Terraform 0.12 upgrade (#3)

* nits * nits * nits * nits * nits * nits * nits * nits * nits * nits * nits * nits
comtravo · Jun 16, 2020 · fbe297a · fbe297a
1 parent 09aa192
commit fbe297a
Show file tree

Hide file tree

Showing 14 changed files with 921 additions and 71 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,13 @@
+docker-compose*
+.gitignore
+.dockerignore
+
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+**/.tfstate
+**/.tfstate.*
+
+# .tfvars files
+**/*.tfvars
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,4 @@
+FROM puneethn/terraform-test-workhorse:0.12.25
+
+WORKDIR /go/src/github.com/comtravo/terraform-aws-firehose
+COPY . .
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,34 @@
+pipeline {
+
+  agent { label 'worker' }
+
+  options {
+    ansiColor('gnome-terminal')
+    buildDiscarder(logRotator(numToKeepStr: '30'))
+    skipDefaultCheckout()
+    timestamps()
+  }
+
+  stages {
+    stage("Checkout SCM") {
+      steps {
+        script {
+          ctCheckout(revision: getMultiBranchName(), wipeWorkspace: true, noTags: true, url: '[email protected]:comtravo/terraform-aws-firehose.git')
+        }
+      }
+    }
+
+    stage("Build and Test") {
+      steps {
+        script {
+          try {
+            sh(label: 'Building docker image', script: "make build")
+            sh(label: 'Testing docker image', script: "make test-docker")
+          } finally {
+            sh(label: 'Cleanup', script: "make clean")
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/Makefile b/Makefile
@@ -0,0 +1,40 @@
+#! make
+
+DOCKER_COMPOSE=docker-compose -f ./docker-compose.yml
+DOCKER_COMPOSE_DEVELOP=$(DOCKER_COMPOSE) -f ./docker-compose.develop.yml
+
+GENERATE_DOCS_COMMAND:=terraform-docs --sort-inputs-by-required markdown table . > README.md
+
+fmt:
+	@terraform fmt -recursive
+
+lint:
+	@terraform fmt -check -recursive -diff=true
+	@tflint
+
+build:
+	@$(DOCKER_COMPOSE) build
+
+test:
+	@cd tests && go test -v -tags=unit
+	@cd tests && go test -v -tags=integration
+
+test-docker:
+	@$(DOCKER_COMPOSE) run --rm terraform make test
+	@$(DOCKER_COMPOSE) run --rm terraform make lint
+	@$(DOCKER_COMPOSE) down -v
+
+develop:
+	@$(DOCKER_COMPOSE_DEVELOP) run --rm terraform bash
+	@$(DOCKER_COMPOSE_DEVELOP) down -v
+
+generate-docs: fmt lint
+	@$(GENERATE_DOCS_COMMAND)
+
+clean:
+	@$(DOCKER_COMPOSE) down -v
+	@rm -f tests/terraform.tfstate tests/terraform.tfstate.backup
+	@rm -rf ./terraform
+
+logs:
+	@$(DOCKER_COMPOSE) logs -f
diff --git a/README.md b/README.md
@@ -2,50 +2,46 @@
 
 ## Introduction
 
-This module create a Kinesis Firehose and all the resources related to it to log to S3.
+This module creates a Kinesis Firehose and all the resources related to it to log to S3.
 
-## Usage
+## Usage  
+Checkout [test.tf](./tests/test.tf) for how to use this module
 
-```hcl
-module "my_firehose" {
-  source = "github.com/comtravo/terraform-aws-firehose"
+## Authors
+
+Module managed by [Comtravo](https://github.com/comtravo).
+
+## License
+
+MIT Licensed. See [LICENSE](LICENSE) for full details.
 
