Merge pull request #1 from clouddrove/CD-90

Nikita Dugar · web-flow · commit 5e82e79252c6 · 2019-12-28T17:25:00.000+05:30
Cd 90
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -0,0 +1,57 @@
+name: 'Terraform GitHub Actions'
+on:
+  - pull_request
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 'Checkout'
+        uses: actions/checkout@master
+
+      - name: 'Terraform Format'
+        uses: clouddrove/github-actions@v2.0
+        with:
+          actions_subcommand: 'fmt'
+
+      - name: 'Terraform Init'
+        uses: clouddrove/github-actions@v2.0
+        with:
+          actions_subcommand: 'init'
+          tf_actions_working_dir: ./_example
+
+      - name: Configure AWS Credentials
+        uses: clouddrove/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
+      - name: 'Terraform Plan'
+        uses: clouddrove/github-actions@v2.0
+        with:
+          actions_subcommand: 'plan'
+          tf_actions_working_dir: ./_example
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Terratest'
+        uses: clouddrove/github-actions@v2.0
+        with:
+          actions_subcommand: 'terratest'
+          tf_actions_working_dir: ./_test
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Slack Notification'
+        uses: clouddrove/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          fields: repo,author
+          author_name: 'Clouddrove'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required
+        if: always()
diff --git a/README.md b/README.md
@@ -72,7 +72,8 @@ This module has a few dependencies:
 Here is an example of how you can use this module in your inventory structure:
 ```hcl
   module "alb" {
-    source                     = "git::https://github.com/clouddrove/terraform-aws-alb.git?ref=tags/0.12.2"
+    source                     = "git::https://github.com/clouddrove/terraform-aws-alb.git?ref=tags/0.12.3"
+
     name                       = "alb"
     application                = "clouddrove"
     environment                = "test"
@@ -90,6 +91,8 @@ Here is an example of how you can use this module in your inventory structure:
     listener_certificate_arn   = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
     https_enabled              = true
     http_enabled               = true
+    https_port               = 443
+    listener_type            = "forward"
 }
 ```
 
diff --git a/README.yaml b/README.yaml
@@ -35,24 +35,26 @@ usage : |-
   ### Simple Example
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
-    module "alb" {
-      source                     = "git::https://github.com/clouddrove/terraform-aws-alb.git?ref=tags/0.12.2"
-      name                       = "alb"
-      application                = "clouddrove"
-      environment                = "test"
-      label_order                = ["environment", "name", "application"]
-      internal                   = false
-      load_balancer_type         = "application"
-      instance_count             = 2
-      security_groups            = ["sg-xxxxxxx"]
-      subnets                    = "subnet-xxxxxxx"
-      enable_deletion_protection = false
-      target_id                  = "i-xxxxxxxxxx"
-      vpc_id                     = "vpc-xxxxxxxxx"
-      target_group_protocol      = "HTTP"
-      target_group_port          = 80
-      listener_certificate_arn   = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
-      https_enabled              = true
-      http_enabled               = true
-  }
+      module "alb" {
+        source                     = "git::https://github.com/clouddrove/terraform-aws-alb.git?ref=tags/0.12.3"
+        name                       = "alb"
+        application                = "clouddrove"
+        environment                = "test"
+        label_order                = ["environment", "name", "application"]
+        internal                   = false
+        load_balancer_type         = "application"
+        instance_count             = 2
+        security_groups            = ["sg-xxxxxxx"]
+        subnets                    = "subnet-xxxxxxx"
+        enable_deletion_protection = false
+        target_id                  = "i-xxxxxxxxxx"
+        vpc_id                     = "vpc-xxxxxxxxx"
+        target_group_protocol      = "HTTP"
+        target_group_port          = 80
+        listener_certificate_arn   = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
+        https_enabled              = true
+        http_enabled               = true
+        https_port               = 443
+        listener_type            = "forward"
+    }
   ```
diff --git a/_example/example.tf b/_example/example.tf
@@ -2,111 +2,134 @@ provider "aws" {
   region = "eu-west-1"
 }
 
-module "keypair" {
-  source = "git::https://github.com/clouddrove/terraform-aws-keypair.git?ref=tags/0.12.2"
-
-  key_path        = "~/.ssh/id_rsa.pub"
-  key_name        = "main-key"
-  enable_key_pair = true
-}
 
 module "vpc" {
   source = "git::https://github.com/clouddrove/terraform-aws-vpc.git?ref=tags/0.12.4"
 
   name        = "vpc"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   cidr_block = "172.16.0.0/16"
 }
 
 module "public_subnets" {
