diff --git a/README.md b/README.md
index 89c65cd..c1953ba 100644
--- a/README.md
+++ b/README.md
@@ -1,19 +1,15 @@
-# Terraform Module Template
-
-
-> **Warning**:
-> This is a template document. Remember to **remove** all text in _italics_ and **update** Module name, Repo name and links/badges to the acual name of your GitHub repository/module!!!
+# Terraform Gke Helm Atlantis
-
-
+
+
-
-
+
+
@@ -22,33 +18,77 @@
---
-_Brief Description of MODULE:_
-
-* _What it does_
-* _What technologies it uses_
-
-> **Warning**:
-> _When using "Invicton-Labs/deepmerge/null" module - pin `tflint` version to `v0.41.0` in [pre-commit.yaml](.github/workflows/pre-commit.yml) to avoid failing `tflint` checks_
+Terraform module for managing Atlantis on GKE Cluster
-## USAGE
-
-_Example usage of the module - terraform code snippet_
+Additionally, this module generates the configuration for Atlantis and uses this configuration in deployment
+## USAGE BASIC
```terraform
-module "template" {
- source = "getindata/template/null"
- # version = "x.x.x"
-
- example_var = "foo"
+module "terraform_gke_helm_atlantis" {
+ source = "getindata/terraform-helm-atlantis"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
+
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
+}
+```
+## USAGE ADVANCED
+```terraform
+module "terraform_gke_helm_atlantis" {
+ source = "getindata/terraform-helm-atlantis"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
+
+ repos = [
+ {
+ id = "/.*/"
+ allowed_overrides = ["workflow", "delete_source_branch_on_merge"]
+ allow_custom_workflows = true
+ allow_all_server_side_workflows = true
+ }
+ ]
+
+ repos_common_config = {
+ apply_requirements = ["approved", "mergeable"]
+ }
+
+ workflows = {
+ terragrunt-basic-with-features = {
+ import = {
+ steps = []
+ }
+
+ checkov = {
+ enabled = true,
+ soft_fail = true
+ }
+ infracost = {
+ enabled = true
+ }
+ check_gitlab_approvals = {
+ enabled = true
+ }
+ asdf = {
+ enabled = true
+ }
+ }
+ }
+
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
+ force_update = true
+ wait = false
+ recreate_pods = false
+ }
}
```
-
-## NOTES
-
-_Additional information that should be made public, for ex. how to solve known issues, additional descriptions/suggestions_
## EXAMPLES
-
- [Simple](examples/simple) - Basic usage of the module
- [Complete](examples/complete) - Advanced usage of the module
@@ -62,59 +102,63 @@ _Additional information that should be made public, for ex. how to solve known i
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
+| [app](#input\_app) | An application to deploy with specific values Here you can specify: The name of the application to deploy,Chart name, Repository address, Chart version |
object({
name = string
chart = optional(string, "atlantis")
repository = optional(string, "https://runatlantis.github.io/helm-charts")
version = optional(string, "^5")
force_update = optional(bool, true)
wait = optional(bool, true)
recreate_pods = optional(bool, true)
max_history = optional(number, 0)
lint = optional(bool, true)
cleanup_on_fail = optional(bool, false)
create_namespace = optional(bool, false)
disable_webhooks = optional(bool, false)
verify = optional(bool, false)
reuse_values = optional(bool, false)
reset_values = optional(bool, false)
atomic = optional(bool, false)
skip_crds = optional(bool, false)
render_subchart_notes = optional(bool, true)
disable_openapi_validation = optional(bool, false)
wait_for_jobs = optional(bool, false)
dependency_update = optional(bool, false)
replace = optional(bool, false)
timeout = optional(number, 300)
}) | n/a | yes |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
-| [descriptor\_name](#input\_descriptor\_name) | Name of the descriptor used to form a resource name | `string` | `"resource-type"` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [example\_var](#input\_example\_var) | Example variable passed into the module | `string` | n/a | yes |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [kubernetes\_namespace](#input\_kubernetes\_namespace) | Namespace where kubernetes SA will be applyed | `string` | n/a | yes |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
+| [project\_id](#input\_project\_id) | GCP project ID | `string` | n/a | yes |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [repos](#input\_repos) | Map of repositories and their configs. Refer to https://www.runatlantis.io/docs/server-side-repo-config.html#example-server-side-repo | list(object({
id = optional(string, "/.*/")
branch = optional(string)
apply_requirements = optional(list(string))
allowed_overrides = optional(list(string))
allowed_workflows = optional(list(string))
allow_custom_workflows = optional(bool)
delete_source_branch_on_merge = optional(bool)
pre_workflow_hooks = optional(list(object({
run = string
})))
post_workflow_hooks = optional(list(object({
run = string
})))
workflow = optional(string)
######### Helpers #########
allow_all_server_side_workflows = optional(bool, false)
terragrunt_atlantis_config = optional(object({
