Migrating to new org and terraform registry

.gitignore

@@ -0,0 +1,8 @@
+*.tfvars
+*.tfstate*
+.terraform
+**/inspec.lock
+*.gem
+.kitchen
+.kitchen.local.yml
+Gemfile.lock

.kitchen.yml

@@ -0,0 +1,22 @@
+---
+driver:
+  name: "terraform"
+  directory: "examples/test_fixtures"
+
+provisioner:
+  name: "terraform"
+  variable_files:
+    - "examples/test_fixtures/terraform.tfvars"
+
+platforms:
+  - name: "aws"
+
+verifier:
+  name: "awspec"
+
+suites:
+  - name: "default"
+    verifier:
+      name: "awspec"
+      patterns:
+      - "test/integration/default/local_alb.rb"

CHANGELOG.md

@@ -0,0 +1,48 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## [1.0.2] - 2017-10-12
+### Added
+* moved data sources to dedicated `data.tf` file.
+* `aws_caller_identity` now used to gather account_id rather than using a variable.
+* tests added for `target_group` and expanded for `alb`.
+* input variables added for health checks, bucket policy, force_destroy_log_bucket - increasing flexibility.
+* circle CI config and badge
+
+### Changed
+* altered structure of module to conform to the new [Terraform registry standards](https://www.terraform.io/docs/registry/modules/publish.html#requirements)
+* `principle_account_id` (sp) moved to a data source rather than variable map. Spelling corrected.
+* removed redundant `/test/alb` directory which had module contents copied. Test kitchen now uses the module itself.
+* pinned examples to provider and terraform versions to harden versioning.
+* self signed cert added to the test fixtures, eliminating the need for manual upload and terraform.tfvars configuration.
+* modules referenced in the test fixture are now sourced from the terraform registry.
+* moved bucket_policy.json and template rending to locals + optional variable input. 
+* stringed list variables moved to native lists
+* 
+
+## [1.0.1] - 2017-09-14
+### Added
+* tag maps can now be provided (thanks @kwach)
+
+### Changed
+* optional S3 logging (thanks @marocchino)
+
+## [1.0.0] - 2017-03-16
+### Added
+* Tests and fixtures for ALB components using awspec and test kitchen
+* S3 log bucket and policy rendering for logging now in place
+* root_principle_id added and referenced through a map for s3 bucket policy
+* string lists moved to native list types
+* default region removed
+
+### Changed
+* Restructured project templates to alb dir to add testing. This is a breaking change so upping major version.
+* Redundant examples dir removed
+* Updated documentation
+
+## [0.1.0] - 2017-03-09
+### Added
+* Initial release.

Gemfile

@@ -0,0 +1,9 @@
+ruby '2.4.0'
+
+source 'https://rubygems.org/' do
+  gem 'test-kitchen'
+  gem 'kitchen-terraform'
+  gem 'awspec'
+  gem 'kitchen-verifier-awspec'
+  gem 'rhcl'
+end

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2017 Brandon O'Connor - Run at Scale
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,5 +1,80 @@
 # terraform-aws-alb
-Terraform module which creates ALB resources on AWS
+A Terraform module containing common configurations for an AWS Application Load
+Balancer (ALB) running over HTTP/HTTPS. Available through the [terraform registry](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws).
 
+## Assumptions
+* You want to create a set of resources for the ALB: namely an associated target group and listener.
+* You've created a Virtual Private Cloud (VPC) + subnets where you intend to put
+this ALB.
+* You have one or more security groups to attach to the ALB.
+* You want to configure a listener for HTTPS/HTTP
+* You've uploaded an SSL certificate to AWS IAM if using HTTPS
 
