From c03059f391c5e0017726fbc7bed41b71470d541d Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Wed, 7 Oct 2020 20:35:29 +0530 Subject: [PATCH 1/8] upgrade to 0.13 terraform --- .github/workflows/readme.yml | 55 ++++++++++ .github/workflows/terraform.yml | 53 +++++++--- .gitignore | 3 +- .pre-commit-config.yaml | 1 - LICENSE | 2 +- README.md | 179 -------------------------------- README.yaml | 11 +- main.tf | 4 +- versions.tf | 7 +- 9 files changed, 108 insertions(+), 207 deletions(-) create mode 100644 .github/workflows/readme.yml delete mode 100644 README.md diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml new file mode 100644 index 0000000..bb5d8c6 --- /dev/null +++ b/.github/workflows/readme.yml @@ -0,0 +1,55 @@ + +name: 'Create README.md file' +on: + push: + branches: + - master + +jobs: + readme-create: + name: 'readme-create' + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@master + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: 'Install test dependencies.' + run: pip install pre-commit yamllint + + - name: Run yamllint. + run: yamllint ./README.yaml + + - name: clone Genie repo + run: | + export GITHUB_ACCESS_TOKEN=${{ secrets.GITHUB }} + cd .. && cd .. && cd .. + git clone https://${{ secrets.GITHUB }}@github.com/clouddrove/genie.git + cd /home/runner/work/terraform-aws-iam-role/terraform-aws-iam-role + make packages/install/gomplate + make readme + + - name: Run pre-commit + run: pre-commit run -a && pre-commit install + + - name: push to repo back + run: | + git config --global user.email "anmol@clouddrove.com" + git config --global user.name "Anmol nagpal" + git add . && git commit -m "upload" + git push origin master + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'Clouddrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() \ No newline at end of file diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 4a43daf..710c7cb 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,6 +1,6 @@ name: 'Terraform GitHub Actions' on: - - pull_request + - push jobs: terraform: @@ -11,29 +11,48 @@ jobs: - name: 'Checkout' uses: actions/checkout@master - - name: 'Terraform Format' - uses: clouddrove/github-actions@v2.0 + - name: 'Terraform Format fmt' + uses: hashicorp/terraform-github-actions@master with: - actions_subcommand: 'fmt' - - - name: 'Terraform Init' - uses: clouddrove/github-actions@v2.0 - with: - actions_subcommand: 'init' - tf_actions_working_dir: ./_example + tf_actions_version: 0.13.3 + tf_actions_subcommand: 'fmt' + tf_actions_working_dir: "./_example" + tf_actions_comment: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS Credentials uses: clouddrove/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} aws-region: us-east-2 - - name: 'Terratest' - uses: clouddrove/github-actions@v2.0 + - name: Set up Go 1.13 + uses: actions/setup-go@v1 + with: + go-version: 1.13 + id: go + + - name: Get dependencies + run: | + if [ -f Gopkg.toml ]; then + curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh + dep ensure + else + go get -v -t -d ./... + fi + - name: Test + working-directory: ./_test + run: go test + + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@master with: - actions_subcommand: 'terratest' - tf_actions_working_dir: ./_test + tf_actions_version: 0.13.3 + tf_actions_subcommand: 'init' + tf_actions_working_dir: "./_example" + tf_actions_comment: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -45,5 +64,5 @@ jobs: author_name: 'Clouddrove' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required if: always() \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8c17ca4..eb4f009 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ *.tfstate.backup .terraform .idea -*.iml \ No newline at end of file +*.iml +go.mod \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index aa6e42c..a2c23ff 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,6 +8,5 @@ repos: rev: v2.0.0 hooks: - id: check-merge-conflict - - id: trailing-whitespace - id: check-yaml - id: check-added-large-files diff --git a/LICENSE b/LICENSE index 136d77d..807110a 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019 Cloud Drove +Copyright (c) 2020 Cloud Drove Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md deleted file mode 100644 index 8e583e2..0000000 --- a/README.md +++ /dev/null @@ -1,179 +0,0 @@ - - -

