Merge pull request #1 from clouddrove/AL-1

Al 1
clouddrove · Dec 26, 2019 · 95254e7 · 95254e7
2 parents ebd77ca + 5ec2b98
commit 95254e7
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 8 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -0,0 +1,51 @@
+name: 'Terraform GitHub Actions'
+on:
+  - pull_request
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 'Checkout'
+        uses: actions/checkout@master
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
+      - name: 'Terraform Format'
+        uses: clouddrove/github-actions@v1.0
+        with:
+          actions_subcommand: 'fmt'
+
+      - name: 'Terraform Init'
+        uses: clouddrove/github-actions@v1.0
+        with:
+          actions_subcommand: 'init'
+          tf_actions_working_dir: ./_example
+
+      - name: 'Terratest'
+        uses: clouddrove/github-actions@v1.0
+        with:
+          actions_subcommand: 'terratest'
+          tf_actions_working_dir: ./_test
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - name: 'Slack Notification'
+        uses: 8398a7/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          fields: repo,author
+          author_name: 'Clouddrove'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required
+        if: always()
diff --git a/README.md b/README.md
@@ -70,7 +70,7 @@ This module has a few dependencies:
 Here is an example of how you can use this module in your inventory structure:
 ```hcl
   module "kms_key" {
-    source                  = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1"
+    source                  = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2"
     name                    = "kms"
     application             = "clouddrove"
     environment             = "test"
@@ -174,6 +174,7 @@ Here is an example of how you can use this module in your inventory structure:
 | enable_key_rotation | Specifies whether key rotation is enabled. | bool | `true` | no |
 | environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
 | is_enabled | Specifies whether the key is enabled. | bool | `true` | no |
+| enabled | Specifies whether the kms is enabled or disabled. | bool | `true` | no |
 | key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string | `ENCRYPT_DECRYPT` | no |
 | label_order | label order, e.g. `name`,`application`. | list | `<list>` | no |
 | name | Name  (e.g. `app` or `cluster`). | string | `` | no |

diff --git a/README.yaml b/README.yaml
@@ -36,7 +36,7 @@ usage : |-
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
     module "kms_key" {
-      source                  = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1"
+      source                  = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2"
       name                    = "kms"
       application             = "clouddrove"
       environment             = "test"

diff --git a/_example/example.tf b/_example/example.tf
@@ -3,12 +3,13 @@ provider "aws" {
 }
 
 module "kms_key" {
-  source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-kms.git?ref=tags/0.12.2"
 
   name        = "kms"
   application = "clouddrove"
   environment = "test"
   label_order = ["environment", "name", "application"]
+  enabled     = true
 
   description             = "KMS key for cloudtrail"
   deletion_window_in_days = 7

diff --git a/main.tf b/main.tf
@@ -18,6 +18,7 @@ module "labels" {
 # Module      : KMS KEY
 # Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias.
 resource "aws_kms_key" "default" {
+  count                   = var.enabled ? 1 : 0
   description             = var.description
   key_usage               = var.key_usage
   deletion_window_in_days = var.deletion_window_in_days
@@ -30,6 +31,7 @@ resource "aws_kms_key" "default" {
 # Module      : KMS ALIAS
 # Description : Provides an alias for a KMS customer master key..
 resource "aws_kms_alias" "default" {
+  count         = var.enabled ? 1 : 0
   name          = coalesce(var.alias, format("alias/%v", module.labels.id))
-  target_key_id = aws_kms_key.default.id
+  target_key_id = join("", aws_kms_key.default.*.id)
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,22 +1,22 @@
 # Module      : KMS KEY
 # Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias.
 output "key_arn" {
-  value       = aws_kms_key.default.arn
+  value       = join("", aws_kms_key.default.*.arn)
   description = "Key ARN."
 }
 
 output "key_id" {
-  value       = aws_kms_key.default.key_id
+  value       = join("", aws_kms_key.default.*.key_id)
   description = "Key ID."
 }
 
 output "alias_arn" {
-  value       = aws_kms_alias.default.arn
+  value       = join("", aws_kms_alias.default.*.arn)
   description = "Alias ARN."
 }
 
 output "alias_name" {
-  value       = aws_kms_alias.default.name
+  value       = join("", aws_kms_alias.default.*.name)
   description = "Alias name."
 }
 

diff --git a/variables.tf b/variables.tf
@@ -62,6 +62,12 @@ variable "is_enabled" {
   description = "Specifies whether the key is enabled."
 }
 
+variable "enabled" {
+  type        = bool
+  default     = true
+  description = "Specifies whether the kms is enabled or disabled."
+}
+
 variable "key_usage" {
   type        = string
   default     = "ENCRYPT_DECRYPT"