From fe0f1007e21176ae566034e6afe1b682d4fa1f79 Mon Sep 17 00:00:00 2001
From: Michael Manganiello <adamantike@users.noreply.github.com>
Date: Sun, 28 May 2023 14:00:44 -0300
Subject: [PATCH 1/5] Expose variable s3_object_ownership

Terraform code using this module could require different values than the
default, for `s3_object_ownership`.

Specifically, this will allow us to fix
/~https://github.com/cloudposse/terraform-aws-ecs-web-app/pull/225, which
is currently failing when trying to create ACLs, with error:

> AccessControlListNotSupported: The bucket does not allow ACLs
---
 Makefile                      | 1 +
 README.md                     | 3 ++-
 docs/terraform.md             | 3 ++-
 examples/complete/versions.tf | 4 ++--
 main.tf                       | 1 +
 variables.tf                  | 6 ++++++
 versions.tf                   | 4 ++--
 7 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 1cfc68f..36835bc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,5 @@
 SHELL := /bin/bash
+export TERRAFORM_VERSION = 1.3.9
 
 # List of targets the `readme` target should call before generating the readme
 export README_DEPS ?= docs/targets.md docs/terraform.md
diff --git a/README.md b/README.md
index 6ee8217..080484f 100644
--- a/README.md
+++ b/README.md
@@ -131,7 +131,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
 
 ## Providers
@@ -188,6 +188,7 @@ Available targets:
 | <a name="input_noncurrent_version_expiration_days"></a> [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Specifies when non-current object versions expire (in days) | `number` | `90` | no |
 | <a name="input_noncurrent_version_transition_days"></a> [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Specifies (in days) when noncurrent object versions transition to Glacier Flexible Retrieval | `number` | `30` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| <a name="input_s3_object_ownership"></a> [s3\_object\_ownership](#input\_s3\_object\_ownership) | Specifies the S3 object ownership control. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'. | `string` | `"BucketOwnerPreferred"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_standard_transition_days"></a> [standard\_transition\_days](#input\_standard\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Number of days to persist in the standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index bd46894..bc3e027 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
 
 ## Providers
@@ -60,6 +60,7 @@
 | <a name="input_noncurrent_version_expiration_days"></a> [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Specifies when non-current object versions expire (in days) | `number` | `90` | no |
 | <a name="input_noncurrent_version_transition_days"></a> [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Specifies (in days) when noncurrent object versions transition to Glacier Flexible Retrieval | `number` | `30` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| <a name="input_s3_object_ownership"></a> [s3\_object\_ownership](#input\_s3\_object\_ownership) | Specifies the S3 object ownership control. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'. | `string` | `"BucketOwnerPreferred"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_standard_transition_days"></a> [standard\_transition\_days](#input\_standard\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)<br>Number of days to persist in the standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index ce68e92..4c8603d 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     aws = {
@@ -7,4 +7,4 @@ terraform {
       version = ">= 4.0"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/main.tf b/main.tf
index 522c2cd..957bb37 100644
--- a/main.tf
+++ b/main.tf
@@ -71,6 +71,7 @@ module "s3_bucket" {
   access_log_bucket_name        = var.access_log_bucket_name
   access_log_bucket_prefix      = var.access_log_bucket_prefix
   lifecycle_configuration_rules = var.lifecycle_configuration_rules
+  s3_object_ownership           = var.s3_object_ownership
 
   # TODO: deprecate these inputs in favor of `lifecycle_configuration_rules`
   lifecycle_rule_enabled             = var.lifecycle_rule_enabled
diff --git a/variables.tf b/variables.tf
index e92414e..16bfc80 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,6 +32,12 @@ variable "access_log_bucket_prefix" {
   default     = null
 }
 
