From 180ffc4a2e852775f8162936f39649645d2a6ab0 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Fri, 5 Feb 2021 02:32:18 +0700 Subject: [PATCH 1/3] context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated --- .github/CODEOWNERS | 7 +- .github/auto-release.yml | 8 +++ .github/mergify.yml | 28 +++++--- .github/renovate.json | 12 ++++ .github/workflows/auto-context.yml | 6 +- .github/workflows/auto-format.yml | 86 +++++++++++++++++++++++ .github/workflows/auto-readme.yml | 41 ----------- .github/workflows/auto-release.yml | 2 +- .github/workflows/validate-codeowners.yml | 7 ++ README.md | 29 ++++++-- context.tf | 66 ++++++++++++----- docs/targets.md | 2 - docs/terraform.md | 8 ++- examples/complete/context.tf | 66 ++++++++++++----- versions.tf | 2 +- 15 files changed, 269 insertions(+), 101 deletions(-) create mode 100644 .github/renovate.json create mode 100644 .github/workflows/auto-format.yml delete mode 100644 .github/workflows/auto-readme.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ceb4644..2537f2f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,9 +15,10 @@ # Cloud Posse must review any changes to standard context definition, # but some changes can be rubber-stamped. -**/context.tf @cloudposse/engineering @cloudposse/approvers -README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers -docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +**/*.tf @cloudposse/engineering @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers # Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration .github/mergify.yml @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml index 18a1ca6..c78a4d8 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -43,3 +43,11 @@ change-template: | template: | $CHANGES + +replacers: +# Remove irrelevant information from Renovate bot +- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm' + replace: '' +# Remove Renovate bot banner image +- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' + replace: '' diff --git a/.github/mergify.yml b/.github/mergify.yml index 485982f..b010656 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -1,12 +1,16 @@ +# https://docs.mergify.io/conditions.html +# https://docs.mergify.io/actions.html pull_request_rules: - name: "approve automated PRs that have passed checks" conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" + - "author~=^(cloudpossebot|renovate\\[bot\\])$" - "base=master" - - "author=cloudpossebot" - - "head~=auto-update/.*" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" actions: review: type: "APPROVE" @@ -15,16 +19,17 @@ pull_request_rules: - name: "merge automated PRs when approved and tests pass" conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" + - "author~=^(cloudpossebot|renovate\\[bot\\])$" - "base=master" - - "head~=auto-update/.*" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" - "#approved-reviews-by>=1" - "#changes-requested-reviews-by=0" - "#commented-reviews-by=0" - - "base=master" - - "author=cloudpossebot" actions: merge: method: "squash" @@ -38,6 +43,7 @@ pull_request_rules: - name: "ask to resolve conflict" conditions: - "conflict" + - "-closed" actions: comment: message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..ae4f0aa --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,12 @@ +{ + "extends": [ + "config:base", + ":preserveSemverRanges" + ], + "labels": ["auto-update"], + "enabledManagers": ["terraform"], + "terraform": { + "ignorePaths": ["**/context.tf", "examples/**"] + } +} + diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 739a3c9..ab979e0 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,17 +27,19 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request=true" + echo "::set-output name=create_pull_request::true" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." fi - name: Create Pull Request - if: {{ steps.update.outputs.create_pull_request == 'true' }} + if: steps.update.outputs.create_pull_request == 'true' uses: cloudposse/actions/github/create-pull-request@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' + author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' commit-message: Update context.tf from origin source title: Update context.tf body: |- diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml new file mode 100644 index 0000000..990abed --- /dev/null +++ b/.github/workflows/auto-format.yml @@ -0,0 +1,86 @@ +name: Auto Format +on: + pull_request_target: + types: [opened, synchronize] + +jobs: + auto-format: + runs-on: ubuntu-latest + container: cloudposse/build-harness:slim-latest + steps: + # Checkout the pull request branch + # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using + # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains + # a workflow configured to run when push events occur." + # However, using a personal access token will cause events to be triggered. + # We need that to ensure a status gets posted after the auto-format commit. + # We also want to trigger tests if the auto-format made no changes. + - uses: actions/checkout@v2 + if: github.event.pull_request.state == 'open' + name: Privileged Checkout + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + # Check out the PR commit, not the merge commit + # Use `ref` instead of `sha` to enable pushing back to `ref` + ref: ${{ github.event.pull_request.head.ref }} + + # Do all the formatting stuff + - name: Auto Format + if: github.event.pull_request.state == 'open' + shell: bash + run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host + + # Commit changes (if any) to the PR branch + - name: Commit changes to the PR branch + if: github.event.pull_request.state == 'open' + shell: bash + id: commit + env: + SENDER: ${{ github.event.sender.login }} + run: | + set -x + output=$(git diff --name-only) + + if [ -n "$output" ]; then + echo "Changes detected. Pushing to the PR branch" + git config --global user.name 'cloudpossebot' + git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' + git add -A + git commit -m "Auto Format" + # Prevent looping by not pushing changes in response to changes from cloudpossebot + [[ $SENDER == "cloudpossebot" ]] || git push + # Set status to fail, because the push should trigger another status check, + # and we use success to indicate the checks are finished. + printf "::set-output name=%s::%s\n" "changed" "true" + exit 1 + else + printf "::set-output name=%s::%s\n" "changed" "false" + echo "No changes detected" + fi + + - name: Auto Test + uses: cloudposse/actions/github/repository-dispatch@0.22.0 + # match