From 12a3e0fbed290e2282a947d243f08101037dcc02 Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Tue, 8 Aug 2023 22:20:36 +0530 Subject: [PATCH] bug: updated this code --- .github/CODEOWNERS | 2 + .github/PULL_REQUEST_TEMPLATE.md | 12 +++ .github/dependabot.yml | 28 +++++- .github/workflows/auto_assignee.yml | 12 +++ .github/workflows/readme.yml | 24 ++--- .github/workflows/terraform.yml | 83 ----------------- .github/workflows/terratest.yml | 77 ---------------- .github/workflows/tf-checks.yml | 22 +++++ .github/workflows/tflint.yml | 11 +++ README.yaml | 79 ++++++++-------- _example/generate-certificate-dns/example.tf | 3 + _example/generate-certificate-dns/outputs.tf | 17 +++- _example/generate-certificate-dns/versions.tf | 4 +- .../generate-certificate-email/example.tf | 3 + .../generate-certificate-email/outputs.tf | 17 +++- .../generate-certificate-email/versions.tf | 4 +- _example/import-certificate/example.tf | 3 + _example/import-certificate/outputs.tf | 2 +- _example/import-certificate/versions.tf | 4 +- _test/generate-certificate-dns/acm_test.go | 34 ------- _test/generate-certificate-email/acm_test.go | 34 ------- _test/import-certificate/acm_test.go | 34 ------- main.tf | 89 ++++++++++++------- outputs.tf | 19 +++- variables.tf | 37 +++++--- versions.tf | 11 +++ 26 files changed, 292 insertions(+), 373 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/workflows/auto_assignee.yml delete mode 100644 .github/workflows/terraform.yml delete mode 100644 .github/workflows/terratest.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml delete mode 100644 _test/generate-certificate-dns/acm_test.go delete mode 100644 _test/generate-certificate-email/acm_test.go delete mode 100644 _test/import-certificate/acm_test.go create mode 100644 versions.tf diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..57bdcfa --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e414e28 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a Jira issue `#123` diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2e63e5a..23ca5b6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,9 +2,18 @@ # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - version: 2 updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 3 + assignees: + - "clouddrove-ci" + reviewers: + - "approvers" + - package-ecosystem: "terraform" # See documentation for possible values directory: "/" # Location of package manifests schedule: @@ -15,8 +24,11 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/generate-certificate-dns" # Location of package manifests + directory: "/_example/generate-certificate-dns" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -25,8 +37,11 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/generate-certificate-email" # Location of package manifests + directory: "/_example/generate-certificate-email" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -35,8 +50,11 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/import-certificate" # Location of package manifests + directory: "/_example/import-certificate" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -45,3 +63,5 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..a07d2fa --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,12 @@ +name: Auto Assign PRs +on: + pull_request: + types: [opened, reopened] + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 0a636dc..2ff513e 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -3,17 +3,16 @@ on: push: branches: - master - jobs: - readme-create: + readme: name: 'readme-create' runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - - name: Set up Python 3.7. - uses: actions/setup-python@v2 + - name: 'Set up Python 3.7' + uses: actions/setup-python@v4 with: python-version: '3.x' @@ -21,16 +20,17 @@ jobs: uses: 'clouddrove/github-actions@v9.0.2' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - - name: pre-commit check errors - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit check errors' + uses: pre-commit/action@v3.0.0 continue-on-error: true - - name: pre-commit fix erros - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit fix erros' + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' @@ -39,7 +39,7 @@ jobs: with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index e5184ba..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/ - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive \ No newline at end of file diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index 99b3e57..