- - -

- Terraform AWS IAM Role -

- -

- Terraform module to create Iam role resource on AWS. -

- -

- - - Terraform - - - Licence - - - -

-

- - - - - - - - - - - -

-
- - -We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. - -This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. - -We have [*fifty plus terraform modules*][terraform_modules]. A few of them are comepleted and are available for open source usage while a few others are in progress. - - - - -## Prerequisites - -This module has a few dependencies: - -- [Terraform 0.12](https://learn.hashicorp.com/terraform/getting-started/install.html) -- [Go](https://golang.org/doc/install) -- [github.com/stretchr/testify/assert](https://github.com/stretchr/testify) -- [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest) - - - - - - - -## Examples - - -**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-iam-role/releases). - - -### Simple example -Here is an example of how you can use this module in your inventory structure: -```hcl - module "iam-role" { - source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.3" - - name = "iam-role" - application = "clouddrove" - environment = "test" - label_order = ["environment", "application", "name"] - assume_role_policy = data.aws_iam_policy_document.default.json - - policy_enabled = true - policy = data.aws_iam_policy_document.iam-policy.json - } - - data "aws_iam_policy_document" "default" { - statement { - effect = "Allow" - actions = ["sts:AssumeRole"] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - } - } - - data "aws_iam_policy_document" "iam-policy" { - statement { - actions = [ - "ssm:UpdateInstanceInformation", - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" ] - effect = "Allow" - resources = ["*"] - } - } -``` - - - - - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| application | Application \(e.g. `cd` or `clouddrove`\). | string | `""` | no | -| assume\_role\_policy | Whether to create Iam role. | string | n/a | yes | -| attributes | Additional attributes \(e.g. `1`\). | list | `` | no | -| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `"-"` | no | -| description | The description of the role. | string | `""` | no | -| enabled | Whether to create Iam role. | bool | `"true"` | no | -| environment | Environment \(e.g. `prod`, `dev`, `staging`\). | string | `""` | no | -| force\_detach\_policies | The policy that grants an entity permission to assume the role. | bool | `"false"` | no | -| label\_order | Label order, e.g. `name`,`application`. | list | `` | no | -| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `"anmol@clouddrove.com"` | no | -| max\_session\_duration | The maximum session duration \(in seconds\) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number | `"3600"` | no | -| name | Name \(e.g. `app` or `cluster`\). | string | `""` | no | -| path | The path to the role. | string | `"/"` | no | -| permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `""` | no | -| policy | The policy document. | string | `""` | no | -| policy\_arn | The ARN of the policy you want to apply. | string | `""` | no | -| policy\_enabled | Whether to Attach Iam policy with role. | bool | `"false"` | no | -| tags | Additional tags \(e.g. map\(`BusinessUnit`,`XYZ`\). | map | `` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| arn | The Amazon Resource Name \(ARN\) specifying the role. | -| name | Name of specifying the role. | -| tags | A mapping of tags to assign to the resource. | - - - - -## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. - -You need to run the following command in the testing folder: -```hcl - go test -run Test -``` - - - -## Feedback -If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-iam-role/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). - -If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-iam-role)! - -## About us - -At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. - -

We are The Cloud Experts!

