From 42e857706ee35f068feace834c2870b2d8a05cce Mon Sep 17 00:00:00 2001 From: Moritz Zimmer Date: Tue, 23 Feb 2021 14:30:06 +0100 Subject: [PATCH] feat: added support for on_failure destinations to event source mappings --- README.md | 10 +- docs/part1.md | 8 +- docs/part2.md | 2 +- event_source_mappings.tf | 73 ++++++++- .../dynamodb-with-alias/main.tf | 19 ++- .../dynamodb-with-alias/outputs.tf | 2 +- .../kinesis/main.tf | 10 +- .../kinesis/outputs.tf | 2 +- .../with-event-source-mappings/sqs/main.tf | 6 +- .../with-event-source-mappings/sqs/outputs.tf | 2 +- test/event_source_mapping_test.go | 141 ------------------ test/go.sum | 11 -- variables.tf | 2 +- 13 files changed, 108 insertions(+), 180 deletions(-) diff --git a/README.md b/README.md index b5edabf..8bb3a82 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,8 @@ module "lambda" { ### with event source mappings [Event Source Mappings](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) to trigger your Lambda function by DynamoDb, -Kinesis and SQS can be declared inline. The module will add the required IAM permissions depending on the event source type to the function role automatically. +Kinesis and SQS can be declared inline. The module will add the required read-only IAM permissions depending on the event source type to +the function role automatically. In addition, permissions to send discarded batches to SNS or SQS will be added automatically, if `destination_arn_on_failure` is configured. see [examples](examples/with-event-source-mappings) for details @@ -133,6 +134,11 @@ module "lambda" { batch_size = 50 starting_position = "LATEST" + // optionally configure a SNS or SQS destination for discarded batches, required IAM + // permissions will be added automatically by this module, + // see https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html + destination_arn_on_failure = aws_sqs_queue.errors.arn + // optionally overwrite function_name in case an alias should be used in the // event source mapping, see https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html function_name = aws_lambda_alias.example.arn @@ -329,7 +335,7 @@ MINOR, and PATCH versions on each release to indicate any incompatibilities. | [description](#input\_description) | Description of what your Lambda Function does. | `string` | `""` | no | | [environment](#input\_environment) | Environment (e.g. env variables) configuration for the Lambda function enable you to dynamically pass settings to your function code and libraries | 
object({
    variables = map(string)
  })
| `null` | no | | [event](#input\_event) | (deprecated - use `cloudwatch_event_rules` [EventBridge/CloudWatch Events], `event_source_mappings` [DynamoDb, Kinesis, SQS] or `sns_subscriptions` [SNS] instead) Event source configuration which triggers the Lambda function. Supported events: cloudwatch-scheduled-event, dynamodb, kinesis, s3, sns, sqs | `map(string)` | `{}` | no | -| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `map(any)` | `{}` | no | +| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `any` | `{}` | no | | [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. If defined, The s3\_-prefixed options and image\_uri cannot be used. | `string` | `null` | no | | [function\_name](#input\_function\_name) | A unique name for your Lambda Function. | `string` | n/a | yes | | [handler](#input\_handler) | The function entrypoint in your code. | `string` | `""` | no | diff --git a/docs/part1.md b/docs/part1.md index 9eb3db2..3e14b7c 100644 --- a/docs/part1.md +++ b/docs/part1.md @@ -116,7 +116,8 @@ module "lambda" { ### with event source mappings [Event Source Mappings](https://www.terraform.io/docs/providers/aws/r/lambda_event_source_mapping.html) to trigger your Lambda function by DynamoDb, -Kinesis and SQS can be declared inline. The module will add the required IAM permissions depending on the event source type to the function role automatically. +Kinesis and SQS can be declared inline. The module will add the required read-only IAM permissions depending on the event source type to +the function role automatically. In addition, permissions to send discarded batches to SNS or SQS will be added automatically, if `destination_arn_on_failure` is configured. see [examples](examples/with-event-source-mappings) for details @@ -133,6 +134,11 @@ module "lambda" { batch_size = 50 starting_position = "LATEST" + // optionally configure a SNS or SQS destination