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - DNS: - name: 'Terratest for DNS' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@master - - - name: Configure AWS Credentials - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest Generate Certificate DNS' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: _test/generate-certificate-dns - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() - - Email: - name: 'Terratest for Email' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@master - - - name: Configure AWS Credentials - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest Generate Certificate Email' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.1' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: _test/generate-certificate-email - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..902ad7c --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,22 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-checks-generate-certificate-dns-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_example/generate-certificate-dns/' + tf-checks-generate-certificate-email-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_example/generate-certificate-email/' + tf-checks-import-certificate-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_example/import-certificate/' + + + diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..71a6fc4 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} diff --git a/README.yaml b/README.yaml index 322886c..bc10a86 100644 --- a/README.yaml +++ b/README.yaml @@ -15,19 +15,19 @@ github_repo: clouddrove/terraform-aws-acm # Badges to display badges: - - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v1.1.7-green" - url: "https://www.terraform.io" - - name: "Licence" - image: "https://img.shields.io/badge/License-APACHE-blue.svg" - url: "LICENSE.md" + - name: "Latest Release" + image: "https://img.shields.io/github/release/clouddrove/terraform-aws-acm.svg" + url: "https://github.com/clouddrove/terraform-aws-acm/releases/latest" - name: "tfsec" image: "https://github.com/clouddrove/terraform-aws-acm/actions/workflows/tfsec.yml/badge.svg" url: "https://github.com/clouddrove/terraform-aws-acm/actions/workflows/tfsec.yml" - - name: "static-checks" - image: "https://github.com/clouddrove/terraform-aws-acm/actions/workflows/terraform.yml/badge.svg" - url: "https://github.com/clouddrove/terraform-aws-acm/actions/workflows/terraform.yml" + - name: "Licence" + image: "https://img.shields.io/badge/License-APACHE-blue.svg" + url: "LICENSE.md" +prerequesties: + - name: Terraform 1.5.3 + url: https://learn.hashicorp.com/terraform/getting-started/install.html # description of this project description: |- This terraform module is used for requesting or importing SSL/TLS certificate with validation. @@ -42,44 +42,49 @@ usage : |- ### ACM with DNS ```hcl module "acm" { - source = "clouddrove/acm/aws" - version = "1.3.0" - name = "certificate" - environment = "test" - label_order = ["name","environment"] - domain_name = "clouddrove.com" - validation_method = "DNS" - enable_dns_validation = false - enable_aws_certificate = true + source = "clouddrove/acm/aws" + version = "1.3.0" + name = "certificate" + environment = "test" + label_order = ["name", "environment"] + + enable_aws_certificate = true + domain_name = "clouddrove.com" + subject_alternative_names = ["www.clouddrove.com"] + validation_method = "DNS" + enable_dns_validation = false } ``` - + ### ACM with Email ```hcl module "acm" { - source = "clouddrove/acm/aws" - version = "1.3.0" - name = "certificate" - environment = "test" - label_order = ["name","environment"] - domain_name = "clouddrove.com" - validation_method = "EMAIL" - validate_certificate = false - enable_aws_certificate = true + source = "clouddrove/acm/aws" + version = "1.3.0" + name = "certificate" + environment = "test" + label_order = ["name", "environment"] + + validate_certificate = false + domain_name = "clouddrove.com" + subject_alternative_names = ["www.clouddrove.com"] + validation_method = "EMAIL" + enable_aws_certificate = true } ``` ### ACM with Import Certificate ```hcl module "acm" { - source = "clouddrove/acm/aws" - version = "1.3.0" - name = "certificate" - environment = "test" - label_order = ["name","environment"] - private_key = "./../../../clouddrove-private-key.pem" - certificate_body = "./../../../clouddrove-cert.pem" - certificate_chain = "./../../../clouddrove-chain.crt" - import_certificate = true + source = "clouddrove/acm/aws" + version = "1.3.0" + name = "certificate" + environment = "test" + label_order = ["name", "environment"] + + import_certificate = true + private_key = "./../../../clouddrove-private-key.pem" + certificate_body = "./../../../clouddrove-cert.pem" + certificate_chain = "./../../../clouddrove-chain.crt" } ``` diff --git a/_example/generate-certificate-dns/example.tf b/_example/generate-certificate-dns/example.tf index 3e1a419..6b434f3 100644 --- a/_example/generate-certificate-dns/example.tf +++ b/_example/generate-certificate-dns/example.tf @@ -2,6 +2,9 @@ provider "aws" { region = "eu-west-1" } +##----------------------------------------------------------------------------- +## acm Module call with DNS. +##----------------------------------------------------------------------------- module "acm" { source = "./../../" diff --git a/_example/generate-certificate-dns/outputs.tf b/_example/generate-certificate-dns/outputs.tf index 54e060f..6735346 100644 --- a/_example/generate-certificate-dns/outputs.tf +++ b/_example/generate-certificate-dns/outputs.tf @@ -1,5 +1,5 @@ output "arn" { - value = module.acm.