-
-

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

- - [website]: https://clouddrove.com - [github]: https://github.com/clouddrove - [linkedin]: https://cpco.io/linkedin - [twitter]: https://twitter.com/clouddrove/ - [email]: https://clouddrove.com/contact-us.html - [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= diff --git a/README.yaml b/README.yaml index 79ee8b5..a47674a 100644 --- a/README.yaml +++ b/README.yaml @@ -5,7 +5,7 @@ # # Name of this project -name : Terraform AWS IAM Role +name: Terraform AWS IAM Role # License of this project license: "MIT" @@ -16,7 +16,7 @@ github_repo: clouddrove/terraform-aws-iam-role # Badges to display badges: - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v0.12-green" + image: "https://img.shields.io/badge/Terraform-v0.13-green" url: "https://www.terraform.io" - name: "Licence" image: "https://img.shields.io/badge/License-MIT-blue.svg" @@ -32,12 +32,13 @@ include: - "terraform.md" # How to use this project -usage : |- +# yamllint disable rule:line-length +usage: |- ### Simple example Here is an example of how you can use this module in your inventory structure: ```hcl module "iam-role" { - source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.3" + source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.13.0" name = "iam-role" application = "clouddrove" @@ -72,4 +73,4 @@ usage : |- resources = ["*"] } } - ``` \ No newline at end of file + ``` diff --git a/main.tf b/main.tf index 05d99c5..6d8be9a 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,7 @@ # for resources. You can use terraform-labels to implement a strict naming # convention. module "labels" { - source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.12.0" + source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.13.0" enabled = var.enabled name = var.name @@ -43,7 +43,7 @@ resource "aws_iam_role_policy" "default" { # Description : Terraform module to create IAm role policy resource on AWS to attach with Iam Role. resource "aws_iam_role_policy_attachment" "default" { count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0 - role = aws_iam_role.default.*.id[0] + role = aws_iam_role.default.*.id[0] policy_arn = var.policy_arn } diff --git a/versions.tf b/versions.tf index ea541ea..ae70918 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,9 @@ # Terraform version terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } \ No newline at end of file From 8c9b94154df971311ece2081ebfa034da66ac50d Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Wed, 7 Oct 2020 20:38:52 +0530 Subject: [PATCH 2/8] upgrade to 0.13 terraform --- .gitignore | 3 +-- _test/go.mod | 8 ++++++++ 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 _test/go.mod diff --git a/.gitignore b/.gitignore index eb4f009..8c17ca4 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,4 @@ *.tfstate.backup .terraform .idea -*.iml -go.mod \ No newline at end of file +*.iml \ No newline at end of file diff --git a/_test/go.mod b/_test/go.mod new file mode 100644 index 0000000..cc31f29 --- /dev/null +++ b/_test/go.mod @@ -0,0 +1,8 @@ +module github.com/clouddrove/terraform-aws-iam-role + +go 1.13 + +require ( + github.com/gruntwork-io/terratest v0.30.7 + github.com/stretchr/testify v1.6.1 +) From 8b2d150644a06f2bd3ff6bb5076d3f260d7c71fd Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Thu, 8 Oct 2020 13:27:32 +0530 Subject: [PATCH 3/8] update pre-commit & terraform version --- .github/workflows/readme.yml | 5 +---- .github/workflows/terraform.yml | 4 ++-- .pre-commit-config.yaml | 1 + 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index bb5d8c6..c0e9e0e 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -19,7 +19,7 @@ jobs: python-version: '3.x' - name: 'Install test dependencies.' - run: pip install pre-commit yamllint + run: pip install yamllint - name: Run yamllint. run: yamllint ./README.yaml @@ -32,9 +32,6 @@ jobs: cd /home/runner/work/terraform-aws-iam-role/terraform-aws-iam-role make packages/install/gomplate make readme - - - name: Run pre-commit - run: pre-commit run -a && pre-commit install - name: push to repo back run: | diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 710c7cb..11b280d 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -14,7 +14,7 @@ jobs: - name: 'Terraform Format fmt' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.13.3 + tf_actions_version: 0.13.4 tf_actions_subcommand: 'fmt' tf_actions_working_dir: "./_example" tf_actions_comment: true @@ -49,7 +49,7 @@ jobs: - name: 'Terraform Init' uses: hashicorp/terraform-github-actions@master with: - tf_actions_version: 0.13.3 + tf_actions_version: 0.13.4 tf_actions_subcommand: 'init' tf_actions_working_dir: "./_example" tf_actions_comment: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a2c23ff..7c90e85 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,3 +10,4 @@ repos: - id: check-merge-conflict - id: check-yaml - id: check-added-large-files + - id: trailing-whitespace \ No newline at end of file From 50537ecf34d4d2f2032194b1f96b46846ec775a2 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Mon, 19 Oct 2020 17:39:03 +0530 Subject: [PATCH 4/8] Upgrade terraform version to 0.13.0 --- .github/workflows/readme.yml | 44 ++++---- .github/workflows/terraform.yml | 58 ++++------- .github/workflows/terratest.yml | 42 ++++++++ .pre-commit-config.yaml | 4 +- README.md | 179 ++++++++++++++++++++++++++++++++ README.yaml | 3 +- versions.tf | 2 +- 7 files changed, 271 insertions(+), 61 deletions(-) create mode 100644 .github/workflows/terratest.yml create mode 100644 README.md diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index c0e9e0e..49e3ab6 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -1,4 +1,3 @@ - name: 'Create README.md file' on: push: @@ -18,35 +17,38 @@ jobs: with: python-version: '3.x' - - name: 'Install test dependencies.' - run: pip install yamllint + - name: 'create readme' + uses: 'clouddrove/github-actions@v4.0' + with: + actions_subcommand: 'readme' + github_token: '${{ secrets.GITHUB}}' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + - - name: Run yamllint. - run: yamllint ./README.yaml + - name: pre-commit check errors + uses: pre-commit/action@v2.0.0 + continue-on-error: true - - name: clone Genie repo - run: | - export GITHUB_ACCESS_TOKEN=${{ secrets.GITHUB }} - cd .. && cd .. && cd .. - git clone https://${{ secrets.GITHUB }}@github.com/clouddrove/genie.git - cd /home/runner/work/terraform-aws-iam-role/terraform-aws-iam-role - make packages/install/gomplate - make readme + - name: pre-commit fix erros + uses: pre-commit/action@v2.0.0 + continue-on-error: true - - name: push to repo back - run: | - git config --global user.email "anmol@clouddrove.com" - git config --global user.name "Anmol nagpal" - git add . && git commit -m "upload" - git push origin master + - name: 'push readme' + uses: 'clouddrove/github-actions@v4.0' + continue-on-error: true + with: + actions_subcommand: 'push' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 with: status: ${{ job.status }} fields: repo,author - author_name: 'Clouddrove' + author_name: 'CloudDrove' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file + if: always() diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 11b280d..160e806 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,26 +1,17 @@ name: 'Terraform GitHub Actions' on: - - push + pull_request: + branches: + - master jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest steps: - - name: 'Checkout' uses: actions/checkout@master - - name: 'Terraform Format fmt' - uses: hashicorp/terraform-github-actions@master - with: - tf_actions_version: 0.13.4 - tf_actions_subcommand: 'fmt' - tf_actions_working_dir: "./_example" - tf_actions_comment: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Configure AWS Credentials uses: clouddrove/configure-aws-credentials@v1 with: @@ -28,40 +19,35 @@ jobs: aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} aws-region: us-east-2 - - name: Set up Go 1.13 - uses: actions/setup-go@v1 + - name: 'Terraform Format' + uses: 'clouddrove/github-actions@v4.0' with: - go-version: 1.13 - id: go + actions_subcommand: 'fmt' - - name: Get dependencies - run: | - if [ -f Gopkg.toml ]; then - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - dep ensure - else - go get -v -t -d ./... - fi - - name: Test - working-directory: ./_test - run: go test + - name: 'Terraform init' + uses: 'clouddrove/github-actions@v4.0' + with: + actions_subcommand: 'init' + tf_actions_working_dir: ./_example - - name: 'Terraform Init' - uses: hashicorp/terraform-github-actions@master + - name: 'Terraform validate' + uses: 'clouddrove/github-actions@v4.0' with: - tf_actions_version: 0.13.4 - tf_actions_subcommand: 'init' - tf_actions_working_dir: "./_example" - tf_actions_comment: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + actions_subcommand: 'validate' + tf_actions_working_dir: ./_example + + - name: 'Terraform plan' + uses: 'clouddrove/github-actions@v4.0' + with: + actions_subcommand: 'plan' + tf_actions_working_dir: ./_example - name: 'Slack Notification' uses: clouddrove/action-slack@v2 with: status: ${{ job.status }} fields: repo,author - author_name: 'Clouddrove' + author_name: 'CloudDrove' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml new file mode 100644 index 0000000..20d8ffb --- /dev/null +++ b/.github/workflows/terratest.yml @@ -0,0 +1,42 @@ +name: 'Terratest GitHub Actions' +on: + pull_request: + branches: + - master + types: [labeled] + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + steps: + + - name: 'Checkout' + uses: actions/checkout@master + + - name: Configure AWS Credentials + uses: clouddrove/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} + aws-region: us-east-2 + + - name: 'Terratest' + if: ${{ github.event.label.name == 'terratest' }} + uses: 'clouddrove/github-actions@v4.0' + with: + actions_subcommand: 'terratest' + tf_actions_working_dir: ./_test + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7c90e85..9a789cb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,11 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.12.0 + rev: v1.43.0 hooks: - id: terraform_fmt - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.0.0 + rev: v3.2.0 hooks: - id: check-merge-conflict - id: check-yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..8e583e2 --- /dev/null +++ b/README.md @@ -0,0 +1,179 @@ + + +