-  enable = 1
+## Requirements
 
-  name        = "test-firehose"
-  destination = "s3"
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12 |
+| aws | ~> 2.0 |
 
-  s3_configuration {
-    bucket_arn      = "my_s3_bucket_arn"
-    buffer_interval = 60
-    prefix          = "some-prefix/"
-  }
+## Providers
 
-  account_id = "0123456789012"
-}
-```
+| Name | Version |
+|------|---------|
+| aws | ~> 2.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| account\_id | AWS account ID | string | n/a | yes |
-| name | Name of the firehose | string | n/a | yes |
-| destination | Kinesis Firehose Destination | string | `"s3"` | no |
-| enable | Enable firehose | string | `"1"` | no |
-| region | AWS region | string | `"eu-west-1"` | no |
-| s3\_configuration | AWS S3 configuration | map | `<map>` | no |
+|------|-------------|------|---------|:--------:|
+| account\_id | AWS account ID | `string` | n/a | yes |
+| name | Name of the firehose | `string` | n/a | yes |
+| s3\_configuration | AWS S3 configuration | <pre>object({<br>    bucket_arn      = string,<br>    buffer_interval = number,<br>    buffer_size     = number,<br>    prefix          = string<br>  })</pre> | n/a | yes |
+| destination | Kinesis Firehose Destination | `string` | `"s3"` | no |
+| enable | Enable firehose | `bool` | `true` | no |
+| region | AWS region | `string` | `"eu-west-1"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | arn | ARN of the Kinesis Firehose |
 
-## Authors
-
-Module managed by [Comtravo](https://github.com/comtravo).
-
-## License
-
-MIT Licensed. See LICENSE for full details.
diff --git a/docker-compose.develop.yml b/docker-compose.develop.yml
@@ -0,0 +1,14 @@
+version: '3'
+
+services:
+  terraform:
+    command: bash
+    volumes:
+      - ./:/go/src/github.com/comtravo/terraform-aws-firehose
+
+  localstack:
+    ports:
+      - 4566:4566
+      - 4584-4597:4584-4597
+      - 4567-4583:4567-4583
+      - 8080:8080
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+  terraform:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: ct-terraform-aws-firehose-module:${GIT_COMMIT:-latest}
+    environment:
+      - AWS_REGION=us-east-1
+      - AWS_DEFAULT_REGION=us-east-1
+      - AWS_ACCESS_KEY_ID=foo
+      - AWS_SECRET_ACCESS_KEY=bar
+      - LOCALSTACK_HOST=localstack
+    depends_on:
+      - localstack
+
+  localstack:
+    image: localstack/localstack
+    environment:
+      - SERVICES=s3,firehose,iam,sts
+      - DEFAULT_REGION=us-east-1
+      - DOCKER_HOST=unix:///var/run/docker.sock
+      - DATA_DIR=/tmp/localstack/data
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "localstack-data:/tmp/localstack"
+
+volumes:
+  localstack-data:
diff --git a/main.tf b/main.tf
@@ -1,46 +1,75 @@
+/**
+* # Terraform AWS module for AWS Kinesis Firehose
+*
+* ## Introduction
+*
+* This module creates a Kinesis Firehose and all the resources related to it to log to S3.
+*
+* ## Usage
+* Checkout [test.tf](./tests/test.tf) for how to use this module
+*
+* ## Authors
+*
+* Module managed by [Comtravo](https://github.com/comtravo).
+*
+* ## License
+*
+* MIT Licensed. See [LICENSE](LICENSE) for full details.
+*/
+
 ###############################################################################
 #                                    VARIABLES                                #
 ###############################################################################
 
-variable name {
-  type        = "string"
+variable "name" {
+  type        = string
   description = "Name of the firehose"
 }
 
-variable account_id {
-  type        = "string"
+variable "account_id" {
+  type        = string
   description = "AWS account ID"
 }
 
-variable region {
+variable "region" {
   default     = "eu-west-1"
-  type        = "string"
+  type        = string
   description = "AWS region"
 }
 
-variable destination {
+variable "destination" {
   default     = "s3"
+  type        = string
   description = "Kinesis Firehose Destination"
 }
 
