From ae261e674f1387327c2297aa6b43570d24b7a545 Mon Sep 17 00:00:00 2001 From: Bar Haran Date: Wed, 24 Dec 2025 13:50:53 +0200 Subject: [PATCH 1/4] add jit bot zip for teams --- .../35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip | Bin 0 -> 7638 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/integrations/microsoft_teams/jit_bot/35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip diff --git a/src/integrations/microsoft_teams/jit_bot/35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip b/src/integrations/microsoft_teams/jit_bot/35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip new file mode 100644 index 0000000000000000000000000000000000000000..7c612d975d1ddbbf0e4cd9371e1de26520bce5bc GIT binary patch literal 7638 zcmd6Mc|26@|MwY7_6%ASN|CKpR7fPG zw22U9iSCpeqq48hb=19nf8Xcz{PFzpn|U2)T-RrPf8N*Ux?bnl+wk%UL+FQRZ|b4e z=?AYWB_RmCguob)PNg$(44PN0{T>T3;kBrwn3W~o0o)&f=tnfRX z0yBoYf^Lyq+yq9s+<=sk_AdIx@t5g3B35wvZb_}=2env6OIB zi*tsR@~}xB1Z(@92RyAVHY*hIXvxc5mB&kMd^YqxU6=lK7+0MY@nIz8;)@sQRrA5$ z4^K{q6;vGF@?+%Tz@9Ab!-33@5yNW*nopc7-|}mcl@CCtTGXH?lvPmwR*}dfY5b4$ zUh;TkkTIHjN+9X${|l!-Yj7~jV&jgbLeTiEfAP(Q0mpV{xvs^uu}4EIw@A@XTJ8-i zIFd8vR93}w|C%`NuIe5#aX((eRriv*27Hg$%!+m5y2N6Mw&K?t=W29k&na3mYV)%$Uk=OS)J5 za5_yxy=>h^OP%bCT%(}EO}9;yhH`i1!$o@?o9PQ2JT-XW{3K6c_QT~VqGYHu)qa4zjN;0dkZ0}X1?A%L zVYt)l_m8eVG_GXmDuZK27FhDYLj^^`t0aZaUryZ9DpE6(P?kO@J)CZ6oE+>lPfw0Gpjd0exTn3KkK2VHNYo#K&Up)(Z^m9(ZpWkIp)i$ZeXEz7f6Sz5e<;t@)eUwE zCd6^3MtemBmU}ViN=mN0lSu_b+R7>!8*Rp*xjNHAEyhewtNy-g7IBN@z3Jp z4sXthe^T9hdSy;Fmlcm+Yx$h{`;Z(Z!HLh~@jJ1U&|4-$=U-3rnqY6m z3H05T!A(D>)^BfYs_0nF&CC>hCm^L%{=9dy$RkfJOo4RyLgl)bg>4`1#Hp;*)J?)F z6KWnDu*NFk@v=8QCnQ$+Jf|n!>7h+JG38hAu>ySr+(|?@{#&7L<&mzCo6{kd3%Pc)KHEEW z!YFBCl_lJ}W^Im5B1xC{^S%&=<*MiImHX+BWIXusrl;RxdAHt*mcdAaER!Ey*M!Zl zDJRNz_PcF4VlmCpm~xsfcqwpnU%OA{QAS$V!&awrL+M?OD&As`^tESqc!1^HEQ~S9 zs~pQPypWRlL*Us$`Jujbj;iS)xtmD2w@tH4dsjxS6^m}EO@A`6%&R!{dwa4Y6zQ|- z+=r_sB|Rw}G5t{`DJ8kk@f)l2v{ywQ_HjAq6CUUA(8HEHkN#d}>Qeyk5;P3zcXQ_1cU&d7vqAQO!r(x;&qa;mu?XGZ9&V&o zJmG)XTYq0REP&_9JsvB$-Kza+0pmVbk^fHgkJ!BaS?I;n&xV(ABUS2vSVos^l~?!9 z?rjWbBnIQ`>%J`5ZZ=8{3tT6#*|uI|%BXq2up6Cy@fM`!bt56UU+&$6e}NKLrLgzi zQJRWrUD2B}&%~k^$3o631@-K)jZtwGot{yrubaORzaXT*_j&o5!L)}#!N~1|fRtnz z5feGV*9YJ5H5s&~2P=QN)Mc>Ws;*C}HeEU>JMc|sx%tXFb_bxD8s$s@Z#(ZRZtV3WETn2TVN?CrO+kI4$_}Ul8S+gqH*?;}=dO2mI zujd7@14T7;$_^K2qUFNy<`}ZK%Joa?&dvgTR02j%=$Nns#;6^m)}v9OlcLGLeop7Y zu#wi~G*#%@V7sFA+wyA|fFmr6BR zpEZh+a$5P-wS>DtGxed#aIuo)#G?%Va5q6%zgJt(2`4)g)bZ+EUwyxEQJ9|qKIcJ- zjLPFR6vbL`xr*thW&u62#ml+snfC{c1O28K=RQ7GjKOEKEpui1pCxpz+HT(!cPt{X zWnJ~m=k?r1mJiI^l;*L{A>QFSF60Vj4fmAzghR`sA{bA*W2%TP0|!1qn{jHoHgt`t)zVpm8`hAWkHNyy5R!JR^`Ow zO+A}>iZv?cY^ZQCrqgeNRA3}|OMKaHnMURq(6t|gxZTsf^04}9aafICWlVnJnGJ*I z6`T_Kgyb%q!-oyG-b=Rc;XX1=G;2LFlKoYoAiPLuF7{)TiJYiJZ;@^ubGSo4T}C88 zEa-~3Y3bYgL4l}skzpkR)~}3qD+#L3Rp9q(Y8kLj#h62`!5V_u6SVwL3eIi?G>f#d!3~oT70!P z$$B*Z-rM?vBg-_P&a`ctttEytt5lNtF3b8kI}0hBeEi@X;8-JopCzA@zDqlN19j^D)0 zsBN)Bm2Qoboqr)*kYo~*v`XvjAS6=;m8w#IY>M8NTrRC5-`KM0rhT=tg!Q3zxCl6U7u0vv&|m zn)iMYa&2@@$D(BXw+=n0Sjj-kr2KyIpbonxg-s89eci+vH4TG@ZcfjAvAAbDHE<>@ zs7^-s=ZOLFj2Pig;;iI|C!