diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..231c9a6 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e414e28 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a Jira issue `#123` diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..751c4bc --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.9 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..e61c733 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- +name: Auto merge +on: + pull_request: +jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.9 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'basic / Check code format' +... diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 4b735f5..b3d9eb2 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.9 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yaml b/.github/workflows/readme.yml similarity index 72% rename from .github/workflows/readme.yaml rename to .github/workflows/readme.yml index 7ecb14f..1eb0243 100644 --- a/.github/workflows/readme.yaml +++ b/.github/workflows/readme.yml @@ -4,7 +4,6 @@ on: branches: - master - jobs: readme-create: name: 'readme-create' @@ -14,34 +13,33 @@ jobs: uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'pre-commit fix erros' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 @@ -52,4 +50,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file + if: always() diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml deleted file mode 100644 index ca0b49b..0000000 --- a/.github/workflows/terraform.yaml +++ /dev/null @@ -1,86 +0,0 @@ -name: static-checks - -on: - push: - branches: - - master - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - example/basic - - example/secured - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - terraform plan -input=false -no-color - - - name: tflint - uses: reviewdog/action-tflint@master - with: - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive - \ No newline at end of file diff --git a/.github/workflows/terratest.yaml b/.github/workflows/terratest.yaml deleted file mode 100644 index 9e8b264..0000000 --- a/.github/workflows/terratest.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - push: - branches: - - master - -jobs: - terraform: - name: 'Terraform' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@master - - - name: Configure AWS Credentials - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest Basic' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..88c3df8 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,15 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + basic: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + with: + working_directory: './example/basic/' + complete: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + with: + working_directory: './example/secured/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..0875a68 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.9 + secrets: + GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yml similarity index 80% rename from .github/workflows/tfsec.yaml rename to .github/workflows/tfsec.yml index 9aaf588..daefede 100644 --- a/.github/workflows/tfsec.yaml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.9 secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/.gitignore b/.gitignore index 2e7c9dd..7bacaf4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,210 @@ # ignored files +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* +### Eclipse template + +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet +### Windows template +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk +### Ansible template +*.retry +### macOS template +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk +### Archives template +# It's better to unpack these files and commit the raw source because +# git has its own built in compression methods. +*.7z +*.jar +*.rar +*.zip +*.gz +*.tgz +*.bzip +*.bz2 +*.xz +*.lzma +*.cab + +# Packing-only formats +*.iso +*.tar + +# Package management formats +*.dmg +*.xpi +*.gem +*.egg +*.deb +*.rpm +*.msi +*.msm +*.msp +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +/.idea/ +# User-specific stuff: +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/dictionaries + +# Sensitive or high-churn files: +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.xml +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml + +# Gradle: +.idea/**/gradle.xml +.idea/**/libraries + +# CMake +cmake-build-debug/ + +# Mongo Explorer plugin: +.idea/**/mongoSettings.xml + +## File-based project format: +*.iws + +## Plugin-specific files: + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ +# User-specific stuff: +.idea/* +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# TFstste +*.tfstate* + +deployment/_logs/ansible-log.json +deployment/_logs/ansible-log.log +deployment/_logs/facts/* +deployment/_logs/retry/* +_app/* +ansible-log.json +.terraform +terraform.tfstate + *.tfstate *.tfstate.backup -.terraform -.idea *.iml -_example/.terraform.tfstate.lock.info -*.zip -Footer +*.terraform.lock.hcl +*.lock.hcl \ No newline at end of file diff --git a/_test/basic/basic_test.go b/_test/basic/basic_test.go deleted file mode 100644 index e6d9480..0000000 --- a/_test/basic/basic_test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform alarm baseline module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/stretchr/testify/assert" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "./../_example/basic", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Arn := terraform.OutputList(t, terraformOptions, "cloudtrail_arn") - - // Check that we get back the outputs that we expect - assert.Contains(t, Arn[0], "arn:aws:cloudtrail") -} \ No newline at end of file diff --git a/_test/secured/secured_test.go b/_test/secured/secured_test.go deleted file mode 100644 index 