add versioning field

terraform-modules · Jan 5, 2023 · f5558a7 · f5558a7
1 parent 431d5b1
commit f5558a7
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -157,3 +157,9 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 * 3.3.5 -- 2022-11-09
   - common
     - fix up bucket_owner when value is empty or null
+
+* 3.3.6 -- 2023-01-05
+  - common
+    - add versioning field
+  - standard
+    - allow use of versioning field
diff --git a/common/variables.s3.tf b/common/variables.s3.tf
@@ -114,3 +114,9 @@ variable "bucket_policy_disabled" {
   type        = bool
   default     = false
 }
+
+variable "versioning" {
+  descripton = "Flag to enable ot disable bucket versioning.  This may be used for the standard submodule, but it is ignored for title26 (enforced to be enabled)"
+  type       = bool
+  default    = false
+}
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.3.5"
+  _module_version = "3.3.6"
 }
diff --git a/standard/README.md b/standard/README.md
@@ -180,12 +180,12 @@ No modules.
 | [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
 | [aws_s3_bucket_logging.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
-| [aws_s3_bucket_object.this_objects](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource |
 | [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
 | [aws_s3_bucket_server_side_encryption_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
 | [aws_s3_bucket_versioning.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
+| [aws_s3_object.this_objects](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
 | [null_resource.name_too_long](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
@@ -211,6 +211,7 @@ No modules.
 | <a name="input_bucket_key_enabled"></a> [bucket\_key\_enabled](#input\_bucket\_key\_enabled) | Enable or disable the use of S3 Bucket Keys (see AWS documenation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html). | `bool` | `false` | no |
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | AWS Bucket Name.  Standard prefix will be applied here, do not include here. | `string` | n/a | yes |
 | <a name="input_bucket_owner"></a> [bucket\_owner](#input\_bucket\_owner) | One of BucketOwnerPreferred, ObjectWriter, or BucketOwnerEnforced. See S3 Documentation for more information (default: BucketOwnerPreferred, requires bucket-owner-full-control option when uploading | `string` | `"BucketOwnerPreferred"` | no |
+| <a name="input_bucket_policy_disabled"></a> [bucket\_policy\_disabled](#input\_bucket\_policy\_disabled) | Flag to enable or disable the default bucket policy.  This is used for where we need to create the bucket policy outside of the module to prevent cyclical setup | `bool` | `false` | no |
 | <a name="input_bucket_policy_document"></a> [bucket\_policy\_document](#input\_bucket\_policy\_document) | IAM Policy document describing additional policy to be attached to the bucket beyond the default | `string` | `""` | no |
 | <a name="input_bucket_policy_document_template"></a> [bucket\_policy\_document\_template](#input\_bucket\_policy\_document\_template) | IAM Policy document template describing additional policy to be attached to the bucket beyond the default. This is so we can inject the S3 Bucket ARN into a policy without a loop. Construct the policy with ${s3\_bucket\_arn} where you need it to be in a resource. This also supports ${s3\_bucket\_id} and ${kms\_key\_arn} | `string` | `null` | no |
 | <a name="input_data_safeguards"></a> [data\_safeguards](#input\_data\_safeguards) | Selected available safeguards which apply to the data in the bucket | `list(string)` | `[]` | no |
@@ -221,6 +222,7 @@ No modules.
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | AWS KMS Key ID (one per bucket).  This is currently ignored (and deprecated). | `string` | `null` | no |
 | <a name="input_kms_policy_document"></a> [kms\_policy\_document](#input\_kms\_policy\_document) | AWS KMS Key Policy Document JSON, merged with admin policy document | `string` | `""` | no |
 | <a name="input_metadata_tags"></a> [metadata\_tags](#input\_metadata\_tags) | AWS S3 Custom metadata (prefix x-amzn-meta- automatically included, not needed here).  If data\_safeguard labels are applied, they will be incorporated on any bucket objects created. | `map(string)` | `{}` | no |
+| <a name="input_multi_region"></a> [multi\_region](#input\_multi\_region) | Flag to enable or disable the use of a multi-region KMS key (default=false) | `bool` | `false` | no |
 | <a name="input_name_enforce_region_compact"></a> [name\_enforce\_region\_compact](#input\_name\_enforce\_region\_compact) | Flag to determine if we the rewrite the full region name to a shorter region name no matter the lenth of the string. Only usable with name\_include\_region. | `bool` | `false` | no |
 | <a name="input_name_include_account"></a> [name\_include\_account](#input\_name\_include\_account) | Flag to determine if we include the AWS Account id in the resulting bucket name | `bool` | `false` | no |
 | <a name="input_name_include_region"></a> [name\_include\_region](#input\_name\_include\_region) | Flag to determine if we include the full region name in the resulting bucket name | `bool` | `false` | no |
@@ -229,6 +231,7 @@ No modules.
 | <a name="input_require_explicit_encryption"></a> [require\_explicit\_encryption](#input\_require\_explicit\_encryption) | When enabled, adds bucket policy to Deny unencrypted uploads and incorrect encryption header.  Should not normally be needed. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_use_kms_encryption"></a> [use\_kms\_encryption](#input\_use\_kms\_encryption) | Enable AWS:KMS encryption (default). If false, enables SSE-S3 (AES256), needed for some AWS services access | `bool` | `true` | no |
+| <a name="input_versioning"></a> [versioning](#input\_versioning) | n/a | `bool` | `false` | no |
 
 ## Outputs
 

diff --git a/standard/main.tf b/standard/main.tf
@@ -156,6 +156,6 @@
 
 locals {
   enable_title26 = var.enable_title26 ? true : false
-  versioning     = false
+  versioning     = var.versioning
 }