*.arn + value = module.acm[*].arn description = "The ARN of the certificate" } @@ -7,3 +7,18 @@ output "tags" { value = module.acm.tags description = "A mapping of tags to assign to the certificate." } + +output "acm_certificate_domain_validation_options" { + value = module.acm.acm_certificate_domain_validation_options + description = "A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used." +} + +output "acm_certificate_status" { + value = module.acm.acm_certificate_status + description = "Status of the certificate." +} + +output "validation_route53_record_fqdns" { + value = module.acm.validation_route53_record_fqdns + description = "List of FQDNs built using the zone domain and name." +} \ No newline at end of file diff --git a/_example/generate-certificate-dns/versions.tf b/_example/generate-certificate-dns/versions.tf index cbc6f9c..8e2aeb1 100644 --- a/_example/generate-certificate-dns/versions.tf +++ b/_example/generate-certificate-dns/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.5.4" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.10" } } } \ No newline at end of file diff --git a/_example/generate-certificate-email/example.tf b/_example/generate-certificate-email/example.tf index ba74df3..131b329 100644 --- a/_example/generate-certificate-email/example.tf +++ b/_example/generate-certificate-email/example.tf @@ -2,6 +2,9 @@ provider "aws" { region = "eu-west-1" } +##----------------------------------------------------------------------------- + ## acm Module call with EMAIL. +##----------------------------------------------------------------------------- module "acm" { source = "./../../" diff --git a/_example/generate-certificate-email/outputs.tf b/_example/generate-certificate-email/outputs.tf index 54e060f..6735346 100644 --- a/_example/generate-certificate-email/outputs.tf +++ b/_example/generate-certificate-email/outputs.tf @@ -1,5 +1,5 @@ output "arn" { - value = module.acm.*.arn + value = module.acm[*].arn description = "The ARN of the certificate" } @@ -7,3 +7,18 @@ output "tags" { value = module.acm.tags description = "A mapping of tags to assign to the certificate." } + +output "acm_certificate_domain_validation_options" { + value = module.acm.acm_certificate_domain_validation_options + description = "A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used." +} + +output "acm_certificate_status" { + value = module.acm.acm_certificate_status + description = "Status of the certificate." +} + +output "validation_route53_record_fqdns" { + value = module.acm.validation_route53_record_fqdns + description = "List of FQDNs built using the zone domain and name." +} \ No newline at end of file diff --git a/_example/generate-certificate-email/versions.tf b/_example/generate-certificate-email/versions.tf index cbc6f9c..8e2aeb1 100644 --- a/_example/generate-certificate-email/versions.tf +++ b/_example/generate-certificate-email/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.5.4" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.10" } } } \ No newline at end of file diff --git a/_example/import-certificate/example.tf b/_example/import-certificate/example.tf index 1db7275..1354288 100644 --- a/_example/import-certificate/example.tf +++ b/_example/import-certificate/example.tf @@ -2,6 +2,9 @@ provider "aws" { region = "eu-west-1" } +##----------------------------------------------------------------------------- +## acm Module call with import certificate. +##----------------------------------------------------------------------------- module "acm" { source = "./../../" diff --git a/_example/import-certificate/outputs.tf b/_example/import-certificate/outputs.tf index 54e060f..f711550 100644 --- a/_example/import-certificate/outputs.tf +++ b/_example/import-certificate/outputs.tf @@ -1,5 +1,5 @@ output "arn" { - value = module.acm.*.arn + value = module.acm[*].arn description = "The ARN of the certificate" } diff --git a/_example/import-certificate/versions.tf b/_example/import-certificate/versions.tf index cbc6f9c..8e2aeb1 100644 --- a/_example/import-certificate/versions.tf +++ b/_example/import-certificate/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.5.4" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.10" } } } \ No newline at end of file diff --git a/_test/generate-certificate-dns/acm_test.go b/_test/generate-certificate-dns/acm_test.go deleted file mode 100644 index df3b870..0000000 --- a/_test/generate-certificate-dns/acm_test.go +++ /dev/null @@ -1,34 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform ACM module to generate certificate. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/stretchr/testify/assert" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/generate-certificate-dns", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Arn := terraform.Output(t, terraformOptions, "arn") - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "certificate-test", Tags["Name"]) - assert.Contains(t, Arn, "arn:aws:acm") -} diff --git a/_test/generate-certificate-email/acm_test.go b/_test/generate-certificate-email/acm_test.go deleted file mode 100644 index 22b6679..0000000 --- a/_test/generate-certificate-email/acm_test.go +++ /dev/null @@ -1,34 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform ACM module to generate certificate. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/stretchr/testify/assert" - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/generate-certificate-email", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Arn := terraform.Output(t, terraformOptions, "arn") - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "certificate-test", Tags["Name"]) - assert.Contains(t, Arn, "arn:aws:acm") -} diff --git a/_test/import-certificate/acm_test.go b/_test/import-certificate/acm_test.go deleted file mode 100644 index cdfac34..0000000 --- a/_test/import-certificate/acm_test.go +++ /dev/null @@ -1,34 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform ACM module to import certificate. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func TestAcm(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/import-certificate", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Arn := terraform.Output(t, terraformOptions, "arn") - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "certificate-test", Tags["Name"]) - assert.Contains(t, Arn, "arn:aws:acm") -} diff --git a/main.tf b/main.tf index d2471a5..2f232ef 100644 --- a/main.tf +++ b/main.tf @@ -1,15 +1,9 @@ -## Managed By : CloudDrove -## Description : This Script is used to create ACM Certificate and Route53 Validation. -## Copyright @ CloudDrove. All Right Reserved. - -#Module : label -#Description : This terraform module is designed to generate consistent label names and tags -# for resources. You can use terraform-labels to implement a strict naming -# convention. +##---------------------------------------------------------------------------------- +## Labels module callled that will be used for naming and tags. +##---------------------------------------------------------------------------------- module "labels" { - source = "clouddrove/labels/aws" - version = "1.3.0" - + source = "clouddrove/labels/aws" + version = "1.3.0" name = var.name environment = var.environment managedby = var.managedby @@ -17,10 +11,9 @@ module "labels" { repository = var.repository } - -# Module : ACM CERTIFICATE -# Description : This terraform module is used for requesting or importing SSL/TLS -# certificate with validation. +##---------------------------------------------------------------------------------- +## The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. +##---------------------------------------------------------------------------------- resource "aws_acm_certificate" "import-cert" { count = var.enable_acm_certificate && var.import_certificate ? 1 : 0 @@ -28,14 +21,24 @@ resource "aws_acm_certificate" "import-cert" { certificate_body = file(var.certificate_body) certificate_chain = file(var.certificate_chain) tags = module.labels.tags + + dynamic "validation_option" { + for_each = var.validation_option + + content { + domain_name = try(validation_option.value["domain_name"], validation_option.key) + validation_domain = validation_option.value["validation_domain"] + } + } + lifecycle { create_before_destroy = true } } -# Module : ACM CERTIFICATE -# Description : This terraform module is used for requesting or importing SSL/TLS -# certificate with validation. +##---------------------------------------------------------------------------------- +## The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager. +##---------------------------------------------------------------------------------- resource "aws_acm_certificate" "cert" { count = var.enable_acm_certificate && var.enable_aws_certificate ? 1 : 0 @@ -43,43 +46,61 @@ resource "aws_acm_certificate" "cert" { validation_method = var.validation_method subject_alternative_names = var.subject_alternative_names tags = module.labels.tags + + dynamic "validation_option" { + for_each = var.validation_option + + content { + domain_name = try(validation_option.value["domain_name"], validation_option.key) + validation_domain = validation_option.value["validation_domain"] + } + } + lifecycle { create_before_destroy = true } } -# Module : ACM CERTIFICATE VALIDATION -# Description : Terraform module which validates ACM Certificate via email resource on AWS +##---------------------------------------------------------------------------------- +## Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete. +##---------------------------------------------------------------------------------- resource "aws_acm_certificate_validation" "cert" { - count = var.validate_certificate ? 1 : 0 - certificate_arn = join("", aws_acm_certificate.cert.*.arn) + count = var.validate_certificate ? 1 : 0 + certificate_arn = join("", aws_acm_certificate.cert[*].arn) + validation_record_fqdns = flatten([aws_route53_record.default[*].fqdn, var.validation_record_fqdns]) + } -# Module : ACM CERTIFICATE DNS VALIDATION -# Description : Terraform module which create Router53 Recore for DNS validation +##---------------------------------------------------------------------------------- +## A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name. +##---------------------------------------------------------------------------------- data "aws_route53_zone" "default" { count = var.enable_dns_validation ? 