From 9fc3749943577ac6e54e905703003a783df474b8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 25 Jun 2026 15:19:03 +0000 Subject: [PATCH 1/2] chore(main): release 5.0.0 --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4d9b08e..7158b020 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## [5.0.0](https://github.com/nullplatform/tofu-modules/compare/v4.6.0...v5.0.0) (2026-06-25) + + +### ⚠ BREAKING CHANGES + +* **iam:** infrastructure/aws/iam/ecr no longer creates the build workflow user, access key or group, and no longer outputs build_workflow_access_key_id / build_workflow_access_key_secret. Consumers must instantiate the new build-user module, pass its group_name to ecr (new required input build_workflow_group_name) and to s3-assets, take the build credentials from build-user outputs, and run a tofu state mv to preserve the existing user and access key (see infrastructure/aws/iam/build-user/README.md). The IAM group is renamed from ecr-managers to asset-publishers (recreated; does not rotate the user's keys). + +### Features + +* **iam:** separate build workflow user from asset repositories + add S3 asset support ([#402](https://github.com/nullplatform/tofu-modules/issues/402)) ([9ae9e09](https://github.com/nullplatform/tofu-modules/commit/9ae9e095e5090d08508b97e6ec4da1a1b7e2ab6a)) + ## [4.6.0](https://github.com/nullplatform/tofu-modules/compare/v4.5.2...v4.6.0) (2026-06-25) From 936773d7208bf2579e8c23af23fdf3e2a04f9786 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 25 Jun 2026 15:21:38 +0000 Subject: [PATCH 2/2] docs: regenerate READMEs for changed modules and update versions --- infrastructure/aws/acm/README.md | 2 +- .../aws_load_balancer_controller/README.md | 2 +- infrastructure/aws/backend/README.md | 2 +- infrastructure/aws/dns/README.md | 2 +- infrastructure/aws/eks/README.md | 2 +- infrastructure/aws/iam/agent/README.md | 2 +- .../README.md | 2 +- infrastructure/aws/iam/cert_manager/README.md | 2 +- .../aws/iam/ci-build-workflow-user/README.md | 90 +++++++++---------- infrastructure/aws/iam/ecr/README.md | 42 ++++----- infrastructure/aws/iam/external_dns/README.md | 2 +- infrastructure/aws/iam/s3-assets/README.md | 67 ++++++++++---- infrastructure/aws/iam/s3/README.md | 2 +- infrastructure/aws/ingress/README.md | 2 +- infrastructure/aws/security/README.md | 2 +- infrastructure/aws/vpc/README.md | 2 +- infrastructure/azure/acr/README.md | 2 +- infrastructure/azure/aks/README.md | 2 +- .../azure/aks_route_table/README.md | 2 +- infrastructure/azure/dns/README.md | 2 +- infrastructure/azure/iam/README.md | 2 +- infrastructure/azure/private_dns/README.md | 2 +- infrastructure/azure/resource_group/README.md | 2 +- infrastructure/azure/security/README.md | 2 +- infrastructure/azure/vnet/README.md | 2 +- infrastructure/commons/cert_manager/README.md | 12 +-- infrastructure/commons/external_dns/README.md | 12 +-- infrastructure/commons/istio/README.md | 2 +- infrastructure/commons/prometheus/README.md | 2 +- .../gcp/artifact-registry/README.md | 2 +- infrastructure/gcp/cloud-dns/README.md | 2 +- infrastructure/gcp/cloud-nat/README.md | 2 +- infrastructure/gcp/gke/README.md | 2 +- infrastructure/gcp/iam/README.md | 2 +- infrastructure/gcp/security/README.md | 2 +- infrastructure/gcp/vpc/README.md | 2 +- infrastructure/oci/backend/README.md | 2 +- infrastructure/oci/dns/README.md | 2 +- infrastructure/oci/dynamic_groups/README.md | 2 +- infrastructure/oci/oke/README.md | 2 +- infrastructure/oci/vcn/README.md | 2 +- nullplatform/account/README.md | 34 ++++--- nullplatform/agent/README.md | 12 +-- nullplatform/api_key/README.md | 14 +-- nullplatform/asset/docker_server/README.md | 6 +- nullplatform/asset/ecr/README.md | 45 +++++----- nullplatform/asset/s3/README.md | 70 ++++++++++----- nullplatform/base/README.md | 14 +-- nullplatform/cloud/aws/cloud/README.md | 6 +- nullplatform/cloud/aws/vpc/README.md | 6 +- nullplatform/cloud/azure/cloud/README.md | 58 ++++++++---- nullplatform/cloud/gcp/cloud/README.md | 6 +- nullplatform/cloud/oci/cloud/README.md | 6 +- nullplatform/code_repository/README.md | 10 +-- .../container_orchestration/aks/README.md | 6 +- .../container_orchestration/eks/README.md | 6 +- .../container_orchestration/gke/README.md | 6 +- .../container_orchestration/oke/README.md | 6 +- nullplatform/dimension/README.md | 6 +- nullplatform/dimension_value/README.md | 6 +- .../identity-access-control/README.md | 6 +- nullplatform/metrics/README.md | 40 ++++----- nullplatform/scope_configuration/README.md | 44 ++++----- nullplatform/scope_definition/README.md | 6 +- .../README.md | 58 ++++++------ nullplatform/service_definition/README.md | 6 +- .../README.md | 6 +- nullplatform/users/README.md | 38 ++++---- 68 files changed, 447 insertions(+), 375 deletions(-) diff --git a/infrastructure/aws/acm/README.md b/infrastructure/aws/acm/README.md index 57f2c55e..db6f46b8 100644 --- a/infrastructure/aws/acm/README.md +++ b/infrastructure/aws/acm/README.md @@ -18,7 +18,7 @@ The module creates an aws_acm_certificate resource with DNS validation, which is ```hcl module "acm" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v5.0.0" domain_name = "your-domain-name" zone_id = "your-zone-id" diff --git a/infrastructure/aws/aws_load_balancer_controller/README.md b/infrastructure/aws/aws_load_balancer_controller/README.md index c6f6d6bb..9dad7469 100644 --- a/infrastructure/aws/aws_load_balancer_controller/README.md +++ b/infrastructure/aws/aws_load_balancer_controller/README.md @@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the AWS Load Balancer Cont ```hcl module "aws_load_balancer_controller" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v5.0.0" cluster_name = "your-cluster-name" vpc_id = "your-vpc-id" diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md index b81a26d4..441e41ee 100644 --- a/infrastructure/aws/backend/README.md +++ b/infrastructure/aws/backend/README.md @@ -20,7 +20,7 @@ This module creates an S3 bucket with versioning and server-side encryption enab ```hcl module "backend" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v5.0.0" } ``` diff --git a/infrastructure/aws/dns/README.md b/infrastructure/aws/dns/README.md index a0a7c78e..9f9483c8 100644 --- a/infrastructure/aws/dns/README.md +++ b/infrastructure/aws/dns/README.md @@ -21,7 +21,7 @@ The module conditionally creates an aws_route53_zone resource for a public hoste ```hcl module "dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v5.0.0" domain_name = "your-domain-name" vpc_id = "your-vpc-id" diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md index ecfb10a2..b30c3068 100644 --- a/infrastructure/aws/eks/README.md +++ b/infrastructure/aws/eks/README.md @@ -22,7 +22,7 @@ The module wraps terraform-aws-modules/eks to create the EKS cluster (aws_eks_cl ```hcl module "eks" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v5.0.0" aws_subnets_private_ids = "your-aws-subnets-private-ids" aws_vpc_vpc_id = "your-aws-vpc-vpc-id" diff --git a/infrastructure/aws/iam/agent/README.md b/infrastructure/aws/iam/agent/README.md index b11746e5..5b3ca8ef 100644 --- a/infrastructure/aws/iam/agent/README.md +++ b/infrastructure/aws/iam/agent/README.md @@ -22,7 +22,7 @@ The module uses the terraform-aws-modules/iam//modules/iam-role-for-service-acco ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v5.0.0" agent_namespace = "your-agent-namespace" aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn" diff --git a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md index 1d85aa8b..ade9e5a5 100644 --- a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md +++ b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md @@ -19,7 +19,7 @@ This module creates an IAM role for the AWS Load Balancer Controller using the t ```hcl module "aws_load_balancer_controller_iam" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v5.0.0" aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn" cluster_name = "your-cluster-name" diff --git a/infrastructure/aws/iam/cert_manager/README.md b/infrastructure/aws/iam/cert_manager/README.md index b1b7575c..7e198c83 100644 --- a/infrastructure/aws/iam/cert_manager/README.md +++ b/infrastructure/aws/iam/cert_manager/README.md @@ -21,7 +21,7 @@ An aws_iam_policy is created granting Route53 permissions (GetChange, ChangeReso ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v5.0.0" aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn" cluster_name = "your-cluster-name" diff --git a/infrastructure/aws/iam/ci-build-workflow-user/README.md b/infrastructure/aws/iam/ci-build-workflow-user/README.md index 28889c02..2cc15629 100644 --- a/infrastructure/aws/iam/ci-build-workflow-user/README.md +++ b/infrastructure/aws/iam/ci-build-workflow-user/README.md @@ -1,72 +1,41 @@ -# Module: build-user +# Module: ci-build-workflow-user ## Description -Provisions the shared CI/CD build workflow IAM identity (user, access key, and group) used to publish application assets to any asset repository (ECR, S3, etc.) +Creates an AWS IAM user with access keys and an IAM group for CI/CD build workflow asset publishing in a nullplatform cluster ## Architecture -The module creates a single `aws_iam_user` with an `aws_iam_access_key` for CI/CD build workflows, plus an `aws_iam_group` named `asset-publishers` and the `aws_iam_user_group_membership` that adds the user to it. The group is the attachment point for per-destination permission modules: `infrastructure/aws/iam/ecr` attaches its ECR policy to this group, and `infrastructure/aws/iam/s3-assets` attaches its S3 policy to the same group. The build user therefore accumulates the permissions of every enabled destination through a single group, which matches how the platform CLI publishes assets (one credential set used