From d6b2727d3022a60e0cc90093e9d16af820b91032 Mon Sep 17 00:00:00 2001 From: Archit Chopra <87892837+13archit@users.noreply.github.com> Date: Sat, 5 Aug 2023 00:03:08 +0530 Subject: [PATCH] fix: Added commecnts and update example folder heirarchy (#19) * fix: Added commecnts and update example folder heirarchy * fix: Update Workflows * fix: source in example.tf --- .github/dependabot.yml | 2 +- .github/workflows/auto_assignee.yml | 12 +++++ .github/workflows/readme.yml | 21 ++++---- .github/workflows/terraform.yml | 83 ----------------------------- .github/workflows/terratest.yml | 40 -------------- .github/workflows/tf-checks.yml | 11 ++++ .github/workflows/tflint.yml | 11 ++++ .github/workflows/tfsec.yml | 2 +- README.yaml | 4 ++ _example/complete/example.tf | 45 ++++++++++++++++ _example/{ => complete}/outputs.tf | 0 _example/example.tf | 40 -------------- main.tf | 31 +++++------ variables.tf | 20 +------ _example/versions.tf => versions.tf | 4 +- 15 files changed, 114 insertions(+), 212 deletions(-) create mode 100644 .github/workflows/auto_assignee.yml delete mode 100644 .github/workflows/terraform.yml delete mode 100644 .github/workflows/terratest.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml create mode 100644 _example/complete/example.tf rename _example/{ => complete}/outputs.tf (100%) delete mode 100644 _example/example.tf rename _example/versions.tf => versions.tf (65%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9067e3f..d4a7a71 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,7 +16,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/" # Location of package manifests + directory: "_example/complete/" # Location of package manifests schedule: interval: "weekly" # Add assignees diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..1f126cf --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,12 @@ +name: Auto Assign PRs +on: + pull_request: + types: [opened, reopened] + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' \ No newline at end of file diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 54f849a..b9b2976 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -3,17 +3,16 @@ on: push: branches: - master - jobs: - readme-create: + readme: name: 'readme-create' runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' @@ -21,17 +20,17 @@ jobs: uses: 'clouddrove/github-actions@v9.0.2' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - - name: 'pre-commit fix errors' - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit fix erros' + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' @@ -40,7 +39,7 @@ jobs: with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 @@ -51,4 +50,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() + if: always() \ No newline at end of file diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 09c04b1..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/ - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - terraform plan -input=false -no-color - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive \ No newline at end of file diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index 6b1cbb8..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - Terratest: - name: 'Terratest' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@v2.3.4 - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest' - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - if: ${{ github.event.label.name == 'terratest' }} - tf_actions_working_dir: '_test' - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..d335020 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,11 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-checks-complete-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_example/complete/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..ee98182 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index c203751..9aaf588 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -8,4 +8,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: - working_directory: '.' + working_directory: '.' \ No newline at end of file diff --git a/README.yaml b/README.yaml index 41711a3..562daf0 100644 --- a/README.yaml +++ b/README.yaml @@ -28,6 +28,10 @@ badges: image: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/terraform.yml/badge.svg" url: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/terraform.yml" +prerequesties: + - name: Terraform 1.5.4 + url: https://learn.hashicorp.com/terraform/getting-started/install.html + # description of this project description: |- Terraform module to create Iam role resource on AWS. diff --git a/_example/complete/example.tf b/_example/complete/example.tf new file mode 100644 index 0000000..23db746 --- /dev/null +++ b/_example/complete/example.tf @@ -0,0 +1,45 @@ +provider "aws" { + region = "eu-west-1" +} + +##----------------------------------------------------------------------------- +## IAM role module call. +##----------------------------------------------------------------------------- +module "iam-role" { + source = "./../../" + name = "iam" + environment = "test" + assume_role_policy = data.aws_iam_policy_document.default.json + policy_enabled = true + policy = data.aws_iam_policy_document.iam-policy.json +} + +##----------------------------------------------------------------------------- +## Data block to create IAM policy. +##----------------------------------------------------------------------------- +data "aws_iam_policy_document" "default" { + statement { + effect = "Allow" + actions = ["sts:AssumeRole"] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +##----------------------------------------------------------------------------- +## Data block to create IAM policy. +##----------------------------------------------------------------------------- +data "aws_iam_policy_document" "iam-policy" { + statement { + actions = [ + "ssm:UpdateInstanceInformation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel"] + effect = "Allow" + resources = ["*"] + } +} diff --git a/_example/outputs.tf b/_example/complete/outputs.tf similarity index 100% rename from _example/outputs.tf rename to _example/complete/outputs.tf diff --git a/_example/example.tf b/_example/example.tf deleted file mode 100644 index 0e76c8a..0000000 --- a/_example/example.tf +++ /dev/null @@ -1,40 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -module "iam-role" { - source = "./../" - - name = "iam" - environment = "test" - label_order = ["environment", "name"] - - assume_role_policy = data.aws_iam_policy_document.default.json - - policy_enabled = true - policy = data.aws_iam_policy_document.iam-policy.json -} - -data "aws_iam_policy_document" "default" { - statement { - effect = "Allow" - actions = ["sts:AssumeRole"] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - } -} - -data "aws_iam_policy_document" "iam-policy" { - statement { - actions = [ - "ssm:UpdateInstanceInformation", - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel"] - effect = "Allow" - resources = ["*"] - } -} diff --git a/main.tf b/main.tf index 02c7116..7e931ea 100644 --- a/main.tf +++ b/main.tf @@ -1,10 +1,9 @@ -## Managed By : CloudDrove -## Copyright @ CloudDrove. All Right Reserved. +# Managed By : CloudDrove +# Copyright @ CloudDrove. All Right Reserved. -#Module : label -#Description : This terraform module is designed to generate consistent label names and tags -# for resources. You can use terraform-labels to implement a strict naming -# convention. +##----------------------------------------------------------------------------- +## Labels module callled that will be used for naming and tags. +##----------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/aws" version = "1.3.0" @@ -17,8 +16,9 @@ module "labels" { label_order = var.label_order } -# Module : Iam Role -# Description : Terraform module to create IAm role resource on AWS. +##----------------------------------------------------------------------------- +## Below resource will deploy IAM role in AWS environment. +##----------------------------------------------------------------------------- resource "aws_iam_role" "default" { count = var.enabled ? 1 : 0 name = module.labels.id @@ -32,8 +32,9 @@ resource "aws_iam_role" "default" { tags = module.labels.tags } -# Module : Iam Role Policy -# Description : Terraform module to create IAm role policy resource on AWS to attach with Iam Role. +##----------------------------------------------------------------------------- +## Below resource will deploy IAM policy and attach it to above created IAM role. +##----------------------------------------------------------------------------- resource "aws_iam_role_policy" "default" { count = var.enabled && var.policy_enabled && var.policy_arn == "" ? 1 : 0 name = format("%s-policy", module.labels.id) @@ -41,11 +42,11 @@ resource "aws_iam_role_policy" "default" { policy = var.policy } -# Module : Iam Role Policy -# Description : Terraform module to create IAm role policy resource on AWS to attach with Iam Role. +##----------------------------------------------------------------------------- +## Below resource will attach IAM policy to above created IAM role. +##----------------------------------------------------------------------------- resource "aws_iam_role_policy_attachment" "default" { - count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0 - role = aws_iam_role.default.*.id[0] - + count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0 + role = aws_iam_role.default.*.id[0] policy_arn = var.policy_arn } diff --git a/variables.tf b/variables.tf index 7c6f7c4..8bcb72f 100644 --- a/variables.tf +++ b/variables.tf @@ -20,28 +20,10 @@ variable "environment" { variable "label_order" { type = list(any) - default = [] + default = ["name", "environment"] description = "Label order, e.g. `name`,`application`." } -variable "attributes" { - type = list(any) - default = [] - description = "Additional attributes (e.g. `1`)." -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`." -} - -variable "tags" { - type = map(any) - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." -} - variable "managedby" { type = string default = "hello@clouddrove.com" diff --git a/_example/versions.tf b/versions.tf similarity index 65% rename from _example/versions.tf rename to versions.tf index 87b6d15..cb08d20 100644 --- a/_example/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.5.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.5.0" } } }