diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 0000000..7824d96 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,51 @@ +name: 'Terraform GitHub Actions' +on: + - pull_request + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + steps: + + - name: 'Checkout' + uses: actions/checkout@master + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 + + - name: 'Terraform Format' + uses: clouddrove/github-actions@v1.0 + with: + actions_subcommand: 'fmt' + + - name: 'Terraform Init' + uses: clouddrove/github-actions@v1.0 + with: + actions_subcommand: 'init' + tf_actions_working_dir: ./_example + + - name: 'Terratest' + uses: clouddrove/github-actions@v1.0 + with: + actions_subcommand: 'terratest' + tf_actions_working_dir: ./_test + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: 'Slack Notification' + uses: 8398a7/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'Clouddrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required + if: always() \ No newline at end of file diff --git a/README.md b/README.md index 91092f0..8729479 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This module has a few dependencies: Here is an example of how you can use this module in your inventory structure: ```hcl module "kms_key" { - source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1" + source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2" name = "kms" application = "clouddrove" environment = "test" @@ -174,6 +174,7 @@ Here is an example of how you can use this module in your inventory structure: | enable_key_rotation | Specifies whether key rotation is enabled. | bool | `true` | no | | environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no | | is_enabled | Specifies whether the key is enabled. | bool | `true` | no | +| enabled | Specifies whether the kms is enabled or disabled. | bool | `true` | no | | key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string | `ENCRYPT_DECRYPT` | no | | label_order | label order, e.g. `name`,`application`. | list | `` | no | | name | Name (e.g. `app` or `cluster`). | string | `` | no | diff --git a/README.yaml b/README.yaml index 52ff0fe..07a629f 100644 --- a/README.yaml +++ b/README.yaml @@ -36,7 +36,7 @@ usage : |- Here is an example of how you can use this module in your inventory structure: ```hcl module "kms_key" { - source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1" + source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2" name = "kms" application = "clouddrove" environment = "test" diff --git a/_example/example.tf b/_example/example.tf index c1c33f8..e27397b 100644 --- a/_example/example.tf +++ b/_example/example.tf @@ -3,12 +3,13 @@ provider "aws" { } module "kms_key" { - source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1" + source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2" name = "kms" application = "clouddrove" environment = "test" label_order = ["environment", "name", "application"] + enabled = true description = "KMS key for cloudtrail" deletion_window_in_days = 7 diff --git a/main.tf b/main.tf index e985f9d..80a8a51 100644 --- a/main.tf +++ b/main.tf @@ -18,6 +18,7 @@ module "labels" { # Module : KMS KEY # Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias. resource "aws_kms_key" "default" { + count = var.enabled ? 1 : 0 description = var.description key_usage = var.key_usage deletion_window_in_days = var.deletion_window_in_days @@ -30,6 +31,7 @@ resource "aws_kms_key" "default" { # Module : KMS ALIAS # Description : Provides an alias for a KMS customer master key.. resource "aws_kms_alias" "default" { + count = var.enabled ? 1 : 0 name = coalesce(var.alias, format("alias/%v", module.labels.id)) - target_key_id = aws_kms_key.default.id + target_key_id = join("", aws_kms_key.default.*.id) } diff --git a/outputs.tf b/outputs.tf index bd8b6bc..ff71878 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,22 +1,22 @@ # Module : KMS KEY # Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias. output "key_arn" { - value = aws_kms_key.default.arn + value = join("", aws_kms_key.default.*.arn) description = "Key ARN." } output "key_id" { - value = aws_kms_key.default.key_id + value = join("", aws_kms_key.default.*.key_id) description = "Key ID." } output "alias_arn" { - value = aws_kms_alias.default.arn + value = join("", aws_kms_alias.default.*.arn) description = "Alias ARN." } output "alias_name" { - value = aws_kms_alias.default.name + value = join("", aws_kms_alias.default.*.name) description = "Alias name." } diff --git a/variables.tf b/variables.tf index 7cf373c..79e1d47 100644 --- a/variables.tf +++ b/variables.tf @@ -62,6 +62,12 @@ variable "is_enabled" { description = "Specifies whether the key is enabled." } +variable "enabled" { + type = bool + default = true + description = "Specifies whether the kms is enabled or disabled." +} + variable "key_usage" { type = string default = "ENCRYPT_DECRYPT"