for all asset types). +The module creates an aws_iam_user named with the cluster_name prefix and generates an aws_iam_access_key for programmatic access. An aws_iam_group is created to serve as the attachment point for downstream policy modules such as ECR or S3 asset repositories. An aws_iam_user_group_membership resource wires the build workflow user into the asset publishers group, and the access key credentials along with the group name are exposed as outputs for consumption by other modules. ## Features -- Creates a single namespaced `aws_iam_user` and `aws_iam_access_key` for CI/CD build workflow authentication -- Creates a destination-agnostic `aws_iam_group` (`asset-publishers`) that permission modules attach their policies to -- Adds the build user to the group via `aws_iam_user_group_membership` -- Exposes `group_name` so asset-repository modules (`ecr`, `s3-assets`) can grant permissions without recreating the identity +- Creates a namespaced aws_iam_user for CI/CD build workflow automation scoped to the cluster name +- Generates aws_iam_access_key credentials for programmatic AWS API access by the build workflow user +- Creates an aws_iam_group to serve as a shared attachment point for asset-publishing IAM policies +- Attaches the build workflow user to the asset publishers group via aws_iam_user_group_membership +- Outputs access key ID and sensitive secret key for use in CI/CD pipeline configuration +- Exposes the IAM group name output for policy attachment by downstream ECR and S3 asset modules ## Basic Usage ```hcl -module "build_user" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/build-user?ref=v5.0.0" +module "ci-build-workflow-user" { + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ci-build-workflow-user?ref=v5.0.0" cluster_name = "your-cluster-name" } ``` -The `group_name` output is consumed by the asset-repository permission modules: +## Using Outputs ```hcl -module "ecr" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v5.0.0" - - cluster_name = "your-cluster-name" - build_workflow_group_name = module.build_user.group_name -} - -module "s3_assets" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.0.0" - - cluster_name = "your-cluster-name" - build_workflow_group_name = module.build_user.group_name - assets_bucket = "your-assets-bucket" +# Reference outputs in other resources +resource "example_resource" "this" { + example_attribute = module.ci-build-workflow-user.build_workflow_access_key_id } ``` -## Migration from < v5.0.0 (build user previously created by `iam/ecr`) - -Before v5.0.0 the build workflow user, its access key and the group lived inside the `iam/ecr` -module. This module extracts them. To migrate **without rotating the access keys** (which would -break CI), move the user and its access key in state — the group is renamed -(`ecr-managers` → `asset-publishers`) and is recreated, which does not affect the user's credentials: - -```bash -tofu state mv 'module.ecr.aws_iam_user.nullplatform_build_workflow_user' \ - 'module.build_user.aws_iam_user.nullplatform_build_workflow_user' - -tofu state mv 'module.ecr.aws_iam_access_key.nullplatform_build_workflow_user_key' \ - 'module.build_user.aws_iam_access_key.nullplatform_build_workflow_user_key' -``` - -After the moves, a `tofu plan` should show **no changes** to the user and access key (only their -state address moved), the group + membership recreated as `asset-publishers`, and the ECR policy -re-attached to the new group. - -> **Security note:** the build credentials are read by the platform on each CI run (they are not -> stored as per-repository secrets), so rotating them periodically is a good practice and this -> module makes it easy — regenerate the access key and let the platform re-read the new value. - @@ -99,3 +68,32 @@ re-attached to the new group. | [build\_workflow\_access\_key\_secret](#output\_build\_workflow\_access\_key\_secret) | Secret access key for the CI/CD build workflow IAM user | | [group\_name](#output\_group\_name) | Name of the IAM group that asset-repository permission modules (ecr, s3-assets) attach their policies to. The build workflow user is a member of this group. | + + diff --git a/infrastructure/aws/iam/ecr/README.md b/infrastructure/aws/iam/ecr/README.md index 97581b11..997a67f8 100644 --- a/infrastructure/aws/iam/ecr/README.md +++ b/infrastructure/aws/iam/ecr/README.md @@ -2,41 +2,31 @@ ## Description -Provisions IAM resources for ECR image management and optional cross-account ECR pull access within a named cluster namespace. The build workflow identity (user, access key, group) lives in the `ci-build-workflow-user` module; this module only grants ECR permissions to that group. +Creates IAM roles and policies for managing ECR repositories and enabling cross-account image pull access in a nullplatform cluster ## Architecture -The module creates an aws_iam_role (application role with a configurable assume-role principal) and an aws_iam_policy for ECR management actions. The ECR manager policy is attached to the application role via aws_iam_role_policy_attachment and to the shared build-workflow group via aws_iam_group_policy_attachment. The group itself is created by the `ci-build-workflow-user` module and passed in through `build_workflow_group_name`. When enable_cross_account_pull is true, a separate aws_iam_role and aws_iam_policy scoped to read-only ECR actions are created and linked, with pull_account_ids driving the Principal trust statements. +The module creates an aws_iam_role named nullplatform-{cluster_name}-application-role with a trust policy allowing a configurable application manager role to assume it. An aws_iam_policy granting ECR repository management actions (create, delete, push, pull) is created and attached to the application role via aws_iam_role_policy_attachment, and also attached to an existing IAM group via aws_iam_group_policy_attachment. The ecr_repository_policy output conditionally renders a cross-account ECR repository policy JSON granting pull access to specified AWS account IDs when enable_cross_account_pull is true. ## Features -- Creates a namespaced aws_iam_role for application image pulling with a configurable assume-role principal -- Creates an aws_iam_policy granting full ECR repository lifecycle permissions including push, pull, and repository management -- Attaches the ECR manager policy to the shared build-workflow group (created by the ci-build-workflow-user module) for group-based permission management -- Optionally creates a cross-account aws_iam_role and read-only ECR pull policy for external AWS accounts -- Outputs a ready-to-use ECR repository policy JSON for cross-account pull access configuration +- Creates aws_iam_role for application workloads with configurable assume-role trust policy +- Creates aws_iam_policy granting full ECR repository lifecycle management including push, pull, create, and delete actions +- Attaches ECR manager policy to the application role via aws_iam_role_policy_attachment +- Attaches ECR manager policy to an existing IAM group via aws_iam_group_policy_attachment for CI build workflow users +- Generates cross-account ECR repository policy JSON allowing specified AWS accounts to pull images when enable_cross_account_pull is enabled ## Basic Usage ```hcl - -module "ci_build_workflow_user" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ci-build-workflow-user?ref=v5.0.0" - cluster_name = "your-cluster-name" -} - module "ecr" { source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v5.0.0" + build_workflow_group_name = "your-build-workflow-group-name" cluster_name = "your-cluster-name" - build_workflow_group_name = module.ci_build_workflow_user.group_name } ``` -> **Migration from < v5.0.0:** the build workflow user, access key and group were previously -> created by this module. They now live in `ci-build-workflow-user`. See that module's README for the -> `tofu state mv` steps to migrate without rotating the access keys. - ## Using Outputs ```hcl @@ -87,14 +77,14 @@ resource "example_resource" "this" { diff --git a/infrastructure/aws/iam/external_dns/README.md b/infrastructure/aws/iam/external_dns/README.md index 36fb43b2..78ac9d40 100644 --- a/infrastructure/aws/iam/external_dns/README.md +++ b/infrastructure/aws/iam/external_dns/README.md @@ -21,7 +21,7 @@ The module creates an aws_iam_policy granting Route53 permissions scoped to the ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v5.0.0" aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn" cluster_name = "your-cluster-name" diff --git a/infrastructure/aws/iam/s3-assets/README.md b/infrastructure/aws/iam/s3-assets/README.md index 0c7982ed..d80298e1 100644 --- a/infrastructure/aws/iam/s3-assets/README.md +++ b/infrastructure/aws/iam/s3-assets/README.md @@ -2,33 +2,37 @@ ## Description -Grants the shared build workflow group permission to publish build assets (e.g. Lambda deployment zips) to an existing S3 assets bucket +Creates and attaches an IAM policy granting S3 PutObject and GetObject permissions on a specified assets bucket to an existing IAM group used by build workflows ## Architecture -The module creates an `aws_iam_policy` allowing `s3:PutObject` and `s3:GetObject` on the objects of a given assets bucket (`arn:aws:s3:::/*`) and attaches it to the shared build-workflow group via `aws_iam_group_policy_attachment`. The group is created by the `ci-build-workflow-user` module and passed in through `build_workflow_group_name`, so the build workflow user accumulates S3 publishing permissions alongside ECR (and any other destination) through that single group. The bucket itself is managed elsewhere and only referenced by name. +This module creates an aws_iam_policy resource named with the cluster_name