{gH5C%MPpjt0#|C*rB3jN1 z3J(X$U99weDq_~Lh`YaM7cER`IksOt{{fVq*17bt<&$$3jdr&+ycj2v>PVr-0QeT-_R3 zV#H8|`IVU$so^;O#vJ(DrjvF(j&D0H{5ZOkvlveg9_XdY&{(xmu;2EHhO^mg68w$e z-Oi8K*54g3emL6m0LOd9ScOmOOnOMwI@h$tBOlz6*K6;um(DF}&I%rxS=b_tv5!oZ zZxKr?|MBL%ye;M}cZ^YR+&jtUimUb!-!eq4G349($umMDB|mIL=6Yc17@GY`j9}{A zTy3$k%XFos($~N_1o*Ozi zelKf2w9UpdIwECkeodsolc6p<>hh7S(8W`4S#DE2mW@uEPtt=vYRvdH=Ck}FS{A(` z1Gz=U)3G5VJ_=Tw8}jUw@GDhTq_5sblbgL8f8VPs&+E=L^7g@5NOr18mnL&*T!ZEy zONs7ZxZuR|y-9TJX~m)Y^LyHE2t1hK*!Ku{jO)A4b$8~}${jk&d=}l%Tyr&Y_hF~c zrg{?(j3*O4e(ZnSYOA4*T}Iwq_rfJ2^y^zMxv~;Hi-A2h>O2zXGf1*nN8%})`cD;N z^sK zx$4%!g!=+#`NL`Cboz`jq~5UpSz%A-?Qc)r7f0hyM7?RXXeodcA$z!IU}e3<6Z&G# z^T%QvzL|*mYrCxhPX=C##_(dk?v6SWK2g*Dx@-EKaR`jJR2;1>ch0H|cl_EMyT*4? z#^Vu>CO5UwEh4bzU4q?0yZbXK3;Ou3>E$-^uiQHKGvYy=_;F!O6EopSe#> z-e2#GTMR#?pV2A9Xy)>^E&pHpoaF!V2xoW^LrOYZvY*E;1w564tjzb|Z<=}>v;W5< zt^mP4>Lm;Wp_d4dqI1|(3Jv)$54m6<0WUq|Vg(0}K@f(t^pFcPobqOGt)}S7#m_T) zc44I;nd3qpyv;(9Lc&r_d+fLM?!X{X)F$w?{}g}z^YO&as$Qegp00>krTPngZhm&X zc8!h0B_zKgZQ;7k+Y{^jZWzYIdPk^gY0K`Kst7y|tV$kPyvz40!vNE>Ryy0W>;2>@oz>yPS+}J1kDd;@zF{HR zM$A=GuaK`fRmdssG*;`V!|jV}QdRG*GF{x&FV%9(Y;j}h-35cM&!0HRXZ#j=6J3i=q{XUC920RDfeBJ*R?y`6#( zgkEAm%8x*!kP#Le=fk4YLKGBPL~q28ps+*1o6Tmhc4%mj5PyV9XCO?RABD)Iv*=_t zj!5^@Kxpb5mIkV&{!@pg!A1yvEDe7xoYr;?+dqVz&_Uc!ktHVzY6|`clSQG^fEO*C zCQcKK{1L{!zs+cE2NM($kkZy6ku^Pab=38?dFrTdMKm?lx06YF>e~q9tt3Qy8-b{$ z1!QRiKSW_ihyu%-&SV2MYYH2Tk~vf=_(vg3P2ta6P^q8Ns1WRk5IIZ=I|#O-5z$~6 zG%M6C_!)qBvM6lCnTeYC0}>w!8%LpoSq78hPap>Ub2cC#0QXZugNk?&s2abd)ERUt zg%||X*a*{)Wk+^q{mbruXf6r<44g$|QW)$d(EgDi>__lLSTJiT1DY2cMCUMJ0)qiu z5m0d!j1X89gsBFz=;$Q;Ck8B-NT9)fbbkaU6Ij3%4utj#EEE(93ub#GFoQ`aafs|+ z9souRDuGR=GyT9Ufej;m40-@4+TZOGXe4+ig8@*5mnZ?V=`a&v(W$`I&p?40CWYn8 zf(fi8=ja_c3j*d4rWb;PT_|jC7!5|9#U>Da|1$~}2%bg(2@^pAOoA7p2BSd}LB;@P z5`q0ED8Lt+PN%Y93Jt_TfLTC`3iA4uh8l_>Y6xfps8C^;;>VzZNN8*rO$Bfh*axQl z7)-<)p|L1`&jYL%BAN)gHUOk_5{QIIrE^GXOUi#M1qgu51V}RhoE#>CbEP@cs1#oW zW-|#S3R)}z^)GyYB9l%4)=^{t&|U})0G~WPkgzAR|?a!g2!=4l>N?%U^6_xJA zTEe0)@*)d1qtn<(AR9KPd4XOHBQ%016lqvL;67@(jA(}6OXj1a*LpgkK_uAWuB3-(t9uf+>8WcH zNn5nHX%Vz^w2}YW9=Zh({J@+Slg?q7f#t0L98g$$=xhr4SL3#$QG*nAkO@>40>bAo z7yx~i8Q?o$(|?TbqmU5#e~j*;fO7pB4FeAR37|9L!NLJm2T*_!u)Tp+@W)1 literal 0 HcmV?d00001 From f8d79bfd84de6a16644ba7e26d6a81f7945dc600 Mon Sep 17 00:00:00 2001 From: Bar Haran Date: Wed, 24 Dec 2025 14:12:19 +0200 Subject: [PATCH 2/4] rename zip --- ...4e00-9fd8-6af4de36ac11.zip => jit-teams-bot.zip} | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename src/integrations/microsoft_teams/jit_bot/{35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip => jit-teams-bot.zip} (100%) diff --git a/src/integrations/microsoft_teams/jit_bot/35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip b/src/integrations/microsoft_teams/jit_bot/jit-teams-bot.zip similarity index 100% rename from src/integrations/microsoft_teams/jit_bot/35df0b75-86b5-4e00-9fd8-6af4de36ac11.zip rename to src/integrations/microsoft_teams/jit_bot/jit-teams-bot.zip From aad4f73993c53d4d806708be75595aae907bf522 Mon Sep 17 00:00:00 2001 From: Bar Haran Date: Wed, 24 Dec 2025 14:17:18 +0200 Subject: [PATCH 3/4] change ubuntu version for linter workflow --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f98b87d..b92b4cb 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,7 +7,7 @@ on: - '!main' jobs: linter: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Python 3.8 From 982c54774ee9f3a58dc610ac91a58843a124a6c6 Mon Sep 17 00:00:00 2001 From: Bar Haran Date: Wed, 24 Dec 2025 14:24:16 +0200 Subject: [PATCH 4/4] fix linter --- .../aws_integration_automation/README.md | 26 ++++++++-------- .../organization_integration.tf | 12 ++++---- .../aws_organization/terraform.tfvars | 4 +-- .../examples/aws_organization/variables.tf | 2 +- .../single_account/account_integration.tf | 10 +++---- .../examples/single_account/terraform.tfvars | 4 +-- .../examples/single_account/variables.tf | 2 +- .../aws_integration_automation/locals.tf | 12 ++++---- .../aws_integration_automation/main.tf | 30 +++++++++---------- .../aws_integration_automation/variables.tf | 6 ++-- .../aws_integration_automation/versions.tf | 10 +++---- 11 files changed, 58 insertions(+), 60 deletions(-) diff --git a/src/integrations/aws_integration_automation/README.md b/src/integrations/aws_integration_automation/README.md index a2933ab..8acbadb 100644 --- a/src/integrations/aws_integration_automation/README.md +++ b/src/integrations/aws_integration_automation/README.md @@ -31,23 +31,23 @@ Deploys JIT integration across an entire AWS Organization using a CloudFormation ```hcl module "jit_aws_account_integration" { source = "path/to/aws_integration_automation" - + # JIT Configuration jit_client_id = var.jit_client_id jit_secret = var.jit_secret jit_region = "us" # Use "eu" for European API endpoint - + # Integration Type integration_type = "account" - + # AWS Configuration aws_regions_to_monitor = ["us-east-1", "us-west-2"] - + # Stack Configuration stack_name = "JitAccountIntegration" account_name = "Production Account" resource_name_prefix = "JitProd" - + # CloudFormation Configuration capabilities = ["CAPABILITY_NAMED_IAM"] } @@ -58,26 +58,26 @@ module "jit_aws_account_integration" { ```hcl module "jit_aws_org_integration" { source = "path/to/aws_integration_automation" - + # JIT Configuration jit_client_id = var.jit_client_id jit_secret = var.jit_secret jit_region = "us" # Use "eu" for European API endpoint - + # Integration Type integration_type = "org" - + # Organization Configuration organization_root_id = "r-xxxxxxxxxxxx" should_include_root_account = true - + # AWS Configuration aws_regions_to_monitor = ["us-east-1", "us-west-2", "eu-west-1"] - + # Stack Configuration stack_name = "JitOrgIntegration" resource_name_prefix = "JitOrg" - + # CloudFormation Configuration capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] } @@ -194,7 +194,7 @@ terraform plan terraform apply ``` -### Organization Integration +### Organization Integration - **Directory**: [`examples/aws_organization/`](examples/aws_organization/) - **Main File**: `organization_integration.tf` - **Variables**: `variables.tf` @@ -282,4 +282,4 @@ terraform apply ## License -This module is part of the JIT customer scripts repository. Please refer to the main repository license for usage terms. \ No newline at end of file +This module is part of the JIT customer scripts repository. Please refer to the main repository license for usage terms. diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf index