Merge pull request #3 from rackspace-infrastructure-automation/cors_r…

…ules Cors rules
rackspace-infrastructure-automation · Aug 29, 2018 · d831919 · d831919
2 parents f28c3c1 + 72db3f3
commit d831919
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -3,16 +3,21 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| allowed_headers | Specifies which headers are allowed. | list | `<list>` | no |
+| allowed_methods | (Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. | list | `<list>` | no |
+| allowed_origins | (Required) Specifies which origins are allowed. | list | `<list>` | no |
 | bucket_acl | Bucket ACL. Must be either authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write, private, public-read or public-read-write. For more details https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl | string | `bucket-owner-full-control` | no |
 | bucket_logging | Enable bucket logging. Will store logs in another existing bucket. You must give the log-delivery group WRITE and READ_ACP permissions to the target bucket. i.e. true | false | string | `false` | no |
 | bucket_name | The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). Must be globally unique. If changed, forces a new resource. | string | - | yes |
 | bucket_tags | A map of tags to be applied to the Bucket. i.e {Environment='Development'} | map | `<map>` | no |
 | environment | Application environment for which this network is being created. must be one of ['Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test'] | string | `Development` | no |
+| expose_headers | Specifies expose header in the response. | list | `<list>` | no |
 | kms_master_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. | string | `` | no |
 | lifecycle_enabled | Enable object lifecycle management. i.e. true | false | string | `false` | no |
 | lifecycle_rule_prefix | Object keyname prefix identifying one or more objects to which the rule applies. Set as an empty string to target the whole bucket. | string | `` | no |
 | logging_bucket_name | Name of the existing bucket where the logs will be stored. | string | `` | no |
 | logging_bucket_prefix | Prefix for all log object keys. i.e. logs/ | string | `` | no |
+| max_age_seconds | Specifies time in seconds that browser can cache the response for a preflight request. | string | `600` | no |
 | noncurrent_version_expiration_days | Indicates after how many days we are deleting previous version of objects.  Set to 0 to disable or at least 365 days longer than noncurrent_version_transition_glacier_days. i.e. 0 to disable, 1-999 otherwise | string | `0` | no |
 | noncurrent_version_transition_glacier_days | Indicates after how many days we are moving previous versions to Glacier.  Should be 0 to disable or at least 30 days longer than noncurrent_version_transition_ia_days. i.e. 0 to disable, 1-999 otherwise | string | `0` | no |
 | noncurrent_version_transition_ia_days | Indicates after how many days we are moving previous version objects to Standard-IA storage. Set to 0 to disable. | string | `0` | no |
@@ -34,4 +39,3 @@
 | bucket_hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. |
 | bucket_id | The name of the bucket. |
 | bucket_region | The AWS region this bucket resides in. |
-
diff --git a/main.tf b/main.tf
@@ -114,6 +114,23 @@ locals {
   }
 
   lifecycle_rules_config = "${var.lifecycle_enabled ? "enabled":"disabled"}"
+
+  # CORS rules
+  cors_rules = {
+    enabled = [
+      {
+        allowed_origins = ["${var.allowed_origins}"]
+        allowed_methods = ["${var.allowed_methods}"]
+        expose_headers  = ["${var.expose_headers}"]
+        allowed_headers = ["${var.allowed_headers}"]
+        max_age_seconds = "${var.max_age_seconds}"
+      },
+    ]
+
+    disabled = "${list()}"
+  }
+
+  cors_rules_config = "${length(var.allowed_origins) > 0 ? "enabled":"disabled"}"
 }
 
 resource "aws_s3_bucket" "s3_bucket" {
@@ -140,4 +157,6 @@ resource "aws_s3_bucket" "s3_bucket" {
   }
 
   lifecycle_rule = "${local.lifecycle_rules[local.lifecycle_rules_config]}"
+
+  cors_rule = "${local.cors_rules[local.cors_rules_config]}"
 }
diff --git a/tests/test2/main.tf b/tests/test2/main.tf
@@ -0,0 +1,63 @@
+###
+# This test adds the 'CORS Rules' configuration variables
+###
+
+provider "aws" {
+  version = "~> 1.2"
+  region  = "us-west-2"
+}
+
+resource "random_string" "s3_rstring" {
+  length  = 18
+  upper   = false
+  special = false
+}
+
+module "s3" {
+  source = "../../module"
+
+  bucket_name = "${random_string.s3_rstring.result}-example-s3-bucket"
+
+  bucket_acl = "bucket-owner-full-control"
+
+  bucket_logging = false
+
+  bucket_tags = {
+    RightSaid = "Fred"
+    LeftSaid  = "George"
+  }
+
+  environment = "Development"
+
+  lifecycle_enabled = true
+
+  noncurrent_version_expiration_days = "425"
+
+  noncurrent_version_transition_glacier_days = "60"
+
+  noncurrent_version_transition_ia_days = "30"
+
+  object_expiration_days = "425"
+
+  transition_to_glacier_days = "60"
+
+  transition_to_ia_days = "30"
+
+  versioning = true
+
+  website = true
+
+  website_error = "error.html"
+
+  website_index = "index.html"
+
+  allowed_origins = ["*"]
+
+  allowed_methods = ["PUT", "POST"]
+
+  allowed_headers = ["*"]
+
+  #  Not defining these to ensure it can properly handle undefined variable lists or strings
+  #  expose_headers  = ["Accept-Ranges", "Content-Range", "Content-Encoding", "Content-Length"]
+  #  max_age_seconds = 3000
+}
diff --git a/variables.tf b/variables.tf
@@ -122,3 +122,33 @@ variable "website_index" {
   type        = "string"
   default     = "index.html"
 }
+
+variable "allowed_origins" {
+  description = "(Required) Specifies which origins are allowed."
+  type        = "list"
+  default     = []
+}
+
+variable "allowed_methods" {
+  description = "(Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD."
+  type        = "list"
+  default     = []
+}
+
+variable "expose_headers" {
+  description = " Specifies expose header in the response."
+  type        = "list"
+  default     = []
+}
+
+variable "allowed_headers" {
+  description = "Specifies which headers are allowed."
+  type        = "list"
+  default     = []
+}
+
+variable "max_age_seconds" {
+  description = "Specifies time in seconds that browser can cache the response for a preflight request."
+  type        = "string"
+  default     = "600"
+}