chore: update release config (#113)

## Motivation
To reflect the latest folder structure.

Signed-off-by: Max Xu <xuhuan@live.cn>

Author: maxsxu

.github/workflows/terraform.yml

@@ -1,4 +1,5 @@
-name: "TF GH Action"
+name: Terraform
+
 on:
   - pull_request
 
@@ -11,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 0.15.x
+          terraform_version: "1.5.5"
 
       - name: Terraform fmt
         run: terraform fmt -recursive -write=false -check -diff .
@@ -27,13 +28,13 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform_version: [1.3.x]
+        terraform_version: ["1.5.5"]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Terraform ${{ matrix.terraform_version }}
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ matrix.terraform_version }}
 

README.md

@@ -28,33 +28,44 @@ More detailed documentation can be viewed in the respective module directory.
 
 Run the following terraform file within your AWS profile:
 
+<!-- x-release-please-start-version -->
 ```hcl
+provider "aws" {
+  region = <YOUR_REGION>
+}
+
 module "sn_managed_cloud" {
-  source = "github.com/streamnative/terraform-managed-cloud//modules/aws?ref=<LATEST_GIT_TAG>"
+  source = "github.com/streamnative/terraform-managed-cloud//modules/aws/vendor-access?ref=v3.19.0"
 
   external_id = "<YOUR_SNCLOUD_ORG_ID>"
 }
 ```
+<!-- x-release-please-end -->
 
 ### Using GCP module
 
 Run the following terraform file within your GCP credentials:
 
+<!-- x-release-please-start-version -->
 ```hcl
 provider "google" {
   project = "<YOUR_PROJECT>"
 }
 
 module "sn_managed_cloud" {
-  source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/vendor-access?ref=<LATEST_GIT_TAG>"
+  source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/vendor-access?ref=v3.19.0"
+
   project = "<YOUR_PROJECT>"
+  streamnative_org_id = "<YOUR_SNCLOUD_ORG_ID>"
 }
 ```
+<!-- x-release-please-end -->
 
 ### Using Azure module
 
 Run the following terraform file within your Azure credentials:
 
+<!-- x-release-please-start-version -->
 ```hcl
 provider "azurerm" {
   features {
@@ -64,56 +75,56 @@ provider "azurerm" {
 
 provider "azuread" {}
 
-module "azure-sn-cloud-manager" {
-  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/sn-cloud-manager?ref=<LATEST_GIT_TAG>"
+module "sn_cloud_manager" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/sn-cloud-manager?ref=v3.19.0"
 
+  streamnative_org_id     = "<YOUR_SNCLOUD_ORG_ID>"
   resource_group_location = "<RESOURCE_GROUP_LOCATION>"
-  streamnative_org_id = "<YOUR_SNCLOUD_ORG_ID>"
 }
 
-module "sn-managed-cloud" {
-  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/vendor-access?ref=<LATEST_GIT_TAG>"
+module "sn_managed_cloud" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/azure/vendor-access?ref=v3.19.0"
 
+  streamnative_org_id     = "<YOUR_SNCLOUD_ORG_ID>"
   resource_group_name     = "<RESOURCE_GROUP_NAME>"
   resource_group_location = "<RESOURCE_GROUP_LOCATION>"
 
-  streamnative_org_id = "<YOUR_SNCLOUD_ORG_ID>"
-
-  sn_automation_principal_id = module.azure-sn-cloud-manager.sn_automation_principal_id
-  sn_support_principal_id = module.azure-sn-cloud-manager.sn_support_principal_id
-  sn_automation_client_id = module.azure-sn-cloud-manager.sn_automation_client_id
-  sn_support_client_id = module.azure-sn-cloud-manager.sn_support_client_id
+  sn_automation_principal_id = module.sn_cloud_manager.sn_automation_principal_id
+  sn_automation_client_id = module.sn_cloud_manager.sn_automation_client_id
+  sn_support_principal_id = module.sn_cloud_manager.sn_support_principal_id
+  sn_support_client_id = module.sn_cloud_manager.sn_support_client_id
 
   depends_on = [
-    module.azure-sn-cloud-manager
+    module.sn_cloud_manager
   ]
 }
 
-output "client_id" {
-  value       = module.sn-managed-cloud.sn_automation_client_id
-  description = "The client ID of the sn automation service principal for StreamNative Cloud automation"
-}
-
-output "support_client_id" {
-  value       = module.sn-managed-cloud.sn_support_client_id
-  description = "The client ID of the sn support service principal for StreamNative Cloud support access"
-}
-
 output "subscription_id" {
-  value       = module.sn-managed-cloud.subscription_id
+  value       = module.sn_managed_cloud.subscription_id
   description = "The subscription ID of the AKS cluster"
 }
 
 output "tenant_id" {
-  value       = module.sn-managed-cloud.tenant_id
+  value       = module.sn_managed_cloud.tenant_id
   description = "The tenant ID of the AKS cluster"
 }
 
+output "client_id" {
+  value       = module.sn_managed_cloud.sn_automation_client_id
+  description = "The client ID of the sn automation service principal for StreamNative Cloud automation"
+}
+
+output "support_client_id" {
+  value       = module.sn_managed_cloud.sn_support_client_id
+  description = "The client ID of the sn support service principal for StreamNative Cloud support access"
+}
+
 output "resource_group_name" {
-  value       = module.sn-managed-cloud.resource_group_name
+  value       = module.sn_managed_cloud.resource_group_name
   description = "The name of the resource group where the AKS cluster will be created"
 }
 ```
+<!-- x-release-please-end -->
 