prefix that allows s3:PutObject and s3:GetObject actions scoped to the provided assets_bucket. The policy is then attached to an existing IAM group via an aws_iam_group_policy_attachment resource, linking the policy ARN to the group specified by build_workflow_group_name. No new users or groups are created; the module only manages the policy and its attachment to an externally managed group. ## Features -- Creates a namespaced `aws_iam_policy` scoped to `s3:PutObject`/`s3:GetObject` on the assets bucket objects -- Attaches the policy to the shared build-workflow group (created by the ci-build-workflow-user module) -- Keeps the bucket out of scope: it is referenced by name, not created or managed here +- Creates an aws_iam_policy scoped to PutObject and GetObject actions on the specified S3 assets bucket +- Attaches the created IAM policy to an existing IAM group via aws_iam_group_policy_attachment +- Namespaces the IAM policy name using the cluster_name variable to avoid naming collisions across clusters +- Grants build workflow users inherited S3 access through group membership rather than direct user policy attachment ## Basic Usage ```hcl -module "ci_build_workflow_user" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ci-build-workflow-user?ref=v5.0.0" +module "s3-assets" { + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.0.0" - cluster_name = "your-cluster-name" + assets_bucket = "your-assets-bucket" + build_workflow_group_name = "your-build-workflow-group-name" + cluster_name = "your-cluster-name" } +``` -module "s3_assets" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.0.0" +## Using Outputs - cluster_name = "your-cluster-name" - build_workflow_group_name = module.ci_build_workflow_user.group_name - assets_bucket = "your-assets-bucket" +```hcl +# Reference outputs in other resources +resource "example_resource" "this" { + example_attribute = module.s3-assets.id } ``` @@ -55,8 +59,37 @@ module "s3_assets" { | [assets\_bucket](#input\_assets\_bucket) | Name of the S3 bucket where build assets (e.g. Lambda zips) are published. The bucket is managed elsewhere; this module only grants the build workflow group permission to write to it. | `string` | n/a | yes | | [build\_workflow\_group\_name](#input\_build\_workflow\_group\_name) | Name of the IAM group (from the ci-build-workflow-user module) to which the S3 assets policy is attached. The build workflow user is a member of this group. | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | Name of the cluster, used to namespace IAM resource names | `string` | n/a | yes | - -## Outputs - -No outputs. + + diff --git a/infrastructure/aws/iam/s3/README.md b/infrastructure/aws/iam/s3/README.md index fe37de68..6af1ce36 100644 --- a/infrastructure/aws/iam/s3/README.md +++ b/infrastructure/aws/iam/s3/README.md @@ -19,7 +19,7 @@ The module creates an aws_s3_bucket_policy resource attached to an existing S3 b ```hcl module "s3" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v5.0.0" bucket_arn = "your-bucket-arn" bucket_id = "your-bucket-id" diff --git a/infrastructure/aws/ingress/README.md b/infrastructure/aws/ingress/README.md index aabb3898..eeac7e76 100644 --- a/infrastructure/aws/ingress/README.md +++ b/infrastructure/aws/ingress/README.md @@ -22,7 +22,7 @@ The module creates up to two kubernetes_ingress_v1 resources — one for an inte ```hcl module "ingress" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v5.0.0" certificate_arn = "your-certificate-arn" } diff --git a/infrastructure/aws/security/README.md b/infrastructure/aws/security/README.md index 356f1cce..7d08907f 100644 --- a/infrastructure/aws/security/README.md +++ b/infrastructure/aws/security/README.md @@ -22,7 +22,7 @@ The module uses data sources (aws_eks_cluster, aws_vpc) to derive VPC ID and CID ```hcl module "security" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v5.0.0" cluster_name = "your-cluster-name" } diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md index 074c8439..2c1d043c 100644 --- a/infrastructure/aws/vpc/README.md +++ b/infrastructure/aws/vpc/README.md @@ -22,7 +22,7 @@ This module creates a terraform-aws-modules/vpc/aws module resource with DNS hos ```hcl module "vpc" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v5.0.0" account = "your-account" organization = "your-organization" diff --git a/infrastructure/azure/acr/README.md b/infrastructure/azure/acr/README.md index abc13977..85ea5e1d 100644 --- a/infrastructure/azure/acr/README.md +++ b/infrastructure/azure/acr/README.md @@ -18,7 +18,7 @@ The module uses the azurerm_container_registry resource to create the container ```hcl module "acr" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v5.0.0" containerregistry_name = "your-containerregistry-name" location = "your-location" diff --git a/infrastructure/azure/aks/README.md b/infrastructure/azure/aks/README.md index 0a366b8a..aecffd3d 100644 --- a/infrastructure/azure/aks/README.md +++ b/infrastructure/azure/aks/README.md @@ -22,7 +22,7 @@ The module wraps the Azure/aks/azurerm community module (version 11.0.0) and use ```hcl module "aks" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v5.0.0" cluster_name = "your-cluster-name" location = "your-location" diff --git a/infrastructure/azure/aks_route_table/README.md b/infrastructure/azure/aks_route_table/README.md index eb489255..be32c0b9 100644 --- a/infrastructure/azure/aks_route_table/README.md +++ b/infrastructure/azure/aks_route_table/README.md @@ -19,7 +19,7 @@ The module uses an azurerm_resources data source to discover the route table cre ```hcl module "aks_route_table" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v5.0.0" node_resource_group = "your-node-resource-group" subnet_id = "your-subnet-id" diff --git a/infrastructure/azure/dns/README.md b/infrastructure/azure/dns/README.md index 95e4784e..c5dda900 100644 --- a/infrastructure/azure/dns/README.md +++ b/infrastructure/azure/dns/README.md @@ -18,7 +18,7 @@ This module creates an azurerm_dns_zone resource and configures it with the prov ```hcl module "dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v5.0.0" domain_name = "your-domain-name" resource_group_name = "your-resource-group-name" diff --git a/infrastructure/azure/iam/README.md b/infrastructure/azure/iam/README.md index ecda0b2c..b56f9138 100644 --- a/infrastructure/azure/iam/README.md +++ b/infrastructure/azure/iam/README.md @@ -21,7 +21,7 @@ The module creates an azurerm_user_assigned_identity resource in the specified r ```hcl module "iam" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v5.0.0" location = "your-location" name = "your-name" diff --git a/infrastructure/azure/private_dns/README.md b/infrastructure/azure/private_dns/README.md index 900d83f8..ba5c0430 100644 --- a/infrastructure/azure/private_dns/README.md +++ b/infrastructure/azure/private_dns/README.md @@ -18,7 +18,7 @@ This module creates an azurerm_private_dns_zone resource and optionally multiple ```hcl module "private_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v5.0.0" domain_name = "your-domain-name" resource_group_name = "your-resource-group-name" diff --git a/infrastructure/azure/resource_group/README.md b/infrastructure/azure/resource_group/README.md index 45e1a653..541ccc8c 100644 --- a/infrastructure/azure/resource_group/README.md +++ b/infrastructure/azure/resource_group/README.md @@ -18,7 +18,7 @@ This module creates an azurerm_resource_group resource and outputs its name and ```hcl module "resource_group" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v5.0.0" location = "your-location" resource_group_name = "your-resource-group-name" diff --git a/infrastructure/azure/security/README.md b/infrastructure/azure/security/README.md index f09797bb..dd9d2254 100644 --- a/infrastructure/azure/security/README.md +++ b/infrastructure/azure/security/README.md @@ -21,7 +21,7 @@ The module uses azurerm_kubernetes_cluster and azurerm_virtual_network data sour ```hcl module "security" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v5.0.0" cluster_name = "your-cluster-name" resource_group_name = "your-resource-group-name" diff --git a/infrastructure/azure/vnet/README.md b/infrastructure/azure/vnet/README.md index 1d238ed7..443d7ee0 100644 --- a/infrastructure/azure/vnet/README.md +++ b/infrastructure/azure/vnet/README.md @@ -18,7 +18,7 @@ This module creates an Azure virtual network using the azurerm provider and conf ```hcl module "vnet" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v5.0.0" address_space = "your-address-space" location = "your-location" diff --git a/infrastructure/commons/cert_manager/README.md b/infrastructure/commons/cert_manager/README.md index 766f7345..2fffb15c 100644 --- a/infrastructure/commons/cert_manager/README.md +++ b/infrastructure/commons/cert_manager/README.md @@ -21,7 +21,7 @@ The module creates two core helm_release resources: cert-manager from the Jetsta ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" cloud_provider = "your-cloud-provider" @@ -34,7 +34,7 @@ module "cert_manager" { ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" cloud_provider = "gcp" @@ -49,7 +49,7 @@ module "cert_manager" { ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure" @@ -67,7 +67,7 @@ module "cert_manager" { ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" cloud_provider = "cloudflare" @@ -82,7 +82,7 @@ module "cert_manager" { ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" aws_region = "your-aws-region" # Required when cloud_provider = "aws" @@ -97,7 +97,7 @@ module "cert_manager" { ```hcl module "cert_manager" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.0.0" account_slug = "your-account-slug" cloud_provider = "oci" diff --git a/infrastructure/commons/external_dns/README.md