for discarded batches, required IAM + // permissions will be added automatically by this module, + // see https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html + destination_arn_on_failure = aws_sqs_queue.errors.arn + // optionally overwrite function_name in case an alias should be used in the // event source mapping, see https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html function_name = aws_lambda_alias.example.arn diff --git a/docs/part2.md b/docs/part2.md index 1ca8a50..1ebab0d 100644 --- a/docs/part2.md +++ b/docs/part2.md @@ -61,7 +61,7 @@ | [description](#input\_description) | Description of what your Lambda Function does. | `string` | `""` | no | | [environment](#input\_environment) | Environment (e.g. env variables) configuration for the Lambda function enable you to dynamically pass settings to your function code and libraries | 
object({
    variables = map(string)
  })
| `null` | no | | [event](#input\_event) | (deprecated - use `cloudwatch_event_rules` [EventBridge/CloudWatch Events], `event_source_mappings` [DynamoDb, Kinesis, SQS] or `sns_subscriptions` [SNS] instead) Event source configuration which triggers the Lambda function. Supported events: cloudwatch-scheduled-event, dynamodb, kinesis, s3, sns, sqs | `map(string)` | `{}` | no | -| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `map(any)` | `{}` | no | +| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `any` | `{}` | no | | [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. If defined, The s3\_-prefixed options and image\_uri cannot be used. | `string` | `null` | no | | [function\_name](#input\_function\_name) | A unique name for your Lambda Function. | `string` | n/a | yes | | [handler](#input\_handler) | The function entrypoint in your code. | `string` | `""` | no | diff --git a/event_source_mappings.tf b/event_source_mappings.tf index 47377ac..887290f 100644 --- a/event_source_mappings.tf +++ b/event_source_mappings.tf @@ -1,11 +1,33 @@ locals { - dynamodb_event_sources = [for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:dynamodb:.*", lookup(v, "event_source_arn", null))) > 0] - kinesis_event_sources = [for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:kinesis:.*", lookup(v, "event_source_arn", null))) > 0] - sqs_event_sources = [for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:sqs:.*", lookup(v, "event_source_arn", null))) > 0] + // compute all event source mappings for DynamoDb + dynamodb_event_sources = [ + for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:dynamodb:.*", lookup(v, "event_source_arn", null))) > 0 + ] + + // compute all event source mappings for Kinesis + kinesis_event_sources = [ + for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:kinesis:.*", lookup(v, "event_source_arn", null))) > 0 + ] + + // compute all event source mappings for SQS + sqs_event_sources = [ + for k, v in var.event_source_mappings : lookup(v, "event_source_arn", null) if length(regexall(".*:sqs:.*", lookup(v, "event_source_arn", null))) > 0 + ] + + // compute SQS destination ARNs for discarded batches + on_failure_sqs_destination_arns = [ + for k, v in var.event_source_mappings : lookup(v, "destination_arn_on_failure", "") if length(regexall(".*:sqs:.*", lookup(v, "destination_arn_on_failure", ""))) > 0 + ] + + // compute SNS destination ARNs for discarded batches + on_failure_sns_destination_arns = [ + for k, v in var.event_source_mappings : lookup(v, "destination_arn_on_failure", "") if length(regexall(".*:sns:.*", lookup(v, "destination_arn_on_failure", ""))) > 0 + ] } resource "aws_lambda_event_source_mapping" "event_source" { - for_each = var.event_source_mappings + for_each = var.event_source_mappings + depends_on = [module.lambda] batch_size = lookup(each.value, "batch_size", null) bisect_batch_on_function_error = lookup(each.value, "bisect_batch_on_function_error", null) @@ -18,6 +40,15 @@ resource "aws_lambda_event_source_mapping" "event_source" { parallelization_factor = lookup(each.value, "parallelization_factor", null) starting_position = lookup(each.value, "starting_position", length(regexall(".*:sqs:.*", lookup(each.value, "event_source_arn", null))) > 0 ? null : "TRIM_HORIZON") starting_position_timestamp = lookup(each.value, "starting_position_timestamp", null) + + dynamic "destination_config" { + for_each = lookup(each.value, "destination_arn_on_failure", null) != null ? [true] : [] + content { + on_failure { + destination_arn = each.value["destination_arn_on_failure"] + } + } + } } // type specific minimal permissions for supported event_sources, @@ -25,7 +56,7 @@ resource "aws_lambda_event_source_mapping" "event_source" { data "aws_iam_policy_document" "event_sources" { count = length(var.event_source_mappings) > 0 ? 