enabled = optional(bool)
output = optional(string)
automerge = optional(bool)
autoplan = optional(bool)
parallel = optional(bool)
cascade_dependencies = optional(bool)
filter = optional(string)
use_project_markers = optional(bool)
}))
})) | `[]` | no |
+| [repos\_common\_config](#input\_repos\_common\_config) | Common config that will be merged into each item of the repos list | object({
id = optional(string)
branch = optional(string)
apply_requirements = optional(list(string))
allowed_overrides = optional(list(string))
allowed_workflows = optional(list(string))
allow_custom_workflows = optional(bool)
delete_source_branch_on_merge = optional(bool)
pre_workflow_hooks = optional(list(object({
run = string
})))
post_workflow_hooks = optional(list(object({
run = string
})))
workflow = optional(string)
######### Helpers #########
allow_all_server_side_workflows = optional(bool, false)
terragrunt_atlantis_config = optional(object({
enabled = optional(bool)
output = optional(string)
automerge = optional(bool)
autoplan = optional(bool)
parallel = optional(bool)
cascade_dependencies = optional(bool)
filter = optional(string)
use_project_markers = optional(bool)
}))
}) | `{}` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| [sub\_resource](#input\_sub\_resource) | Some other resource that is part of stack/module | object({
descriptor_name = optional(string, "sub-resource-type")
example_var = string
}) | n/a | yes |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
+| [values](#input\_values) | Extra values | `list(string)` | `[]` | no |
+| [workflows](#input\_workflows) | List of custom workflow that will be added to the repo config file | map(object({
plan = optional(object({
steps = optional(list(object({
env = optional(object({
name = string
command = string
}))
run = optional(string)
multienv = optional(string)
atlantis_step = optional(object({
command = string
extra_args = optional(list(string))
}))
})))
}))
apply = optional(object({
steps = optional(list(object({
env = optional(object({
name = string
command = string
}))
run = optional(string)
multienv = optional(string)
atlantis_step = optional(object({
command = string
extra_args = optional(list(string))
}))
})))
}))
import = optional(object({
steps = optional(list(object({
env = optional(object({
name = string
command = string
}))
run = optional(string)
multienv = optional(string)
atlantis_step = optional(object({
command = string
extra_args = optional(list(string))
}))
})))
}))
state_rm = optional(object({
steps = optional(list(object({
env = optional(object({
name = string
command = string
}))
run = optional(string)
multienv = optional(string)
atlantis_step = optional(object({
command = string
extra_args = optional(list(string))
}))
})))
}))
template = optional(string, "terragrunt-basic")
asdf = optional(object({
enabled = optional(bool, false)
}), {})
checkov = optional(object({
enabled = optional(bool, false)
soft_fail = optional(bool, false)
file = optional(string, "$SHOWFILE")
}), {})
pull_gitlab_variables = optional(object({
enabled = optional(bool, false)
}), {})
check_gitlab_approvals = optional(object({
enabled = optional(bool, false)
}), {}),
infracost = optional(object({
enabled = optional(bool, false)
platform = optional(string, "gitlab")
token_environment_variable = optional(string)
behavior = optional(string, "new")
}), {}),
})) | `{}` | no |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [subresource\_label](#module\_subresource\_label) | cloudposse/label/null | 0.25.0 |
+| [atlantis\_repo\_config](#module\_atlantis\_repo\_config) | getindata/atlantis-repo-config/null | 2.3.0 |
+| [terraform\_gke\_helm\_release](#module\_terraform\_gke\_helm\_release) | git::https://github.com/getindata/terraform-gke-helm-release.git | v1.1.1 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
## Outputs
| Name | Description |
|------|-------------|
-| [example\_output](#output\_example\_output) | Example output of the module |
+| [gcp\_service\_account](#output\_gcp\_service\_account) | GCP service account. |
+| [gcp\_service\_account\_email](#output\_gcp\_service\_account\_email) | Email address of GCP service account. |
+| [gcp\_service\_account\_fqn](#output\_gcp\_service\_account\_fqn) | FQN of GCP service account. |
+| [gcp\_service\_account\_name](#output\_gcp\_service\_account\_name) | Name of GCP service account. |
+| [k8s\_service\_account\_name](#output\_k8s\_service\_account\_name) | Name of K8S service account. |
+| [k8s\_service\_account\_namespace](#output\_k8s\_service\_account\_namespace) | Namespace of k8s service account. |
## Providers
-| Name | Version |
-|------|---------|
-| [null](#provider\_null) | 3.1.1 |
+No providers.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
-| [null](#requirement\_null) | 3.1.1 |
## Resources
-| Name | Type |
-|------|------|
-| [null_resource.output_input](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource |
-| [null_resource.subresource](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource |
+No resources.