daf0913..161e46f 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf +++ b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" @@ -20,24 +20,24 @@ provider "aws" { # Organization Integration Module module "jit_aws_org_integration" { source = "../../" - + # Jit API Configuration jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars jit_region = "us" # Use "eu" for European API endpoint - + # Integration Configuration integration_type = "org" aws_regions_to_monitor = var.regions_to_monitor - + # Organization Configuration organization_root_id = var.organization_root_id # Your AWS Organization Root ID should_include_root_account = var.should_include_root_account # Whether to include the management account - + # Stack Configuration stack_name = "JitOrgIntegration" resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources - + # CloudFormation Configuration capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] } diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars index 1a92548..059c465 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars +++ b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars @@ -2,7 +2,7 @@ # Follow the guide here - https://docs.jit.io/reference/credentials # Create creds using "Engineering Manager" role jit_client_id = "JIT_API_KEY_CLIENT_ID" -jit_secret = "JIT_API_KEY_SECRET" +jit_secret = "JIT_API_KEY_SECRET" # Should manage also the root account in Jit (false to avoid it) should_include_root_account = true @@ -17,4 +17,4 @@ regions_to_monitor = ["us-east-1", "us-west-2"] aws_region = "us-east-1" # Prefix for the resource name -resource_name_prefix = "JitOrg" \ No newline at end of file +resource_name_prefix = "JitOrg" diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf index 2512c5a..51fe908 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf +++ b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf @@ -38,4 +38,4 @@ variable "resource_name_prefix" { description = "Prefix for the resource name" type = string default = "JitOrg" -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf index 90a96cf..9cef1b8 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf +++ b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" @@ -20,21 +20,21 @@ provider "aws" { # Single Account Integration Module module "jit_aws_account_integration" { source = "../../" - + # Jit API Configuration jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars jit_region = "us" # Use "eu" for European API endpoint - + # Integration Configuration integration_type = "account" aws_regions_to_monitor = var.regions_to_monitor - + # Stack Configuration stack_name = "JitAccountIntegration" account_name = var.account_name # Optional: Display name in Jit platform resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources - + # CloudFormation Configuration capabilities = ["CAPABILITY_NAMED_IAM"] } diff --git a/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars index e816caa..c876f2b 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars +++ b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars @@ -2,7 +2,7 @@ # Follow the guide here - https://docs.jit.io/reference/credentials # Create creds