1 : 0 - // SQS permissions + // SQS event source mapping permissions dynamic "statement" { for_each = length(local.sqs_event_sources) > 0 ? [true] : [] content { @@ -44,7 +75,7 @@ data "aws_iam_policy_document" "event_sources" { } } - // DynamoDb permissions + // DynamoDb event source mapping permissions dynamic "statement" { for_each = length(local.dynamodb_event_sources) > 0 ? [true] : [] content { @@ -61,7 +92,7 @@ data "aws_iam_policy_document" "event_sources" { } } - // Kinesis permissions + // Kinesis event source mapping permissions dynamic "statement" { for_each = length(local.kinesis_event_sources) > 0 ? [true] : [] content { @@ -93,6 +124,34 @@ data "aws_iam_policy_document" "event_sources" { ] } } + + // SQS permission for on-failure destinations + dynamic "statement" { + for_each = length(local.on_failure_sqs_destination_arns) > 0 ? [true] : [] + content { + actions = [ + "sqs:SendMessage" + ] + + resources = [ + for arn in local.on_failure_sqs_destination_arns : arn + ] + } + } + + // SNS permission for on-failure destinations + dynamic "statement" { + for_each = length(local.on_failure_sns_destination_arns) > 0 ? [true] : [] + content { + actions = [ + "sns:Publish" + ] + + resources = [ + for arn in local.on_failure_sns_destination_arns : arn + ] + } + } } resource "aws_iam_policy" "event_sources" { diff --git a/examples/with-event-source-mappings/dynamodb-with-alias/main.tf b/examples/with-event-source-mappings/dynamodb-with-alias/main.tf index 92e218f..83f1f7e 100644 --- a/examples/with-event-source-mappings/dynamodb-with-alias/main.tf +++ b/examples/with-event-source-mappings/dynamodb-with-alias/main.tf @@ -54,11 +54,16 @@ module "lambda" { event_source_mappings = { table_1 = { - // optionally overwrite arguments like 'batch_size' - // from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping - batch_size = 50 - event_source_arn = aws_dynamodb_table.table_1.stream_arn - starting_position = "LATEST" + event_source_arn = aws_dynamodb_table.table_1.stream_arn + + // optionally overwrite arguments from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping + batch_size = 50 + maximum_retry_attempts = 3 + + // optionally configure a SNS or SQS destination for discarded batches, required IAM + // permissions will be added automatically by this module, + // see https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html + destination_arn_on_failure = aws_sqs_queue.errors.arn // optionally overwrite function_name in case an alias should be used in the // event source mapping, see https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html @@ -71,3 +76,7 @@ module "lambda" { } } } + +resource "aws_sqs_queue" "errors" { + name = "${module.lambda.function_name}-processing-errors" +} diff --git a/examples/with-event-source-mappings/dynamodb-with-alias/outputs.tf b/examples/with-event-source-mappings/dynamodb-with-alias/outputs.tf index 9972816..eeaf815 100644 --- a/examples/with-event-source-mappings/dynamodb-with-alias/outputs.tf +++ b/examples/with-event-source-mappings/dynamodb-with-alias/outputs.tf @@ -10,7 +10,7 @@ output "arn" { output "event_source_arns" { description = "The Amazon Resource Names (ARNs) identifying the event sources." - value = list(aws_dynamodb_table.table_1.stream_arn, aws_dynamodb_table.table_2.stream_arn) + value = [aws_dynamodb_table.table_1.stream_arn, aws_dynamodb_table.table_2.stream_arn] } output "function_name" { diff --git a/examples/with-event-source-mappings/kinesis/main.tf b/examples/with-event-source-mappings/kinesis/main.tf index 5235d1a..6faf439 100644 --- a/examples/with-event-source-mappings/kinesis/main.tf +++ b/examples/with-event-source-mappings/kinesis/main.tf @@ -30,19 +30,19 @@ module "lambda" { event_source_mappings = { stream_1 = { - // optionally overwrite arguments like 'batch_size' - // from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping - batch_size = 50 event_source_arn = aws_kinesis_stream.stream_1.arn + // optionally overwrite arguments from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping + batch_size = 50 + starting_position = "LATEST" // optionally overwrite default 