## CONTRIBUTING
@@ -130,7 +174,7 @@ Apache 2 Licensed. See [LICENSE](LICENSE) for full details.
## AUTHORS
-
+
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 1c0282f..75ba486 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -1,13 +1,55 @@
# Complete Example
+Webhook configuration
+https://www.runatlantis.io/docs/deployment.html#kubernetes-helm-chart
```terraform
-module "terraform_module_template" {
- source = "../../"
- context = module.this.context
+module "terraform_gke_helm_atlantis" {
+ source = "getindata/terraform-helm-atlantis"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
- example_var = "This is a example value."
- sub_resource = {
- example_var = "This is a example value of sub resource."
+ repos = [
+ {
+ id = "/.*/"
+ allowed_overrides = ["workflow", "delete_source_branch_on_merge"]
+ allow_custom_workflows = true
+ allow_all_server_side_workflows = true
+ }
+ ]
+
+ repos_common_config = {
+ apply_requirements = ["approved", "mergeable"]
+ }
+
+ workflows = {
+ terragrunt-basic-with-features = {
+ import = {
+ steps = []
+ }
+
+ checkov = {
+ enabled = true,
+ soft_fail = true
+ }
+ infracost = {
+ enabled = true
+ }
+ check_gitlab_approvals = {
+ enabled = true
+ }
+ asdf = {
+ enabled = true
+ }
+ }
+ }
+
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
+ force_update = true
+ wait = false
+ recreate_pods = false
}
}
```
@@ -15,6 +57,6 @@ module "terraform_module_template" {
## Usage
```
terraform init
-terraform plan -var-file fixtures.tfvars -out tfplan
+terraform plan -out tfplan
terraform apply tfplan
```
diff --git a/examples/complete/context.tf b/examples/complete/context.tf
deleted file mode 100644
index 5e0ef88..0000000
--- a/examples/complete/context.tf
+++ /dev/null
@@ -1,279 +0,0 @@
-#
-# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label
-# All other instances of this file should be a copy of that one
-#
-#
-# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf
-# and then place it in your Terraform module to automatically get
-# Cloud Posse's standard configuration inputs suitable for passing
-# to Cloud Posse modules.
-#
-# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
-#
-# Modules should access the whole context as `module.this.context`
-# to get the input variables with nulls for defaults,
-# for example `context = module.this.context`,
-# and access individual variables as `module.this.`,
-# with final values filled in.
-#
-# For example, when using defaults, `module.this.context.delimiter`
-# will be null, and `module.this.delimiter` will be `-` (hyphen).
-#
-
-module "this" {
- source = "cloudposse/label/null"
- version = "0.25.0" # requires Terraform >= 0.13.0
-
- enabled = var.enabled
- namespace = var.namespace
- tenant = var.tenant
- environment = var.environment
- stage = var.stage
- name = var.name
- delimiter = var.delimiter
- attributes = var.attributes
- tags = var.tags
- additional_tag_map = var.additional_tag_map
- label_order = var.label_order
- regex_replace_chars = var.regex_replace_chars
- id_length_limit = var.id_length_limit
- label_key_case = var.label_key_case
- label_value_case = var.label_value_case
- descriptor_formats = var.descriptor_formats
- labels_as_tags = var.labels_as_tags
-
- context = var.context
-}
-
-# Copy contents of cloudposse/terraform-null-label/variables.tf here
-
-variable "context" {
- type = any
- default = {
- enabled = true
- namespace = null
- tenant = null
- environment = null
- stage = null
- name = null
- delimiter = null
- attributes = []
- tags = {}
- additional_tag_map = {}
- regex_replace_chars = null
- label_order = []
- id_length_limit = null
- label_key_case = null
- label_value_case = null
- descriptor_formats = {}
- # Note: we have to use [] instead of null for unset lists due to
- # https://github.com/hashicorp/terraform/issues/28137
- # which was not fixed until Terraform 1.0.0,
- # but we want the default to be all the labels in `label_order`
- # and we want users to be able to prevent all tag generation
- # by setting `labels_as_tags` to `[]`, so we need
- # a different sentinel to indicate "default"
- labels_as_tags = ["unset"]
- }
- description = <<-EOT
- Single object for setting entire context at once.