+ + +

+ Terraform AWS IAM Role +

+ +

+ Terraform module to create Iam role resource on AWS. +

+ +

+ + + Terraform + + + Licence + + + +

+

+ + + + + + + + + + + +

+
+ + +We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. + +This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. + +We have [*fifty plus terraform modules*][terraform_modules]. A few of them are comepleted and are available for open source usage while a few others are in progress. + + + + +## Prerequisites + +This module has a few dependencies: + +- [Terraform 0.12](https://learn.hashicorp.com/terraform/getting-started/install.html) +- [Go](https://golang.org/doc/install) +- [github.com/stretchr/testify/assert](https://github.com/stretchr/testify) +- [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest) + + + + + + + +## Examples + + +**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-iam-role/releases). + + +### Simple example +Here is an example of how you can use this module in your inventory structure: +```hcl + module "iam-role" { + source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.3" + + name = "iam-role" + application = "clouddrove" + environment = "test" + label_order = ["environment", "application", "name"] + assume_role_policy = data.aws_iam_policy_document.default.json + + policy_enabled = true + policy = data.aws_iam_policy_document.iam-policy.json + } + + data "aws_iam_policy_document" "default" { + statement { + effect = "Allow" + actions = ["sts:AssumeRole"] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } + } + + data "aws_iam_policy_document" "iam-policy" { + statement { + actions = [ + "ssm:UpdateInstanceInformation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" ] + effect = "Allow" + resources = ["*"] + } + } +``` + + + + + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| application | Application \(e.g. `cd` or `clouddrove`\). | string | `""` | no | +| assume\_role\_policy | Whether to create Iam role. | string | n/a | yes | +| attributes | Additional attributes \(e.g. `1`\). | list | `` | no | +| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `"-"` | no | +| description | The description of the role. | string | `""` | no | +| enabled | Whether to create Iam role. | bool | `"true"` | no | +| environment | Environment \(e.g. `prod`, `dev`, `staging`\). | string | `""` | no | +| force\_detach\_policies | The policy that grants an entity permission to assume the role. | bool | `"false"` | no | +| label\_order | Label order, e.g. `name`,`application`. | list | `` | no | +| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `"anmol@clouddrove.com"` | no | +| max\_session\_duration | The maximum session duration \(in seconds\) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number | `"3600"` | no | +| name | Name \(e.g. `app` or `cluster`\). | string | `""` | no | +| path | The path to the role. | string | `"/"` | no | +| permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `""` | no | +| policy | The policy document. | string | `""` | no | +| policy\_arn | The ARN of the policy you want to apply. | string | `""` | no | +| policy\_enabled | Whether to Attach Iam policy with role. | bool | `"false"` | no | +| tags | Additional tags \(e.g. map\(`BusinessUnit`,`XYZ`\). | map | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| arn | The Amazon Resource Name \(ARN\) specifying the role. | +| name | Name of specifying the role. | +| tags | A mapping of tags to assign to the resource. | + + + + +## Testing +In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. + +You need to run the following command in the testing folder: +```hcl + go test -run Test +``` + + + +## Feedback +If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-iam-role/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). + +If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-iam-role)! + +## About us + +At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. + +