'starting_position' + // optionally overwrite function_name in case an alias should be used in the // event source mapping, see https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html // function_name = aws_lambda_alias.example.arn } stream_2 = { - event_source_arn = aws_kinesis_stream.stream_2.arn - starting_position = "LATEST" // optionally overwrite default 'starting_position' + event_source_arn = aws_kinesis_stream.stream_2.arn } } } diff --git a/examples/with-event-source-mappings/kinesis/outputs.tf b/examples/with-event-source-mappings/kinesis/outputs.tf index b321ff3..3d707d4 100644 --- a/examples/with-event-source-mappings/kinesis/outputs.tf +++ b/examples/with-event-source-mappings/kinesis/outputs.tf @@ -5,7 +5,7 @@ output "arn" { output "event_source_arns" { description = "The Amazon Resource Names (ARNs) identifying the event sources." - value = list(aws_kinesis_stream.stream_1.arn, aws_kinesis_stream.stream_2.arn) + value = [aws_kinesis_stream.stream_1.arn, aws_kinesis_stream.stream_2.arn] } output "function_name" { diff --git a/examples/with-event-source-mappings/sqs/main.tf b/examples/with-event-source-mappings/sqs/main.tf index 085f4ed..26e7e4b 100644 --- a/examples/with-event-source-mappings/sqs/main.tf +++ b/examples/with-event-source-mappings/sqs/main.tf @@ -28,11 +28,11 @@ module "lambda" { event_source_mappings = { queue_1 = { - // optionally overwrite arguments like 'batch_size' - // from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping - batch_size = 5 event_source_arn = aws_sqs_queue.queue_1.arn + // optionally overwrite arguments from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping + batch_size = 5 + // optionally overwrite function_name in case an alias should be used in the // event source mapping, see https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html // function_name = aws_lambda_alias.example.arn diff --git a/examples/with-event-source-mappings/sqs/outputs.tf b/examples/with-event-source-mappings/sqs/outputs.tf index 12e76ca..64ae09b 100644 --- a/examples/with-event-source-mappings/sqs/outputs.tf +++ b/examples/with-event-source-mappings/sqs/outputs.tf @@ -5,7 +5,7 @@ output "arn" { output "event_source_arns" { description = "The Amazon Resource Names (ARNs) identifying the event sources." - value = list(aws_sqs_queue.queue_1.arn, aws_sqs_queue.queue_2.arn) + value = [aws_sqs_queue.queue_1.arn, aws_sqs_queue.queue_2.arn] } output "function_name" { diff --git a/test/event_source_mapping_test.go b/test/event_source_mapping_test.go index 140f4fc..f97da58 100644 --- a/test/event_source_mapping_test.go +++ b/test/event_source_mapping_test.go @@ -1,13 +1,9 @@ package test import ( - "encoding/json" - "fmt" - "github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/lambda" test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/assert" - "net/url" "testing" "github.com/aws/aws-sdk-go/aws" @@ -17,143 +13,6 @@ import ( const region = "eu-west-1" -type Policy struct { - // 2012-10-17 or 2008-10-17 old policies, do NOT use this for new policies - Version string `json:"Version"` - Id string `json:"Id,omitempty"` - Statements []Statement `json:"Statement"` -} - -type Statement struct { - Sid string `json:"Sid,omitempty"` // statement ID, service specific - Effect string `json:"Effect"` // Allow or Deny - Principal map[string]Value `json:"Principal,omitempty"` // principal that is allowed or denied - NotPrincipal map[string]Value `json:"NotPrincipal,omitempty"` // exception to a list of principals - Action Value `json:"Action"` // allowed or denied action - NotAction Value `json:"NotAction,omitempty"` // matches everything except - Resource Value `json:"Resource,omitempty"` // object or objects that the statement covers - NotResource Value `json:"NotResource,omitempty"` // matches everything except - Condition json.RawMessage `json:"Condition,omitempty"` // conditions for when a policy is in effect -} - -// AWS allows string or []string as value, we convert everything to []string to avoid casting -type Value []string - -func (value *Value) UnmarshalJSON(b []byte) error { - - var raw interface{} - err := json.Unmarshal(b, &raw) - if err != nil { - return err - } - - var p []string - // value can be string or []string, convert everything to []string - switch v := raw.