- See description of individual variables for details.
- Leave string and numeric variables as `null` to use default value.
- Individual variable settings (non-null) override settings in context object,
- except for attributes, tags, and additional_tag_map, which are merged.
- EOT
-
- validation {
- condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
- error_message = "Allowed values: `lower`, `title`, `upper`."
- }
-
- validation {
- condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
- error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
- }
-}
-
-variable "enabled" {
- type = bool
- default = null
- description = "Set to false to prevent the module from creating any resources"
-}
-
-variable "namespace" {
- type = string
- default = null
- description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
-}
-
-variable "tenant" {
- type = string
- default = null
- description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
-}
-
-variable "environment" {
- type = string
- default = null
- description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
-}
-
-variable "stage" {
- type = string
- default = null
- description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
-}
-
-variable "name" {
- type = string
- default = null
- description = <<-EOT
- ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
- This is the only ID element not also included as a `tag`.
- The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
- EOT
-}
-
-variable "delimiter" {
- type = string
- default = null
- description = <<-EOT
- Delimiter to be used between ID elements.
- Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
- EOT
-}
-
-variable "attributes" {
- type = list(string)
- default = []
- description = <<-EOT
- ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
- in the order they appear in the list. New attributes are appended to the
- end of the list. The elements of the list are joined by the `delimiter`
- and treated as a single ID element.
- EOT
-}
-
-variable "labels_as_tags" {
- type = set(string)
- default = ["default"]
- description = <<-EOT
- Set of labels (ID elements) to include as tags in the `tags` output.
- Default is to include all labels.
- Tags with empty values will not be included in the `tags` output.
- Set to `[]` to suppress all generated tags.
- **Notes:**
- The value of the `name` tag, if included, will be the `id`, not the `name`.
- Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
- changed in later chained modules. Attempts to change it will be silently ignored.
- EOT
-}
-
-variable "tags" {
- type = map(string)
- default = {}
- description = <<-EOT
- Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
- Neither the tag keys nor the tag values will be modified by this module.
- EOT
-}
-
-variable "additional_tag_map" {
- type = map(string)
- default = {}
- description = <<-EOT
- Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
- This is for some rare cases where resources want additional configuration of tags
- and therefore take a list of maps with tag key, value, and additional configuration.
- EOT
-}
-
-variable "label_order" {
- type = list(string)
- default = null
- description = <<-EOT
- The order in which the labels (ID elements) appear in the `id`.
- Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
- EOT
-}
-
-variable "regex_replace_chars" {
- type = string
- default = null
- description = <<-EOT
- Terraform regular expression (regex) string.
- Characters matching the regex will be removed from the ID elements.
- If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
- EOT
-}
-
-variable "id_length_limit" {
- type = number
- default = null
- description = <<-EOT
- Limit `id` to this many characters (minimum 6).
- Set to `0` for unlimited length.
- Set to `null` for keep the existing setting, which defaults to `0`.
- Does not affect `id_full`.
- EOT
- validation {
- condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
- error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
- }
-}
-
-variable "label_key_case" {
- type = string
- default = null
- description = <<-EOT
- Controls the letter case of the `tags` keys (label names) for tags generated by this module.
- Does not affect keys of tags passed in via the `tags` input.
- Possible values: `lower`, `title`, `upper`.
- Default value: `title`.
- EOT
-
- validation {
- condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
- error_message = "Allowed values: `lower`, `title`, `upper`."
- }
-}
-
-variable "label_value_case" {
- type = string
- default = null
- description = <<-EOT
- Controls the letter case of ID elements (labels) as included in `id`,
- set as tag values, and output by this module individually.
- Does not affect values of tags passed in via the `tags` input.
- Possible values: `lower`, `title`, `upper` and `none` (no transformation).
- Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
- Default value: `lower`.
- EOT
-
- validation {
- condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
- error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
- }
-}
-
-variable "descriptor_formats" {
- type = any
- default = {}
- description = <<-EOT
- Describe additional descriptors to be output in the `descriptors` output map.
