diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..88cb251 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,30 @@ +# EditorConfig is awesome: http://EditorConfig.org +# Uses editorconfig to maintain consistent coding styles + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +charset = utf-8 +end_of_line = lf +indent_size = 2 +indent_style = space +insert_final_newline = true +max_line_length = 80 +trim_trailing_whitespace = true + +[*.{tf,tfvars}] +indent_size = 2 +indent_style = space + +[*.md] +max_line_length = 0 +trim_trailing_whitespace = false + +[Makefile] +tab_width = 2 +indent_style = tab + +[COMMIT_EDITMSG] +max_line_length = 0 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..231c9a6 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e414e28 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a Jira issue `#123` diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d4a7a71..2aba296 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,17 @@ version: 2 updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 3 + assignees: + - "clouddrove-ci" + reviewers: + - "approvers" + - package-ecosystem: "terraform" # See documentation for possible values directory: "/" # Location of package manifests schedule: @@ -15,8 +26,11 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/complete/" # Location of package manifests + directory: "/_example/complete" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -24,4 +38,6 @@ updates: - "clouddrove-ci" # Add reviewer reviewers: - - "approvers" \ No newline at end of file + - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 1f126cf..88ebb73 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -5,8 +5,8 @@ on: workflow_dispatch: jobs: assignee: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} with: - assignees: 'clouddrove-ci' \ No newline at end of file + assignees: 'clouddrove-ci' diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 4b735f5..7d9ffdf 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index b9b2976..34377d8 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -17,14 +17,13 @@ jobs: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB }}' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: 'pre-commit check errors' uses: pre-commit/action@v3.0.0 continue-on-error: true @@ -34,7 +33,7 @@ jobs: continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' @@ -50,4 +49,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file + if: always() diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index d335020..7c43a6d 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -5,7 +5,7 @@ on: pull_request: workflow_dispatch: jobs: - tf-checks-complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + complete-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/complete/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index ee98182..7c664c9 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -6,6 +6,6 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6 secrets: - GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file + GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 9aaf588..e5e4394 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6 secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/README.yaml b/README.yaml index 562daf0..0eec80a 100644 --- a/README.yaml +++ b/README.yaml @@ -15,21 +15,18 @@ github_repo: clouddrove/terraform-aws-iam-role # Badges to display badges: - - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v1.1.7-green" - url: "https://www.terraform.io" - - name: "Licence" - image: "https://img.shields.io/badge/License-APACHE-blue.svg" - url: "LICENSE.md" + - name: "Latest Release" + image: "https://img.shields.io/github/release/clouddrove/terraform-aws-iam-role.svg" + url: "https://github.com/clouddrove/terraform-aws-iam-role/releases/latest" - name: "tfsec" image: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/tfsec.yml/badge.svg" url: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/tfsec.yml" - - name: "static-checks" - image: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/terraform.yml/badge.svg" - url: "https://github.com/clouddrove/terraform-aws-iam-role/actions/workflows/terraform.yml" + - name: "Licence" + image: "https://img.shields.io/badge/License-APACHE-blue.svg" + url: "LICENSE.md" prerequesties: - - name: Terraform 1.5.4 + - name: Terraform 1.5.6 url: https://learn.hashicorp.com/terraform/getting-started/install.html # description of this project @@ -47,21 +44,19 @@ usage: |- ### Simple example Here is an example of how you can use this module in your inventory structure: ```hcl - module "iam-role" { + module "iam-role" { source = "clouddrove/iam-role/aws" - version = "1.3.0" - - name = "iam-role" - application = "clouddrove" - environment = "test" - label_order = ["environment", "name"] - assume_role_policy = data.aws_iam_policy_document.default.json - managed_policy_arns = - policy_enabled = true - policy = data.aws_iam_policy_document.iam-policy.json + name = local.name + environment = local.environment + assume_role_policy = data.aws_iam_policy_document.default.json + policy_enabled = true + policy = data.aws_iam_policy_document.iam-policy.json } - data "aws_iam_policy_document" "default" { + ##----------------------------------------------------------------------------- + ## Data block to create IAM policy. + ##----------------------------------------------------------------------------- + data "aws_iam_policy_document" "default" { statement { effect = "Allow" actions = ["sts:AssumeRole"] @@ -72,14 +67,17 @@ usage: |- } } - data "aws_iam_policy_document" "iam-policy" { + ##----------------------------------------------------------------------------- + ## Data block to create IAM policy. + ##----------------------------------------------------------------------------- + data "aws_iam_policy_document" "iam-policy" { statement { actions = [ "ssm:UpdateInstanceInformation", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" ] + "ssmmessages:OpenDataChannel"] effect = "Allow" resources = ["*"] } diff --git a/_example/complete/example.tf b/_example/complete/example.tf index 23db746..d170e28 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -2,13 +2,18 @@ provider "aws" { region = "eu-west-1" } +locals { + name = "role" + environment = "test" +} + ##----------------------------------------------------------------------------- ## IAM role module call. ##----------------------------------------------------------------------------- module "iam-role" { source = "./../../" - name = "iam" - environment = "test" + name = local.name + environment = local.environment assume_role_policy = data.aws_iam_policy_document.default.json policy_enabled = true policy = data.aws_iam_policy_document.iam-policy.json diff --git a/_example/complete/outputs.tf b/_example/complete/outputs.tf index d0b4623..94373a7 100644 --- a/_example/complete/outputs.tf +++ b/_example/complete/outputs.tf @@ -1,10 +1,10 @@ output "name" { - value = module.iam-role.*.name + value = module.iam-role.name description = "Name of the role." } output "arn" { - value = module.iam-role.*.arn + value = module.iam-role.arn description = "The Amazon Resource Name (ARN) specifying the role." } diff --git a/_example/complete/versions.tf b/_example/complete/versions.tf new file mode 100644 index 0000000..ef355e6 --- /dev/null +++ b/_example/complete/versions.tf @@ -0,0 +1,11 @@ +# Terraform version +terraform { + required_version = ">= 1.6.1" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.20.1" + } + } +} diff --git a/_test/iam_role_test.go b/_test/iam_role_test.go deleted file mode 100644 index 33b56dc..0000000 --- a/_test/iam_role_test.go +++ /dev/null @@ -1,35 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform Route53 module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "strings" - "github.com/stretchr/testify/assert" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../_example", - Upgrade: true, - } - - // This will run `terraform init` and `terraform apply` and fail the test if there are any errors - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - Arn := strings.Join(terraform.OutputList(t, terraformOptions, "arn"),"") - - // Check that we get back the outputs that we expect - assert.Equal(t, "test-iam", Tags["Name"]) - assert.Contains(t, Arn, "arn:aws:iam") -} diff --git a/main.tf b/main.tf index 7e931ea..63a50b3 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,4 @@ -# Managed By : CloudDrove -# Copyright @ CloudDrove. All Right Reserved. - -##----------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Labels module callled that will be used for naming and tags. ##----------------------------------------------------------------------------- module "labels" { @@ -38,7 +35,7 @@ resource "aws_iam_role" "default" { resource "aws_iam_role_policy" "default" { count = var.enabled && var.policy_enabled && var.policy_arn == "" ? 1 : 0 name = format("%s-policy", module.labels.id) - role = aws_iam_role.default.*.id[0] + role = aws_iam_role.default[0].id policy = var.policy } @@ -47,6 +44,6 @@ resource "aws_iam_role_policy" "default" { ##----------------------------------------------------------------------------- resource "aws_iam_role_policy_attachment" "default" { count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0 - role = aws_iam_role.default.*.id[0] + role = aws_iam_role.default[0].id policy_arn = var.policy_arn } diff --git a/outputs.tf b/outputs.tf index fcb6718..57735ba 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,7 +1,7 @@ # Module : Iam Role # Description : Terraform module to create Iam Role resource on AWS. output "arn" { - value = join("", aws_iam_role.default.*.arn) + value = aws_iam_role.default[0].arn description = "The Amazon Resource Name (ARN) specifying the role." } @@ -11,16 +11,16 @@ output "tags" { } output "name" { - value = join("", aws_iam_role.default.*.name) + value = aws_iam_role.default[0].name description = "Name of specifying the role." } output "policy" { - value = join("", aws_iam_role_policy.default.*.policy) + value = aws_iam_role_policy.default[0].policy description = "The policy document attached to the role." } output "role" { - value = join("", aws_iam_role_policy.default.*.role) + value = aws_iam_role_policy.default[0].role description = "The name of the role associated with the policy." } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 8bcb72f..db9e5e4 100644 --- a/variables.tf +++ b/variables.tf @@ -39,8 +39,10 @@ variable "enabled" { } variable "assume_role_policy" { - description = "Whether to create Iam role." + type = string + default = null sensitive = true + description = "Whether to create Iam role." } variable "managed_policy_arns" { @@ -80,6 +82,7 @@ variable "permissions_boundary" { } variable "policy" { + type = string default = null description = "The policy document." sensitive = true diff --git a/versions.tf b/versions.tf index cb08d20..ef355e6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.5.0" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.5.0" + version = ">= 5.20.1" } } }