From 2f62c274d048260b98b1ad926eb5410d9512b4c6 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 20 Mar 2021 18:38:41 -0400 Subject: [PATCH 1/3] Updates --- .github/mergify.yml | 7 +++++++ .github/workflows/auto-format.yml | 4 +++- .github/workflows/auto-release.yml | 24 +++++++++++++++--------- LICENSE | 2 +- README.md | 4 +++- README.yaml | 14 +++++++++++++- accepter.tf | 5 +---- test/src/go.mod | 2 +- 8 files changed, 44 insertions(+), 18 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index b010656..ef15545 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -56,3 +56,10 @@ pull_request_rules: changes_requested: true approved: true message: "This Pull Request has been updated, so we're dismissing all reviews." + +- name: "close Pull Requests without files changed" + conditions: + - "#files=0" + actions: + close: + message: "This pull request has been automatically closed by Mergify because there are no longer any changes." diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index 990abed..375d0fd 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -6,7 +6,7 @@ on: jobs: auto-format: runs-on: ubuntu-latest - container: cloudposse/build-harness:slim-latest + container: cloudposse/build-harness:latest steps: # Checkout the pull request branch # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using @@ -29,6 +29,8 @@ jobs: - name: Auto Format if: github.event.pull_request.state == 'open' shell: bash + env: + GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host # Commit changes (if any) to the PR branch diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3f48017..c766b1f 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -3,17 +3,23 @@ name: auto-release on: push: branches: - - master + - master jobs: publish: runs-on: ubuntu-latest steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - with: - publish: true - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Get PR from merged commit to master + - uses: actions-ecosystem/action-get-merged-pull-request@v1 + id: get-merged-pull-request + with: + github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')" + with: + publish: true + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/LICENSE b/LICENSE index 101fd7c..ec88914 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2019 Cloud Posse, LLC + Copyright 2019-2021 Cloud Posse, LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 7a9a8db..444fedb 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,9 @@ Terraform module to create a peering connection between any two VPCs existing in This module supports performing this action from a 3rd account (e.g. a "root" account) by specifying the roles to assume for each member account. -**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. [Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal. +**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. +However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. +[Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal. --- diff --git a/README.yaml b/README.yaml index 87b09ce..fcc44fc 100644 --- a/README.yaml +++ b/README.yaml @@ -5,6 +5,7 @@ # Name of this project name: terraform-aws-vpc-peering-multi-account + # Tags of this project tags: - aws @@ -17,6 +18,7 @@ tags: - vpn - multi-account - multi-provider + # Categories of this project categories: - terraform-modules/networking @@ -25,8 +27,10 @@ categories: # License of this project license: "APACHE2" + # Canonical GitHub repo github_repo: cloudposse/terraform-aws-vpc-peering-multi-account + # Badges to display badges: - name: "Latest Release" @@ -35,6 +39,7 @@ badges: - name: "Slack Community" image: "https://slack.cloudposse.com/badge.svg" url: "https://slack.cloudposse.com" + related: - name: "terraform-aws-vpc" description: "Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways" @@ -45,13 +50,17 @@ related: - name: "terraform-aws-kops-vpc-peering" description: "Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops" url: "https://github.com/cloudposse/terraform-aws-kops-vpc-peering" + # Short description of this project description: |- Terraform module to create a peering connection between any two VPCs existing in different AWS accounts. This module supports performing this action from a 3rd account (e.g. a "root" account) by specifying the roles to assume for each member account. - **IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. [Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal. + **IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. + However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. + [Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal. + # How to use this project usage: |2- @@ -254,13 +263,16 @@ references: - name: "What is VPC Peering?" description: "VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses." url: "https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html" + screenshots: - name: "vpc-peering" description: "VPC Peering Connection in the AWS Web Console" url: "images/vpc-peering.png" + include: - "docs/targets.md" - "docs/terraform.md" + # Contributors to this project contributors: - name: "Andriy Knysh" diff --git a/accepter.tf b/accepter.tf index e78ebca..34c002f 100644 --- a/accepter.tf +++ b/accepter.tf @@ -113,9 +113,6 @@ output "accepter_connection_id" { } output "accepter_accept_status" { - value = join( - "", - aws_vpc_peering_connection_accepter.accepter.*.accept_status, - ) + value = join("", aws_vpc_peering_connection_accepter.accepter.