-variable s3_configuration {
-  type        = "map"
+variable "s3_configuration" {
+  type = object({
+    bucket_arn      = string,
+    buffer_interval = number,
+    buffer_size     = number,
+    prefix          = string
+  })
   description = "AWS S3 configuration"
-  default     = {}
 }
 
-variable enable {
-  type        = "string"
+variable "enable" {
+  type        = bool
   description = "Enable firehose"
-  default     = "1"
+  default     = true
+}
+
+locals {
+  enable_count = var.enable ? 1 : 0
 }
 
 ###############################################################################
 #                                    MAIN                                     #
 ###############################################################################
 
 resource "aws_iam_role" "firehose_role" {
-  name                  = "${var.name}"
+  count                 = local.enable_count
+  name                  = var.name
   path                  = "/environment/${terraform.workspace}/"
   force_detach_policies = true
 
@@ -59,6 +88,7 @@ resource "aws_iam_role" "firehose_role" {
   ]
 }
 EOF
+
 }
 
 data "aws_iam_policy_document" "firehose_role" {
@@ -74,21 +104,8 @@ data "aws_iam_policy_document" "firehose_role" {
     ]
 
     resources = [
-      "${lookup(var.s3_configuration, "bucket_arn")}",
-      "${lookup(var.s3_configuration, "bucket_arn")}/*",
-      "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%",
-      "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%/*",
-    ]
-  }
-
-  statement {
-    actions = [
-      "lambda:InvokeFunction",
-      "lambda:GetFunctionConfiguration",
-    ]
-
-    resources = [
-      "arn:aws:lambda:${var.region}:${var.account_id}:function:%FIREHOSE_DEFAULT_FUNCTION%:%FIREHOSE_DEFAULT_VERSION%",
+      lookup(var.s3_configuration, "bucket_arn"),
+      "${lookup(var.s3_configuration, "bucket_arn")}/*"
     ]
   }
 
@@ -104,23 +121,24 @@ data "aws_iam_policy_document" "firehose_role" {
 }
 
 resource "aws_iam_role_policy" "firehose_role" {
-  name = "${var.name}"
-  role = "${aws_iam_role.firehose_role.id}"
+  count = local.enable_count
+  name  = var.name
+  role  = aws_iam_role.firehose_role[0].id
 
-  policy = "${data.aws_iam_policy_document.firehose_role.json}"
+  policy = data.aws_iam_policy_document.firehose_role.json
 }
 
 resource "aws_kinesis_firehose_delivery_stream" "stream" {
-  count       = "${var.enable}"
-  name        = "${var.name}"
-  destination = "${var.destination}"
+  count       = local.enable_count
+  name        = var.name
+  destination = var.destination
 
   s3_configuration {
-    role_arn        = "${aws_iam_role.firehose_role.arn}"
-    bucket_arn      = "${lookup(var.s3_configuration, "bucket_arn")}"
-    buffer_interval = "${lookup(var.s3_configuration, "buffer_interval", 300)}"
-    buffer_size     = "${lookup(var.s3_configuration, "buffer_size", 5)}"
-    prefix          = "${lookup(var.s3_configuration, "prefix")}"
+    role_arn        = aws_iam_role.firehose_role[0].arn
+    bucket_arn      = lookup(var.s3_configuration, "bucket_arn")
+    buffer_interval = lookup(var.s3_configuration, "buffer_interval")
+    buffer_size     = lookup(var.s3_configuration, "buffer_size")
+    prefix          = lookup(var.s3_configuration, "prefix")
 
     cloudwatch_logging_options {
       enabled         = true
@@ -131,6 +149,6 @@ resource "aws_kinesis_firehose_delivery_stream" "stream" {
 }
 
 output "arn" {
-  value       = "${element(concat(aws_kinesis_firehose_delivery_stream.stream.*.arn, list("")), 0)}"
+  value       = var.enable ? aws_kinesis_firehose_delivery_stream.stream[0].arn : ""
   description = "ARN of the Kinesis Firehose"
 }