09 Oct 18:41

cloudposse-releaser

a1d46a0

v1.537.1 Latest

Latest

feat(ssm-secrets): add support for extra config options @RoseSecurity (#45)

## what

Added support for specifying parameter_store_paths and resources in the values passed to the external_ssm_secrets module, enabling more granular control over which secrets and resources are managed.
Introduced a serviceAccount configuration that sets the service account name based on module.this.name, improving service account management.
Added an rbac configuration block with a create flag controlled by var.rbac_enabled, allowing for optional RBAC resource creation.

why

This updates the configuration for the external_ssm_secrets module to support additional customization and RBAC (Role-Based Access Control) options. The main changes expand the set of values passed to the module, allowing for more flexible and secure integration.

Summary by CodeRabbit

New Features
- Configure multiple Parameter Store paths for external secrets.
- Add resource requests/limits configuration for pods.
- Specify custom ServiceAccount names and toggle RBAC creation.
- Maintains existing region configuration.
Chores
- Updated chart/values structure to support the new configuration options without changing existing behavior.

🚀 Enhancements

chore(deps): bump github.com/ulikunitz/xz from 0.5.11 to 0.5.14 in /test @[dependabot[bot]](https://github.com/apps/dependabot) (#40)

Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.11 to 0.5.14.

Commits

7184815 Preparation of release v0.5.14
88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
c8314b8 Add new package xio with WriteCloserStack
4f11dce Update README.md and SECURITY.md to address security questions
f56ebbf TODO.md: fix a typo
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#44)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.43.0 @[renovate[bot]](https://github.com/apps/renovate) (#43)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.42.0` -> `0.43.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.43.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_ecs_account_setting_default_invalid_name rule by @wata727 in #949

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #921
Update AWS provider/module and generated content by @github-actions[bot] in #948

Chores

Bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #927
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #928
Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #931
Bump github.com/hashicorp/terraform-json from 0.25.0 to 0.26.0 by @dependabot[bot] in #930
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #929
Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #932
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #933
Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #934
Bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @dependabot[bot] in #935
dependabot: allow actions writes by @wata727 in #936
Fix E2E tests to take into account the newly added JSON fields by @wata727 in #944
Bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @dependabot[bot] in #937
Bump github.com/aws/smithy-go from 1.22.5 to 1.23.0 by @dependabot[bot] in #938
Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #940
Bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by [@dependabot](https://redirect.github.com/dependab...

Contributors

goruha and RoseSecurity

Assets 2

01 Jul 16:24

cloudposse-releaser

v1.537.0

9f80273

v1.537.0

Fix: use v1 externalsecrets clusterstore if available @brucex (#32)

## what * Allow both v1 and v1beta of ClusterSecretStore * Removal unused values

why

v1beta has been deprecated and does not work in ESO v.0.17.0+ (latest is 0.18.0)
Having unused values passed through the helm chart is confusing

references

https://github.com/external-secrets/external-secrets/releases/tag/helm-chart-0.17.0

Summary by CodeRabbit

New Features
- The system now automatically selects the appropriate API version for secret store resources based on your Kubernetes cluster's supported versions.
Chores
- Simplified configuration by removing unused parameters from the module setup, reducing the amount of configuration required.

Contributors

brucex

Assets 2

30 Jun 08:03

cloudposse-releaser

v1.536.1

4027185

v1.536.1

chore(deps): restrict aws provider version to < 6.0.0 @Benbentwo (#30)

This pull request includes a version constraint update for the AWS provider in the Terraform configuration file `src/versions.tf`. The change ensures compatibility with versions up to but not including 6.0.0.

src/versions.tf: Updated the version constraint for the aws provider to >= 4.9.0, < 6.0.0 to ensure compatibility with future versions while avoiding potential breaking changes in version 6.0.0.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#36)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Contributors

Benbentwo

Assets 2

28 Jun 10:06

cloudposse-releaser

v1.536.0

e900025

v1.536.0

chore(deps): restrict helm provider version to ~ 2.0.0 @Benbentwo (#31)

This pull request includes a version constraint update for the Helm provider in the Terraform configuration file `src/versions.tf`. The change ensures compatibility with versions up to but not including 3.0.0.

Add component tests @goruha (#17)

# What * [ ] Add `basic` component test * [ ] Add `disabled` component test * [ ] Test component drifting * [ ] Add any additional use case tests

Why

Test basic component features
Verify that the component does not create any resources when input enabled: false set
Verify that the component does not drift on a second run with the same inputs
Add test for any additional than basic use cases for the component

References

Summary by CodeRabbit

Chores
- Streamlined configuration management by removing redundant dependency imports, simplifying the setup process.
Bug Fixes
- Increased timeout duration for waiting on the readiness of ExternalSecret resources, enhancing reliability in tests.
- Improved test flow and clarity by adding comments and ensuring proper resource checks during deployment.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#34)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Enable merge queue @goruha (#29)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

Support auto merge PRs
Create merge queue
Implement new CodeOwners policy

Enable merge queue @goruha (#28)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

Support auto merge PRs
Create merge queue
Implement new CodeOwners policy

chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 in /test @[dependabot[bot]](https://github.com/apps/dependabot) (#19)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0.

Commits

e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
1f1fa29 publicsuffix: regenerate table
1215081 http2: improve error when server sends HTTP/1
312450e html: ensure <search> tag closes <p> and update tests
09731f9 http2: improve handling of lost PING in Server
55989e2 http2/h2c: use ResponseController for hijacking connections
2914f46 websocket: re-recommend gorilla/websocket
99b3ae0 go.mod: update golang.org/x dependencies
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.40.0 @[renovate[bot]](https://github.com/apps/renovate) (#27)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.38.0` -> `0.40.0`