We are The Cloud Experts!

+
+

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

+ + [website]: https://clouddrove.com + [github]: https://github.com/clouddrove + [linkedin]: https://cpco.io/linkedin + [twitter]: https://twitter.com/clouddrove/ + [email]: https://clouddrove.com/contact-us.html + [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= diff --git a/README.yaml b/README.yaml index a47674a..fe13a42 100644 --- a/README.yaml +++ b/README.yaml @@ -38,7 +38,8 @@ usage: |- Here is an example of how you can use this module in your inventory structure: ```hcl module "iam-role" { - source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.13.0" + source = "clouddrove/iam-role/aws" + version = "0.13.0" name = "iam-role" application = "clouddrove" diff --git a/versions.tf b/versions.tf index ae70918..4597935 100644 --- a/versions.tf +++ b/versions.tf @@ -1,6 +1,6 @@ # Terraform version terraform { - required_version = ">= 0.13" + required_version = ">= 0.12.0, < 0.14.0" required_providers { aws = { source = "hashicorp/aws" From fd8a3ed082f63cc38d9c69d823ce94f2d5e412b0 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Mon, 19 Oct 2020 17:39:38 +0530 Subject: [PATCH 5/8] Upgrade terraform version to 0.13.0 --- .github/workflows/terratest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index 20d8ffb..281b1ea 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -1,7 +1,7 @@ name: 'Terratest GitHub Actions' on: pull_request: - branches: + branches: - master types: [labeled] From 37cbd7771226e17818c66c12b3251ad649f37fb5 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Tue, 20 Oct 2020 12:24:52 +0530 Subject: [PATCH 6/8] Update terratest pipeline --- .github/workflows/terratest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index 281b1ea..cb2d260 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -26,7 +26,7 @@ jobs: uses: 'clouddrove/github-actions@v4.0' with: actions_subcommand: 'terratest' - tf_actions_working_dir: ./_test + tf_actions_working_dir: '_test' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From ac3e0ce9d0a3214c3137617f58ef2de5a7c9410a Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Tue, 20 Oct 2020 13:10:16 +0530 Subject: [PATCH 7/8] update terratest pipeline --- .github/workflows/terratest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index cb2d260..0d81f1d 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -23,7 +23,7 @@ jobs: - name: 'Terratest' if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v4.0' + uses: 'clouddrove/github-actions@v5.0' with: actions_subcommand: 'terratest' tf_actions_working_dir: '_test' From 7c36ab3c92d50ed4cec28f7f5072baa93db6e344 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Dhyani Date: Tue, 20 Oct 2020 13:15:11 +0530 Subject: [PATCH 8/8] update terratest pipeline --- .github/workflows/terratest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index 0d81f1d..cb2d260 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -23,7 +23,7 @@ jobs: - name: 'Terratest' if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v5.0' + uses: 'clouddrove/github-actions@v4.0' with: actions_subcommand: 'terratest' tf_actions_working_dir: '_test'