fix: Change tags for 'aws_s3_bucket_object' based on AWS limit and add validation for them (#26)

Co-authored-by: Bryant Biggs <[email protected]>
Resolves #25

Author: alena-volchanskaia

.github/workflows/pre-commit.yml

@@ -8,6 +8,7 @@ on:
 
 env:
   TERRAFORM_DOCS_VERSION: v0.16.0
+  TFLINT_VERSION: v0.44.1
 
 jobs:
   collectInputs:
@@ -21,7 +22,7 @@ jobs:
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/[email protected].0
+        uses: clowdhaus/terraform-composite-actions/[email protected].3
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -36,24 +37,26 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/[email protected].0
+        uses: clowdhaus/[email protected].4
         with:
           directory: ${{ matrix.directory }}
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected].0
+        uses: clowdhaus/terraform-composite-actions/[email protected].3
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/[email protected].0
+        uses: clowdhaus/terraform-composite-actions/[email protected].3
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
 
   preCommitMaxVersion:
@@ -69,10 +72,12 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/[email protected].0
+        uses: clowdhaus/[email protected].4
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/[email protected].0
+        uses: clowdhaus/terraform-composite-actions/[email protected].3
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          install-hcledit: true

.github/workflows/release.yml

@@ -4,6 +4,7 @@ on:
   workflow_dispatch:
   push:
     branches:
+      - main
       - master
     paths:
       - '**/*.tpl'

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.77.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer

README.md

@@ -38,6 +38,7 @@ module "log_forwarder" {
   s3_zip_kms_key_id             = var.log_forwarder_s3_zip_kms_key_id
   s3_zip_metadata               = var.log_forwarder_s3_zip_metadata
   s3_zip_tags                   = var.log_forwarder_s3_zip_tags
+  s3_zip_tags_only              = var.log_forwarder_s3_zip_tags_only
 
   create_role               = var.create_log_forwarder_role
   role_arn                  = var.log_forwarder_role_arn

main.tf

@@ -144,7 +144,7 @@ resource "aws_s3_object" "this" {
   kms_key_id             = var.s3_zip_kms_key_id
   metadata               = var.s3_zip_metadata
 
-  tags = merge(var.tags, var.s3_zip_tags, local.version_tag)
+  tags = var.s3_zip_tags_only ? var.s3_zip_tags : merge(var.tags, var.s3_zip_tags, local.version_tag)
 
   depends_on = [null_resource.this]
 }

modules/log_forwarder/README.md

@@ -93,6 +93,12 @@ variable "s3_zip_tags" {
   default     = {}
 }
 
+variable "s3_zip_tags_only" {
+  description = "Set to true to not merge `var.tags` with `s3_zip_tags`. Useful to avoid breaching S3 Object 10 tag limit"
+  type        = bool
+  default     = false
+}
+
 # Forwarder IAM Role
 variable "create_role" {
   description = "Controls whether an IAM role is created for the forwarder"
@@ -182,7 +188,7 @@ variable "s3_log_bucket_arns" {
 variable "forwarder_version" {
   description = "Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases"
   type        = string
-  default     = "3.44.0"
+  default     = "3.69.0"
 }
 
 variable "name" {

modules/log_forwarder/main.tf

@@ -112,7 +112,7 @@ variable "policy_path" {
 variable "forwarder_version" {
   description = "Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases"
   type        = string
-  default     = "3.44.0"
+  default     = "3.69.0"
 }
 
 variable "name" {