- Map of maps. Keys are names of descriptors. Values are maps of the form
- `{
- format = string
- labels = list(string)
- }`
- (Type is `any` so the map values can later be enhanced to provide additional options.)
- `format` is a Terraform format string to be passed to the `format()` function.
- `labels` is a list of labels, in order, to pass to `format()` function.
- Label values will be normalized before being passed to `format()` so they will be
- identical to how they appear in `id`.
- Default is `{}` (`descriptors` output will be empty).
- EOT
-}
-
-#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/examples/complete/extra-values/values.yaml b/examples/complete/extra-values/values.yaml
new file mode 100644
index 0000000..5e299b8
--- /dev/null
+++ b/examples/complete/extra-values/values.yaml
@@ -0,0 +1,6 @@
+gitlab: {}
+# gitlab:
+# user: foo
+# token: bar
+# secret: baz
+# hostname: gitlab.your.org
diff --git a/examples/complete/fixtures.tfvars b/examples/complete/fixtures.tfvars
deleted file mode 100644
index 11358b0..0000000
--- a/examples/complete/fixtures.tfvars
+++ /dev/null
@@ -1,7 +0,0 @@
-descriptor_formats = {
-
-}
-
-tags = {
- Terraform = "True"
-}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index bd89c41..408a03c 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,9 +1,48 @@
-module "terraform_module_template" {
- source = "../../"
- context = module.this.context
+module "terraform_gke_helm_atlantis" {
+ source = "../../"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
+ repos = [
+ {
+ id = "/.*/"
+ allowed_overrides = ["workflow", "delete_source_branch_on_merge"]
+ allow_custom_workflows = true
+ allow_all_server_side_workflows = true
+ }
+ ]
- example_var = "This is a example value."
- sub_resource = {
- example_var = "This is a example value of sub resource."
+ repos_common_config = {
+ apply_requirements = ["approved", "mergeable"]
+ }
+
+ workflows = {
+ terragrunt-basic-with-features = {
+ import = {
+ steps = []
+ }
+
+ checkov = {
+ enabled = true,
+ soft_fail = true
+ }
+ infracost = {
+ enabled = true
+ }
+ check_gitlab_approvals = {
+ enabled = true
+ }
+ asdf = {
+ enabled = true
+ }
+ }
+ }
+
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
+ force_update = true
+ wait = false
+ recreate_pods = false
}
}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index c2007a2..933c998 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -1,4 +1,23 @@
-output "example_output" {
- description = "Example output of the module"
- value = module.terraform_module_template
+output "gcp_service_account" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account
+}
+output "gcp_service_account_email" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_email
+ description = "Email address of GCP service account."
+}
+output "gcp_service_account_fqn" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_fqn
+ description = "FQN of GCP service account."
+}
+output "gcp_service_account_name" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_name
+ description = "Name of GCP service account."
+}
+output "k8s_service_account_name" {
+ value = module.terraform_gke_helm_atlantis.k8s_service_account_name
+ description = "Name of K8S service account."
+}
+output "k8s_service_account_namespace" {
+ value = module.terraform_gke_helm_atlantis.k8s_service_account_namespace
+ description = "Namespace of k8s service account."
}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index daa4ce8..bb2962a 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
null = {
source = "hashicorp/null"
- version = "3.1.1"
+ version = "3.2.2"
}
}
}
diff --git a/examples/simple/Makefile b/examples/simple/Makefile
index 9d9205a..e5cd98f 100644
--- a/examples/simple/Makefile
+++ b/examples/simple/Makefile
@@ -2,10 +2,10 @@ init:
terraform init
plan:
- terraform plan -out tfplan
+ terraform plan -var-file fixtures.tfvars -out tfplan
apply:
terraform apply tfplan
destroy:
- terraform destroy
+ terraform destroy -var-file fixtures.tfvars
diff --git a/examples/simple/README.md b/examples/simple/README.md
index bb30bd9..5d5b736 100644
--- a/examples/simple/README.md
+++ b/examples/simple/README.md
@@ -1,14 +1,18 @@
# Simple Example
-
+Webhook configuration
+https://www.runatlantis.io/docs/deployment.html#kubernetes-helm-chart
```terraform
-module "terraform_module_template" {
- source = "../../"
+module "terraform_gke_helm_atlantis" {
+ source = "getindata/terraform-helm-atlantis"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
- example_var = "This is a example value."
- sub_resource = {
- example_var = "This is a example value of sub resource."