 ## Examples
 Examples of the modules can be found in the `examples` directory.

modules/aws/vendor-access/README.md

@@ -120,20 +120,26 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_iam_policy.alb_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.bootstrap_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.management_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.permission_boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.provision_1_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.provision_2_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.provision_preserve_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.runtime_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.bootstrap_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.management_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.bootstrap_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.bootstrap_readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.management_readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.management_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.provision1_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.provision2_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.provision_preserve_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [local_file.alb_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
-| [local_file.bootstrap_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.management_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.permission_boundary_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.provision1_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.provision2_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.provision_preserve_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.runtime_policy](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.streamnative_bootstrap_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -157,17 +163,17 @@ No modules.
 | <a name="input_region"></a> [region](#input\_region) | The AWS region where your instance of StreamNative Cloud is deployed. Defaults to all regions "*" | `string` | `"*"` | no |
 | <a name="input_s3_bucket_pattern"></a> [s3\_bucket\_pattern](#input\_s3\_bucket\_pattern) | Defines the bucket prefix for streamnative managed buckets (backup and offload). Typically defaults to "snc-*", but should match the bucket created using the tiered-storage-resources module | `string` | `"*snc*"` | no |
 | <a name="input_s3_kms_key_arns"></a> [s3\_kms\_key\_arns](#input\_s3\_kms\_key\_arns) | List of KMS key ARNs to use for S3 buckets | `list(string)` | `[]` | no |
-| <a name="input_sn_policy_version"></a> [sn\_policy\_version](#input\_sn\_policy\_version) | The value of SNVersion tag | `string` | `"3.14.1"` | no |
+| <a name="input_sn_policy_version"></a> [sn\_policy\_version](#input\_sn\_policy\_version) | The value of SNVersion tag | `string` | `"3.16.1"` | no |
 | <a name="input_source_identities"></a> [source\_identities](#input\_source\_identities) | Place an additional constraint on source identity, disabled by default and only to be used if specified by StreamNative | `list(any)` | `[]` | no |
 | <a name="input_source_identity_test"></a> [source\_identity\_test](#input\_source\_identity\_test) | The test to use for source identity | `string` | `"ForAnyValue:StringLike"` | no |
 | <a name="input_streamnative_google_account_id"></a> [streamnative\_google\_account\_id](#input\_streamnative\_google\_account\_id) | (Deprecated, use streamnative\_google\_account\_ids instead) The Google Cloud service account ID used by StreamNative for Control Plane operations | `string` | `"108050666045451143798"` | no |
-| <a name="input_streamnative_google_account_ids"></a> [streamnative\_google\_account\_ids](#input\_streamnative\_google\_account\_ids) | The Google Cloud service account IDs used by StreamNative for Control Plane operations | `list(string)` | <pre>[<br>  "108050666045451143798"<br>]</pre> | no |
