Update atlantis version. Fix enabled logic (#166)

Update `atlantis` version

aws/ecs/acm.tf

@@ -1,4 +1,5 @@
 variable "subject_alternative_names" {
+  type        = "list"
   description = "A list of domains that should be SANs in the issued certificate"
   default     = []
 }

aws/ecs/atlantis.auto.tfvars.example

@@ -1,14 +1,14 @@
 # Write the github_oauth_token to SSM parameter store:
-# chamber write atlantis github_oauth_token "supersecret"
+# chamber write atlantis atlantis_gh_token "....."
 
-# When using Cognito authentication (atlantis_authentication_action_type = COGNITO), write the following values to SSM parameter store:
+# When using Cognito authentication (atlantis_authentication_type = COGNITO), write the following values to SSM parameter store:
 # chamber write atlantis atlantis_cognito_user_pool_arn "....."
 # chamber write atlantis atlantis_cognito_user_pool_client_id "....."
 # chamber write atlantis atlantis_cognito_user_pool_domain "....."
 
-# When using Google OIDC authentication (atlantis_authentication_action_type = GOOGLE_OIDC), write the following values to SSM parameter store:
-# chamber write atlantis atlantis_google_oidc_client_id "....."
-# chamber write atlantis atlantis_google_oidc_client_secret "....."
+# When using OIDC authentication (atlantis_authentication_type = OIDC), write the following values to SSM parameter store:
+# chamber write atlantis atlantis_oidc_client_id "....."
+# chamber write atlantis atlantis_oidc_client_secret "....."
 
 atlantis_enabled = "true"
 atlantis_branch = "master"
@@ -23,4 +23,22 @@ atlantis_gh_team_whitelist = "engineering:plan,devops:*"
 
 atlantis_wake_word = "atlantis"
 
-atlantis_authentication_action_type = "GOOGLE_OIDC"
+atlantis_authentication_type = "OIDC"
+
+atlantis_oidc_issuer = "https://accounts.google.com"
+
+atlantis_oidc_authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
+
+atlantis_oidc_token_endpoint = "https://oauth2.googleapis.com/token"
+
+atlantis_oidc_user_info_endpoint = "https://openidconnect.googleapis.com/v1/userinfo"
+
+atlantis_alb_ingress_unauthenticated_paths = ["/events"]
+
+atlantis_alb_ingress_listener_unauthenticated_priority = "50"
+
+atlantis_alb_ingress_authenticated_paths = ["/*"]
+
+atlantis_alb_ingress_listener_authenticated_priority = "100"
+
+availability_zones=["us-west-2a", "us-west-2b"]

aws/ecs/atlantis.tf

@@ -52,8 +52,8 @@ variable "atlantis_container_memory" {
 
 variable "atlantis_authentication_type" {
   type        = "string"
-  default     = "NONE"
-  description = "Authentication action type. Supported values are `COGNITO`, `OIDC`, `NONE`"
+  default     = ""
+  description = "Authentication action type. Supported values are `COGNITO` and `OIDC`"
 }
 
 variable "atlantis_cognito_user_pool_arn" {
@@ -164,76 +164,8 @@ variable "atlantis_alb_ingress_authenticated_paths" {
   description = "Authenticated path pattern to match (a maximum of 1 can be defined)"
 }
 