- }
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
}
+
```
## Usage
diff --git a/examples/simple/extra-values/values.yaml b/examples/simple/extra-values/values.yaml
new file mode 100644
index 0000000..5e299b8
--- /dev/null
+++ b/examples/simple/extra-values/values.yaml
@@ -0,0 +1,6 @@
+gitlab: {}
+# gitlab:
+# user: foo
+# token: bar
+# secret: baz
+# hostname: gitlab.your.org
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
index c729d72..48c1fe8 100644
--- a/examples/simple/main.tf
+++ b/examples/simple/main.tf
@@ -1,8 +1,11 @@
-module "terraform_module_template" {
- source = "../../"
+module "terraform_gke_helm_atlantis" {
+ source = "../../"
+ kubernetes_namespace = "default"
+ name = "atlantis"
+ project_id = "example"
- example_var = "This is a example value."
- sub_resource = {
- example_var = "This is a example value of sub resource."
+ values = [file("./extra-values/values.yaml")]
+ app = {
+ name = "atlantis"
}
}
diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf
index c2007a2..933c998 100644
--- a/examples/simple/outputs.tf
+++ b/examples/simple/outputs.tf
@@ -1,4 +1,23 @@
-output "example_output" {
- description = "Example output of the module"
- value = module.terraform_module_template
+output "gcp_service_account" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account
+}
+output "gcp_service_account_email" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_email
+ description = "Email address of GCP service account."
+}
+output "gcp_service_account_fqn" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_fqn
+ description = "FQN of GCP service account."
+}
+output "gcp_service_account_name" {
+ value = module.terraform_gke_helm_atlantis.gcp_service_account_name
+ description = "Name of GCP service account."
+}
+output "k8s_service_account_name" {
+ value = module.terraform_gke_helm_atlantis.k8s_service_account_name
+ description = "Name of K8S service account."
+}
+output "k8s_service_account_namespace" {
+ value = module.terraform_gke_helm_atlantis.k8s_service_account_namespace
+ description = "Namespace of k8s service account."
}
diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
index daa4ce8..bb2962a 100644
--- a/examples/simple/versions.tf
+++ b/examples/simple/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
null = {
source = "hashicorp/null"
- version = "3.1.1"
+ version = "3.2.2"
}
}
}
diff --git a/locals.tf b/locals.tf
deleted file mode 100644
index 5778a0d..0000000
--- a/locals.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-locals {
- # Get a name from the descriptor. If not available, use default naming convention.
- # Trim and replace function are used to avoid bare delimiters on both ends of the name and situation of adjacent delimiters.
- #
- # todo: Build a wrapper module around context module with name from descriptor feature
- name_from_descriptor = module.this.enabled ? trim(replace(
- lookup(module.this.descriptors, var.descriptor_name, module.this.id), "/${module.this.delimiter}${module.this.delimiter}+/", module.this.delimiter
- ), module.this.delimiter) : null
-
- subresource_name_from_descriptor = module.subresource_label.enabled ? trim(replace(
- lookup(module.subresource_label.descriptors, var.sub_resource.descriptor_name, module.subresource_label.id), "/${module.subresource_label.delimiter}${module.subresource_label.delimiter}+/", module.subresource_label.delimiter
- ), module.subresource_label.delimiter) : null
-
- enabled = module.this.enabled
-}
diff --git a/main.tf b/main.tf
index 740356a..199dfcd 100644
--- a/main.tf
+++ b/main.tf
@@ -1,36 +1,34 @@
-# Example resource that outputs the input value and
-# echoes it's base64 encoded version locally
+module "atlantis_repo_config" {
+ source = "getindata/atlantis-repo-config/null"
+ version = "2.3.0"
-resource "null_resource" "output_input" {
- count = local.enabled ? 1 : 0
+ repos = var.repos
+ repos_common_config = var.repos_common_config
- triggers = {
- name = local.name_from_descriptor
- input = var.example_var
- }
-
- provisioner "local-exec" {
- command = "echo ${var.example_var} | base64"
- }
-}
-
-module "subresource_label" {
- source = "cloudposse/label/null"
- version = "0.25.0"
- context = module.this.context
-
- attributes = ["sub"]
+ workflows = var.workflows
}
-resource "null_resource" "subresource" {
- count = local.enabled ? 1 : 0
-
- triggers = {
- name = local.subresource_name_from_descriptor
- input = var.sub_resource.example_var
+module "terraform_gke_helm_release" {
+ context = module.this.context
+ source = "git::https://github.com/getindata/terraform-gke-helm-release.git?ref=v1.1.1"
+ kubernetes_namespace = var.kubernetes_namespace
+ create_namespace = true
+ project_id = var.project_id
+ name = var.app.name
+ service_account_value_path = "serviceAccount.name"
+
+ descriptor_formats = {
+ gcp-service-account = {
+ labels = ["namespace", "environment", "name"]
+ format = "sa-%v-%v-%v"
+ }
}
+ values = concat([templatefile("${path.module}/template/values.yaml.tftpl", { repoConfig = indent(2, module.atlantis_repo_config.repos_config_yaml) })], var.values)
+
+ roles = ["roles/compute.admin"]
- provisioner "local-exec" {
- command = "echo ${var.sub_resource.example_var} | base64"
+ app = {
+ name = var.app.name
+ chart = "atlantis"
}
}
diff --git a/outputs.tf b/outputs.tf
index b1bbafe..a444c45 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,24 @@
-# Example output from the module
-
-output "example_output" {
- description = "Example output of the module"
- value = one(null_resource.output_input[*].id)
+output "gcp_service_account" {
+ value = module.terraform_gke_helm_release.k8s_service_account_name
+ description = "GCP service account."
