Add read permissions for blacklist file #16
Conversation
modules/role/role.tf
Outdated
| @@ -1,3 +1,8 @@ | |||
| locals { | |||
| should_create_s3_policy = var.blacklist_object_arn != null && var.blacklist_object_arn != "" ? true : false | |||
There was a problem hiding this comment.
isn't the ternary operator redundant here?
? true : false ...
There was a problem hiding this comment.
you can set 1: 0 instead of true/false then you don't need the if in #31,41,51
There was a problem hiding this comment.
another thing is the check for "" I think we should not check for empty and apply if it is empty without a policy - if user is uaing it - he should provide the arn, otherwise - it fails (and not passing without the blacklist)
There was a problem hiding this comment.
@eladbash dropped the "" check
modules/role/role.tf
Outdated
| @@ -1,3 +1,8 @@ | |||
| locals { | |||
| should_create_s3_policy = var.blacklist_object_arn != null && var.blacklist_object_arn != "" ? true : false | |||
There was a problem hiding this comment.
you can set 1: 0 instead of true/false then you don't need the if in #31,41,51
modules/role/role.tf
Outdated
| @@ -1,3 +1,8 @@ | |||
| locals { | |||
| should_create_s3_policy = var.blacklist_object_arn != null && var.blacklist_object_arn != "" ? true : false | |||
There was a problem hiding this comment.
another thing is the check for "" I think we should not check for empty and apply if it is empty without a policy - if user is uaing it - he should provide the arn, otherwise - it fails (and not passing without the blacklist)
Currently supported only in GitHub bot.
When S3_BLACK_LIST_BUCKET_NAME and S3_BLACK_LIST_OBJECT_KEY env vars are specified - we should add a read permission to the blacklist file sitting in S3.
We are allowing GetObject permission for this file's arn specifically.