Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update accepter, GitHub actions, LICENSE, README #44

Merged
merged 3 commits into from
Mar 23, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,10 @@ pull_request_rules:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."

- name: "close Pull Requests without files changed"
conditions:
- "#files=0"
actions:
close:
message: "This pull request has been automatically closed by Mergify because there are no longer any changes."
4 changes: 3 additions & 1 deletion .github/workflows/auto-format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
jobs:
auto-format:
runs-on: ubuntu-latest
container: cloudposse/build-harness:slim-latest
container: cloudposse/build-harness:latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
Expand All @@ -29,6 +29,8 @@ jobs:
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
env:
GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host

# Commit changes (if any) to the PR branch
Expand Down
24 changes: 15 additions & 9 deletions .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,23 @@ name: auto-release
on:
push:
branches:
- master
- master

jobs:
publish:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
# Get PR from merged commit to master
- uses: actions-ecosystem/action-get-merged-pull-request@v1
id: get-merged-pull-request
with:
github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5
if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')"
with:
publish: true
prerelease: false
config-name: auto-release.yml
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2019 Cloud Posse, LLC
Copyright 2019-2021 Cloud Posse, LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,9 @@ Terraform module to create a peering connection between any two VPCs existing in

This module supports performing this action from a 3rd account (e.g. a "root" account) by specifying the roles to assume for each member account.

**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. [Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal.
**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
[Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal.


---
Expand Down Expand Up @@ -352,7 +354,6 @@ Available targets:
| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) |
| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) |
| [aws_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
| [aws_vpc_peering_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) |
Expand Down
14 changes: 13 additions & 1 deletion README.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

# Name of this project
name: terraform-aws-vpc-peering-multi-account

# Tags of this project
tags:
- aws
Expand All @@ -17,6 +18,7 @@ tags:
- vpn
- multi-account
- multi-provider

# Categories of this project
categories:
- terraform-modules/networking
Expand All @@ -25,8 +27,10 @@ categories:

# License of this project
license: "APACHE2"

# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-vpc-peering-multi-account

# Badges to display
badges:
- name: "Latest Release"
Expand All @@ -35,6 +39,7 @@ badges:
- name: "Slack Community"
image: "https://slack.cloudposse.com/badge.svg"
url: "https://slack.cloudposse.com"

related:
- name: "terraform-aws-vpc"
description: "Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways"
Expand All @@ -45,13 +50,17 @@ related:
- name: "terraform-aws-kops-vpc-peering"
description: "Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops"
url: "https://github.com/cloudposse/terraform-aws-kops-vpc-peering"

# Short description of this project
description: |-
Terraform module to create a peering connection between any two VPCs existing in different AWS accounts.

This module supports performing this action from a 3rd account (e.g. a "root" account) by specifying the roles to assume for each member account.

**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. [Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal.
**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
[Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal.

# How to use this project
usage: |2-

Expand Down Expand Up @@ -254,13 +263,16 @@ references:
- name: "What is VPC Peering?"
description: "VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses."
url: "https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html"

screenshots:
- name: "vpc-peering"
description: "VPC Peering Connection in the AWS Web Console"
url: "images/vpc-peering.png"

include:
- "docs/targets.md"
- "docs/terraform.md"

# Contributors to this project
contributors:
- name: "Andriy Knysh"
Expand Down
17 changes: 7 additions & 10 deletions accepter.tf
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,14 @@ locals {
}

