TF lint (#3)

* Update docs after removing unused vars

Badges styling fix

Add GitLab CI workflow reference example

* Removed unused vars

Author: saidsef

README.md

@@ -1,4 +1,5 @@
-# Terraform AWS GitLab OIDC Provider [![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)
+# Terraform AWS GitLab OIDC Provider
+[![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment--usage) ![GitHub issues](https://img.shields.io/github/issues-raw/saidsef/terraform-aws-gitlab-oidc) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)
 
 This Terraform module enables you to configure GitLab Actions as an AWS IAM OIDC identity provider in AWS, which enables GitLab Actions to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.
 
@@ -31,12 +32,16 @@ module "gitlab_oidc" {
 
 Please see [TERRAFORM.md](./TERRAFORM.md)
 
+## GitLab Runner
+
+Retrieve temporary credentials via [GitLab Runner](https://github.com/saidsef/terraform-aws-gitlab-oidc/blob/2b26d4f844a0ed52b10c72100e744d38965ab748/.gitlab-ci.yml#L16-L28)
+
 ## Source
 
-Our latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitLab](#deployment). Fork us!
+Our latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitHub](https://github.com/saidsef/terraform-aws-gitlab-oidc/). Fork us!
 
 ## Contributing
 
 We would :heart: you to contribute by making a [pull request](https://github.com/saidsef/terraform-aws-gitlab-oidc/pulls).
 
-Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.
+Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.

TERRAFORM.md

@@ -10,8 +10,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
 
 ## Modules
 
@@ -42,8 +42,6 @@ No modules.
 | <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | Force detachment of policies attached to the IAM role | `string` | `false` | no |
 | <a name="input_gitlab_organisation"></a> [gitlab\_organisation](#input\_gitlab\_organisation) | GitLab organisation name | `string` | n/a | yes |
 | <a name="input_gitlab_repositories"></a> [gitlab\_repositories](#input\_gitlab\_repositories) | List of GitLab repository name(s) and branche names or patterns | <pre>list(object({<br>    name     = string<br>    branches = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "branches": null,<br>    "name": null<br>  }<br>]</pre> | no |
-| <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | Name of the IAM policy to be assumed by GitLab. | `string` | `"gitlab"` | no |
-| <a name="input_iam_policy_path"></a> [iam\_policy\_path](#input\_iam\_policy\_path) | Path to the IAM policy | `string` | `"/"` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM role | `string` | `"gitlab-runner"` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Path to the IAM role | `string` | `"/"` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the permissions boundary to be used by the IAM role | `string` | `""` | no |

exmaples/complete/README.md

@@ -27,8 +27,6 @@ No resources.
 | <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | Force detachment of policies attached to the IAM role | `string` | `false` | no |
 | <a name="input_gitlab_organisation"></a> [gitlab\_organisation](#input\_gitlab\_organisation) | GitLab organisation name | `string` | `"saidsef"` | no |
 | <a name="input_gitlab_repositories"></a> [gitlab\_repositories](#input\_gitlab\_repositories) | List of GitLab repository name(s) and branche names or patterns | <pre>list(object({<br>    name     = string<br>    branches = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "branches": null,<br>    "name": null<br>  }<br>]</pre> | no |
-| <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | Name of the IAM policy to be assumed by GitLab. | `string` | `"gitlab"` | no |
-| <a name="input_iam_policy_path"></a> [iam\_policy\_path](#input\_iam\_policy\_path) | Path to the IAM policy | `string` | `"/"` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM role | `string` | `"gitlab-runner"` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Path to the IAM role | `string` | `"/"` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the permissions boundary to be used by the IAM role | `string` | `""` | no |

exmaples/complete/main.tf

@@ -12,8 +12,6 @@ module "gitlab_oidc" {
   force_detach_policies         = false
   gitlab_organisation           = var.gitlab_organisation
   gitlab_repositories           = [{ name = "terraform-aws-gitlab-oidc", branches = ["main", "pr-*", "*pull*", "*"] }]
-  iam_policy_name               = "gitlab"
-  iam_policy_path               = "/"
   iam_role_name                 = "gitlab-runner"
   iam_role_path                 = "/"
   iam_role_permissions_boundary = ""

exmaples/complete/terraform.tfvars

@@ -10,8 +10,6 @@ gitlab_repositories = [
     "name" : null
   }
 ]
-iam_policy_name               = "gitlab"
-iam_policy_path               = "/"
 iam_role_name                 = "gitlab-runner"
 iam_role_path                 = "/"
 iam_role_permissions_boundary = ""

exmaples/complete/variables.tf

@@ -52,18 +52,6 @@ variable "gitlab_repositories" {
   description = "List of GitLab repository name(s) and branche names or patterns"
 }
 
-variable "iam_policy_name" {
-  default     = "gitlab"
-  description = "Name of the IAM policy to be assumed by GitLab."
-  type        = string
-}
-
-variable "iam_policy_path" {
-  default     = "/"
-  description = "Path to the IAM policy"
-  type        = string
-}
-
 variable "iam_role_name" {
   default     = "gitlab-runner"
   description = "Name of the IAM role"

main.tf

@@ -16,14 +16,14 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_role_policy_attachment" "admin" {
-  count = tobool(var.enabled) && var.attach_admin_policy ? 1 : 0
+  count = tobool(var.enabled) && tobool(var.attach_admin_policy) ? 1 : 0
 
   policy_arn = format("arn:%s:iam::aws:policy/AdministratorAccess", data.aws_partition.current.partition)
   role       = aws_iam_role.role[0].id
 }
 
 resource "aws_iam_role_policy_attachment" "read_only" {
-  count = tobool(var.enabled) && var.attach_read_only_policy ? 1 : 0
+  count = tobool(var.enabled) && tobool(var.attach_read_only_policy) ? 1 : 0
 
   policy_arn = format("arn:%s:iam::aws:policy/ReadOnlyAccess", data.aws_partition.current.partition)
   role       = aws_iam_role.role[0].id
@@ -37,7 +37,7 @@ resource "aws_iam_role_policy_attachment" "custom" {
 }
 
 resource "aws_iam_openid_connect_provider" "provider" {
-  count          = tobool(var.enabled) && var.create_oidc_provider ? 1 : 0
+  count          = tobool(var.enabled) && tobool(var.create_oidc_provider) ? 1 : 0
   client_id_list = [format("https://%s", var.url)]
 
   tags            = var.tags

variables.tf

@@ -45,18 +45,6 @@ variable "gitlab_repositories" {
   description = "List of GitLab repository name(s) and branche names or patterns"
 }
 
-variable "iam_policy_name" {
-  default     = "gitlab"
-  description = "Name of the IAM policy to be assumed by GitLab."
-  type        = string
-}
-
-variable "iam_policy_path" {
-  default     = "/"
-  description = "Path to the IAM policy"
-  type        = string
-}
-
 variable "iam_role_name" {
   default     = "gitlab-runner"
   description = "Name of the IAM role"