+}
+output "gcp_service_account_email" {
+ value = module.terraform_gke_helm_release.gcp_service_account_email
+ description = "Email address of GCP service account."
+}
+output "gcp_service_account_fqn" {
+ value = module.terraform_gke_helm_release.gcp_service_account_fqn
+ description = "FQN of GCP service account."
+}
+output "gcp_service_account_name" {
+ value = module.terraform_gke_helm_release.gcp_service_account_name
+ description = "Name of GCP service account."
+}
+output "k8s_service_account_name" {
+ value = module.terraform_gke_helm_release.k8s_service_account_name
+ description = "Name of K8S service account."
+}
+output "k8s_service_account_namespace" {
+ value = module.terraform_gke_helm_release.k8s_service_account_namespace
+ description = "Namespace of k8s service account."
}
diff --git a/template/values.yaml.tftpl b/template/values.yaml.tftpl
new file mode 100644
index 0000000..599962d
--- /dev/null
+++ b/template/values.yaml.tftpl
@@ -0,0 +1,2 @@
+repoConfig: |
+ ${repoConfig}
diff --git a/variables.tf b/variables.tf
index 291a160..5c50ffe 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,18 +1,193 @@
-variable "example_var" {
- description = "Example variable passed into the module"
- type = string
+variable "repos" {
+ description = "Map of repositories and their configs. Refer to https://www.runatlantis.io/docs/server-side-repo-config.html#example-server-side-repo"
+ type = list(object({
+ id = optional(string, "/.*/")
+ branch = optional(string)
+ apply_requirements = optional(list(string))
+ allowed_overrides = optional(list(string))
+ allowed_workflows = optional(list(string))
+ allow_custom_workflows = optional(bool)
+ delete_source_branch_on_merge = optional(bool)
+ pre_workflow_hooks = optional(list(object({
+ run = string
+ })))
+ post_workflow_hooks = optional(list(object({
+ run = string
+ })))
+ workflow = optional(string)
+ ######### Helpers #########
+ allow_all_server_side_workflows = optional(bool, false)
+ terragrunt_atlantis_config = optional(object({
+ enabled = optional(bool)
+ output = optional(string)
+ automerge = optional(bool)
+ autoplan = optional(bool)
+ parallel = optional(bool)
+ cascade_dependencies = optional(bool)
+ filter = optional(string)
+ use_project_markers = optional(bool)
+ }))
+ }))
+ default = []
}
-variable "descriptor_name" {
- description = "Name of the descriptor used to form a resource name"
- type = string
- default = "resource-type"
+variable "repos_common_config" {
+ description = "Common config that will be merged into each item of the repos list"
+ type = object({
+ id = optional(string)
+ branch = optional(string)
+ apply_requirements = optional(list(string))
+ allowed_overrides = optional(list(string))
+ allowed_workflows = optional(list(string))
+ allow_custom_workflows = optional(bool)
+ delete_source_branch_on_merge = optional(bool)
+ pre_workflow_hooks = optional(list(object({
+ run = string
+ })))
+ post_workflow_hooks = optional(list(object({
+ run = string
+ })))
+ workflow = optional(string)
+ ######### Helpers #########
+ allow_all_server_side_workflows = optional(bool, false)
+ terragrunt_atlantis_config = optional(object({
+ enabled = optional(bool)
+ output = optional(string)
+ automerge = optional(bool)
+ autoplan = optional(bool)
+ parallel = optional(bool)
+ cascade_dependencies = optional(bool)
+ filter = optional(string)
+ use_project_markers = optional(bool)
+ }))
+ })
+ default = {}
}
-variable "sub_resource" {
- description = "Some other resource that is part of stack/module"
+variable "workflows" {
+ description = "List of custom workflow that will be added to the repo config file"
