Initial Commit

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Richard-Barrett

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+
+- Device: [e.g. iPhone6]
+- OS: [e.g. iOS8.1]
+- Browser [e.g. stock browser, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/NOTES

@@ -0,0 +1,60 @@
+# Notes on JFrog Platform Terraform Module
+
+## Overview
+This module manages JFrog Platform resources, specifically SAML settings, SCIM groups, and SCIM users, with optional creation for each resource. It allows for flexibility in enabling only the resources needed for a given deployment.
+
+## Key Concepts
+
+1. **Selective Resource Creation**: 
+   - Each resource (SAML settings, SCIM group, SCIM user) can be optionally created by toggling boolean variables (`create_saml_settings`, `create_scim_group`, `create_scim_user`). This provides a high degree of customization and is useful in environments where only specific integrations are needed.
+
+2. **Provider Requirement**:
+   - This module relies on the `jfrog/platform` provider, which manages platform resources within JFrog environments. Ensure compatibility with the required provider version (`1.7.4`).
+
+3. **Resource Dependencies**:
+   - Since these resources may depend on shared variables (e.g., usernames and groups), ensure variable values align with the platform’s requirements. Dependencies between SAML and SCIM resources are not enforced in this module but should be configured consistently if both are used.
+
+## Usage Tips
+
+- **Environment-Specific Settings**:
+  - For different environments (e.g., dev, staging, production), consider creating separate `.tfvars` files. This allows easy toggling of resources and variable values without modifying the core module code.
+
+- **Variable Security**:
+  - Sensitive information, such as SAML certificates, should be managed securely. Avoid hard-coding sensitive data in `.tfvars` files or committing it to version control.
+
+- **Minimal Configuration**:
+  - To use the module with minimal configuration, only enable the resources you need and define required variables (e.g., `saml_settings_name` for SAML settings). This keeps configuration lean and avoids unnecessary resource creation.
+
+## Known Limitations
+
+- **Default Values**:
+  - This module assumes `false` as the default value for all resource toggle variables. Ensure these are set to `true` for each resource you intend to create.
+
+- **Provider Compatibility**:
+  - Ensure that the provider version specified in the module aligns with the JFrog platform's API version for best results and compatibility.
+
+- **Lack of Automated Dependencies**:
+  - Dependencies between SAML and SCIM resources (if required) are not handled automatically in this module. Adjust configuration accordingly if there’s a need for cross-resource dependency.
+
+## Future Enhancements
+
+- **Support for Additional Resources**:
+  - Expand module support to additional JFrog resources (e.g., repositories, permissions) for a more comprehensive platform configuration.
+
+- **Dynamic Outputs**:
+  - Add outputs based on created resources, allowing other modules to reference details such as the SAML configuration or user attributes for further integration.
+
+- **Automated Validation**:
+  - Implement validation functions for SAML and SCIM variables to ensure that all required fields are provided and correctly formatted.
+
+## Best Practices
+
+- **Use of Workspaces**:
+  - Leverage Terraform workspaces if deploying this module across multiple environments. This helps isolate state and configuration settings.
+
+- **Version Locking**:
+  - Lock the module version in your code to avoid unexpected changes from newer versions of this module. This can help maintain stability, especially in production environments.
+
+- **Sensitive Variable Handling**:
+  - Use `terraform.tfvars` or environment variables to manage sensitive information securely. Consider storing sensitive values in a secure secrets manager if possible.
+

.github/dependabot.yml

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,7 @@
+DESCRIPTION
+-----------
+< Description of the PR and what it accomplishes >
+
+ISSUE
+------
+< GitHub Issue ID, Jira Ticket ID, Trello Link, or Custom >

.github/workflows/docs.yaml

@@ -0,0 +1,20 @@
+---
+name: 'Terraform Docs'
+on:
+  pull_request:
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.AUTOMATION_PAT }}
+      - name: 'Docs'
+        uses: terraform-docs/gh-actions@v1
+        with:
+          find-dir: terraform/
+          output-file: README.md
+          output-method: inject
+          git-push: "true"

.github/workflows/format.yaml

@@ -0,0 +1,24 @@
+---
+name: 'Format'
+on:
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.AUTOMATION_PAT }}
+      - name: 'Setup'
+        uses: hashicorp/[email protected]
+        with:
+          terraform_version: 1.1.5
+      - name: 'Format'
+        id: fmt
+        run: terraform fmt -recursive
+      - name: 'Fix'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'terraform fmt: automated action'

.github/workflows/greetings.yaml

@@ -0,0 +1,17 @@
+---
+name: Greetings
+
+on: [pull_request_target, issues]
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+    - uses: actions/first-interaction@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-message: 'Message that will be displayed on users first issue'
+        pr-message: 'Message that will be displayed on users first pull request'

.github/workflows/iac-codeql.yaml

@@ -0,0 +1,22 @@
+---
+name: "CodeQL IaC"
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: "ubuntu-latest"
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Initialize and Analyze IaC
+        id: codeql_iac
+        uses: advanced-security/codeql-extractor-iac@main

.github/workflows/pre-commit.yaml

@@ -0,0 +1,15 @@
+---
+name: Pre-Commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    #- uses: pre-commit/[email protected]

.github/workflows/release.yaml

@@ -0,0 +1,17 @@
+---
+name: 'Release'
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+      - name: 'Release'
+        uses: "marvinpinto/[email protected]"
+        with:
+          repo_token: "${{ secrets.AUTOMATION_PAT }}"
+          prerelease: false

.github/workflows/stale.yaml

@@ -0,0 +1,28 @@
+---
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '34 17 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v9
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'

.github/workflows/tag.yaml

@@ -0,0 +1,16 @@
+---
+name: 'Tag'
+on:
+  push:
+    branches:
+      - main
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+      - name: 'Tag'
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTOMATION_PAT }}

.github/workflows/terraform_validate.yaml

@@ -0,0 +1,16 @@
+---
+name: Terraform Validate
+on: [push]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Validate Terraform module
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: terraform validate
+        uses: dflook/terraform-validate@v1
+        with:
+          path: 'examples/complete/'

.github/workflows/tflint.yaml

@@ -0,0 +1,41 @@
+---
+name: TFLint
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  tflint:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: actions/cache@v4
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+      with:
+        tflint_version: v0.50.3
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact

.github/workflows/trivy.yaml

@@ -0,0 +1,24 @@
+---
+name: Trivy Scan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Security Scan
+        if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch)
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'config'
+          scan-ref: './examples/complete/'
+          hide-progress: false
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'