Merge branch 'main' into bump-example-version

ministryofjustice · Oct 31, 2023 · 1f4b010 · 1f4b010
2 parents 5374669 + cdea41e
commit 1f4b010
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 7 deletions.
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -6,7 +6,7 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ github.event.pull_request.head.ref }}
     - uses: terraform-docs/[email protected]

diff --git a/.github/workflows/push-terraform-module-version.yml b/.github/workflows/push-terraform-module-version.yml
@@ -7,7 +7,7 @@ jobs:
   push-terraform-module-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: ministryofjustice/cloud-platform-environments/cmd/push-terraform-module-version@main
         env:
           # see https://github.com/ministryofjustice/cloud-platform-go-get-module/

diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -7,7 +7,7 @@ jobs:
     name: Run Terratest Unit Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.2.5

diff --git a/README.md b/README.md
@@ -116,7 +116,7 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_irsa_policy_arn"></a> [irsa\_policy\_arn](#output\_irsa\_policy\_arn) | n/a |
+| <a name="output_irsa_policy_arn"></a> [irsa\_policy\_arn](#output\_irsa\_policy\_arn) | IAM policy ARN for access to the container repository |
 | <a name="output_repo_arn"></a> [repo\_arn](#output\_repo\_arn) | ECR repository ARN |
 | <a name="output_repo_url"></a> [repo\_url](#output\_repo\_url) | ECR repository URL |
 <!-- END_TF_DOCS -->

diff --git a/main.tf b/main.tf
@@ -109,14 +109,14 @@ data "aws_iam_policy_document" "irsa" {
   version = "2012-10-17"
 
   statement {
-    sid       = "AllowLogin"
+    sid       = "AllowLoginFor${random_id.oidc.hex}"
     effect    = "Allow"
     actions   = ["ecr:GetAuthorizationToken"]
     resources = ["*"]
   }
 
   statement {
-    sid    = "AllowReadOnly"
+    sid    = "AllowReadOnlyFor${random_id.oidc.hex}"
     effect = "Allow"
     actions = [
       # General

diff --git a/outputs.tf b/outputs.tf
@@ -9,5 +9,6 @@ output "repo_url" {
 }
 
 output "irsa_policy_arn" {
-  value = aws_iam_policy.irsa.arn
+  description = "IAM policy ARN for access to the container repository"
+  value       = aws_iam_policy.irsa.arn
 }