|
|
@@ -1,32 +1,49 @@
|
|
|
{
|
|
|
"version": 4,
|
|
|
"terraform_version": "1.3.7",
|
|
|
- "serial": 170,
|
|
|
+ "serial": 181,
|
|
|
"lineage": "7413839f-c67c-02f5-4933-fcb84251bb29",
|
|
|
"outputs": {},
|
|
|
"resources": [
|
|
|
{
|
|
|
- "mode": "managed",
|
|
|
- "type": "aws_iam_policy",
|
|
|
- "name": "policy",
|
|
|
+ "mode": "data",
|
|
|
+ "type": "aws_iam_policy_document",
|
|
|
+ "name": "policy_document",
|
|
|
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
|
|
"instances": [
|
|
|
{
|
|
|
"schema_version": 0,
|
|
|
"attributes": {
|
|
|
- "arn": "arn:aws:iam::259692501178:policy/terraform-20230117075546916900000001",
|
|
|
- "description": "",
|
|
|
- "id": "arn:aws:iam::259692501178:policy/terraform-20230117075546916900000001",
|
|
|
- "name": "terraform-20230117075546916900000001",
|
|
|
- "name_prefix": null,
|
|
|
- "path": "/",
|
|
|
- "policy": "{\"Statement\":[{\"Action\":[\"codebuild:StartBuild\",\"codebuild:StopBuild\",\"codebuild:RetryBuild\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}],\"Version\":\"2012-10-17\"}",
|
|
|
- "policy_id": "ANPATY5XBDC5MRV6GEQHJ",
|
|
|
- "tags": null,
|
|
|
- "tags_all": {}
|
|
|
+ "id": "3300858488",
|
|
|
+ "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:StopBuild\",\n \"codebuild:StartBuild\",\n \"codebuild:RetryBuild\",\n \"codebuild:BatchGetBuilds\"\n ],\n \"Resource\": \"arn:aws:codebuild:ap-northeast-1:259692501178:project/growi-official-image-builder\"\n }\n ]\n}",
|
|
|
+ "override_json": null,
|
|
|
+ "override_policy_documents": null,
|
|
|
+ "policy_id": null,
|
|
|
+ "source_json": null,
|
|
|
+ "source_policy_documents": null,
|
|
|
+ "statement": [
|
|
|
+ {
|
|
|
+ "actions": [
|
|
|
+ "codebuild:BatchGetBuilds",
|
|
|
+ "codebuild:RetryBuild",
|
|
|
+ "codebuild:StartBuild",
|
|
|
+ "codebuild:StopBuild"
|
|
|
+ ],
|
|
|
+ "condition": [],
|
|
|
+ "effect": "Allow",
|
|
|
+ "not_actions": [],
|
|
|
+ "not_principals": [],
|
|
|
+ "not_resources": [],
|
|
|
+ "principals": [],
|
|
|
+ "resources": [
|
|
|
+ "arn:aws:codebuild:ap-northeast-1:259692501178:project/growi-official-image-builder"
|
|
|
+ ],
|
|
|
+ "sid": ""
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "version": "2012-10-17"
|
|
|
},
|
|
|
- "sensitive_attributes": [],
|
|
|
- "private": "bnVsbA=="
|
|
|
+ "sensitive_attributes": []
|
|
|
}
|
|
|
]
|
|
|
},
|
|
|
@@ -436,7 +453,10 @@
|
|
|
"sensitive_attributes": [],
|
|
|
"private": "bnVsbA==",
|
|
|
"dependencies": [
|
|
|
- "module.codebuild.data.aws_iam_policy_document.combined_permissions"
|
|
|
+ "module.codebuild.data.aws_iam_policy_document.combined_permissions",
|
|
|
+ "module.codebuild.data.aws_iam_policy_document.permissions",
|
|
|
+ "module.codebuild.data.aws_iam_policy_document.vpc_permissions",
|
|
|
+ "module.codebuild.data.aws_s3_bucket.secondary_artifact"