69c8a54..0000000 --- a/_test/secured/secured_test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform alarm baseline module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/stretchr/testify/assert" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "./../_example/secured", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Arn := terraform.OutputList(t, terraformOptions, "cloudtrail_arn") - - // Check that we get back the outputs that we expect - assert.Contains(t, Arn[0], "arn:aws:cloudtrail") -} \ No newline at end of file diff --git a/example/basic/main.tf b/example/basic/main.tf index e64d3db..958b081 100644 --- a/example/basic/main.tf +++ b/example/basic/main.tf @@ -4,7 +4,7 @@ provider "aws" { module "vpc" { source = "clouddrove/vpc/aws" - version = "1.3.0" + version = "2.0.0" name = "vpc" environment = "test" @@ -15,12 +15,11 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "1.3.0" + version = "2.0.1" name = "subnets" environment = "sandbox" label_order = ["environment", "name"] - enabled = true nat_gateway_enabled = true single_nat_gateway = true @@ -33,14 +32,14 @@ module "subnets" { } module "documentdb" { - source = "../../" - database_name = "rds" - environment = "test" - vpc_id = module.vpc.vpc_id - subnet_list = module.subnets.private_subnet_id - label_order = ["environment", "name"] - master_password = var.master_password - instance_class = var.instance_class - cluster_size = var.cluster_size - deletion_protection = true + source = "../../" + database_name = "rds" + environment = "test" + vpc_id = module.vpc.vpc_id + subnet_list = module.subnets.private_subnet_id + label_order = ["environment", "name"] + master_password = var.master_password + instance_class = var.instance_class + cluster_size = var.cluster_size + deletion_protection = true } \ No newline at end of file diff --git a/example/basic/variable.tf b/example/basic/variable.tf index 0251cda..8ac3140 100644 --- a/example/basic/variable.tf +++ b/example/basic/variable.tf @@ -1,17 +1,17 @@ variable "master_password" { - type = string - default = "test123456" - description = "" + type = string + default = "test123456" + description = "" } variable "instance_class" { - type = string - default = "db.t3.medium" - description = "" + type = string + default = "db.t3.medium" + description = "" } variable "cluster_size" { - type = number - default = 1 - description = "" + type = number + default = 1 + description = "" } \ No newline at end of file diff --git a/example/basic/versions.tf b/example/basic/versions.tf index 87b6d15..7c8e3b6 100644 --- a/example/basic/versions.tf +++ b/example/basic/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.31.0" } } } diff --git a/example/secured/main.tf b/example/secured/main.tf index a342c7d..5bd9f5c 100644 --- a/example/secured/main.tf +++ b/example/secured/main.tf @@ -5,7 +5,7 @@ provider "aws" { module "vpc" { source = "clouddrove/vpc/aws" - version = "1.3.0" + version = "2.0.0" name = "vpc" environment = "test" @@ -16,12 +16,11 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "1.3.0" + version = "2.0.1" name = "subnets" environment = "sandbox" label_order = ["environment", "name"] - enabled = true nat_gateway_enabled = true single_nat_gateway = true @@ -89,7 +88,7 @@ data "aws_iam_policy_document" "iam-policy" { } module "documentdb" { - source = "../../" + source = "../../" database_name = "rds" environment = "test" label_order = ["environment", "name"] diff --git a/example/secured/variable.tf b/example/secured/variable.tf index f91b1b9..51fa454 100644 --- a/example/secured/variable.tf +++ b/example/secured/variable.tf @@ -1,29 +1,29 @@ variable "skip_final_snapshot" { - type = bool - default = false - description = "" + type = bool + default = false + description = "" } variable "storage_encrypted" { - type = bool - default = true - description = "" + type = bool + default = true + description = "" } variable "tls_enabled" { - type = bool - default = true - description = "" + type = bool + default = true + description = "" } variable "instance_class" { - type = string - default = "db.t3.medium" - description = "" + type = string + default = "db.t3.medium" + description = "" } variable "cluster_size" { - type = number - default = 1 - description = "" + type = number + default = 1 + description = "" } diff --git a/example/secured/versions.tf b/example/secured/versions.tf index 87b6d15..7c8e3b6 100644 --- a/example/secured/versions.tf +++ b/example/secured/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.31.0" } } } diff --git a/main.tf b/main.tf index 548dd55..327147f 100644 --- a/main.tf +++ b/main.tf @@ -49,7 +49,7 @@ resource "aws_docdb_cluster" "this" { final_snapshot_identifier = lower(var.database_name) skip_final_snapshot = var.skip_final_snapshot apply_immediately = var.apply_immediately - deletion_protection = var.deletion_protection + deletion_protection = var.deletion_protection storage_encrypted = var.storage_encrypted kms_key_id = var.kms_key_id snapshot_identifier = var.snapshot_identifier diff --git a/variables.tf b/variables.tf index 767a571..d2dbc0b 100644 --- a/variables.tf +++ b/variables.tf @@ -71,7 +71,7 @@ variable "vpc_id" { variable "subnet_list" { description = "List of subnet IDs database instances should deploy into." type = list(string) - default = [""] + default = [""] } variable "cluster_family" { @@ -163,7 +163,7 @@ variable "attributes" { # } variable "deletion_protection" { - type = bool - default = null + type = bool + default = null description = "(optional) describe your variable" } \ No newline at end of file diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..7c8e3b6 --- /dev/null +++ b/versions.tf @@ -0,0 +1,11 @@ +# Terraform version +terraform { + required_version = ">= 1.6.6" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.31.0" + } + } +}