+ type = map(object({
+ plan = optional(object({
+ steps = optional(list(object({
+ env = optional(object({
+ name = string
+ command = string
+ }))
+ run = optional(string)
+ multienv = optional(string)
+ atlantis_step = optional(object({
+ command = string
+ extra_args = optional(list(string))
+ }))
+ })))
+ }))
+ apply = optional(object({
+ steps = optional(list(object({
+ env = optional(object({
+ name = string
+ command = string
+ }))
+ run = optional(string)
+ multienv = optional(string)
+ atlantis_step = optional(object({
+ command = string
+ extra_args = optional(list(string))
+ }))
+ })))
+ }))
+ import = optional(object({
+ steps = optional(list(object({
+ env = optional(object({
+ name = string
+ command = string
+ }))
+ run = optional(string)
+ multienv = optional(string)
+ atlantis_step = optional(object({
+ command = string
+ extra_args = optional(list(string))
+ }))
+ })))
+ }))
+ state_rm = optional(object({
+ steps = optional(list(object({
+ env = optional(object({
+ name = string
+ command = string
+ }))
+ run = optional(string)
+ multienv = optional(string)
+ atlantis_step = optional(object({
+ command = string
+ extra_args = optional(list(string))
+ }))
+ })))
+ }))
+ template = optional(string, "terragrunt-basic")
+ asdf = optional(object({
+ enabled = optional(bool, false)
+ }), {})
+ checkov = optional(object({
+ enabled = optional(bool, false)
+ soft_fail = optional(bool, false)
+ file = optional(string, "$SHOWFILE")
+ }), {})
+ pull_gitlab_variables = optional(object({
+ enabled = optional(bool, false)
+ }), {})
+ check_gitlab_approvals = optional(object({
+ enabled = optional(bool, false)
+ }), {}),
+ infracost = optional(object({
+ enabled = optional(bool, false)
+ platform = optional(string, "gitlab")
+ token_environment_variable = optional(string)
+ behavior = optional(string, "new")
+ }), {}),
+ }))
+ default = {}
+}
+
+variable "app" {
+ description = "An application to deploy with specific values Here you can specify: The name of the application to deploy,Chart name, Repository address, Chart version"
type = object({
- descriptor_name = optional(string, "sub-resource-type")
- example_var = string
+ name = string
+ chart = optional(string, "atlantis")
+ repository = optional(string, "https://runatlantis.github.io/helm-charts")
+ version = optional(string, "^5")
+ force_update = optional(bool, true)
+ wait = optional(bool, true)
+ recreate_pods = optional(bool, true)
+ max_history = optional(number, 0)
+ lint = optional(bool, true)
+ cleanup_on_fail = optional(bool, false)
+ create_namespace = optional(bool, false)
+ disable_webhooks = optional(bool, false)
+ verify = optional(bool, false)
+ reuse_values = optional(bool, false)
+ reset_values = optional(bool, false)
+ atomic = optional(bool, false)
+ skip_crds = optional(bool, false)
+ render_subchart_notes = optional(bool, true)
+ disable_openapi_validation = optional(bool, false)
+ wait_for_jobs = optional(bool, false)
+ dependency_update = optional(bool, false)
+ replace = optional(bool, false)
+ timeout = optional(number, 300)
})
}
+variable "kubernetes_namespace" {
+ description = "Namespace where kubernetes SA will be applyed"
+ type = string
+}
+
+variable "values" {
+ description = "Extra values"
+ type = list(string)
+ default = []
+}
+
+variable "project_id" {
+ description = "GCP project ID"
+ type = string
+}
diff --git a/versions.tf b/versions.tf
index 4114d58..e4a2b22 100644
--- a/versions.tf
+++ b/versions.tf
@@ -3,10 +3,4 @@
terraform {
required_version = ">= 1.3.0"
- required_providers {
- null = {
- source = "hashicorp/null"
- version = "3.1.1"
- }
- }
}