-**WORK IN PROGRESS**
+The module supports both (mutually exclusive):
+* Internal IP ALBs
+* External IP ALBs
+
+It's recommended you use this module with [terraform-aws-vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws),
+[terraform-aws-security-group](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws), and 
+[terraform-aws-autoscaling](https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/).
+
+## Why ALB instad of ELB?
+The use-case presented here appears almost identical to how one would use an ELB
+BUT we inherit a few bonuses by moving to ALB. Those are best outlined in [AWS's
+documentation](https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/).
+For an example of using ALB with ECS look no further than the [hashicorp example](https://github.com/terraform-providers/terraform-provider-aws/blob/master/examples/ecs-alb).
+
+## Resources, inputs, outputs
+[Resources](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=resources), [inputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=inputs), and [outputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=outputs) documented in the terraform registry.
+
+## Usage example
+A full example leveraging other community modules is contained in the [examples/test_fixtures directory](examples/test_fixtures). Here's the gist of using it via the Terraform registry:
+```
+module "alb" {
+  source              = "terraform-aws-modules/alb/aws"
+  vpc_id              = "vpc-abcde012"
+  subnets             = ["subnet-abcde012", "subnet-bcde012a"]
+  alb_security_groups = ["sg-edcd9784", "sg-edcd9785"]
+  certificate_arn     = "arn:aws:iam::123456789012:server-certificate/test_cert-123456789012"
+  log_bucket          = "logs-us-east-2-123456789012"
+  log_prefix          = "my-alb-logs"
+
+  tags {
+    "Terraform" = "true"
+    "Env"       = "${terraform.workspace}"
+  }
+}
+```
+3. Always `terraform plan` to see your change before running `terraform apply`.
+4. Win the day!
+
+## Testing
+This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through test kitchen. To run them:
+1. Install the prerequisites of rvm and ruby 2.4.0 via homebrew.
+2. Install bundler and the gems from our Gemfile:
+```
+gem install bundler; bundle install
+```
+3. Configure variables in `test/fixtures/terraform.tfvars`. An example of how this should look is in [terraform.tfvars.example](test/fixtures/terraform.tfvars.example).
+4. Test using `kitchen test` from the root of the repo.
+
+## Contributing
+Report issues/questions/feature requests on in the [Issues](https://github.com/terraform-aws-modules/terraform-aws-alb/issues) section.
+
+Pull requests are welcome! Ideally create a feature branch and issue for every
+individual change made. These are the steps:
+
+1. Fork the repo to a personal space or org.
+2. Create your feature branch from master (`git checkout -b my-new-feature`).
+4. Commit your awesome changes (`git commit -am 'Added some feature'`).
+5. Push to the branch (`git push origin my-new-feature`).
+6. Create a new Pull Request and tell us about your changes.
+
+## Change log
+The [changelog](CHANGELOG.md) captures all important release notes.
+
+## Authors
+Created and maintained by [Brandon O'Connor](https://github.com/brandoconnor) - [email protected].
+
+## License
+MIT Licensed. See [LICENSE](LICENSE) for full details.

data.tf

@@ -0,0 +1,3 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_elb_service_account" "main" {}

examples/test_fixtures/README.md

@@ -0,0 +1,4 @@
+# test_fixtures example
+This set of templates serves two purposes:
+0. it shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
+1. serves as the test infrastructure for CI on the project.

examples/test_fixtures/certs/example.crt.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIETjCCAzagAwIBAgIJALi9NaeI/EcpMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV
+BAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEYMBYGA1UE
+ChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYD
+VQQDEwtleGFtcGxlLmNvbTAeFw0xNzA5MjcyMTIwNDlaFw0yNzA5MjUyMTIwNDla
+MHcxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRv
+bjEYMBYGA1UEChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLEw1JVCBEZXBhcnRt
+ZW50MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALAthQw1LG3Q7n8jroaBneqLgSyBMXxpilrWG7oYaNcCt3dY4FF0
+RWp2R+suMB7ObaWZwzIPseYD1M1IJoyeafSCmH/UCHsIaXUyTE9Ml69hxTA+3R4e
+mO1mPOQ71dheQ0iX34NviiwhQIDJYGRHPYZTeJ2Y/yWQUw3tthYrE9KvYWx6UhXw
+0PbBdHgl6bE/cqARua+Y4jOZO4jRDIwzKOxtK86uhWNBdrrLVNMY6kaNdO40wiZk
+b+Q2YrMyvVUUFdE2TljyLqYgPsTvb8Yxh6h9WGqnY8Fg1aYelp98NFd9fVw/Wuqx
+3Ub0o8Kpnfi+u5Phg5PewF5OoQTGxRLVpJMCAwEAAaOB3DCB2TAdBgNVHQ4EFgQU
+8pucEK8IGWVRbp8cndsPrMoo5mYwgakGA1UdIwSBoTCBnoAU8pucEK8IGWVRbp8c
+ndsPrMoo5mahe6R5MHcxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzAN
+BgNVBAcTBkxvbmRvbjEYMBYGA1UEChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQL
+Ew1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJALi9NaeI/Ecp
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAK2mwg87BWPuYPkQBESQ
+wUiX1L37VGuEjewda1o697OPTD9tWM2IuVjAYKIVx/oTwBwgMzlY8KjfceRYfrTg
+YEP9EQ+5KknzgFYC+/SF9ugVke5/JICKQoOqBLboETTTgeYpSlFfKz97nXCAbMVN
+/lYB9TCUZ/SdA76ZpIMR0uYH2mCspChWtYjPV9Z8PEwK7EmFuTQS1X/1Oa7O03vC
+SU4GiONs7MxJoCrMo/xB6yGDM5NiE6ZqljmQ2238GQ99/VyGMn5uVDpZmXH6dMln
+ofEU4fh6sbJvs19KNz9Ql31F0U+hq593T50V8iV+TccBB5ifqfjOnFKmljDjFYeZ
+0bg=
+-----END CERTIFICATE-----