1 : 0 name = var.domain_name - private_zone = false + private_zone = var.private_zone } +##---------------------------------------------------------------------------------- +## A Route 53 record contains authoritative DNS information for a specified DNS name. DNS records are most commonly used to map a name to an IP Address.. +##---------------------------------------------------------------------------------- resource "aws_route53_record" "default" { count = var.enable_dns_validation ? 1 : 0 - zone_id = join("", data.aws_route53_zone.default.*.zone_id) + zone_id = join("", data.aws_route53_zone.default[*].zone_id) ttl = var.ttl - allow_overwrite = true - name = join("", aws_acm_certificate.cert[0].domain_validation_options.*.resource_record_name) - type = join("", aws_acm_certificate.cert[0].domain_validation_options.*.resource_record_type) - records = [join("", aws_acm_certificate.cert[0].domain_validation_options.*.resource_record_value)] + allow_overwrite = var.allow_overwrite + name = join("", aws_acm_certificate.cert[*].domain_validation_options[*].resource_record_name) + type = join("", aws_acm_certificate.cert[*].domain_validation_options[*].resource_record_type) + records = [join("", aws_acm_certificate.cert[*].domain_validation_options[*].resource_record_value)] } -# Module : ACM CERTIFICATE VALIDATION -# Description : Terraform module which validates ACM Certificate via DNS resource on AWS +##---------------------------------------------------------------------------------- +## Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete. +##---------------------------------------------------------------------------------- resource "aws_acm_certificate_validation" "default" { count = var.enable_dns_validation ? 1 : 0 - certificate_arn = join("", aws_acm_certificate.cert.*.arn) - validation_record_fqdns = aws_route53_record.default.*.fqdn + certificate_arn = join("", aws_acm_certificate.cert[*].arn) + validation_record_fqdns = aws_route53_record.default[*].fqdn } diff --git a/outputs.tf b/outputs.tf index ff40cd6..a28e951 100644 --- a/outputs.tf +++ b/outputs.tf @@ -2,12 +2,12 @@ # Description : Terraform ACM Certificate module outputs. output "id" { - value = var.import_certificate ? join("", aws_acm_certificate.import-cert.*.id) : join("", aws_acm_certificate.cert.*.id) + value = var.import_certificate ? join("", aws_acm_certificate.import-cert[*].id) : join("", aws_acm_certificate.cert[*].id) description = "The ID of the Certificate." } output "arn" { - value = var.import_certificate ? join("", aws_acm_certificate.import-cert.*.arn) : join("", aws_acm_certificate.cert.*.arn) + value = var.import_certificate ? join("", aws_acm_certificate.import-cert[*].arn) : join("", aws_acm_certificate.cert[*].arn) description = "The ARN of the Certificate." } @@ -15,3 +15,18 @@ output "tags" { value = module.labels.tags description = "A mapping of tags to assign to the resource." } + +output "acm_certificate_domain_validation_options" { + value = flatten(aws_acm_certificate.cert[*].domain_validation_options) + description = "A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used." +} + +output "acm_certificate_status" { + value = try(aws_acm_certificate.cert[*].status, "") + description = "Status of the certificate." +} + +output "validation_route53_record_fqdns" { + value = aws_route53_record.default[*].fqdn + description = "List of FQDNs built using the zone domain and name." +} diff --git a/variables.tf b/variables.tf index 59c28a0..b50182b 100644 --- a/variables.tf +++ b/variables.tf @@ -24,18 +24,6 @@ variable "label_order" { description = "Label order, e.g. `name`,`application`." } -variable "attributes" { - type = list(any) - default = [] - description = "Additional attributes (e.g. `1`)." -} - -variable "tags" { - type = map(any) - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." -} - variable "managedby" { type = string default = "hello@clouddrove.com" @@ -60,7 +48,6 @@ variable "validation_method" { type = string default = "" description = "Which method to use for validation, DNS or EMAIL." - } variable "enable_dns_validation" { @@ -116,3 +103,27 @@ variable "ttl" { default = 600 description = "Time to live." } + +variable "validation_option" { + type = any + default = {} + description = "The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use." +} + +variable "validation_record_fqdns" { + type = list(string) + default = [] + description = "When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation" +} + +variable "allow_overwrite" { + type = bool + default = true + description = "Whether to allow overwrite of Route53 records" +} + +variable "private_zone" { + type = bool + default = false + description = "Used with name field to get a private Hosted Zone." +} \ No newline at end of file diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..8e2aeb1 --- /dev/null +++ b/versions.tf @@ -0,0 +1,11 @@ +# Terraform version +terraform { + required_version = ">= 1.5.4" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.10" + } + } +} \ No newline at end of file