-  source = "git::https://github.com/clouddrove/terraform-aws-subnet.git?ref=tags/0.12.3"
+  source = "git::https://github.com/clouddrove/terraform-aws-subnet.git?ref=tags/0.12.4"
 
   name        = "public-subnet"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
-  availability_zones = ["eu-west-1a", "eu-west-1c"]
+  availability_zones = ["eu-west-1b", "eu-west-1c"]
   vpc_id             = module.vpc.vpc_id
   cidr_block         = module.vpc.vpc_cidr_block
   type               = "public"
   igw_id             = module.vpc.igw_id
 }
 
 module "http-https" {
-  source      = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.2"
+  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.3"
+
   name        = "http-https"
   application = "clouddrove"
-  label_order = ["environment", "name", "application"]
+  environment = "test"
+  label_order = ["environment", "application", "name"]
 
-  environment   = "test"
   vpc_id        = module.vpc.vpc_id
   allowed_ip    = ["0.0.0.0/0"]
   allowed_ports = [80, 443]
 }
 
 module "ssh" {
-  source      = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.2"
+  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.3"
+
   name        = "ssh"
   application = "clouddrove"
-  label_order = ["environment", "name", "application"]
+  environment = "test"
+  label_order = ["environment", "application", "name"]
 
-  environment   = "test"
   vpc_id        = module.vpc.vpc_id
   allowed_ip    = [module.vpc.vpc_cidr_block]
   allowed_ports = [22]
 }
 
+module "iam-role" {
+  source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.1"
+
+  name               = "iam-role"
+  application        = "clouddrove"
+  environment        = "test"
+  label_order        = ["environment", "application", "name"]
+  assume_role_policy = data.aws_iam_policy_document.default.json
+
+  policy_enabled = true
+  policy         = data.aws_iam_policy_document.iam-policy.json
+}
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "iam-policy" {
+  statement {
+    actions = [
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+    "ssmmessages:OpenDataChannel"]
+    effect    = "Allow"
+    resources = ["*"]
+  }
+}
+
 module "ec2" {
-  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.3"
+  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.4"
 
   name        = "ec2-instance"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
-
-  instance_count              = 2
-  ami                         = "ami-08d658f84a6d84a80"
-  ebs_optimized               = false
-  instance_type               = "t2.nano"
-  key_name                    = module.keypair.name
-  monitoring                  = false
-  associate_public_ip_address = true
-  tenancy                     = "default"
-  disk_size                   = 8
+  label_order = ["environment", "application", "name"]
+
+  instance_count = 2
+  ami            = "ami-08d658f84a6d84a80"
+  instance_type  = "t2.nano"
+  monitoring     = false
+  tenancy        = "default"
+
   vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
 
-  assign_eip_address = true
+  assign_eip_address          = true
+  associate_public_ip_address = true
+
+  instance_profile_enabled = true
+  iam_instance_profile     = module.iam-role.name
 
+  disk_size          = 8
+  ebs_optimized      = false
   ebs_volume_enabled = true
   ebs_volume_type    = "gp2"
   ebs_volume_size    = 30
 }
 
-module "acm" {
-  source = "git::https://github.com/clouddrove/terraform-aws-acm.git?ref=tags/0.12.0"
-
-  name        = "certificate"
-  application = "clouddrove"
-  environment = "test"
-  label_order = ["environment", "name", "application"]
-
-  domain_name          = "clouddrove.com"
-  validation_method    = "EMAIL"
-  validate_certificate = true
-}
 
 module "alb" {
-  source = "git::https://github.com/clouddrove/terraform-aws-alb.git?ref=tags/0.12.2"
+  source = "./../"
 
   name        = "alb"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   internal                   = false
   load_balancer_type         = "application"
@@ -120,10 +143,9 @@ module "alb" {
   target_group_protocol = "HTTP"
   target_group_port     = 80
 
-  listener_certificate_arn = module.acm.arn
-  https_enabled            = true
-  http_enabled             = true
-  https_port               = 443
-  listener_type            = "forward"
+  https_enabled = false
+  http_enabled  = true
+  https_port    = 443
+  listener_type = "forward"
 
 }
diff --git a/_test/alb_test.go b/_test/alb_test.go
@@ -29,6 +29,6 @@ func Test(t *testing.T) {
 	Tags := terraform.OutputMap(t, terraformOptions, "tags")
 
 	// Check that we get back the outputs that we expect
-	assert.Equal(t, "test-alb-clouddrove", Tags["Name"])
+	assert.Equal(t, "test-clouddrove-alb", Tags["Name"])
 	assert.Contains(t, Arn, "arn:aws:elasticloadbalancing")
 }

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,6 @@ func Test(t *testing.T) {`
`29`	`29`	`Tags := terraform.OutputMap(t, terraformOptions, "tags")`
`30`	`30`
`31`	`31`	`// Check that we get back the outputs that we expect`
`32`		`- assert.Equal(t, "test-alb-clouddrove", Tags["Name"])`
	`32`	`+ assert.Equal(t, "test-clouddrove-alb", Tags["Name"])`
`33`	`33`	`assert.Contains(t, Arn, "arn:aws:elasticloadbalancing")`
`34`	`34`	`}`