+| <a name="input_streamnative_google_account_ids"></a> [streamnative\_google\_account\_ids](#input\_streamnative\_google\_account\_ids) | The Google Cloud service account IDs used by StreamNative for Control Plane operations | `list(string)` | <pre>[<br/>  "108050666045451143798"<br/>]</pre> | no |
 | <a name="input_streamnative_principal_ids"></a> [streamnative\_principal\_ids](#input\_streamnative\_principal\_ids) | When set, this applies an additional check for certain StreamNative principals to futher restrict access to which services / users can access an account. | `list(string)` | `[]` | no |
-| <a name="input_streamnative_support_access_role_arns"></a> [streamnative\_support\_access\_role\_arns](#input\_streamnative\_support\_access\_role\_arns) | A list ARNs provided by StreamNative that enable streamnative support engineers access the StreamNativeCloudBootstrapRole. This is used only in some initial provisioning and in case of on-call support. | `list(string)` | <pre>[<br>  "arn:aws:iam::311022431024:role/cloud-support-general"<br>]</pre> | no |
-| <a name="input_streamnative_vendor_access_role_arns"></a> [streamnative\_vendor\_access\_role\_arns](#input\_streamnative\_vendor\_access\_role\_arns) | A list ARNs provided by StreamNative that enable us to work with the Vendor Access Roles created by this module (StreamNativeCloudBootstrapRole, StreamNativeCloudManagementRole). This is how StreamNative is granted access into your AWS account, and should typically be the default value unless directed otherwise. This arns are used *only* for automations. | `list(string)` | <pre>[<br>  "arn:aws:iam::311022431024:role/cloud-manager"<br>]</pre> | no |
+| <a name="input_streamnative_support_access_role_arns"></a> [streamnative\_support\_access\_role\_arns](#input\_streamnative\_support\_access\_role\_arns) | A list ARNs provided by StreamNative that enable streamnative support engineers access the StreamNativeCloudBootstrapRole. This is used only in some initial provisioning and in case of on-call support. | `list(string)` | <pre>[<br/>  "arn:aws:iam::311022431024:role/cloud-support-general"<br/>]</pre> | no |
+| <a name="input_streamnative_vendor_access_role_arns"></a> [streamnative\_vendor\_access\_role\_arns](#input\_streamnative\_vendor\_access\_role\_arns) | A list ARNs provided by StreamNative that enable us to work with the Vendor Access Roles created by this module (StreamNativeCloudBootstrapRole, StreamNativeCloudManagementRole). This is how StreamNative is granted access into your AWS account, and should typically be the default value unless directed otherwise. This arns are used *only* for automations. | `list(string)` | <pre>[<br/>  "arn:aws:iam::311022431024:role/cloud-manager"<br/>]</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Extra tags to apply to the resources created by this module. | `map(string)` | `{}` | no |
 | <a name="input_test_suffix"></a> [test\_suffix](#input\_test\_suffix) | Used in testing to apply us to apply multiple versions of the role | `string` | `""` | no |
-| <a name="input_vpc_allowed_ids"></a> [vpc\_allowed\_ids](#input\_vpc\_allowed\_ids) | Allows for further scoping down policy for allowed VPC | `list(any)` | <pre>[<br>  "*"<br>]</pre> | no |
+| <a name="input_vpc_allowed_ids"></a> [vpc\_allowed\_ids](#input\_vpc\_allowed\_ids) | Allows for further scoping down policy for allowed VPC | `list(any)` | <pre>[<br/>  "*"<br/>]</pre> | no |
 | <a name="input_write_policy_files"></a> [write\_policy\_files](#input\_write\_policy\_files) | Write the policy files locally to disk for debugging and validation | `bool` | `false` | no |
 
 ## Outputs

release-please-config.json

@@ -11,7 +11,8 @@
                 ".github"
             ],
             "extra-files": [
-                "modules/aws/variables.tf"
+                "README.md",
+                "modules/aws/vendor-access/variables.tf"
             ]
         }
     }