(type) { - case string: - p = []string{v} - case []interface{}: - var items []string - for _, item := range v { - items = append(items, fmt.Sprintf("%v", item)) - } - p = items - default: - return fmt.Errorf("invalid %s value element: allowed is only string or []string", value) - } - - *value = p - return nil -} - -func TestPolicyAttachments(t *testing.T) { - td := []struct { - name string - dir string - actions []string - }{ - {name: "sqs", dir: "examples/with-event-source-mappings/sqs", actions: []string{"sqs:ReceiveMessage", "sqs:GetQueueAttributes", "sqs:DeleteMessageBatch", "sqs:DeleteMessage", "sqs:ChangeMessageVisibilityBatch", "sqs:ChangeMessageVisibility"}}, - {name: "dynamodb", dir: "examples/with-event-source-mappings/dynamodb-with-alias", actions: []string{"dynamodb:ListStreams", "dynamodb:GetShardIterator", "dynamodb:GetRecords", "dynamodb:DescribeStream"}}, - } - - sess := session.Must(session.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - })) - - svc := iam.New(sess, &aws.Config{Region: aws.String(region)}) - - // Root folder where terraform files should be (relative to the test folder) - rootFolder := ".." - - for _, tc := range td { - tc := tc // capture range variable for parallel execution of sub-tests - t.Run(tc.name, func(t *testing.T) { - t.Parallel() - - terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ - // Copy the example terraform folder to a temp folder - TerraformDir: test_structure.CopyTerraformFolderToTemp(t, rootFolder, tc.dir), - NoColor: true, - }) - defer terraform.Destroy(t, terraformOptions) - terraform.InitAndApply(t, terraformOptions) - - policy := getPolicy(t, svc, terraformOptions) - - for _, s := range policy.Statements { - assert.Equal(t, "Allow", s.Effect) - - // verify Resource ARNs - es := terraform.OutputList(t, terraformOptions, "event_source_arns") - assert.Len(t, s.Resource, 2) - for _, r := range s.Resource { - assert.Contains(t, es, r) - } - - // verify mandatory actions - assert.Len(t, s.Action, len(tc.actions)) - for _, a := range s.Action { - assert.Contains(t, tc.actions, a) - } - } - }) - } -} - -func getPolicy(t *testing.T, svc *iam.IAM, options *terraform.Options) Policy { - rn := terraform.Output(t, options, "role_name") - policies, err := svc.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ - RoleName: aws.String(rn), - }) - if err != nil { - t.Fatalf("failed to list role policies: %v", err) - } - assert.Len(t, policies.AttachedPolicies, 2) - - // custom policy attachment for event source should always be after 'AWSLambdaBasicExecutionRole ' - v, err := svc.GetPolicyVersion(&iam.GetPolicyVersionInput{ - PolicyArn: policies.AttachedPolicies[1].PolicyArn, - VersionId: aws.String("v1"), - }) - - if err != nil { - t.Fatalf("failed to get policy version: %v", err) - } - - decoded, err := url.QueryUnescape(aws.StringValue(v.PolicyVersion.Document)) - if err != nil { - t.Fatalf("failed to unescape policy document: %v", err) - } - - var policy Policy - err = json.Unmarshal([]byte(decoded), &policy) - if err != nil { - t.Fatalf("failed to unmarshall policy document: %v", err) - } - t.Logf("%+v\n", decoded) - return policy -} - func TestEventSourceMapping(t *testing.T) { td := []struct { name string diff --git a/test/go.sum b/test/go.sum index 9d3b3e2..e7e7430 100644 --- a/test/go.sum +++ b/test/go.sum @@ -60,7 +60,6 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.1 h1:MXnqY6SlWySaZAqNnXThOvjRFdiiOuKtC6i7baFdNdU= github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.36.22 h1:kkQdiotYI9RlGoAoMPbQyHKsl9oyT+vz/w2cN6EUZKs= github.com/aws/aws-sdk-go v1.36.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= @@ -169,7 +168,6 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= @@ -230,7 +228,6 @@ github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -241,7 +238,6 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -254,7 +250,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -433,10 +428,8 @@ golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -479,20 +472,17 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -572,7 +562,6 @@ google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEG google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/variables.tf b/variables.tf index 853f690..48f80f5 100644 --- a/variables.tf +++ b/variables.tf @@ -54,7 +54,7 @@ variable "event" { variable "event_source_mappings" { description = "Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role of this Lambda function will be enhanced with necessary minimum permissions to get those events." default = {} - type = map(any) + type = any } variable "filename" {