Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: v10.1.0 #151

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: v10.1.0 #151

wants to merge 2 commits into from

Conversation

esacteksab
Copy link
Contributor

@esacteksab esacteksab commented Feb 3, 2025
edited
Loading

#150 Introduces breaking changes. While I believe the changes should exist, short of quite a bit more effort, there isn't an upgrade path for users of the existing module where the changes that exist in this update provide. So this is a compromise.

I had imagined cutting two releases.

  • v10.1.0 (this one) which would allow users of the existing module to reap these benefits without further work (maybe setting appropriate variables).
  • v11.0.0 (BREAKING_CHANGES: V11 #150). This would allow anyone adopting the module for the first time to not have to deal with the breaking changes that exist as a result of the changes.

Long-term, I don't want to manage two branches.

I can add something to the existing README on both releases that talks about the versions and usage for both.

Closes:

Additions:

  • Adds support for Connection Logging on the ALB, disabled by default.
  • In addition to passing in a bucket name with logs_s3_bucket, the bool enable_access_logs and enable_connection_logs (both default to false) need to be set to true to enable logging of either type.
  • Supports adding the ALB to additional security groups.
  • Changed the default alb_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06.
  • Added enable_waf_fail_open with a default value of false.
  • Added preserve_host_header variable with a default value of false.
  • Added drop_invalid_host_headers variable with default value of true.

POTENTIAL BREAKING CHANGES

  • This pins AWS Provider to ~> 5.0.

General Housekeeping

  • Trivy support has been added, but not to .pre-commit-config.yaml because it is not possible to ignore the examples directory. So a target check has been added to the Makefile.
  • Markdown Lint Pre-Commit was Replaced with Markdownlint-cli2
  • Added Schema validation with check-jsonschema pre-commit for .pre-commit-config.yaml, .markdownlint.yml and renovate along with github-workflows (which is their name for Actions).
  • I've fought quite a bit with our CI/CD tooling. I think I finally got it. This uses a pre-commit-hook of terraform-docs-system which has an expectation that terraform-docs is installed locally. This also uses the official GitHub Action but there is a bug. So across the org, I've tried to find the right configuration adopting the official action along with pre-commit-hook and making it work everywhere. I believe this combination works. terraform-docs will still continue to work locally, but in GitHub Actions, we pass an ENV VAR of SKIP=terraform-system-go to not call terraform-docs a second time via pre-commit.

@esacteksab esacteksab changed the title feat: feat: v10.1.0 Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@esacteksab