using "Engineering Manager" role jit_client_id = "JIT_API_KEY_CLIENT_ID" -jit_secret = "JIT_API_KEY_SECRET" +jit_secret = "JIT_API_KEY_SECRET" # AWS regions to monitor using Jit regions_to_monitor = ["us-east-1", "us-west-2"] @@ -14,4 +14,4 @@ aws_region = "us-east-1" resource_name_prefix = "JitProd" # Name of the account to monitor -account_name = "My AWS Account" \ No newline at end of file +account_name = "My AWS Account" diff --git a/src/integrations/aws_integration_automation/examples/single_account/variables.tf b/src/integrations/aws_integration_automation/examples/single_account/variables.tf index 466138b..8624c3b 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/variables.tf +++ b/src/integrations/aws_integration_automation/examples/single_account/variables.tf @@ -31,4 +31,4 @@ variable "resource_name_prefix" { description = "Prefix for the resource name" type = string default = "JitProd" -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/locals.tf b/src/integrations/aws_integration_automation/locals.tf index 967cb16..cc7af64 100644 --- a/src/integrations/aws_integration_automation/locals.tf +++ b/src/integrations/aws_integration_automation/locals.tf @@ -1,25 +1,25 @@ locals { # JIT API Configuration jit_api_endpoint = var.jit_region == "us" ? "https://api.jit.io" : "https://api.eu.jit.io" - + # CloudFormation template URLs based on integration type cloudformation_template_url = var.integration_type == "org" ? "https://jit-aws-prod.s3.amazonaws.com/jit_aws_org_integration_stack.json" : "https://jit-aws-prod.s3.amazonaws.com/jit_aws_integration_stack.json" - + # Resource name prefix with integration-specific defaults resource_name_prefix = var.resource_name_prefix != null ? var.resource_name_prefix : (var.integration_type == "org" ? "JitOrg" : "Jit") - + # Base extra parameters for state token request base_extra_params = { regions_to_monitor = var.aws_regions_to_monitor integration_type = var.integration_type } - + # Additional parameters for organization integration org_extra_params = var.integration_type == "org" ? { organizationRootId = var.organization_root_id shouldIncludeRootAccount = var.should_include_root_account } : {} - + # State token request body with correct structure state_token_request_body = { vendor = "aws" @@ -29,4 +29,4 @@ locals { local.org_extra_params ) } -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/main.tf b/src/integrations/aws_integration_automation/main.tf index c994ee3..c13bdba 100644 --- a/src/integrations/aws_integration_automation/main.tf +++ b/src/integrations/aws_integration_automation/main.tf @@ -3,7 +3,7 @@ provider "restapi" { uri = local.jit_api_endpoint write_returns_object = true create_returns_object = true - + headers = { "Accept" = "application/json" "Content-Type" = "application/json" @@ -15,17 +15,17 @@ provider "restapi" { data "http" "jit_auth" { url = "${local.jit_api_endpoint}/authentication/login" method = "POST" - + request_headers = { "Accept" = "application/json" "Content-Type" = "application/json" } - + request_body = jsonencode({ clientId = var.jit_client_id secret = var.jit_secret }) - + lifecycle { postcondition { condition = self.status_code == 200 @@ -43,34 +43,34 @@ resource "restapi_object" "jit_state_token" { ignore_changes_to = ["token"] # Request body with state token parameters data = jsonencode(local.state_token_request_body) - + # Ignore changes to data since read endpoint returns different structure lifecycle { ignore_changes = [data] } - + depends_on = [data.http.jit_auth] } # CloudFormation Stack for single account integration resource "aws_cloudformation_stack" "jit_integration_account" { count = var.integration_type == "account" ? 1 : 0 - + name = var.stack_name template_url = local.cloudformation_template_url capabilities = var.capabilities - + parameters = { "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] "ResourceNamePrefix" = local.resource_name_prefix "AccountName" = var.account_name "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) } - + lifecycle { prevent_destroy = true } - + depends_on = [ data.http.jit_auth, restapi_object.jit_state_token @@ -80,26 +80,24 @@ resource "aws_cloudformation_stack" "jit_integration_account" { # CloudFormation Stack for organization integration resource "aws_cloudformation_stack" "jit_integration_org" { count = var.integration_type == "org" ? 1 : 0 - + name = var.stack_name template_url = local.cloudformation_template_url capabilities = var.capabilities - + parameters = { "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] "ResourceNamePrefix" = local.resource_name_prefix "OrganizationRootId" = var.organization_root_id "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) } - + lifecycle { prevent_destroy = true } - + depends_on = [ data.http.jit_auth, restapi_object.jit_state_token ] } - - diff --git a/src/integrations/aws_integration_automation/variables.tf b/src/integrations/aws_integration_automation/variables.tf index 8d88fba..f786c96 100644 --- a/src/integrations/aws_integration_automation/variables.tf +++ b/src/integrations/aws_integration_automation/variables.tf @@ -53,8 +53,8 @@ variable "resource_name_prefix" { default = null validation { condition = var.resource_name_prefix == null || ( - length(var.resource_name_prefix) >= 1 && - length(var.resource_name_prefix) <= 40 && + length(var.resource_name_prefix) >= 1 && + length(var.resource_name_prefix) <= 40 && can(regex("^[a-zA-Z0-9-_]*$", var.resource_name_prefix)) ) error_message = "The resource_name_prefix must be 1-40 characters and contain only alphanumeric characters, hyphens, and underscores." @@ -81,4 +81,4 @@ variable "capabilities" { description = "CloudFormation capabilities required for stack creation" type = list(string) default = ["CAPABILITY_NAMED_IAM"] -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/versions.tf b/src/integrations/aws_integration_automation/versions.tf index 16c8e54..59803a4 100644 --- a/src/integrations/aws_integration_automation/versions.tf +++ b/src/integrations/aws_integration_automation/versions.tf @@ -1,25 +1,25 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } - + http = { source = "hashicorp/http" version = ">= 3.0" } - + local = { source = "hashicorp/local" version = ">= 2.0" } - + restapi = { source = "Mastercard/restapi" version = ">= 1.19.1" } } -} \ No newline at end of file +}