examples/test_fixtures/certs/example.key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAsC2FDDUsbdDufyOuhoGd6ouBLIExfGmKWtYbuhho1wK3d1jg
+UXRFanZH6y4wHs5tpZnDMg+x5gPUzUgmjJ5p9IKYf9QIewhpdTJMT0yXr2HFMD7d
+Hh6Y7WY85DvV2F5DSJffg2+KLCFAgMlgZEc9hlN4nZj/JZBTDe22FisT0q9hbHpS
+FfDQ9sF0eCXpsT9yoBG5r5jiM5k7iNEMjDMo7G0rzq6FY0F2ustU0xjqRo107jTC
+JmRv5DZiszK9VRQV0TZOWPIupiA+xO9vxjGHqH1YaqdjwWDVph6Wn3w0V319XD9a
+6rHdRvSjwqmd+L67k+GDk97AXk6hBMbFEtWkkwIDAQABAoIBACHCNzJlpgPM+0Zl
+gfXINIhS/weWIfNjDd3mFR4Nu1kn7hvybdlt3DdQPuuzyAi/KYeH9T1MgJxAs7A6
+WRis6kSuGaa07IMW045fevvfA1nZ9D0QbrJszoT/CD/7rzhsp5vrbirzXpiiLof/
+Dndop0NsDzqzrIB4LVIH8NJCouPF4eibhb4XQwvCkG05pvlkeK4OJugF/CpgrJlX
+GiXDTZ8Lh/fBXeFpCfcBlgTCPkxcZtuNeddTlEJpY6q8QdofvfpjXmpfQ+63FL5t
+GTpoWNtO+UIqwHFQgoH6zGR8bMBx0/FLqrJ8Cq6nj7+uLODGAf4+dJ0m+Cz5t3Om
+aHgJWEECgYEA4nXD/FS+Wy69dVei8imp3/x+v0/T4LXf8l8NI/Dzvdg82xU1AgZH
+OKqTC2z/z4e+5EAF27kJeOBdh7kqPAF9KMHtd3FsxiYK4RpDlR6JFzHH8h8+v8c/
+Egg0WiXgnqfePHbS+q5wxPloReJm+ue4eSBzR6qyQbtfH0Qp+NIHGkMCgYEAxyir
+CMmI3v1u70V9NtNOlt5O1JNy47iUaLgvEJXBPsD+JYWgs4nY8gZcy+Yx1LBRqMbi
+LojOUGKGK6jcLOHjVBW9WJoFtTDN59lba5ryNW9AQOJsdeeaPttpWiFID5K0KTno
+kGHzxQjioSnP+mDV7jaXZSNcvYGWVRSabkRwb3ECgYA/mBqlbZbXPFTv8uBLaO/P
+erSNPPmfDPQKuC6UfUG1elf8ngP4wZKWkzAf8UgVG2W760652UiTrU4WoyT9HN3s
+6Cirdiq5qk070YhRA/YzkUM49xVD/cv0YGFzP1fIthNun1+4DeyVJAToOx/4LcJc
+IYS+B21vkBKyUQ4IVdKwyQKBgGBq3+KxLwJFz58nFSelxTZlCeUAPW7hvXe1M5Pj
+7FplNKUVvGcvJUiGrAZKu3Usp1v+bSH6OWfRSwN4DJ/t/BCJNdHfP0QpDIZiRFAk
+A367DXBcLgYmyhYEQ0zPMAPaEj6jOmQsB8gsNQuxIm8k0m0xILpmFE/qnM0z3E/l
+8kkBAoGAJJQgk6dl2rlbZGZvjhVKWNmA8LBJWg28r9/6VWSwYNHSPmcReGvhAflg
+5vY9yRIuJXc1Dfq57dIpX8OaH2n/Txgs/895NvpUk/AlqQiMrCKUO3M4wAA0/kNx
+RHgT16B9lRxvTaaH8Eh5/YMHp8afrOVEwVIMMCZlWii+PbKFyM4=
+-----END RSA PRIVATE KEY-----