-variable "kms_key_id" {
-  type        = "string"
-  description = "KMS key ID used to encrypt SSM SecureString parameters"
-  default     = ""
-}
-
-variable "chamber_format" {
-  type        = "string"
-  description = "Format to store parameters in SSM, for consumption with chamber"
-  default     = "/%s/%s"
-}
-
-variable "chamber_service" {
-  type        = "string"
-  description = "SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$parameter would be the default."
-  default     = "atlantis"
-}
-
-variable "overwrite_ssm_parameter" {
-  type        = "string"
-  default     = "true"
-  description = "Whether to overwrite an existing SSM parameter"
-}
-
-data "aws_ssm_parameter" "atlantis_cognito_user_pool_arn" {
-  count = "${var.atlantis_authentication_type == "COGNITO" && length(var.atlantis_cognito_user_pool_arn) == 0 ? 1 : 0}"
-  name  = "${local.atlantis_cognito_user_pool_arn_ssm_name}"
-}
-
-data "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
-  count = "${var.atlantis_authentication_type == "COGNITO" && length(var.atlantis_cognito_user_pool_client_id) == 0 ? 1 : 0}"
-  name  = "${local.atlantis_cognito_user_pool_client_id_ssm_name}"
-}
-
-data "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
-  count = "${var.atlantis_authentication_type == "COGNITO" && length(var.atlantis_cognito_user_pool_domain) == 0 ? 1 : 0}"
-  name  = "${local.atlantis_cognito_user_pool_domain_ssm_name}"
-}
-
-data "aws_ssm_parameter" "atlantis_oidc_client_id" {
-  count = "${var.atlantis_authentication_type == "OIDC" && length(var.atlantis_oidc_client_id) == 0 ? 1 : 0}"
-  name  = "${local.atlantis_oidc_client_id_ssm_name}"
-}
-
-data "aws_ssm_parameter" "atlantis_oidc_client_secret" {
-  count = "${var.atlantis_authentication_type == "OIDC" && length(var.atlantis_oidc_client_secret) == 0 ? 1 : 0}"
-  name  = "${local.atlantis_oidc_client_secret_ssm_name}"
-}
-
-locals {
-  kms_key_id = "${length(var.kms_key_id) > 0 ? var.kms_key_id : format("alias/%s-%s-chamber", var.namespace, var.stage)}"
-
-  atlantis_cognito_user_pool_arn          = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_arn.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_arn.*.value) : var.atlantis_cognito_user_pool_arn}"
-  atlantis_cognito_user_pool_arn_ssm_name = "${length(var.atlantis_cognito_user_pool_arn_ssm_name) > 0 ? var.atlantis_cognito_user_pool_arn_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_arn")}"
-
-  atlantis_cognito_user_pool_client_id          = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_client_id.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_client_id.*.value) : var.atlantis_cognito_user_pool_client_id}"
-  atlantis_cognito_user_pool_client_id_ssm_name = "${length(var.atlantis_cognito_user_pool_client_id_ssm_name) > 0 ? var.atlantis_cognito_user_pool_client_id_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_client_id")}"
-
-  atlantis_cognito_user_pool_domain          = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_domain.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_domain.*.value) : var.atlantis_cognito_user_pool_domain}"
-  atlantis_cognito_user_pool_domain_ssm_name = "${length(var.atlantis_cognito_user_pool_domain_ssm_name) > 0 ? var.atlantis_cognito_user_pool_domain_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_domain")}"
-
-  atlantis_oidc_client_id          = "${length(join("", data.aws_ssm_parameter.atlantis_oidc_client_id.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_oidc_client_id.*.value) : var.atlantis_oidc_client_id}"
-  atlantis_oidc_client_id_ssm_name = "${length(var.atlantis_oidc_client_id_ssm_name) > 0 ? var.atlantis_oidc_client_id_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_oidc_client_id")}"
-
-  atlantis_oidc_client_secret          = "${length(join("", data.aws_ssm_parameter.atlantis_oidc_client_secret.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_oidc_client_secret.*.value) : var.atlantis_oidc_client_secret}"
-  atlantis_oidc_client_secret_ssm_name = "${length(var.atlantis_oidc_client_secret_ssm_name) > 0 ? var.atlantis_oidc_client_secret_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_oidc_client_secret")}"
-}
-
 module "atlantis" {
-  source    = "git::https://github.com/cloudposse/terraform-aws-ecs-atlantis.git?ref=tags/0.5.0"
+  source    = "git::https://github.com/cloudposse/terraform-aws-ecs-atlantis.git?ref=tags/0.7.0"
   enabled   = "${var.atlantis_enabled}"
   name      = "${var.name}"
   namespace = "${var.namespace}"
@@ -283,56 +215,12 @@ module "atlantis" {
   authentication_oidc_authorization_endpoint = "${var.atlantis_oidc_authorization_endpoint}"
   authentication_oidc_token_endpoint         = "${var.atlantis_oidc_token_endpoint}"
   authentication_oidc_user_info_endpoint     = "${var.atlantis_oidc_user_info_endpoint}"
-}
-
-resource "aws_ssm_parameter" "atlantis_cognito_user_pool_arn" {
-  count       = "${var.atlantis_authentication_type == "COGNITO" ? 1 : 0}"
-  overwrite   = "${var.overwrite_ssm_parameter}"
-  type        = "SecureString"
-  description = "Atlantis Cognito User Pool ARN"
-  key_id      = "${local.kms_key_id}"
-  name        = "${local.atlantis_cognito_user_pool_arn_ssm_name}"
-  value       = "${local.atlantis_cognito_user_pool_arn}"
-}
-
-resource "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
-  count       = "${var.atlantis_authentication_type == "COGNITO" ? 1 : 0}"
-  overwrite   = "${var.overwrite_ssm_parameter}"
-  type        = "SecureString"
-  description = "Atlantis Cognito User Pool Client ID"
-  key_id      = "${local.kms_key_id}"
-  name        = "${local.atlantis_cognito_user_pool_client_id_ssm_name}"
-  value       = "${local.atlantis_cognito_user_pool_client_id}"
-}
-
-resource "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
-  count       = "${var.atlantis_authentication_type == "COGNITO" ? 1 : 0}"
-  overwrite   = "${var.overwrite_ssm_parameter}"
-  type        = "SecureString"
-  description = "Atlantis Cognito User Pool Domain"
-  key_id      = "${local.kms_key_id}"
-  name        = "${local.atlantis_cognito_user_pool_domain_ssm_name}"
-  value       = "${local.atlantis_cognito_user_pool_domain}"
-}
-
-resource "aws_ssm_parameter" "atlantis_oidc_client_id" {
-  count       = "${var.atlantis_authentication_type == "OIDC" ? 1 : 0}"
-  overwrite   = "${var.overwrite_ssm_parameter}"
-  type        = "SecureString"
-  description = "Atlantis OIDC Client ID"
-  key_id      = "${local.kms_key_id}"
-  name        = "${local.atlantis_oidc_client_id_ssm_name}"
-  value       = "${local.atlantis_oidc_client_id}"
-}
 
