From 00c4e795588da94e351f27708f30ab2340e2ce1a Mon Sep 17 00:00:00 2001
From: Said Sef <saidsef@gmail.com>
Date: Thu, 10 Nov 2022 15:31:30 +0000
Subject: [PATCH] TF lint (#3)

* Update docs after removing unused vars

Badges styling fix

Add GitLab CI workflow reference example

* Removed unused vars
---
 README.md                          | 11 ++++++++---
 TERRAFORM.md                       |  6 ++----
 exmaples/complete/README.md        |  2 --
 exmaples/complete/main.tf          |  2 --
 exmaples/complete/terraform.tfvars |  2 --
 exmaples/complete/variables.tf     | 12 ------------
 main.tf                            |  6 +++---
 variables.tf                       | 12 ------------
 8 files changed, 13 insertions(+), 40 deletions(-)

diff --git a/README.md b/README.md
index 3cd2a54..9c6db4d 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
-# Terraform AWS GitLab OIDC Provider [![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)
+# Terraform AWS GitLab OIDC Provider
+[![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment--usage) ![GitHub issues](https://img.shields.io/github/issues-raw/saidsef/terraform-aws-gitlab-oidc) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)
 
 This Terraform module enables you to configure GitLab Actions as an AWS IAM OIDC identity provider in AWS, which enables GitLab Actions to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.
 
@@ -31,12 +32,16 @@ module "gitlab_oidc" {
 
 Please see [TERRAFORM.md](./TERRAFORM.md)
 
+## GitLab Runner
+
+Retrieve temporary credentials via [GitLab Runner](https://github.com/saidsef/terraform-aws-gitlab-oidc/blob/2b26d4f844a0ed52b10c72100e744d38965ab748/.gitlab-ci.yml#L16-L28)
+
 ## Source
 
-Our latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitLab](#deployment). Fork us!
+Our latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitHub](https://github.com/saidsef/terraform-aws-gitlab-oidc/). Fork us!
 
 ## Contributing
 
 We would :heart: you to contribute by making a [pull request](https://github.com/saidsef/terraform-aws-gitlab-oidc/pulls).
 
-Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.
\ No newline at end of file
+Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.
diff --git a/TERRAFORM.md b/TERRAFORM.md
index 1e8d056..9330571 100644
--- a/TERRAFORM.md
+++ b/TERRAFORM.md
@@ -10,8 +10,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
 
 ## Modules
 
@@ -42,8 +42,6 @@ No modules.
 | <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | Force detachment of policies attached to the IAM role | `string` | `false` | no |
 | <a name="input_gitlab_organisation"></a> [gitlab\_organisation](#input\_gitlab\_organisation) | GitLab organisation name | `string` | n/a | yes |
 | <a name="input_gitlab_repositories"></a> [gitlab\_repositories](#input\_gitlab\_repositories) | List of GitLab repository name(s) and branche names or patterns | <pre>list(object({<br>    name     = string<br>    branches = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "branches": null,<br>    "name": null<br>  }<br>]</pre> | no |
-| <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | Name of the IAM policy to be assumed by GitLab. | `string` | `"gitlab"` | no |
-| <a name="input_iam_policy_path"></a> [iam\_policy\_path](#input\_iam\_policy\_path) | Path to the IAM policy | `string` | `"/"` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM role | `string` | `"gitlab-runner"` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Path to the IAM role | `string` | `"/"` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the permissions boundary to be used by the IAM role | `string` | `""` | no |
diff --git a/exmaples/complete/README.md b/exmaples/complete/README.md
index 4aefa00..05c7d5b 100644
--- a/exmaples/complete/README.md
+++ b/exmaples/complete/README.md
@@ -27,8 +27,6 @@ No resources.
 | <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | Force detachment of policies attached to the IAM role | `string` | `false` | no |
 | <a name="input_gitlab_organisation"></a> [gitlab\_organisation](#input\_gitlab\_organisation) | GitLab organisation name | `string` | `"saidsef"` | no |
 | <a name="input_gitlab_repositories"></a> [gitlab\_repositories](#input\_gitlab\_repositories) | List of GitLab repository name(s) and branche names or patterns | <pre>list(object({<br>    name     = string<br>    branches = list(string)<br>  }))</pre> | <pre>[<br>  {<br>    "branches": null,<br>    "name": null<br>  }<br>]</pre> | no |
-| <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | Name of the IAM policy to be assumed by GitLab. | `string` | `"gitlab"` | no |
-| <a name="input_iam_policy_path"></a> [iam\_policy\_path](#input\_iam\_policy\_path) | Path to the IAM policy | `string` | `"/"` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM role | `string` | `"gitlab-runner"` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Path to the IAM role | `string` | `"/"` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the permissions boundary to be used by the IAM role | `string` | `""` | no |
diff --git a/exmaples/complete/main.tf b/exmaples/complete/main.tf
index 1694d1e..fdc6061 100644
--- a/exmaples/complete/main.tf
+++ b/exmaples/complete/main.tf
@@ -12,8 +12,6 @@ module "gitlab_oidc" {
   force_detach_policies         = false
   gitlab_organisation           = var.gitlab_organisation
   gitlab_repositories           = [{ name = "terraform-aws-gitlab-oidc", branches = ["main", "pr-*", "*pull*", "*"] }]
-  iam_policy_name               = "gitlab"
-  iam_policy_path               = "/"
   iam_role_name                 = "gitlab-runner"
   iam_role_path                 = "/"
   iam_role_permissions_boundary = ""
diff --git a/exmaples/complete/terraform.tfvars b/exmaples/complete/terraform.tfvars
index eae8918..ab697b4 100644
--- a/exmaples/complete/terraform.tfvars
+++ b/exmaples/complete/terraform.tfvars
@@ -10,8 +10,6 @@ gitlab_repositories = [
     "name" : null
   }
 ]
-iam_policy_name               = "gitlab"
-iam_policy_path               = "/"
 iam_role_name                 = "gitlab-runner"
 iam_role_path                 = "/"
 iam_role_permissions_boundary = ""
diff --git a/exmaples/complete/variables.tf b/exmaples/complete/variables.tf
index 42488d3..c909ce1 100644
--- a/exmaples/complete/variables.tf
+++ b/exmaples/complete/variables.tf
@@ -52,18 +52,6 @@ variable "gitlab_repositories" {
   description = "List of GitLab repository name(s) and branche names or patterns"
 }
 
