v0.30.0

• No changes

v0.29.0

Revert "chore: Replace Makefile with atmos.yaml" @goruha (#120)

Reverts #119

v0.28.0

chore: Replace Makefile with atmos.yaml @osterman (#119)

## what - deprecate build-harness

v0.27.0

fix: address invalid count bug @RoseSecurity (#118)

## what and why

• If a data.aws_ssm_parameter.password.value is passed to this module, it is tagged as a sensitive in the AWS provider, and that tag travels with the value all the way into the module. Because we don’t mark variable master_password as sensitive = true, the value is off-limits to functions like length() or to meta-arguments like count. Terraform refuses to evaluate them → “invalid count argument”.

v0.26.3

🚀 Enhancements

feat: consolidate enable parameters to locals and fix invalid count bug @RoseSecurity (#117)

## what

• Move enabled logic into locals
• Added a local: local.enabled && length(var.master_password) == 0

[!NOTE]
length() returns an integer, so the result is always plan-time-known, even when the underlying string is deferred

• Replaced the old count expression with count = module.this.enabled && local.is_master_password_empty ? 1 : 0.

why

• Root cause: the count = module.this.enabled && var.master_password == "" ? 1 : 0 expression referenced var.master_password, which, when wired to something like aws_ssm_parameter.db_password.value, is unknown until apply time

references

• Resolves:
  • #68
  • #71

🐛 Bug Fixes

feat: consolidate enable parameters to locals and fix invalid count bug @RoseSecurity (#117)

## what

• Move enabled logic into locals
• Added a local: local.enabled && length(var.master_password) == 0

[!NOTE]
length() returns an integer, so the result is always plan-time-known, even when the underlying string is deferred

• Replaced the old count expression with count = module.this.enabled && local.is_master_password_empty ? 1 : 0.

why

• Root cause: the count = module.this.enabled && var.master_password == "" ? 1 : 0 expression referenced var.master_password, which, when wired to something like aws_ssm_parameter.db_password.value, is unknown until apply time

references

• Resolves:
  • #68
  • #71

🤖 Automatic Updates

Migrate new test account @osterman (#110)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

v0.26.2

feat: added output cluster_members for resource aws_docdb_cluster @Faris96Hub (#107)

## what Added the Output "cluster_members" for the resource "aws_docdb_cluster".

why

Needed for monitoring reasons of the DocumentDB Cluster on a Node-level. Needed when creating a CloudWatch alarm on Node-level because the Dimesion of the alarm needs the cluster memebers.

references

https://docs.aws.amazon.com/documentdb/latest/developerguide/cloud_watch.html#:~:text=and%20ReadIOPS.-,Amazon%20DocumentDB%20dimensions,-The%20metrics%20for

🤖 Automatic Updates

Update .github/settings.yml @osterman (#109)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#108)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.26.1

fix: upgrade aws provider to 5.29.0 to support storage_type @gmeligio (#103)

## what

• Upgrade terraform-aws-provider to 5.29.0
• Add variable for storage_type in the test.

why

• storage_type was released in 5.29.0 but the current minimum version is 5.21.0. This change corrects the minimum required version to 5.29.0

references

closes #86

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.29.0

🚀 Enhancements

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src @dependabot (#102)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.4 to 1.7.5.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src @dependabot (#102)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.4 to 1.7.5.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Update .github/settings.yml @osterman (#101)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.26.0

test: update test framework to use latest best practices and reduce boilerplate @gmeligio (#100)

what

Update this module's test framework. Reduce boilerplate and make reusable functions.

Changelog:

1. Upgrade go to 1.21.
2. Update test/Makefile and test/src/Makefile from https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test
3. Create framework_test.go and default_test.go, following how it's done in https://github.com/cloudposse/terraform-aws-eks-node-group/blob/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src/framework_test.go
4. Remove enabled=true from fixtures and add new test TestExamplesCompleteDisabled for when enabled=false
5. Add Test_ExistingDeployment for faster test cycle, and modify Makefile accordingly
6. Update dependencies
7. Migrate test DB Engine from 3.6.0 to 5.0.0

why

• Enable testing with OpenTofu
• Support automated maintenance

references

• Closes #88
• Closes #98
• #94
• https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src
• https://github.com/cloudposse/terraform-aws-dynamic-subnets/tree/8528dadc5cbdcf657faa1d917c9f069c254f41a3/test/src

[CHORE] Update variable description @RuiSMagalhaes (#99)

what

• Updates enabled_cloudwatch_logs_exports variable description
• Updates examples
• Updates README.md and docs/terraform.md

why

• Ir order to have the right list of logs available in the variable description

references

• closes #36

🚀 Enhancements

feat(aws_docdb_cluster): add allow_major_version_upgrade argument @gmeligio (#94)

what

This PR adds the argument allow_major_version_upgrade that was released in https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0

It includes with the changes in the test framework from #100 .

why

When upgrading the engine_version to a new major version, allow_major_version_upgrade needs to be enabled for AWS to apply the upgrade.

references

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0
• https://awscli.amazonaws.com/v2/documentation/api/latest/reference/docdb/modify-db-cluster.html
• https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-mvu.html

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#97)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#96)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#93)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#92)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#91)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#90)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#87)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs @cloudpossebot (#83)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.25.0

feat: add storage_type parameter @adubeniuk (#79)

what

Amazon has announced IO-optimized storage type for DocumentDB. Support for it has been added since HashiCorp AWS provider version 5.29.0

why

Keep standard as default but also add ability to create IO-optimized DocumentDB clusters.

references

https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-documentdb-i-o-optimized/
https://registry.terraform.io/providers/hashicorp/aws/5.29.0/docs/resources/docdb_cluster#storage_type

feat: allow to attach external SG to the documentDB @rasta-rocket (#69)

what

Hey folks 👋

First of all thanks for the work 💪

Here the goal is to allow the user of the module to attach security groups which are managed outside of the module

why

This is pretty useful, when you have some design where security groups are centrally managed and so outside of the scope of the module

references

Note: If you have any questions don't hesitate to ping me 😉

Cheers ☀️

v0.24.0

feat(aws-docdb-cluster): enable the ssm parameter store to record the… @haidargit (#77)

what

In this PR, we can use the Cloud Posse ssm parameter store module to store the documentdb master_password information.

why

The objective behind this PR is to ensure the secure distribution of the docdb cluster's master password within the AWS infrastructure. We can centrally manage and protect sensitive information, increasing operational efficiency.

references

No issue relates to the current improvement.

I have run these required commands.
make init
make readme

Kindly review this PR for documentdb module improvements. Thank you, Cloud Posse Team!