update main.tf, version.tf and github action and add locals in e… (#20)

* fix: update main.tf, version.tf and github action and add locals in example * fix: fix security group issue * fix: run terraform fmt * fix: dfsec issue * fix: dfsec issue * fix: update vpn subnet and add lifecycle in acm * feat: added tls provider and veriables description * fix: remove tls provider and add in version.tf
clouddrove · Sep 7, 2023 · b6b320b · b6b320b
1 parent 7d7dbf9
commit b6b320b
Show file tree

Hide file tree

Showing 15 changed files with 275 additions and 99 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,30 @@
+# EditorConfig is awesome: http://EditorConfig.org
+# Uses editorconfig to maintain consistent coding styles
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+[Makefile]
+tab_width = 2
+indent_style = tab
+
+[COMMIT_EDITMSG]
+max_line_length = 0
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 # These owners will be the default owners for everything in the repo.
-*    @anmolnagpal @clouddrove/approvers @clouddrove-ci
+*       @anmolnagpal @clouddrove/approvers @clouddrove-ci
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,6 +5,17 @@
 
 version: 2
 updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 3
+    assignees:
+      - "clouddrove-ci"
+    reviewers:
+      - "approvers"
+
   - package-ecosystem: "terraform" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
@@ -15,8 +26,11 @@ updates:
     # Add reviewer
     reviewers:
       - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/" # Location of package manifests
+    directory: "/_example" # Location of package manifests
     schedule:
       interval: "weekly"
     # Add assignees
@@ -25,5 +39,7 @@ updates:
     # Add reviewer
     reviewers:
       - "approvers"
-
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
 
diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml
@@ -1,14 +1,12 @@
 name: Auto Assign PRs
-
 on:
   pull_request:
     types: [opened, reopened]
-
   workflow_dispatch:
 jobs:
   assignee:
     uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:
-      assignees: 'clouddrove-ci'
+      assignees: 'clouddrove-ci'
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -3,7 +3,6 @@ on:
   push:
     branches:
       - master
-
 jobs:
   readme:
     name: 'readme-create'

diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -8,4 +8,4 @@ jobs:
   example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/'
+      working_directory: './_example/'
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -5,7 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  tflint:
-    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master
     secrets:
-      GITHUB: ${{ secrets.GITHUB }}
+      GITHUB: ${{ secrets.GITHUB }}
diff --git a/README.yaml b/README.yaml
@@ -24,6 +24,10 @@ badges:
     image: "https://img.shields.io/badge/License-APACHE-blue.svg"
     url: "LICENSE.md"
 
+prerequesties:
+  - name: Terraform 1.5.3
+    url: https://learn.hashicorp.com/terraform/getting-started/install.html
+
 #  description of this project
 description: |-
   Terraform module to create Client VPN resource on AWS.
@@ -41,17 +45,15 @@ usage: |-
     module "vpn" {
         source              = "clouddrove/client-vpn/aws"
         version             = "1.0.5"
-        name                = "test-vpn"
-        enabled             = true
+        name                = local.name
+        environment         = local.environment
         split_tunnel_enable = true
-        environment         = "example"
-        label_order         = ["name", "environment"]
         cidr_block          = "172.0.0.0/16"
+        vpc_id              = module.vpc.vpc_id
         subnet_ids          = module.subnets.public_subnet_id
         route_cidr          = ["0.0.0.0/0", "0.0.0.0/0"]
-        security_group_ids = [""]
+        security_group_ids  = [""]
         route_subnet_ids    = module.subnets.public_subnet_id
         network_cidr        = ["0.0.0.0/0"]
-
-      }
-    ```
+    }
+  ```
diff --git a/_example/main.tf → _example/example.tf b/_example/main.tf → _example/example.tf
@@ -1,8 +1,10 @@
-##---------------------------------------------------------------------------------------------------------------------------
-## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
-##--------------------------------------------------------------------------------------------------------------------------
 provider "aws" {
-  region = "eu-west-1"
+  region = "us-east-1"
+}
+
+locals {
+  name        = "vpn"
+  environment = "test"
 }
 
 ##---------------------------------------------------------------------------------------------------------------------------
@@ -12,33 +14,30 @@ module "vpc" {
   source  = "clouddrove/vpc/aws"
   version = "2.0.0"
 
+  name            = local.name
+  environment     = local.environment
   enable_flow_log = false
-  name            = "vpc"
-  environment     = "example"
-  label_order     = ["name", "environment"]
-
-  cidr_block = "10.0.0.0/16"
+  cidr_block      = "10.0.0.0/16"
 }
 
 ##-----------------------------------------------------
 ## A subnet is a range of IP addresses in your VPC.
 ##-----------------------------------------------------
+#tfsec:ignore:aws-ec2-no-excessive-port-access
+#tfsec:ignore:aws-ec2-no-public-ingress-acl
 module "subnets" {
   source  = "clouddrove/subnet/aws"
   version = "2.0.0"
 
   nat_gateway_enabled = true
-
-  name        = "subnets"
-  environment = "example"
-  label_order = ["name", "environment"]
-
-  availability_zones = ["eu-west-1a", "eu-west-1b"]
-  vpc_id             = module.vpc.vpc_id
-  type               = "public-private"
-  igw_id             = module.vpc.igw_id
-  cidr_block         = module.vpc.vpc_cidr_block
-  ipv6_cidr_block    = module.vpc.ipv6_cidr_block
+  name                = local.name
+  environment         = local.environment
+  availability_zones  = ["us-east-1a", "us-east-1b"]
+  vpc_id              = module.vpc.vpc_id
+  type                = "public-private"
+  igw_id              = module.vpc.igw_id
+  cidr_block          = module.vpc.vpc_cidr_block
+  ipv6_cidr_block     = module.vpc.ipv6_cidr_block
 }
 
 ##-----------------------------------------------------------------------------
@@ -47,16 +46,13 @@ module "subnets" {
 module "vpn" {
   source = "../"
 
-  name                = "test-vpn"
-  enabled             = true
+  name                = local.name
+  environment         = local.environment
   split_tunnel_enable = true
-  environment         = "example"
-  label_order         = ["name", "environment"]
   cidr_block          = "172.0.0.0/16"
+  vpc_id              = module.vpc.vpc_id
   subnet_ids          = module.subnets.public_subnet_id
   route_cidr          = ["0.0.0.0/0", "0.0.0.0/0"]
-  security_group_ids  = [""]
   route_subnet_ids    = module.subnets.public_subnet_id
   network_cidr        = ["0.0.0.0/0"]
-
-}
+}
diff --git a/_example/outputs.tf b/_example/outputs.tf
@@ -14,3 +14,23 @@ output "tags" {
   value       = module.vpc.tags
   description = "A mapping of tags to assign to the resource."
 }
+
+output "sg_id" {
+  value       = module.vpn.sg_id
+  description = "The ID of the SG for Client VPN."
+}
+
+output "vpn_id" {
+  value       = module.vpn.vpn_id
+  description = "The ID of the Client VPN endpoint."
+}
+
+output "vpn_arn" {
+  value       = module.vpn.vpn_arn
+  description = "The ARN of the Client VPN endpoint."
+}
+
+output "vpn_dns_name" {
+  value       = module.vpn.vpn_dns_name
+  description = "VPN DNS name"
+}
diff --git a/_example/versions.tf b/_example/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.0"
+  required_version = ">= 1.5.5"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.9.0"
+      version = ">= 5.13.1"
     }
   }
-}
+}