|
|
|
]
|
|
|
}
|
|
|
]
|
|
|
@@ -712,7 +732,12 @@
|
|
|
"description": "Role assumed by the GitHub OIDC provider.",
|
|
|
"force_detach_policies": false,
|
|
|
"id": "GitHubOIDC-for-growi",
|
|
|
- "inline_policy": [],
|
|
|
+ "inline_policy": [
|
|
|
+ {
|
|
|
+ "name": "inline_policy",
|
|
|
+ "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:StopBuild\",\n \"codebuild:StartBuild\",\n \"codebuild:RetryBuild\",\n \"codebuild:BatchGetBuilds\"\n ],\n \"Resource\": \"arn:aws:codebuild:ap-northeast-1:259692501178:project/growi-official-image-builder\"\n }\n ]\n}"
|
|
|
+ }
|
|
|
+ ],
|
|
|
"managed_policy_arns": [
|
|
|
"arn:aws:iam::aws:policy/ReadOnlyAccess"
|
|
|
],
|
|
|
@@ -728,34 +753,8 @@
|
|
|
"sensitive_attributes": [],
|
|
|
"private": "bnVsbA==",
|
|
|
"dependencies": [
|
|
|
- "module.oidc_github.aws_iam_openid_connect_provider.github",
|
|
|
- "module.oidc_github.data.aws_iam_openid_connect_provider.github",
|
|
|
- "module.oidc_github.data.aws_iam_policy_document.assume_role",
|
|
|
- "module.oidc_github.data.tls_certificate.github"
|
|
|
- ]
|
|
|
- }
|
|
|
- ]
|
|
|
- },
|
|
|
- {
|
|
|
- "module": "module.oidc_github",
|
|
|
- "mode": "managed",
|
|
|
- "type": "aws_iam_role_policy_attachment",
|
|
|
- "name": "custom",
|
|
|
- "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
|
|
- "instances": [
|
|
|
- {
|
|
|
- "index_key": 0,
|
|
|
- "schema_version": 0,
|
|
|
- "attributes": {
|
|
|
- "id": "GitHubOIDC-for-growi-20230117075548501900000002",
|
|
|
- "policy_arn": "arn:aws:iam::259692501178:policy/terraform-20230117075546916900000001",
|
|
|
- "role": "GitHubOIDC-for-growi"
|
|
|
- },
|
|
|
- "sensitive_attributes": [],
|
|
|
- "private": "bnVsbA==",
|
|
|
- "dependencies": [
|
|
|
- "aws_iam_policy.policy",
|
|
|
- "module.oidc_github.aws_iam_role.github"
|
|
|
+ "data.aws_iam_policy_document.policy_document",
|
|
|
+ "module.oidc_github.data.aws_iam_policy_document.assume_role"
|
|
|
]
|
|
|
}
|
|
|
]
|
|
|
@@ -778,6 +777,15 @@
|
|
|
"sensitive_attributes": [],
|
|
|
"private": "bnVsbA==",
|
|
|
"dependencies": [
|
|
|
+ "data.aws_iam_policy_document.policy_document",
|
|
|
+ "module.codebuild.aws_codebuild_project.default",
|
|
|
+ "module.codebuild.aws_codebuild_source_credential.authorization",
|
|
|
+ "module.codebuild.aws_iam_role.default",
|
|
|
+ "module.codebuild.aws_s3_bucket.cache_bucket",
|
|
|
+ "module.codebuild.data.aws_caller_identity.default",
|
|
|
+ "module.codebuild.data.aws_iam_policy_document.role",
|
|
|
+ "module.codebuild.data.aws_region.default",
|
|
|
+ "module.codebuild.random_string.bucket_prefix",
|
|
|
"module.oidc_github.aws_iam_openid_connect_provider.github",
|
|
|
"module.oidc_github.aws_iam_role.github",
|
|
|
"module.oidc_github.data.aws_iam_openid_connect_provider.github",
|
Yuki Takei