-variable "iam_policy_name" {
-  default     = "gitlab"
-  description = "Name of the IAM policy to be assumed by GitLab."
-  type        = string
-}
-
-variable "iam_policy_path" {
-  default     = "/"
-  description = "Path to the IAM policy"
-  type        = string
-}
-
 variable "iam_role_name" {
   default     = "gitlab-runner"
   description = "Name of the IAM role"
diff --git a/main.tf b/main.tf
index a38ac74..567bd30 100644
--- a/main.tf
+++ b/main.tf
@@ -16,14 +16,14 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_role_policy_attachment" "admin" {
-  count = tobool(var.enabled) && var.attach_admin_policy ? 1 : 0
+  count = tobool(var.enabled) && tobool(var.attach_admin_policy) ? 1 : 0
 
   policy_arn = format("arn:%s:iam::aws:policy/AdministratorAccess", data.aws_partition.current.partition)
   role       = aws_iam_role.role[0].id
 }
 
 resource "aws_iam_role_policy_attachment" "read_only" {
-  count = tobool(var.enabled) && var.attach_read_only_policy ? 1 : 0
+  count = tobool(var.enabled) && tobool(var.attach_read_only_policy) ? 1 : 0
 
   policy_arn = format("arn:%s:iam::aws:policy/ReadOnlyAccess", data.aws_partition.current.partition)
   role       = aws_iam_role.role[0].id
@@ -37,7 +37,7 @@ resource "aws_iam_role_policy_attachment" "custom" {
 }
 
 resource "aws_iam_openid_connect_provider" "provider" {
-  count          = tobool(var.enabled) && var.create_oidc_provider ? 1 : 0
+  count          = tobool(var.enabled) && tobool(var.create_oidc_provider) ? 1 : 0
   client_id_list = [format("https://%s", var.url)]
 
   tags            = var.tags
diff --git a/variables.tf b/variables.tf
index d357852..9d1d5a4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -45,18 +45,6 @@ variable "gitlab_repositories" {
   description = "List of GitLab repository name(s) and branche names or patterns"
 }
 
-variable "iam_policy_name" {
-  default     = "gitlab"
-  description = "Name of the IAM policy to be assumed by GitLab."
-  type        = string
-}
-
-variable "iam_policy_path" {
-  default     = "/"
-  description = "Path to the IAM policy"
-  type        = string
-}
-
 variable "iam_role_name" {
   default     = "gitlab-runner"
   description = "Name of the IAM role"