Merge pull request #33 from lgallard/feature/conditional-creation

lgallard · web-flow · commit 6cedaa9a87b0 · 2021-01-24T09:07:49.000-03:00
Add support for conditional creation
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.8.0 (January 24, 2021)
+
+
+ENHANCEMENTS:
+
+* Add support for conditional creation
+
+FIXES:
+
+* Update examples
+
 ## 0.7.1 (January 24, 2021)
 
 FIXES:
diff --git a/README.md b/README.md
@@ -36,7 +36,7 @@ module "aws_es" {
 
   encrypt_at_rest = {
     enabled    = "true"
-    kms_key_id = "alias/aws/es"
+    kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
   log_publishing_options = {
@@ -148,6 +148,7 @@ module "aws_es" {
 | ebs\_options\_volume\_size | The size of EBS volumes attached to data nodes (in GB). Required if ebs\_enabled is set to true | `number` | `10` | no |
 | ebs\_options\_volume\_type | The type of EBS volumes attached to data nodes | `string` | `"gp2"` | no |
 | elasticsearch\_version | The version of Elasticsearch to deploy. | `string` | `"7.1"` | no |
+| enabled | Change to false to avoid deploying any AWS ElasticSearch resources | `bool` | `true` | no |
 | encrypt\_at\_rest | Encrypt at rest options. Only available for certain instance types | `map` | `{}` | no |
 | encrypt\_at\_rest\_enabled | Whether to enable encryption at rest | `bool` | `true` | no |
 | encrypt\_at\_rest\_kms\_key\_id | The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key | `string` | `"alias/aws/es"` | no |
diff --git a/examples/advanced_security_options_master_user_arn/main.tf b/examples/advanced_security_options_master_user_arn/main.tf
@@ -45,7 +45,7 @@ module "aws_es" {
     region      = data.aws_region.current.name,
     account     = data.aws_caller_identity.current.account_id,
     domain_name = var.es_domain_name,
-    whitelist   = "${jsonencode(var.whitelist)}"
+    whitelist   = jsonencode(var.whitelist)
   })
 
   node_to_node_encryption_enabled                = "true"
diff --git a/examples/advanced_security_options_master_user_name_pasword/main.tf b/examples/advanced_security_options_master_user_name_pasword/main.tf
@@ -49,7 +49,7 @@ module "aws_es" {
     region      = data.aws_region.current.name,
     account     = data.aws_caller_identity.current.account_id,
     domain_name = var.es_domain_name,
-    whitelist   = "${jsonencode(var.whitelist)}"
+    whitelist   = jsonencode(var.whitelist)}
   })
 
   node_to_node_encryption_enabled                = "true"
diff --git a/examples/public/main.tf b/examples/public/main.tf
@@ -20,7 +20,7 @@ module "aws_es" {
 
   encrypt_at_rest = {
     enabled    = "true"
-    kms_key_id = "alias/aws/es"
+    kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
   log_publishing_options = {
@@ -35,7 +35,7 @@ module "aws_es" {
     region      = data.aws_region.current.name,
     account     = data.aws_caller_identity.current.account_id,
     domain_name = var.es_domain_name,
-    whitelist   = "${jsonencode(var.whitelist)}"
+    whitelist   = jsonencode(var.whitelist)
   })
 
   node_to_node_encryption_enabled                = "true"
diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
@@ -20,7 +20,7 @@ module "aws_es" {
 
   encrypt_at_rest = {
     enabled    = "true"
-    kms_key_id = "alias/aws/es"
+    kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
   vpc_options = {
diff --git a/iam.tf b/iam.tf
@@ -1,10 +1,12 @@
 resource "aws_cloudwatch_log_group" "es_cloudwatch_log_group" {
-  name = "${var.domain_name}-log_group"
-  tags = var.tags
+  count             = var.enabled ? 1 : 0
+  name              = "${var.domain_name}-log_group"
+  tags              = var.tags
   retention_in_days = var.log_publishing_options_retention
 }
 