b/infrastructure/commons/external_dns/README.md index 8bf109d0..db6e806f 100644 --- a/infrastructure/commons/external_dns/README.md +++ b/infrastructure/commons/external_dns/README.md @@ -22,7 +22,7 @@ The module creates an optional kubernetes_namespace_v1 resource and a helm_relea ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" dns_provider_name = "your-dns-provider-name" domain_filters = "your-domain-filters" @@ -33,7 +33,7 @@ module "external_dns" { ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" cloudflare_token = "your-cloudflare-token" # Required when dns_provider_name = "cloudflare" dns_provider_name = "cloudflare" @@ -45,7 +45,7 @@ module "external_dns" { ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" aws_iam_role_arn = "your-aws-iam-role-arn" # Required when dns_provider_name = "aws" aws_region = "your-aws-region" # Required when dns_provider_name = "aws" @@ -60,7 +60,7 @@ module "external_dns" { ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" dns_provider_name = "oci" domain_filters = "your-domain-filters" @@ -74,7 +74,7 @@ module "external_dns" { ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure" azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure" @@ -90,7 +90,7 @@ module "external_dns" { ```hcl module "external_dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.0.0" azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure-private-dns" azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure-private-dns" diff --git a/infrastructure/commons/istio/README.md b/infrastructure/commons/istio/README.md index 5c1d6d7b..2c159c25 100644 --- a/infrastructure/commons/istio/README.md +++ b/infrastructure/commons/istio/README.md @@ -21,7 +21,7 @@ Three helm_release resources are created in a strict dependency chain: istio-bas ```hcl module "istio" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v5.0.0" } ``` diff --git a/infrastructure/commons/prometheus/README.md b/infrastructure/commons/prometheus/README.md index a572bd46..ad65bb82 100644 --- a/infrastructure/commons/prometheus/README.md +++ b/infrastructure/commons/prometheus/README.md @@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the Prometheus chart from ```hcl module "prometheus" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v5.0.0" } ``` diff --git a/infrastructure/gcp/artifact-registry/README.md b/infrastructure/gcp/artifact-registry/README.md index a1f24254..f55b44e2 100644 --- a/infrastructure/gcp/artifact-registry/README.md +++ b/infrastructure/gcp/artifact-registry/README.md @@ -21,7 +21,7 @@ The module provisions a google_artifact_registry_repository resource in the spec ```hcl module "artifact-registry" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v5.0.0" location = "your-location" project_id = "your-project-id" diff --git a/infrastructure/gcp/cloud-dns/README.md b/infrastructure/gcp/cloud-dns/README.md index f739e8d3..d22f1762 100644 --- a/infrastructure/gcp/cloud-dns/README.md +++ b/infrastructure/gcp/cloud-dns/README.md @@ -21,7 +21,7 @@ The module creates a single google_dns_managed_zone resource in the specified GC ```hcl module "cloud-dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v5.0.0" domain_name = "your-domain-name" project_id = "your-project-id" diff --git a/infrastructure/gcp/cloud-nat/README.md b/infrastructure/gcp/cloud-nat/README.md index e2a02766..1666f12f 100644 --- a/infrastructure/gcp/cloud-nat/README.md +++ b/infrastructure/gcp/cloud-nat/README.md @@ -19,7 +19,7 @@ This module creates a google_compute_router resource in a specified region and n ```hcl module "cloud-nat" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v5.0.0" nat_name = "your-nat-name" network_id = "your-network-id" diff --git a/infrastructure/gcp/gke/README.md b/infrastructure/gcp/gke/README.md index 0daa22d9..15b75d02 100644 --- a/infrastructure/gcp/gke/README.md +++ b/infrastructure/gcp/gke/README.md @@ -20,7 +20,7 @@ The module uses the google-modules/kubernetes-engine/google//modules/private-clu ```hcl module "gke" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v5.0.0" cluster_name = "your-cluster-name" ip_range_pods = "your-ip-range-pods" diff --git a/infrastructure/gcp/iam/README.md b/infrastructure/gcp/iam/README.md index e1354dad..28f08c1e 100644 --- a/infrastructure/gcp/iam/README.md +++ b/infrastructure/gcp/iam/README.md @@ -19,7 +19,7 @@ The module creates google_service_account resources for each service account spe ```hcl module "iam" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v5.0.0" project_id = "your-project-id" } diff --git a/infrastructure/gcp/security/README.md b/infrastructure/gcp/security/README.md index c2e12983..fc2abfa0 100644 --- a/infrastructure/gcp/security/README.md +++ b/infrastructure/gcp/security/README.md @@ -19,7 +19,7 @@ This module uses Terraform to create GCP firewall rules for public and private I ```hcl module "security" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v5.0.0" cluster_name = "your-cluster-name" gcp_project_id = "your-gcp-project-id" diff --git a/infrastructure/gcp/vpc/README.md b/infrastructure/gcp/vpc/README.md index 9b680da5..1e75f963 100644 --- a/infrastructure/gcp/vpc/README.md +++ b/infrastructure/gcp/vpc/README.md @@ -20,7 +20,7 @@ The module invokes the terraform-google-modules/network/google module to create ```hcl module "vpc" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v5.0.0" network_name = "your-network-name" project_id = "your-project-id" diff --git a/infrastructure/oci/backend/README.md b/infrastructure/oci/backend/README.md index 2a87b8bb..7c40526b 100644 --- a/infrastructure/oci/backend/README.md +++ b/infrastructure/oci/backend/README.md @@ -18,7 +18,7 @@ The module creates an oci_objectstorage_bucket resource, which is configured wit ```hcl module "backend" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v5.0.0" compartment_id = "your-compartment-id" namespace = "your-namespace" diff --git a/infrastructure/oci/dns/README.md b/infrastructure/oci/dns/README.md index e12fc4ef..8ac1799f 100644 --- a/infrastructure/oci/dns/README.md +++ b/infrastructure/oci/dns/README.md @@ -18,7 +18,7 @@ This module creates oci_dns_zone resources for each DNS zone defined in the dns_ ```hcl module "dns" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v5.0.0" compartment_id = "your-compartment-id" } diff --git a/infrastructure/oci/dynamic_groups/README.md b/infrastructure/oci/dynamic_groups/README.md index 0fd4b40c..f71f7d77 100644 --- a/infrastructure/oci/dynamic_groups/README.md +++ b/infrastructure/oci/dynamic_groups/README.md @@ -19,7 +19,7 @@ This module creates an OCI dynamic group and an OCI identity policy, connecting ```hcl module "dynamic_groups" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v5.0.0" cluster_id = "your-cluster-id" compartment_id = "your-compartment-id" diff --git a/infrastructure/oci/oke/README.md b/infrastructure/oci/oke/README.md index e2a7face..93d57e24 100644 --- a/infrastructure/oci/oke/README.md +++ b/infrastructure/oci/oke/README.md @@ -21,7 +21,7 @@ The module instantiates the oracle-terraform-modules/oke/oci module to create an ```hcl module "oke" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v5.0.0" api_endpoint_subnet_id = "your-api-endpoint-subnet-id" cluster_name = "your-cluster-name" diff --git a/infrastructure/oci/vcn/README.md b/infrastructure/oci/vcn/README.md index 31872b2e..39e297c2 100644 --- a/infrastructure/oci/vcn/README.md +++ b/infrastructure/oci/vcn/README.md @@ -19,7 +19,7 @@ The module instantiates oci_core_subnet resources for public and private subnets ```hcl module "vcn" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v5.0.0" } ``` diff --git a/nullplatform/account/README.md b/nullplatform/account/README.md index 7e0792ad..ce76801d 100644 --- a/nullplatform/account/README.md +++ b/nullplatform/account/README.md @@ -2,25 +2,24 @@ ## Description -Creates and manages Nullplatform accounts with repository configuration settings +Creates and manages multiple nullplatform accounts using a map-based configuration with optional repository settings ## Architecture -This module creates nullplatform_account resources using a for_each loop over the input map. Each account resource is configured with name, repository prefix, repository provider, and slug attributes. The module takes a map of account objects as input and provisions corresponding nullplatform_account resources. The repository_prefix and repository_provider fields are optional and pass through as null when not set, leaving them unmanaged by the provider; slug has a default value. +The module iterates over the `nullplatform_accounts` input map using `for_each` to create one `nullplatform_account` resource per entry. Each resource receives its `name`, `repository_prefix`, `repository_provider`, and `slug` values directly from the corresponding map object. Optional fields default to null unless specified, with `slug` defaulting to `poc-account` when omitted. ## Features -- Creates multiple Nullplatform accounts from a single map input -- Optional repository_prefix (no default; provider treats null as unset) -- Optional repository_provider (no default; provider treats null as unset) -- Assigns custom slugs to accounts with default value 'poc-account' -- Supports dynamic account provisioning via for_each iteration +- Creates multiple nullplatform_account resources from a single map variable using for_each iteration +- Supports optional repository prefix and provider configuration per account +- Defaults the slug field to 'poc-account' when not explicitly provided +- Enables independent lifecycle management of each account through map key-based resource addressing ## Basic Usage ```hcl module "account" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v5.0.0" nullplatform_accounts = "your-nullplatform-accounts" } @@ -40,13 +39,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources @@ -64,14 +63,13 @@ resource "example_resource" "this" { diff --git a/nullplatform/agent/README.md b/nullplatform/agent/README.md index d28b731f..34478eab 100644 --- a/nullplatform/agent/README.md +++ b/nullplatform/agent/README.md @@ -22,7 +22,7 @@ The module renders a Helm values file using a templatefile() call that merges de ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.0.0" api_key = "your-api-key" cloud_provider = "your-cloud-provider" @@ -37,7 +37,7 @@ module "agent" { ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.0.0" api_key = "your-api-key" aws_iam_role_arn = "your-aws-iam-role-arn" # Required when cloud_provider = "aws" @@ -53,7 +53,7 @@ module "agent" { ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.0.0" api_key = "your-api-key" cloud_provider = "gcp" @@ -68,7 +68,7 @@ module "agent" { ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.0.0" api_key = "your-api-key" azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure" @@ -91,7 +91,7 @@ module "agent" { ```hcl module "agent" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.0.0" api_key = "your-api-key" cloud_provider = "oci" @@ -117,7 +117,7 @@ resource "example_resource" "this" { | Name | Version | |------|---------| | [helm](#requirement\_helm) | ~> 3.0 | -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers diff --git a/nullplatform/api_key/README.md b/nullplatform/api_key/README.md index 1b3e776f..30c80d9f 100644 --- a/nullplatform/api_key/README.md +++ b/nullplatform/api_key/README.md @@ -21,7 +21,7 @@ The module creates a single nullplatform_api_key resource whose name, grants, an ```hcl module "api_key" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.0.0" type = "your-type" } @@ -31,7 +31,7 @@ module "api_key" { ```hcl module "api_key" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.0.0" nrn = "your-nrn" # Required when type = "agent" type = "agent" @@ -42,7 +42,7 @@ module "api_key" { ```hcl module "api_key" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.0.0" nrn = "your-nrn" # Required when type = "scope_notification" specification_slug = "your-specification-slug" # Required when type = "scope_notification" @@ -54,7 +54,7 @@ module "api_key" { ```hcl module "api_key" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.0.0" nrn = "your-nrn" # Required when type = "service_notification" specification_slug = "your-specification-slug" # Required when type = "service_notification" @@ -66,7 +66,7 @@ module "api_key" { ```hcl module "api_key" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.0.0" custom_grants = "your-custom-grants" # Required when type = "custom" custom_name = "your-custom-name" # Required when type = "custom" @@ -89,13 +89,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/asset/docker_server/README.md b/nullplatform/asset/docker_server/README.md index cfa79c26..8c3d88b5 100644 --- a/nullplatform/asset/docker_server/README.md +++ b/nullplatform/asset/docker_server/README.md @@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource of type 'docker-server' with enc ```hcl module "docker_server" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v5.0.0" login_server = "your-login-server" nrn = "your-nrn" @@ -44,13 +44,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/asset/ecr/README.md b/nullplatform/asset/ecr/README.md index f53ac67b..04c217ed 100644 --- a/nullplatform/asset/ecr/README.md +++ b/nullplatform/asset/ecr/README.md @@ -2,26 +2,26 @@ ## Description -Configures a nullplatform ECR provider config resource with CI/CD credentials, application role, and optional cross-account pull access +Configures a Nullplatform ECR provider config resource that wires AWS ECR settings, IAM role ARN, and CI/CD credentials into the Nullplatform platform ## Architecture -The module reads the current AWS region via the aws_region data source and uses it alongside input variables to construct a nullplatform_provider_config resource of type 'ecr'. The provider config encodes a JSON attributes blob containing a 'ci' section with build workflow IAM credentials, a 'setup' section with the application role ARN and repository naming rule, and conditionally a 'setup.policy' field when a repository policy is supplied. When a cross-account pull role ARN is provided, an additional 'read' section is merged into the attributes to enable cross-account ECR image pulling. +The module reads the current AWS region via the aws_region data source and combines it with input variables into a single nullplatform_provider_config resource of type 'ecr'. The provider config encodes two attribute blocks: a 'ci' block containing the AWS region and IAM access key credentials for the build workflow, and a 'setup' block containing the region, application IAM role ARN, repository naming rule, and optional repository policy. All values flow directly from input variables into the jsonencode'd attributes of the nullplatform_provider_config resource. ## Features -- Creates a nullplatform ECR provider config resource with structured CI and setup attribute sections -- Configures CI/CD build workflow credentials using an IAM access key ID and secret for ECR push access -- Configures application IAM role ARN for ECR image pull in the setup section -- Supports optional cross-account ECR pull access by conditionally including a read section with a separate IAM role ARN -- Supports optional ECR repository policy JSON applied to all repositories created by nullplatform -- Allows customizable ECR repository naming conventions via a configurable jq expression +- Creates a Nullplatform provider config resource of type 'ecr' scoped to a specific NRN +- Configures CI/CD build workflow credentials with AWS access key ID and secret for ECR image pushes +- Wires an application IAM role ARN for ECR image pull access into the provider setup block +- Supports a custom jq-based ECR repository naming convention defaulting to namespace/application slug format +- Accepts an optional ECR repository policy JSON applied to all repositories created by Nullplatform +- Marks the build workflow secret access key as sensitive to prevent exposure in Terraform output ## Basic Usage ```hcl module "ecr" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v5.0.0" application_role_arn = "your-application-role-arn" build_workflow_access_key_id = "your-build-workflow-access-key-id" @@ -44,14 +44,14 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | ~> 0.0.88 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | 6.44.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.88 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | | [terraform](#provider\_terraform) | n/a | ## Resources @@ -77,15 +77,15 @@ resource "example_resource" "this" { diff --git a/nullplatform/asset/s3/README.md b/nullplatform/asset/s3/README.md index 3807f916..971d3612 100644 --- a/nullplatform/asset/s3/README.md +++ b/nullplatform/asset/s3/README.md @@ -2,44 +2,45 @@ ## Description -Configures an AWS S3 asset repository in nullplatform, registering the bucket where Lambda and bundle assets are published +Configures a nullplatform S3 provider configuration resource linking an existing S3 bucket as the asset repository for a given NRN ## Architecture -The module creates a `nullplatform_provider_config` resource of type `s3-configuration` (a platform-global provider specification in the `assets-repository` category) whose attributes carry the target `bucket.name`. The platform maps this bucket to the `aws.s3_assets_bucket` NRN configuration (via the specification's `runtime_configuration` storage strategy), which the backend reads when generating the S3 upload URL for Lambda/bundle assets. Unlike the `ecr` asset module, this provider config does **not** carry build credentials: the CI publishes S3 assets with the shared build workflow credentials (`BUILD_AWS_*`), so the build workflow user must be granted S3 permissions separately via `infrastructure/aws/iam/s3-assets`. +The module creates a single nullplatform_provider_config resource of type s3-configuration. The nrn input is used to scope the provider config to a specific nullplatform resource, while bucket_name is encoded as a JSON attribute defining the S3 bucket. The optional dimensions map allows segmenting the configuration by arbitrary key-value pairs such as region or environment. ## Features -- Registers an AWS S3 bucket as a nullplatform asset repository (`s3-configuration` provider config) -- Supplies the `bucket.name` that the platform exposes as `aws.s3_assets_bucket` -- Optionally segments the provider config by `dimensions` (e.g. region, environment) -- Does not manage the bucket or credentials: the bucket is referenced by name and S3 publish permissions are granted by `infrastructure/aws/iam/s3-assets` +- Creates a nullplatform_provider_config resource of type s3-configuration targeting an existing S3 bucket +- Encodes bucket name as a JSON attribute payload within the provider configuration +- Supports dimensional segmentation of the provider config via an optional key-value dimensions map +- Scopes the S3 asset repository configuration to a specific nullplatform resource using the NRN identifier ## Basic Usage ```hcl -module "asset_s3" { +module "s3" { source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/s3?ref=v5.0.0" - nrn = var.nrn - bucket_name = "your-assets-bucket" + bucket_name = "your-bucket-name" + nrn = "your-nrn" } ``` -Grant the build workflow user permission to write to that bucket with the companion IAM module: +## Using Outputs ```hcl -module "s3_assets" { - source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.0.0" - - cluster_name = "your-cluster-name" - build_workflow_group_name = module.build_user.group_name - assets_bucket = "your-assets-bucket" +# Reference outputs in other resources +resource "example_resource" "this" { + example_attribute = module.s3.id } ``` +## Requirements +| Name | Version | +|------|---------| +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.88 | ## Providers @@ -60,8 +61,37 @@ module "s3_assets" { | [bucket\_name](#input\_bucket\_name) | Name of the existing S3 bucket used as the asset repository, where Lambda/bundle assets are published. Maps to the platform's aws.s3\_assets\_bucket configuration. | `string` | n/a | yes | | [dimensions](#input\_dimensions) | Dimensions to segment the nullplatform provider config (e.g. by region, environment) | `map(string)` | `{}` | no | | [nrn](#input\_nrn) | The nullplatform resource name (NRN) | `string` | n/a | yes | - -## Outputs - -No outputs. + + diff --git a/nullplatform/base/README.md b/nullplatform/base/README.md index ff85dc79..65b29294 100644 --- a/nullplatform/base/README.md +++ b/nullplatform/base/README.md @@ -22,7 +22,7 @@ The module creates two kubernetes_namespace_v1 resources (nullplatform-tools and ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "your-k8s-provider" np_api_key = "your-np-api-key" @@ -33,7 +33,7 @@ module "base" { ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "eks" np_api_key = "your-np-api-key" @@ -44,7 +44,7 @@ module "base" { ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "gke" np_api_key = "your-np-api-key" @@ -55,7 +55,7 @@ module "base" { ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "aks" np_api_key = "your-np-api-key" @@ -66,7 +66,7 @@ module "base" { ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "oke" np_api_key = "your-np-api-key" @@ -77,7 +77,7 @@ module "base" { ```hcl module "base" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.0.0" k8s_provider = "aro" np_api_key = "your-np-api-key" @@ -99,7 +99,7 @@ resource "example_resource" "this" { | Name | Version | |------|---------| | [helm](#requirement\_helm) | ~> 3.0 | -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers diff --git a/nullplatform/cloud/aws/cloud/README.md b/nullplatform/cloud/aws/cloud/README.md index 41cce1b0..8df06c52 100644 --- a/nullplatform/cloud/aws/cloud/README.md +++ b/nullplatform/cloud/aws/cloud/README.md @@ -20,7 +20,7 @@ The module uses data sources aws_caller_identity and aws_region to dynamically r ```hcl module "cloud" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v5.0.0" domain_name = "your-domain-name" hosted_private_zone_id = "your-hosted-private-zone-id" @@ -43,14 +43,14 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | 6.43.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/cloud/aws/vpc/README.md b/nullplatform/cloud/aws/vpc/README.md index d091d553..c722265e 100644 --- a/nullplatform/cloud/aws/vpc/README.md +++ b/nullplatform/cloud/aws/vpc/README.md @@ -20,7 +20,7 @@ Creates a nullplatform_provider_config resource of type 'aws-networking-configur ```hcl module "vpc" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v5.0.0" nrn = "your-nrn" vpc_id = "your-vpc-id" @@ -43,13 +43,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/cloud/azure/cloud/README.md b/nullplatform/cloud/azure/cloud/README.md index dac3ccf3..b230eb90 100644 --- a/nullplatform/cloud/azure/cloud/README.md +++ b/nullplatform/cloud/azure/cloud/README.md @@ -2,24 +2,27 @@ ## Description -Configures Azure networking settings for a Nullplatform provider +Configures a nullplatform Azure provider by creating a nullplatform_provider_config resource with authentication credentials and networking settings for Azure infrastructure ## Architecture -Creates a nullplatform_provider_config resource of type azure-configuration that sets up networking attributes including DNS zones and resource groups. The module maps input variables like domain_name, azure_resource_group_name, and private_dns_resource_group_name into the attributes block of the provider config. The nullplatform_provider_config resource integrates with Nullplatform's infrastructure management system to apply Azure-specific networking configurations. +The module creates a single nullplatform_provider_config resource of type 'azure-configuration' that encodes Azure authentication and networking attributes as a JSON payload. Authentication fields (client_id, client_secret, subscription_id, tenant_id) are conditionally included only when non-null, enforced by a lifecycle precondition requiring all-or-none credential provisioning. Networking attributes including public and private DNS zone names and their respective resource group names are wired directly from input variables into the jsonencode attributes block. The resource is bound to a nullplatform NRN and optional dimensions map to scope the configuration within the nullplatform hierarchy. ## Features -- Configures public and private DNS zone names for Azure -- Maps Azure resource groups to DNS zones -- Supports custom application domain configuration -- Allows dimension tagging for resource organization +- Creates a nullplatform_provider_config resource of type 'azure-configuration' scoped to a specific NRN +- Configures Azure Service Principal authentication with client_id, client_secret, subscription_id, and tenant_id supporting inheritance from parent providers when omitted +- Enforces all-or-nothing credential validation ensuring authentication fields are either all set or all null via lifecycle precondition +- Configures public and private DNS zone names with their respective Azure resource group references for networking +- Supports optional dimensions map for scoping the provider configuration within nullplatform hierarchy +- Marks client_secret as sensitive to prevent exposure in Terraform state output +- Ignores post-creation attribute drift via ignore_changes to prevent unintended updates ## Basic Usage ```hcl module "cloud" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v5.0.0" azure_resource_group_name = "your-azure-resource-group-name" nrn = "your-nrn" @@ -41,13 +44,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources @@ -75,13 +78,16 @@ resource "example_resource" "this" { diff --git a/nullplatform/cloud/gcp/cloud/README.md b/nullplatform/cloud/gcp/cloud/README.md index 69083bc6..cc77faff 100644 --- a/nullplatform/cloud/gcp/cloud/README.md +++ b/nullplatform/cloud/gcp/cloud/README.md @@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'googl ```hcl module "cloud" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v5.0.0" domain_name = "your-domain-name" location = "your-location" @@ -42,13 +42,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/cloud/oci/cloud/README.md b/nullplatform/cloud/oci/cloud/README.md index d615cf34..e91c5945 100644 --- a/nullplatform/cloud/oci/cloud/README.md +++ b/nullplatform/cloud/oci/cloud/README.md @@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'oci-c ```hcl module "cloud" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v5.0.0" account_id = "your-account-id" account_name = "your-account-name" @@ -45,13 +45,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/code_repository/README.md b/nullplatform/code_repository/README.md index 5b588b74..8ebe63c9 100644 --- a/nullplatform/code_repository/README.md +++ b/nullplatform/code_repository/README.md @@ -20,7 +20,7 @@ The module uses local values to evaluate which git provider is selected and cond ```hcl module "code_repository" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.0.0" git_provider = "your-git-provider" nrn = "your-nrn" @@ -31,7 +31,7 @@ module "code_repository" { ```hcl module "code_repository" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.0.0" git_provider = "github" github_installation_id = "your-github-installation-id" # Required when git_provider = "github" @@ -44,7 +44,7 @@ module "code_repository" { ```hcl module "code_repository" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.0.0" git_provider = "gitlab" gitlab_access_token = "your-gitlab-access-token" # Required when git_provider = "gitlab" @@ -70,13 +70,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/container_orchestration/aks/README.md b/nullplatform/container_orchestration/aks/README.md index dbc71818..7656ea12 100644 --- a/nullplatform/container_orchestration/aks/README.md +++ b/nullplatform/container_orchestration/aks/README.md @@ -21,7 +21,7 @@ The module builds a local.attributes map that aggregates cluster metadata, gatew ```hcl module "aks" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v5.0.0" cluster_name = "your-cluster-name" nrn = "your-nrn" @@ -44,13 +44,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/container_orchestration/eks/README.md b/nullplatform/container_orchestration/eks/README.md index 35bad926..dd31e99d 100644 --- a/nullplatform/container_orchestration/eks/README.md +++ b/nullplatform/container_orchestration/eks/README.md @@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource with type 'eks-configuration' th ```hcl module "eks" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v5.0.0" cluster_name = "your-cluster-name" nrn = "your-nrn" @@ -42,13 +42,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/container_orchestration/gke/README.md b/nullplatform/container_orchestration/gke/README.md index cfd16467..c777843b 100644 --- a/nullplatform/container_orchestration/gke/README.md +++ b/nullplatform/container_orchestration/gke/README.md @@ -22,7 +22,7 @@ The module constructs a structured attributes object using locals that merge clu ```hcl module "gke" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v5.0.0" cluster_name = "your-cluster-name" location = "your-location" @@ -45,13 +45,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/container_orchestration/oke/README.md b/nullplatform/container_orchestration/oke/README.md index 26c16bb2..50265190 100644 --- a/nullplatform/container_orchestration/oke/README.md +++ b/nullplatform/container_orchestration/oke/README.md @@ -19,7 +19,7 @@ Creates a single nullplatform_provider_config resource of type 'oke' that stores ```hcl module "oke" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v5.0.0" cluster_name = "your-cluster-name" nrn = "your-nrn" @@ -41,13 +41,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/dimension/README.md b/nullplatform/dimension/README.md index c5e187a1..ce1e92a4 100644 --- a/nullplatform/dimension/README.md +++ b/nullplatform/dimension/README.md @@ -19,7 +19,7 @@ The module creates a nullplatform_dimension resource using the provided name, or ```hcl module "dimension" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v5.0.0" name = "your-name" nrn = "your-nrn" @@ -40,13 +40,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | >= 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/dimension_value/README.md b/nullplatform/dimension_value/README.md index ab528ec0..c0aa43ed 100644 --- a/nullplatform/dimension_value/README.md +++ b/nullplatform/dimension_value/README.md @@ -19,7 +19,7 @@ The module uses a terraform_data resource to enforce mutual-exclusivity and pres ```hcl module "dimension_value" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v5.0.0" dimension_id = "your-dimension-id" name = "your-name" @@ -40,13 +40,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | >= 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | | [terraform](#provider\_terraform) | n/a | ## Resources diff --git a/nullplatform/identity-access-control/README.md b/nullplatform/identity-access-control/README.md index bbfedca7..b7d14e36 100644 --- a/nullplatform/identity-access-control/README.md +++ b/nullplatform/identity-access-control/README.md @@ -20,7 +20,7 @@ The module creates a single nullplatform_provider_config resource named identity ```hcl module "identity-access-control" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/identity-access-control?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/identity-access-control?ref=v5.0.0" attributes = "your-attributes" nrn = "your-nrn" @@ -41,13 +41,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.92 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/metrics/README.md b/nullplatform/metrics/README.md index 549399df..7a8819ea 100644 --- a/nullplatform/metrics/README.md +++ b/nullplatform/metrics/README.md @@ -2,26 +2,26 @@ ## Description -Configures a Prometheus provider in Nullplatform with automatic server URL resolution from Kubernetes service discovery or custom endpoint +Configures a Prometheus provider integration in nullplatform by registering the Prometheus server URL as a provider configuration resource ## Architecture -The module creates a nullplatform_provider_config resource of type prometheus that stores connection configuration in a JSON-encoded attributes block. It uses a local value to determine the Prometheus server URL, either accepting a custom var.prometheus_url or auto-generating a Kubernetes cluster-internal service URL using the format http://prometheus-server..svc.cluster.local:80. The resource accepts dimensions metadata and includes lifecycle rules to ignore changes to attributes after initial creation. +The module creates a single nullplatform_provider_config resource of type 'prometheus' that registers the Prometheus server endpoint with the nullplatform platform. A local value resolves the effective Prometheus URL, either using the explicitly provided var.prometheus_url or constructing a Kubernetes in-cluster DNS address from var.prometheus_namespace. The resulting URL is encoded as a JSON attribute and stored in the provider config alongside optional dimension metadata supplied via var.dimensions. The nrn input uniquely identifies the target nullplatform resource receiving this configuration. ## Features -- Creates Nullplatform provider configuration for Prometheus integration -- Auto-generates Kubernetes service discovery URL for Prometheus server when custom URL not provided -- Supports custom Prometheus endpoint URL for external or non-standard deployments -- Configures namespace-aware internal cluster service URLs using Kubernetes DNS naming -- Applies lifecycle ignore_changes to prevent attribute drift on subsequent applies -- Associates provider configuration with dimensions for multi-tenant or environment-specific setups +- Creates a nullplatform_provider_config resource that registers Prometheus as a metrics provider +- Constructs an in-cluster Kubernetes DNS URL automatically when no explicit Prometheus URL is provided +- Validates that the prometheus_url value conforms to http:// or https:// scheme when specified +- Supports custom Kubernetes namespace targeting for automatic Prometheus service discovery +- Attaches optional dimension metadata to the provider configuration for multi-tenant or scoped deployments +- Ignores downstream attribute drift via lifecycle ignore_changes to prevent unintended updates ## Basic Usage ```hcl module "metrics" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v5.0.0" nrn = "your-nrn" } @@ -41,13 +41,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources @@ -68,15 +68,15 @@ resource "example_resource" "this" { diff --git a/nullplatform/scope_configuration/README.md b/nullplatform/scope_configuration/README.md index 55233d0a..8cbada4e 100644 --- a/nullplatform/scope_configuration/README.md +++ b/nullplatform/scope_configuration/README.md @@ -2,25 +2,25 @@ ## Description -Creates a Nullplatform provider configuration resource with JSON-encoded attributes and optional dimensions +Creates a Nullplatform provider configuration (scope configuration) resource associated with a specific provider specification and NRN ## Architecture -The module creates a single nullplatform_provider_config resource that associates a provider specification (identified by slug) with a target NRN. Input attributes are JSON-encoded and passed to the resource along with optional dimension mappings. The resource lifecycle is configured to ignore changes to attributes after initial creation. The provider configuration ID is exposed as an output for reference by dependent resources. +The module creates a single nullplatform_provider_config resource that binds a Nullplatform Resource Name (NRN) to a provider specification type defined by the provider_specification_slug. The attributes input is JSON-encoded before being passed to the resource, and dimension values are passed as a map to scope the configuration. The resource uses a lifecycle ignore_changes rule on attributes to prevent drift detection after initial creation. The resource ID is exposed as an output for downstream module consumption. ## Features -- Creates a Nullplatform provider configuration resource linked to a specific NRN -- JSON-encodes arbitrary configuration attributes matching provider specification schema -- Associates provider specification via slug identifier -- Supports optional dimension key-value mappings for scoped configurations -- Ignores attribute changes in lifecycle to prevent drift after initial deployment +- Creates a nullplatform_provider_config resource linked to a specific NRN and provider specification slug +- Encodes configuration attributes as JSON to match the provider specification schema +- Supports dimensional scoping of provider configurations via a key-value dimension map +- Prevents attribute drift after initial creation using Terraform lifecycle ignore_changes +- Exposes the created provider config ID as an output for downstream reference ## Basic Usage ```hcl module "scope_configuration" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v5.0.0" attributes = "your-attributes" np_api_key = "your-np-api-key" @@ -43,13 +43,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | ~> 0.0.67 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | ~> 0.0.67 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources @@ -77,14 +77,14 @@ resource "example_resource" "this" { diff --git a/nullplatform/scope_definition/README.md b/nullplatform/scope_definition/README.md index 7739935c..120b516c 100644 --- a/nullplatform/scope_definition/README.md +++ b/nullplatform/scope_definition/README.md @@ -22,7 +22,7 @@ The module fetches JSON templates via `data.http` resources and processes them t ```hcl module "scope_definition" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v5.0.0" np_api_key = "your-np-api-key" nrn = "your-nrn" @@ -45,7 +45,7 @@ resource "example_resource" "this" { |------|---------| | [external](#requirement\_external) | ~> 2.3.5 | | [null](#requirement\_null) | ~> 3.2.4 | -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers @@ -54,7 +54,7 @@ resource "example_resource" "this" { | [external](#provider\_external) | 2.3.5 | | [http](#provider\_http) | 3.5.0 | | [null](#provider\_null) | 3.2.4 | -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/scope_definition_agent_association/README.md b/nullplatform/scope_definition_agent_association/README.md index 2fad9492..0a0c12a3 100644 --- a/nullplatform/scope_definition_agent_association/README.md +++ b/nullplatform/scope_definition_agent_association/README.md @@ -2,27 +2,27 @@ ## Description -Creates a nullplatform notification channel by fetching and processing a JSON template from a remote repository and registering it with the nullplatform API +Creates a nullplatform notification channel by fetching and processing a JSON template from a remote repository using gomplate and registering it via the nullplatform provider ## Architecture -The module fetches a notification channel template via the `http` data source from a configurable GitHub raw URL, then processes it through an `external` data source using `gomplate` for variable substitution and `jq` for JSON normalization. The processed template drives a `nullplatform_notification_channel` resource, which is wired with a `terraform_data` trigger resource to force replacement when the API key changes. Conditional logic in locals merges optional extra filters using a MongoDB-style `$and` expression, and a dynamic `agent` block in the configuration is populated only when the template type is `agent`. +The module fetches a notification channel template via the `data.http` data source from a configurable raw GitHub URL, then processes it using a `data.external` shell script that invokes gomplate for variable substitution and jq for JSON normalization. The rendered template drives a `nullplatform_notification_channel` resource, which dynamically configures an agent block (including command data and environment injection) only when the channel type is 'agent'. A `terraform_data` resource keyed on the API key triggers replacement of the notification channel whenever the key rotates, and optional override flags are appended to the cmdline argument when `enabled_override` is true. ## Features -- Fetches and processes notification channel templates from a remote GitHub repository using gomplate templating -- Creates a nullplatform_notification_channel resource with dynamic agent configuration driven by template content -- Supports optional command-line override flags injected into the agent command data when enabled_override is true -- Merges additional MongoDB-style filter expressions with base template filters using a $and logical operator -- Forces resource replacement via terraform_data trigger when the API key changes -- Configures tag-based agent selectors for filtering notification channels and agents -- Supports configurable repository branch, path, and Git reference for template versioning +- Fetches notification channel JSON templates dynamically from a remote GitHub repository using configurable branch and path +- Processes templates with gomplate for variable substitution, injecting NRN, API key, and scope identifiers at render time +- Creates a nullplatform_notification_channel resource with dynamic agent configuration including command type and environment context +- Appends override flags to agent command cmdline when custom scope configuration overrides are enabled +- Merges base template filters with user-supplied MongoDB-style extra_filters using a $and expression +- Triggers automatic notification channel replacement via terraform_data when the API key changes +- Supports tag-based agent selector configuration through a flexible map of key-value tags ## Basic Usage ```hcl module "scope_definition_agent_association" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v5.0.0" api_key = "your-api-key" nrn = "your-nrn" @@ -46,7 +46,7 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers @@ -54,7 +54,7 @@ resource "example_resource" "this" { |------|---------| | [external](#provider\_external) | 2.3.5 | | [http](#provider\_http) | 3.5.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | | [terraform](#provider\_terraform) | n/a | ## Resources @@ -73,7 +73,7 @@ resource "example_resource" "this" { | [extra\_filters](#input\_extra\_filters) | Additional filter expression to merge with the base template filters using $and.
Accepts any valid MongoDB-style filter expression, including logical operators
($and, $or, $nor, $not) and comparison operators ($eq, $ne, $in, $nin, $gt,
$gte, $lt, $lte, $regex). If null, only the base template filters are applied.

Examples:
Simple equality: { "dimensions.environment" = "production" }
Comparison: { "action" = { "$in" = ["deployment:create", "deployment:update"] } }
Logical OR: { "$or" = [{ "details.namespace.slug" = "prod" }, { "details.namespace.slug" = "staging" }] }
Negation: { "$not" = { "entity\_data.status" = "failed" } }
Combined: { "$and" = [{ "action" = { "$regex" = "^deployment" } }, { "$or" = [...] }] } | `any` | `null` | no | | [github\_ref](#input\_github\_ref) | Git reference to use (branch name, tag, or commit SHA) | `string` | `"beta"` | no | | [github\_repo\_url](#input\_github\_repo\_url) | GitHub repository URL containing scope and action templates | `string` | `"https://github.com/nullplatform/scopes"` | no | -| [nrn](#input\_nrn) | n/a | `string` | n/a | yes | +| [nrn](#input\_nrn) | Nullplatform Resource Name (NRN) — unique identifier for the target resource | `string` | n/a | yes | | [override\_repo\_path](#input\_override\_repo\_path) | Local filesystem path where the scope repository will be cloned | `string` | `null` | no | | [overrides\_service\_path](#input\_overrides\_service\_path) | Local filesystem path to the directory containing override configurations | `string` | `null` | no | | [repo\_path](#input\_repo\_path) | Local filesystem path where the scope repository will be cloned | `string` | `"/root/.np/nullplatform/scopes"` | no | @@ -94,21 +94,21 @@ resource "example_resource" "this" { diff --git a/nullplatform/service_definition/README.md b/nullplatform/service_definition/README.md index 5615733c..7a43e420 100644 --- a/nullplatform/service_definition/README.md +++ b/nullplatform/service_definition/README.md @@ -22,7 +22,7 @@ The module fetches service, action, and link spec templates via the `http` data ```hcl module "service_definition" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v5.0.0" nrn = "your-nrn" service_name = "your-service-name" @@ -45,14 +45,14 @@ resource "example_resource" "this" { | Name | Version | |------|---------| | [http](#requirement\_http) | ~> 3.0 | -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| | [http](#provider\_http) | 3.5.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources diff --git a/nullplatform/service_definition_agent_association/README.md b/nullplatform/service_definition_agent_association/README.md index 11befacc..90499bc1 100644 --- a/nullplatform/service_definition_agent_association/README.md +++ b/nullplatform/service_definition_agent_association/README.md @@ -21,7 +21,7 @@ The module creates a terraform_data resource to track API key changes as a lifec ```hcl module "service_definition_agent_association" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v5.0.0" api_key = "your-api-key" repository_service_spec_repo = "your-repository-service-spec-repo" @@ -44,13 +44,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | | [terraform](#provider\_terraform) | n/a | ## Resources diff --git a/nullplatform/users/README.md b/nullplatform/users/README.md index 377fd793..b0098cf2 100644 --- a/nullplatform/users/README.md +++ b/nullplatform/users/README.md @@ -2,25 +2,26 @@ ## Description -Creates and manages Nullplatform users with their profile information and role-based authorization grants +Creates and manages NullPlatform users with profile information and role-based authorization grants ## Architecture -The module creates nullplatform_user resources from a map of user configurations, then flattens the user-to-role relationships into individual nullplatform_authz_grant resources. Each user can have multiple role assignments, which are expanded through a nested for_each loop that merges all user-role combinations into a single flat map. The authorization grants reference the created user IDs and associate them with role slugs and NRN (Nullplatform Resource Name) identifiers for access control. +The module iterates over a map of user definitions using `nullplatform_user` resources created with `for_each` to provision each user's profile including email, first name, and last name. A flattened merge of role assignments is then computed to drive `nullplatform_authz_grant` resources, linking each user ID to one or more role slugs and NRN scopes. The authorization grants reference the IDs output by the user resources, establishing an implicit dependency between the two resource types. ## Features -- Creates Nullplatform user accounts with email, first name, and last name attributes -- Supports multiple role assignments per user through a list of role slugs -- Generates individual authorization grants for each user-role combination -- Associates role grants with Nullplatform Resource Names (NRN) for resource-level access control -- Manages user-role relationships through a flattened resource mapping pattern +- Creates nullplatform_user resources for each entry in the users map with email, first name, and last name +- Validates email addresses against a standard RFC-style regex pattern before provisioning +- Enforces that each user has at least one role_slug assigned +- Creates nullplatform_authz_grant resources for every user-role combination using a flattened merge +- Supports multiple role assignments per user by expanding role_slug lists into individual grant resources +- Scopes authorization grants to specific NRN (NullPlatform Resource Name) values per user ## Basic Usage ```hcl module "users" { - source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v4.6.0" + source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v5.0.0" nullplatform_users = "your-nullplatform-users" } @@ -40,13 +41,13 @@ resource "example_resource" "this" { | Name | Version | |------|---------| -| [nullplatform](#requirement\_nullplatform) | >= 0.0.86 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.86 | ## Providers | Name | Version | |------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.86 | +| [nullplatform](#provider\_nullplatform) | 0.0.95 | ## Resources @@ -65,14 +66,15 @@ resource "example_resource" "this" {