6, < 0.14"
+  required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.50, < 4.0"
+    aws = ">= 2.50"
   }
 }