 resource "aws_cloudwatch_log_resource_policy" "es_aws_cloudwatch_log_resource_policy" {
+  count       = var.enabled ? 1 : 0
   policy_name = "${var.domain_name}-policy"
 
   policy_document = <<CONFIG
@@ -30,7 +32,7 @@ CONFIG
 
 # Service-linked role to give Amazon ES permissions to access your VPC
 resource "aws_iam_service_linked_role" "es" {
-  count            = var.create_service_link_role == true ? 1 : 0
+  count            = var.enabled && var.create_service_link_role ? 1 : 0
   aws_service_name = "es.amazonaws.com"
   description      = "Service-linked role to give Amazon ES permissions to access your VPC"
 }
diff --git a/main.tf b/main.tf
@@ -1,4 +1,7 @@
 resource "aws_elasticsearch_domain" "es_domain" {
+
+  count = var.enabled ? 1 : 0
+
   # Domain name
   domain_name = var.domain_name
 
@@ -236,7 +239,7 @@ locals {
   # If no log_publishing_options list is provided, build a log_publishing_options using the default values
   log_publishing_options_default = {
     log_type                 = lookup(var.log_publishing_options, "log_type", null) == null ? var.log_publishing_options_log_type : lookup(var.log_publishing_options, "log_type")
-    cloudwatch_log_group_arn = lookup(var.log_publishing_options, "cloudwatch_log_group_arn", null) == null ? (var.log_publishing_options_cloudwatch_log_group_arn == "" ? aws_cloudwatch_log_group.es_cloudwatch_log_group.arn : var.log_publishing_options_cloudwatch_log_group_arn) : lookup(var.log_publishing_options, "cloudwatch_log_group_arn")
+    cloudwatch_log_group_arn = lookup(var.log_publishing_options, "cloudwatch_log_group_arn", null) == null ? (var.log_publishing_options_cloudwatch_log_group_arn == "" && var.enabled ? aws_cloudwatch_log_group.es_cloudwatch_log_group[0].arn : var.log_publishing_options_cloudwatch_log_group_arn) : lookup(var.log_publishing_options, "cloudwatch_log_group_arn")
     enabled                  = lookup(var.log_publishing_options, "enabled", null) == null ? var.log_publishing_options_enabled : lookup(var.log_publishing_options, "enabled")
   }
 
diff --git a/outputs.tf b/outputs.tf
@@ -1,30 +1,29 @@
 output "arn" {
   description = "Amazon Resource Name (ARN) of the domain"
-  value       = aws_elasticsearch_domain.es_domain.arn
+  value       = join("", aws_elasticsearch_domain.es_domain.*.arn)
 }
 
 output "domain_id" {
   description = "Unique identifier for the domain"
-  value       = aws_elasticsearch_domain.es_domain.domain_id
+  value       = join("", aws_elasticsearch_domain.es_domain.*.domain_id)
 }
 
 output "endpoint" {
   description = "Domain-specific endpoint used to submit index, search, and data upload requests"
-  value       = aws_elasticsearch_domain.es_domain.endpoint
+  value       = join("", aws_elasticsearch_domain.es_domain.*.endpoint)
 }
 
 output "kibana_endpoint" {
   description = "Domain-specific endpoint for kibana without https scheme"
-  value       = aws_elasticsearch_domain.es_domain.kibana_endpoint
+  value       = join("", aws_elasticsearch_domain.es_domain.*.kibana_endpoint)
 }
 
 output "vpc_options_availability_zones" {
   description = "If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside"
-  value       = length(aws_elasticsearch_domain.es_domain.vpc_options) > 0 ? aws_elasticsearch_domain.es_domain.vpc_options.0.availability_zones : []
+  value       = var.enabled ? (length(aws_elasticsearch_domain.es_domain[0].vpc_options) > 0 ? aws_elasticsearch_domain.es_domain[0].vpc_options.0.availability_zones : []) : []
 }
 