-resource "aws_ssm_parameter" "atlantis_oidc_client_secret" {
-  count       = "${var.atlantis_authentication_type == "OIDC" ? 1 : 0}"
-  overwrite   = "${var.overwrite_ssm_parameter}"
-  type        = "SecureString"
-  description = "Atlantis OIDC Client Secret"
-  key_id      = "${local.kms_key_id}"
-  name        = "${local.atlantis_oidc_client_secret_ssm_name}"
-  value       = "${local.atlantis_oidc_client_secret}"
+  authentication_cognito_user_pool_arn_ssm_name       = "${var.atlantis_cognito_user_pool_arn_ssm_name}"
+  authentication_cognito_user_pool_client_id_ssm_name = "${var.atlantis_cognito_user_pool_client_id_ssm_name}"
+  authentication_cognito_user_pool_domain_ssm_name    = "${var.atlantis_cognito_user_pool_domain_ssm_name}"
+  authentication_oidc_client_id_ssm_name              = "${var.atlantis_oidc_client_id_ssm_name}"
+  authentication_oidc_client_secret_ssm_name          = "${var.atlantis_oidc_client_secret_ssm_name}"
 }
 
 output "atlantis_url" {

aws/ecs/default-backend.tf

@@ -8,7 +8,7 @@ variable "default_backend_name" {
 
 # default backend app
 module "default_backend_web_app" {
-  source     = "git::https://github.com/cloudposse/terraform-aws-ecs-web-app.git?ref=tags/0.17.0"
+  source     = "git::https://github.com/cloudposse/terraform-aws-ecs-web-app.git?ref=tags/0.18.0"
   name       = "${var.name}"
   namespace  = "${var.namespace}"
   stage      = "${var.stage}"

aws/ecs/vpc.tf

@@ -1,7 +1,6 @@
-variable "limit_availability_zones" {
-  type        = "string"
-  description = "Whether we should limit the number of AZs in use to 2"
-  default     = "true"
+variable "availability_zones" {
+  type        = "list"
+  description = "List of Availability Zones to provision all the resources in"
 }
 
 locals {
@@ -16,16 +15,9 @@ module "vpc" {
   cidr_block = "172.16.0.0/16"
 }
 
-data "aws_availability_zones" "available" {}
-
-locals {
-  max_availability_zones = "${var.limit_availability_zones == "true" ? 2 : length(data.aws_availability_zones.available.names)}"
-  availability_zones     = "${slice(data.aws_availability_zones.available.names, 0, local.max_availability_zones)}"
-}
-
 module "subnets" {
-  source              = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.6"
-  availability_zones  = "${local.availability_zones}"
+  source              = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.8.0"
+  availability_zones  = "${var.availability_zones}"
   namespace           = "${var.namespace}"
   stage               = "${var.stage}"
   name                = "${local.name}"