examples/test_fixtures/data.tf

@@ -0,0 +1 @@
+data "aws_caller_identity" "fixtures" {}

examples/test_fixtures/main.tf

@@ -0,0 +1,59 @@
+terraform {
+  required_version = "~> 0.10.6"
+}
+
+provider "aws" {
+  region  = "${var.aws_region}"
+  version = "~> 1.0.0"
+}
+
+provider "template" {
+  version = "~> 1.0.0"
+}
+
+resource "aws_iam_server_certificate" "fixture_cert" {
+  name             = "test_cert-${data.aws_caller_identity.fixtures.account_id}"
+  certificate_body = "${file("${path.module}/../../../examples/test_fixtures/certs/example.crt.pem")}"
+  private_key      = "${file("${path.module}/../../../examples/test_fixtures/certs/example.key.pem")}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+module "vpc" {
+  source             = "terraform-aws-modules/vpc/aws"
+  name               = "my-vpc"
+  cidr               = "10.0.0.0/16"
+  azs                = ["us-east-2a", "us-east-2b", "us-east-2c"]
+  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets     = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+  enable_nat_gateway = true
+  single_nat_gateway = true
+  tags               = {}
+}
+
+module "security-group" {
+  source = "terraform-aws-modules/security-group/aws"
+  name   = "my-sg-https"
+  vpc_id = "${module.vpc.vpc_id}"
+}
+
+module "alb" {
+  source                   = "../../../"
+  alb_name                 = "my-alb"
+  alb_security_groups      = ["${module.security-group.this_security_group_id}"]
+  aws_region               = "${var.aws_region}"
+  vpc_id                   = "${module.vpc.vpc_id}"
+  subnets                  = "${module.vpc.public_subnets}"
+  certificate_arn          = "${aws_iam_server_certificate.fixture_cert.arn}"
+  health_check_path        = "/"
+  log_bucket               = "logs-${var.aws_region}-${data.aws_caller_identity.fixtures.account_id}"
+  log_prefix               = "${var.log_prefix}"
+  force_destroy_log_bucket = true
+
+  tags {
+    "Terraform" = "true"
+    "Env"       = "${terraform.workspace}"
+  }
+}

examples/test_fixtures/outputs.tf

@@ -0,0 +1,19 @@
+/*
+Outputs used for tests
+*/
+
+output "principal_account_id" {
+  value = "${module.alb.principal_account_id}"
+}
+
+output "vpc_id" {
+  value = "${module.vpc.vpc_id}"
+}
+
+output "sg_id" {
+  value = "${module.security-group.this_security_group_id}"
+}
+
+output "account_id" {
+  value = "${data.aws_caller_identity.fixtures.account_id}"
+}

examples/test_fixtures/variables.tf

@@ -0,0 +1,7 @@
+variable "log_prefix" {
+  default = "my-alb-logs"
+}
+
+variable "aws_region" {
+  default = "us-east-2"
+}

locals.tf

@@ -0,0 +1,18 @@
+locals {
+  bucket_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": ["s3:PutObject"],
+      "Effect": "Allow",
+      "Resource":
+        "arn:aws:s3:::${var.log_bucket}/${var.log_prefix}/AWSLogs/${data.aws_caller_identity.current.account_id}/*",
+      "Principal": {
+        "AWS": ["${data.aws_elb_service_account.main.id}"]
+      }
+    }
+  ]
+}
+POLICY
+}