 output "vpc_options_vpc_id" {
-  description = " If the domain was created inside a VPC, the ID of the VPC"
-  value       = length(aws_elasticsearch_domain.es_domain.vpc_options) > 0 ? aws_elasticsearch_domain.es_domain.vpc_options.0.vpc_id : ""
+  description = "If the domain was created inside a VPC, the ID of the VPC"
+  value       = var.enabled ? length(aws_elasticsearch_domain.es_domain[0].vpc_options) > 0 ? aws_elasticsearch_domain.es_domain[0].vpc_options.0.vpc_id : null : null
 }
-
diff --git a/variables.tf b/variables.tf
@@ -18,6 +18,13 @@ variable "access_policies" {
   default     = ""
 }
 
+variable "enabled" {
+  description = "Change to false to avoid deploying any AWS ElasticSearch resources"
+  type        = bool
+  default     = true
+}
+
+
 # Advanced security options
 variable "advanced_security_options" {
   description = "Options for fine-grained access control"

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ module "aws_es" {`
`20`	`20`
`21`	`21`	`encrypt_at_rest = {`
`22`	`22`	`enabled = "true"`
`23`		`- kms_key_id = "alias/aws/es"`
	`23`	`+ kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`vpc_options = {`
Original file line number	Diff line number	Diff line change
`@@ -1,30 +1,29 @@`
`1`	`1`	`output "arn" {`
`2`	`2`	`description = "Amazon Resource Name (ARN) of the domain"`
`3`		`- value = aws_elasticsearch_domain.es_domain.arn`
	`3`	`+ value = join("", aws_elasticsearch_domain.es_domain.*.arn)`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "domain_id" {`
`7`	`7`	`description = "Unique identifier for the domain"`
`8`		`- value = aws_elasticsearch_domain.es_domain.domain_id`
	`8`	`+ value = join("", aws_elasticsearch_domain.es_domain.*.domain_id)`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`output "endpoint" {`
`12`	`12`	`description = "Domain-specific endpoint used to submit index, search, and data upload requests"`
`13`		`- value = aws_elasticsearch_domain.es_domain.endpoint`
	`13`	`+ value = join("", aws_elasticsearch_domain.es_domain.*.endpoint)`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`output "kibana_endpoint" {`
`17`	`17`	`description = "Domain-specific endpoint for kibana without https scheme"`
`18`		`- value = aws_elasticsearch_domain.es_domain.kibana_endpoint`
	`18`	`+ value = join("", aws_elasticsearch_domain.es_domain.*.kibana_endpoint)`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`output "vpc_options_availability_zones" {`
`22`	`22`	`description = "If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside"`
`23`		`- value = length(aws_elasticsearch_domain.es_domain.vpc_options) > 0 ? aws_elasticsearch_domain.es_domain.vpc_options.0.availability_zones : []`
	`23`	`+ value = var.enabled ? (length(aws_elasticsearch_domain.es_domain[0].vpc_options) > 0 ? aws_elasticsearch_domain.es_domain[0].vpc_options.0.availability_zones : []) : []`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`output "vpc_options_vpc_id" {`
`27`		`- description = " If the domain was created inside a VPC, the ID of the VPC"`
`28`		`- value = length(aws_elasticsearch_domain.es_domain.vpc_options) > 0 ? aws_elasticsearch_domain.es_domain.vpc_options.0.vpc_id : ""`
	`27`	`+ description = "If the domain was created inside a VPC, the ID of the VPC"`
	`28`	`+ value = var.enabled ? length(aws_elasticsearch_domain.es_domain[0].vpc_options) > 0 ? aws_elasticsearch_domain.es_domain[0].vpc_options.0.vpc_id : null : null`
`29`	`29`	`}`
`30`		`-`