+variable "s3_object_ownership" {
+  type        = string
+  description = "Specifies the S3 object ownership control. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'."
+  default     = "BucketOwnerPreferred"
+}
+
 variable "allow_ssl_requests_only" {
   type        = bool
   description = "Require requests to use Secure Socket Layer (HTTPS/SSL)."
diff --git a/versions.tf b/versions.tf
index ce68e92..4c8603d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     aws = {
@@ -7,4 +7,4 @@ terraform {
       version = ">= 4.0"
     }
   }
-}
\ No newline at end of file
+}

From 16da08f125d613e5c1fdd1e537892d9b8153e4ba Mon Sep 17 00:00:00 2001
From: Nuru <Nuru@users.noreply.github.com>
Date: Mon, 6 May 2024 00:46:33 -0700
Subject: [PATCH 2/5] Bad format change to test lint workflow

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 3a72456..363562d 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,7 @@
 locals {
   enabled              = module.this.enabled
   generate_bucket_name = local.enabled && try(length(var.bucket_name) == 0, true) # Use `try` to handle `null` value
-  bucket_name          = local.generate_bucket_name ? module.bucket_name.id : var.bucket_name
+  bucket_name        = local.generate_bucket_name ? module.bucket_name.id : var.bucket_name
 }
 
 module "bucket_name" {

From d0adaec04337f04fd394eeb1dcb3348aaded2bdd Mon Sep 17 00:00:00 2001
From: Nuru <Nuru@users.noreply.github.com>
Date: Mon, 6 May 2024 00:54:36 -0700
Subject: [PATCH 3/5] Update Makefile to current standard

---
 Makefile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 36835bc..f2f668e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,4 @@
 SHELL := /bin/bash
-export TERRAFORM_VERSION = 1.3.9
 
 # List of targets the `readme` target should call before generating the readme
 export README_DEPS ?= docs/targets.md docs/terraform.md
@@ -8,4 +7,4 @@ export README_DEPS ?= docs/targets.md docs/terraform.md
 
 ## Lint terraform code
 lint:
-	$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate
+	$(SELF) terraform/install terraform/lint terraform/validate

From a4307893a705bcd47ea4a63d561af073a9bc955e Mon Sep 17 00:00:00 2001
From: Nuru <Nuru@users.noreply.github.com>
Date: Mon, 6 May 2024 00:55:16 -0700
Subject: [PATCH 4/5] revert test of linter

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 363562d..3a72456 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,7 @@
 locals {
   enabled              = module.this.enabled
   generate_bucket_name = local.enabled && try(length(var.bucket_name) == 0, true) # Use `try` to handle `null` value
-  bucket_name        = local.generate_bucket_name ? module.bucket_name.id : var.bucket_name
+  bucket_name          = local.generate_bucket_name ? module.bucket_name.id : var.bucket_name
 }
 
 module "bucket_name" {

From 68c9622c1f861c51dce5a7035b80da3b4be0716e Mon Sep 17 00:00:00 2001
From: Nuru <Nuru@users.noreply.github.com>
Date: Mon, 6 May 2024 01:01:12 -0700
Subject: [PATCH 5/5] Update s3-log-storage module version

---
 main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index 3a72456..f887892 100644
--- a/main.tf
+++ b/main.tf
@@ -26,7 +26,7 @@ data "aws_iam_policy_document" "default" {
     sid = ""
     principals {
       type        = "AWS"
-      identifiers = [join("", data.aws_elb_service_account.default.*.arn)]
+      identifiers = [join("", data.aws_elb_service_account.default[*].arn)]
     }
     effect = "Allow"
     actions = [
@@ -77,11 +77,11 @@ data "aws_partition" "current" {}
 
 module "s3_bucket" {
   source  = "cloudposse/s3-log-storage/aws"
-  version = "1.4.2"
+  version = "1.4.3"
 
   acl                           = var.acl
   bucket_name                   = var.bucket_name
-  source_policy_documents       = [join("", data.aws_iam_policy_document.default.*.json)]
+  source_policy_documents       = [join("", data.aws_iam_policy_document.default[*].json)]
   force_destroy                 = var.force_destroy
   versioning_enabled            = var.versioning_enabled
   allow_ssl_requests_only       = var.allow_ssl_requests_only