Merge pull request #109 from kumoy/develop

Remove module-wide create/enable variable
plus3it · Nov 19, 2020 · 98e7148 · 98e7148
2 parents 392554e + de1fc67
commit 98e7148
Show file tree

Hide file tree

Showing 18 changed files with 30 additions and 915 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.1.0
+current_version = 2.0.0
 commit = True
 tag = False
 tag_name = {new_version}
diff --git a/.gitignore b/.gitignore
@@ -16,3 +16,5 @@ tardigrade-ci/
 # eclint
 .git/
 
+# terratest
+tests/go.*
diff --git a/README.md b/README.md
@@ -19,7 +19,6 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | name | String to prefix resource names with | `string` | n/a | yes |
-| create\_inspector | Controls whether to create the Inspector resources | `bool` | `true` | no |
 | duration | Maximum time the Inspector assessment will run for (in seconds) | `string` | `"3600"` | no |
 | event\_pattern | JSON object describing an event to capture. Required if not setting a schedule. See AWS documentation for more details - https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html | `string` | `null` | no |
 | iam\_role\_arn | Controls whether to create the Inspector role | `any` | `null` | no |

diff --git a/main.tf b/main.tf
@@ -1,5 +1,3 @@
-provider "aws" {}
-
 locals {
   create_iam_role = var.iam_role_arn == null
   iam_role_arn    = local.create_iam_role ? join("", aws_iam_role.this.*.arn) : var.iam_role_arn
@@ -9,36 +7,31 @@ locals {
 
 # Race condition on resource cycles requires some randomness in the name to avoid "name already exists" errors
 resource "random_uuid" "assessment_template" {
-  count = var.create_inspector ? 1 : 0
-
   keepers = {
     rules_package_arns = join(",", data.aws_inspector_rules_packages.this.arns)
     duration           = var.duration
-    target_arn         = aws_inspector_assessment_target.this[0].arn
+    target_arn         = aws_inspector_assessment_target.this.arn
 
   }
 }
 
 # Create Inspector Assessment Target
 resource "aws_inspector_assessment_target" "this" {
-  count = var.create_inspector ? 1 : 0
-  name  = var.name
+  name = var.name
 }
 
 # Create Inspector Assessment Template
 resource "aws_inspector_assessment_template" "this" {
-  count = var.create_inspector ? 1 : 0
 
-  name       = "${var.name} ${random_uuid.assessment_template[0].result}"
-  target_arn = random_uuid.assessment_template[0].keepers.target_arn
-  duration   = random_uuid.assessment_template[0].keepers.duration
+  name       = "${var.name} ${random_uuid.assessment_template.result}"
+  target_arn = random_uuid.assessment_template.keepers.target_arn
+  duration   = random_uuid.assessment_template.keepers.duration
 
-  rules_package_arns = split(",", random_uuid.assessment_template[0].keepers.rules_package_arns)
+  rules_package_arns = split(",", random_uuid.assessment_template.keepers.rules_package_arns)
 }
 
 # Create Cloudwatch Event Rule
 resource "aws_cloudwatch_event_rule" "this" {
-  count = var.create_inspector ? 1 : 0
 
   name                = var.name
   description         = "Run inspector scan on a schedule"
@@ -49,7 +42,7 @@ resource "aws_cloudwatch_event_rule" "this" {
 
 # Create IAM Role
 resource "aws_iam_role" "this" {
-  count = var.create_inspector && local.create_iam_role ? 1 : 0
+  count = local.create_iam_role ? 1 : 0
 
   name               = var.name
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
@@ -58,26 +51,24 @@ resource "aws_iam_role" "this" {
 
 # Create IAM Policy
 resource "aws_iam_policy" "this" {
-  count = var.create_inspector && local.create_iam_role ? 1 : 0
+  count = local.create_iam_role ? 1 : 0
 
   name   = var.name
   policy = data.aws_iam_policy_document.start_inspector.json
 }
 
 # Attach Policy to IAM Role
 resource "aws_iam_role_policy_attachment" "this" {
-  count = var.create_inspector && local.create_iam_role ? 1 : 0
+  count = local.create_iam_role ? 1 : 0
 
   role       = aws_iam_role.this[0].name
   policy_arn = aws_iam_policy.this[0].arn
 }
 
 # Create Cloudwatch Event Target
 resource "aws_cloudwatch_event_target" "this" {
-  count = var.create_inspector ? 1 : 0
-
-  rule     = aws_cloudwatch_event_rule.this[0].name
-  arn      = aws_inspector_assessment_template.this[0].arn
+  rule     = aws_cloudwatch_event_rule.this.name
+  arn      = aws_inspector_assessment_template.this.arn
   role_arn = local.iam_role_arn
 }
 

diff --git a/outputs.tf b/outputs.tf
@@ -3,10 +3,10 @@
 //
 output "assessment_template_arn" {
   description = "Assessment template ARN"
-  value       = join("", aws_inspector_assessment_template.this.*.arn)
+  value       = aws_inspector_assessment_template.this.arn
 }
 
 output "assessment_target_arn" {
   description = "Assessment target ARN"
-  value       = join("", aws_inspector_assessment_target.this.*.arn)
+  value       = aws_inspector_assessment_target.this.arn
 }
diff --git a/tests/event_and_schedule/README.md b/tests/event_and_schedule/README.md
diff --git a/tests/event_and_schedule/main.tf b/tests/event_and_schedule/main.tf
@@ -10,14 +10,9 @@ resource "random_id" "name" {
 module "event_based" {
   source = "../../"
 
-  providers = {
-    aws = aws
-  }
-
-  create_inspector = true
-  name             = random_id.name.hex
-  schedule         = "rate(7 days)"
-  event_pattern    = <<-EOF
+  name          = random_id.name.hex
+  schedule      = "rate(7 days)"
+  event_pattern = <<-EOF
     {
       "source" : ["aws.ec2"],
       "detail-type" : ["EC2 Instance State-change Notification"],
@@ -26,6 +21,6 @@ module "event_based" {
       }
     }
   EOF
-  duration         = "180"
+  duration      = "180"
 }
 
diff --git a/tests/event_based/README.md b/tests/event_based/README.md
diff --git a/tests/event_based/main.tf b/tests/event_based/main.tf
@@ -10,13 +10,8 @@ resource "random_id" "name" {
 module "event_based" {
   source = "../../"
 
-  providers = {
-    aws = aws
-  }
-
-  create_inspector = true
-  name             = random_id.name.hex
-  event_pattern    = <<-EOF
+  name          = random_id.name.hex
+  event_pattern = <<-EOF
     {
       "source" : ["aws.ec2"],
       "detail-type" : ["EC2 Instance State-change Notification"],
@@ -25,6 +20,6 @@ module "event_based" {
       }
     }
   EOF
-  duration         = "180"
+  duration      = "180"
 }
 
diff --git a/tests/go.mod b/tests/go.mod