*.accept_status) description = "Accepter VPC peering connection request status" } diff --git a/test/src/go.mod b/test/src/go.mod index 90df640..acff31a 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -1,6 +1,6 @@ module github.com/cloudposse/terraform-aws-ecs-cloudwatch-autoscaling -go 1.14 +go 1.15 require ( github.com/gruntwork-io/terratest v0.30.23 From c23f800ae28473c4a723a153b56afe3c159bf793 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 20 Mar 2021 19:28:04 -0400 Subject: [PATCH 2/3] Updates --- README.md | 1 - accepter.tf | 12 ++++++------ docs/terraform.md | 1 - 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 444fedb..8eb3bf3 100644 --- a/README.md +++ b/README.md @@ -354,7 +354,6 @@ Available targets: | [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | | [aws_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | | [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | -| [aws_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | | [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | | [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | | [aws_vpc_peering_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | diff --git a/accepter.tf b/accepter.tf index 34c002f..f26faec 100644 --- a/accepter.tf +++ b/accepter.tf @@ -61,14 +61,14 @@ locals { } # Lookup accepter route tables -data "aws_route_tables" "accepter" { - count = local.count - provider = aws.accepter - vpc_id = local.accepter_vpc_id +data "aws_route_table" "accepter" { + count = module.this.enabled ? local.accepter_subnet_ids_count : 0 + provider = aws.accepter + subnet_id = element(local.accepter_subnet_ids, count.index) } locals { - accepter_aws_route_table_ids = try(distinct(sort(data.aws_route_tables.accepter[0].ids)), []) + accepter_aws_route_table_ids = try(distinct(sort(data.aws_route_table.accepter.*.route_table_id)), []) accepter_aws_route_table_ids_count = length(local.accepter_aws_route_table_ids) accepter_cidr_block_associations = flatten(data.aws_vpc.accepter.*.cidr_block_associations) accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations) @@ -82,7 +82,7 @@ resource "aws_route" "accepter" { destination_cidr_block = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"] vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id) depends_on = [ - data.aws_route_tables.accepter, + data.aws_route_table.accepter, aws_vpc_peering_connection_accepter.accepter, aws_vpc_peering_connection.requester, ] diff --git a/docs/terraform.md b/docs/terraform.md index b2be9c8..4a76338 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -30,7 +30,6 @@ | [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | | [aws_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | | [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | -| [aws_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | | [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | | [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | | [aws_vpc_peering_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | From d414862514af84457582ff3e1f2fc2737af2b506 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 20 Mar 2021 19:32:01 -0400 Subject: [PATCH 3/3] Updates --- examples/complete/fixtures.us-east-2.tfvars | 30 ++++++---- examples/vpc-only/context.tf | 66 ++++++++++++++++----- examples/vpc-only/fixtures.us-east-2.tfvars | 14 +++-- examples/vpc-only/main.tf | 8 +-- 4 files changed, 83 insertions(+), 35 deletions(-) diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 7e12171..1170c64 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -1,11 +1,21 @@ -region = "us-east-2" -namespace = "eg" -stage = "test" -name = "vpc_peering_cross_account" -requester_aws_assume_role_arn = "" -requester_region = "us-east-2" +region = "us-east-2" + +namespace = "eg" + +stage = "test" + +name = "vpc_peering_cross_account" + +requester_aws_assume_role_arn = "" + +requester_region = "us-east-2" + requester_allow_remote_vpc_dns_resolution = true -accepter_aws_assume_role_arn = "" -accepter_region = "us-east-2" -accepter_allow_remote_vpc_dns_resolution = true -availability_zones = ["us-east-2b"] \ No newline at end of file + +accepter_aws_assume_role_arn = "" + +accepter_region = "us-east-2" + +accepter_allow_remote_vpc_dns_resolution = true + +availability_zones = ["us-east-2b"] diff --git a/examples/vpc-only/context.tf b/examples/vpc-only/context.tf index f5f2797..81f99b4 100644 --- a/examples/vpc-only/context.tf +++ b/examples/vpc-only/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,20 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null @@ -68,6 +57,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +67,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -158,11 +159,44 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } } +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/vpc-only/fixtures.us-east-2.tfvars b/examples/vpc-only/fixtures.us-east-2.tfvars index 85f7024..156d9ee 100644 --- a/examples/vpc-only/fixtures.us-east-2.tfvars +++ b/examples/vpc-only/fixtures.us-east-2.tfvars @@ -1,5 +1,9 @@ -region = "us-east-2" -namespace = "eg" -stage = "test" -name = "vpc_peering_cross_account" -availability_zones = ["us-east-2c"] \ No newline at end of file +region = "us-east-2" + +namespace = "eg" + +stage = "test" + +name = "vpc_peering_cross_account" + +availability_zones = ["us-east-2c"] diff --git a/examples/vpc-only/main.tf b/examples/vpc-only/main.tf index 5103bcc..abedce9 100644 --- a/examples/vpc-only/main.tf +++ b/examples/vpc-only/main.tf @@ -4,7 +4,7 @@ provider "aws" { module "requester_vpc" { source = "cloudposse/vpc/aws" - version = "0.18.1" + version = "0.21.1" cidr_block = "172.16.0.0/16" context = module.this.context @@ -12,7 +12,7 @@ module "requester_vpc" { module "requester_subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.33.0" + version = "0.38.0" availability_zones = var.availability_zones vpc_id = module.requester_vpc.vpc_id igw_id = module.requester_vpc.igw_id @@ -25,7 +25,7 @@ module "requester_subnets" { module "accepter_vpc" { source = "cloudposse/vpc/aws" - version = "0.18.1" + version = "0.21.1" cidr_block = "172.17.0.0/16" context = module.this.context @@ -33,7 +33,7 @@ module "accepter_vpc" { module "accepter_subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.33.0" + version = "0.38.0" availability_zones = var.availability_zones vpc_id = module.accepter_vpc.vpc_id igw_id = module.accepter_vpc.igw_id