# Lookup accepter route tables
data "aws_route_tables" "accepter" {
count = local.count
provider = aws.accepter
vpc_id = local.accepter_vpc_id
data "aws_route_table" "accepter" {
count = module.this.enabled ? local.accepter_subnet_ids_count : 0
provider = aws.accepter
subnet_id = element(local.accepter_subnet_ids, count.index)
}

locals {
accepter_aws_route_table_ids = try(distinct(sort(data.aws_route_tables.accepter[0].ids)), [])
accepter_aws_route_table_ids = try(distinct(sort(data.aws_route_table.accepter.*.route_table_id)), [])
accepter_aws_route_table_ids_count = length(local.accepter_aws_route_table_ids)
accepter_cidr_block_associations = flatten(data.aws_vpc.accepter.*.cidr_block_associations)
accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations)
Expand All @@ -82,7 +82,7 @@ resource "aws_route" "accepter" {
destination_cidr_block = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"]
vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
depends_on = [
data.aws_route_tables.accepter,
data.aws_route_table.accepter,
aws_vpc_peering_connection_accepter.accepter,
aws_vpc_peering_connection.requester,
]
Expand Down Expand Up @@ -113,9 +113,6 @@ output "accepter_connection_id" {
}

output "accepter_accept_status" {
value = join(
"",
aws_vpc_peering_connection_accepter.accepter.*.accept_status,
)
value = join("", aws_vpc_peering_connection_accepter.accepter.*.accept_status)
description = "Accepter VPC peering connection request status"
}
1 change: 0 additions & 1 deletion docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) |
| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) |
| [aws_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
| [aws_vpc_peering_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) |
Expand Down
30 changes: 20 additions & 10 deletions examples/complete/fixtures.us-east-2.tfvars
Original file line number Diff line number Diff line change
@@ -1,11 +1,21 @@
region = "us-east-2"
namespace = "eg"
stage = "test"
name = "vpc_peering_cross_account"
requester_aws_assume_role_arn = ""
requester_region = "us-east-2"
region = "us-east-2"

namespace = "eg"

stage = "test"

name = "vpc_peering_cross_account"

requester_aws_assume_role_arn = ""

requester_region = "us-east-2"

requester_allow_remote_vpc_dns_resolution = true
accepter_aws_assume_role_arn = ""
accepter_region = "us-east-2"
accepter_allow_remote_vpc_dns_resolution = true
availability_zones = ["us-east-2b"]

accepter_aws_assume_role_arn = ""

accepter_region = "us-east-2"

accepter_allow_remote_vpc_dns_resolution = true

availability_zones = ["us-east-2b"]
66 changes: 50 additions & 16 deletions examples/vpc-only/context.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

module "this" {
source = "cloudposse/label/null"
version = "0.22.1" // requires Terraform >= 0.12.26
version = "0.24.1" # requires Terraform >= 0.13.0

enabled = var.enabled
namespace = var.namespace
Expand All @@ -34,27 +34,16 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
label_key_case = var.label_key_case
label_value_case = var.label_value_case

context = var.context
}

# Copy contents of cloudposse/terraform-null-label/variables.tf here

variable "context" {
type = object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
})
type = any
default = {
enabled = true
namespace = null
Expand All @@ -68,6 +57,8 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
label_key_case = null
label_value_case = null
}
description = <<-EOT
Single object for setting entire context at once.
Expand All @@ -76,6 +67,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT

validation {
condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
error_message = "Allowed values: `lower`, `title`, `upper`."
}

validation {
condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
}
}

variable "enabled" {
Expand Down Expand Up @@ -158,11 +159,44 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
Limit `id` to this many characters.
Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`.
EOT
validation {
condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
}
}

variable "label_key_case" {
type = string
default = null
description = <<-EOT
The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`.
EOT

validation {
condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
error_message = "Allowed values: `lower`, `title`, `upper`."
}
}

variable "label_value_case" {
type = string
default = null
description = <<-EOT
The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`.
EOT

validation {
condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
}
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
14 changes: 9 additions & 5 deletions examples/vpc-only/fixtures.us-east-2.tfvars
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
region = "us-east-2"
namespace = "eg"
stage = "test"
name = "vpc_peering_cross_account"
availability_zones = ["us-east-2c"]
region = "us-east-2"

namespace = "eg"

stage = "test"

name = "vpc_peering_cross_account"

availability_zones = ["us-east-2c"]
Loading