From 1c753748233e10e4c03662ef9c207be8f5183366 Mon Sep 17 00:00:00 2001 From: Eduardo Lopez Date: Mon, 16 May 2022 14:55:21 -0400 Subject: [PATCH] chore!: Delete deprecated aws-acm-cert module (#379) Use aws-acm-certificate instead --- aws-acm-cert/README.md | 80 ------------------------------------- aws-acm-cert/main.tf | 40 ------------------- aws-acm-cert/module_test.go | 54 ------------------------- aws-acm-cert/outputs.tf | 7 ---- aws-acm-cert/terraform.tf | 5 --- aws-acm-cert/variables.tf | 57 -------------------------- 6 files changed, 243 deletions(-) delete mode 100644 aws-acm-cert/README.md delete mode 100755 aws-acm-cert/main.tf delete mode 100644 aws-acm-cert/module_test.go delete mode 100755 aws-acm-cert/outputs.tf delete mode 100644 aws-acm-cert/terraform.tf delete mode 100755 aws-acm-cert/variables.tf diff --git a/aws-acm-cert/README.md b/aws-acm-cert/README.md deleted file mode 100644 index cbb17226..00000000 --- a/aws-acm-cert/README.md +++ /dev/null @@ -1,80 +0,0 @@ -# AWS ACM Cert - -**_DEPRECATED: Use aws-acm-certificate if using Terraform AWS Provider >3.0._** - -Will create and attempt to validate an certificate in the [AWS ACM service](https://aws.amazon.com/certificate-manager/). This module uses DNS verification so the principal running this needs to be able to write to the supplied Route53 zone. - -NOTE: if you intend to use this certificate in a cloudfront distribution it must be created in `us-east-1` region. - -## Example - -```hcl -module "cert" { - source = "github.com/chanzuckerberg/cztack//aws-acm-cert?ref=v0.36.0" - - # the cert domain name - cert_domain_name = "..." - - # the route53 zone for validating the `cert_domain_name` - aws_route53_zone_id = "..." - - # a map of alternative : route53_zone_id - cert_subject_alternative_names = "${map(..)}" - - - # variables for tags - owner = "..." - project = "..." - env = "..." - service = "..." -} -``` - - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | < 3.0.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | < 3.0.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_acm_certificate.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | -| [aws_acm_certificate_validation.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource | -| [aws_route53_record.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allow\_validation\_record\_overwrite](#input\_allow\_validation\_record\_overwrite) | Allow the overwrite of validation records. This is needed if you are creating certificates in multiple regions. | `string` | `true` | no | -| [aws\_route53\_zone\_id](#input\_aws\_route53\_zone\_id) | n/a | `string` | n/a | yes | -| [cert\_domain\_name](#input\_cert\_domain\_name) | Like www.foo.bar.com or *.foo.bar.com | `string` | n/a | yes | -| [cert\_subject\_alternative\_names](#input\_cert\_subject\_alternative\_names) | A map of | `map(string)` | `{}` | no | -| [cert\_subject\_alternative\_names\_count](#input\_cert\_subject\_alternative\_names\_count) | The size of var.cert\_subject\_alternative\_names. Since var.cert\_subject\_alternative\_names can have dynamic keys/values we must hint terraform on its size. If you have no SANs then this should be 0. | `number` | `0` | no | -| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| [subject\_alternative\_names\_order](#input\_subject\_alternative\_names\_order) | Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531 | `list(string)` | `null` | no | -| [validation\_record\_ttl](#input\_validation\_record\_ttl) | n/a | `string` | `60` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [arn](#output\_arn) | n/a | -| [id](#output\_id) | n/a | - diff --git a/aws-acm-cert/main.tf b/aws-acm-cert/main.tf deleted file mode 100755 index 24854cc1..00000000 --- a/aws-acm-cert/main.tf +++ /dev/null @@ -1,40 +0,0 @@ -locals { - tags = { - project = var.project - env = var.env - service = var.service - owner = var.owner - managedBy = "terraform" - } - - cert_validation_count = var.cert_subject_alternative_names_count + 1 -} - -resource "aws_acm_certificate" "cert" { - domain_name = var.cert_domain_name - subject_alternative_names = var.subject_alternative_names_order == null ? keys(var.cert_subject_alternative_names) : var.subject_alternative_names_order - validation_method = "DNS" - tags = local.tags - - lifecycle { - create_before_destroy = true - } -} - -# https://www.terraform.io/docs/providers/aws/r/acm_certificate_validation.html -resource "aws_route53_record" "cert_validation" { - count = local.cert_validation_count - - name = lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_name") - type = lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_type") - zone_id = lookup(var.cert_subject_alternative_names, lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "domain_name"), var.aws_route53_zone_id) - records = [lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_value")] - ttl = var.validation_record_ttl - - allow_overwrite = var.allow_validation_record_overwrite -} - -resource "aws_acm_certificate_validation" "cert" { - certificate_arn = aws_acm_certificate.cert.arn - validation_record_fqdns = aws_route53_record.cert_validation.*.fqdn -} diff --git a/aws-acm-cert/module_test.go b/aws-acm-cert/module_test.go deleted file mode 100644 index 281de50a..00000000 --- a/aws-acm-cert/module_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package test - -import ( - "fmt" - "testing" - - "github.com/chanzuckerberg/go-misc/tftest" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func TestAWSACMCertInit(t *testing.T) { - options := &terraform.Options{ - TerraformDir: ".", - } - terraform.Init(t, options) -} - -func TestAWSACMCertDefaults(t *testing.T) { - t.Parallel() - - test := tftest.Test{ - Setup: func(t *testing.T) *terraform.Options { - certDomainName := fmt.Sprintf( - "%s.%s", - tftest.UniqueID(), - tftest.EnvVar(tftest.EnvRoute53ZoneName)) - - alternativeDomainName := fmt.Sprintf( - "%s.%s", - tftest.UniqueID(), - tftest.EnvVar(tftest.EnvRoute53ZoneName)) - - route53ZoneID := tftest.EnvVar(tftest.EnvRoute53ZoneID) - - alternativeNames := map[string]string{ - alternativeDomainName: route53ZoneID, - } - - return tftest.Options( - tftest.DefaultRegion, - map[string]interface{}{ - "cert_domain_name": certDomainName, - "aws_route53_zone_id": route53ZoneID, - "validation_record_ttl": 5, - "cert_subject_alternative_names": alternativeNames, - "cert_subject_alternative_names_count": len(alternativeNames), - }, - ) - }, - Validate: func(t *testing.T, options *terraform.Options) {}, - } - - test.Run(t) -} diff --git a/aws-acm-cert/outputs.tf b/aws-acm-cert/outputs.tf deleted file mode 100755 index 88d060bf..00000000 --- a/aws-acm-cert/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "arn" { - value = aws_acm_certificate.cert.arn -} - -output "id" { - value = aws_acm_certificate.cert.id -} diff --git a/aws-acm-cert/terraform.tf b/aws-acm-cert/terraform.tf deleted file mode 100644 index afd01df4..00000000 --- a/aws-acm-cert/terraform.tf +++ /dev/null @@ -1,5 +0,0 @@ -terraform { - required_providers { - aws = "< 3.0.0" - } -} diff --git a/aws-acm-cert/variables.tf b/aws-acm-cert/variables.tf deleted file mode 100755 index fd2c77a4..00000000 --- a/aws-acm-cert/variables.tf +++ /dev/null @@ -1,57 +0,0 @@ -variable "cert_domain_name" { - type = string - description = "Like www.foo.bar.com or *.foo.bar.com" -} - -variable "cert_subject_alternative_names" { - type = map(string) - description = "A map of " - default = {} -} - -variable "aws_route53_zone_id" { - type = string -} - -variable "validation_record_ttl" { - type = string - default = 60 -} - -variable "project" { - type = string - description = "Project for tagging and naming. See [doc](../README.md#consistent-tagging)" -} - -variable "env" { - type = string - description = "Env for tagging and naming. See [doc](../README.md#consistent-tagging)." -} - -variable "service" { - type = string - description = "Service for tagging and naming. See [doc](../README.md#consistent-tagging)." -} - -variable "owner" { - type = string - description = "Owner for tagging and naming. See [doc](../README.md#consistent-tagging)." -} - -variable "allow_validation_record_overwrite" { - type = string - description = "Allow the overwrite of validation records. This is needed if you are creating certificates in multiple regions." - default = true -} - -variable "subject_alternative_names_order" { - type = list(string) - description = "Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531" - default = null -} - -variable "cert_subject_alternative_names_count" { - type = number - description = "The size of var.cert_subject_alternative_names. Since var.cert_subject_alternative_names can have dynamic keys/values we must hint terraform on its size. If you have no SANs then this should be 0." - default = 0 -}