users by ID because logins (user names) are inconsistent, + # for example in the REST API Renovate Bot is `renovate[bot]` but + # in GraphQL it is just `renovate`, plus there is a non-bot + # user `renovate` with ID 1832810. + # Mergify bot: 37929162 + # Renovate bot: 29139614 + # Cloudpossebot: 11232728 + # Need to use space separators to prevent "21" from matching "112144" + if: > + contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) + && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: cloudposse/actions + event-type: test-command + client-payload: |- + { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, + "pull_request": ${{ toJSON(github.event.pull_request) }}, + "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, + "comment": {"id": ""} + } + } + } diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index 6229e60..0000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "auto-readme" -on: - schedule: - # Update README.md nightly - - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - make init - make readme/build - - - name: Create Pull Request - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: master - delete-branch: true - labels: | - auto-update - readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index ccc27be..3f48017 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -6,7 +6,7 @@ on: - master jobs: - semver: + publish: runs-on: ubuntu-latest steps: # Drafts your next Release notes as Pull Requests are merged into "master" diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 8044289..386eb28 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -9,6 +9,8 @@ jobs: - name: "Checkout source code at current commit" uses: actions/checkout@v2 - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name == github.repository + name: "Full check of CODEOWNERS" with: # For now, remove "files" check to allow CODEOWNERS to specify non-existent # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos @@ -16,3 +18,8 @@ jobs: checks: "syntax,owners,duppatterns" # GitHub access token is required only if the `owners` check is enabled github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name != github.repository + name: "Syntax check of CODEOWNERS" + with: + checks: "syntax,duppatterns" diff --git a/README.md b/README.md index 6ad7602..4f4c29f 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,25 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are +## Security & Compliance [](https://bridgecrew.io/) + +Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. + +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-lambda-elasticsearch-cleanup&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | + + + ## Usage @@ -140,8 +159,6 @@ by starting with `^`). ```text Available targets: - build Build Lambda function zip - dependencies Install dependencies help Help screen help/all Display help for all targets help/short This help short screen @@ -161,7 +178,7 @@ is given | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | null | >= 2.0 | @@ -179,7 +196,7 @@ is given | artifact\_git\_ref | Git ref of the lambda artifact to use. Use latest version if null. | `string` | `""` | no | | artifact\_url | URL template for the remote artifact | `string` | `"https://artifacts.cloudposse.com/$${module_name}/$${git_ref}/$${filename}"` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delete\_after | Number of days to preserve | `number` | `15` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | @@ -187,10 +204,12 @@ is given | es\_domain\_arn | The Elasticsearch domain ARN | `string` | n/a | yes | | es\_endpoint | The Elasticsearch endpoint for the Lambda function to connect to | `string` | n/a | yes | | es\_security\_group\_id | The Elasticsearch cluster security group ID | `string` | n/a | yes | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | index\_format | Combined with 'index' variable and is used to evaluate the index age | `string` | `"%Y.%m.%d"` | no | | index\_re | Regular Expression that matches the index names to clean up (not including trailing dash and date) | `string` | `".*"` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | python\_version | The Python version to use | `string` | `"3.7"` | no | diff --git a/context.tf b/context.tf index f5f2797..81f99b4 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,20 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null @@ -68,6 +57,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +67,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -158,11 +159,44 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } } +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/targets.md b/docs/targets.md index 058caf7..3dce8b3 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -3,8 +3,6 @@ ```text Available targets: - build Build Lambda function zip - dependencies Install dependencies help Help screen help/all Display help for all targets help/short This help short screen diff --git a/docs/terraform.md b/docs/terraform.md index 39fe611..8681da2 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -10,7 +10,7 @@ is given | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | null | >= 2.0 | @@ -28,7 +28,7 @@ is given | artifact\_git\_ref | Git ref of the lambda artifact to use. Use latest version if null. | `string` | `""` | no | | artifact\_url | URL template for the remote artifact | `string` | `"https://artifacts.cloudposse.com/$${module_name}/$${git_ref}/$${filename}"` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delete\_after | Number of days to preserve | `number` | `15` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | @@ -36,10 +36,12 @@ is given | es\_domain\_arn | The Elasticsearch domain ARN | `string` | n/a | yes | | es\_endpoint | The Elasticsearch endpoint for the Lambda function to connect to | `string` | n/a | yes | | es\_security\_group\_id | The Elasticsearch cluster security group ID | `string` | n/a | yes | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | index\_format | Combined with 'index' variable and is used to evaluate the index age | `string` | `"%Y.%m.%d"` | no | | index\_re | Regular Expression that matches the index names to clean up (not including trailing dash and date) | `string` | `".*"` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | python\_version | The Python version to use | `string` | `"3.7"` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index f5f2797..81f99b4 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,20 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null @@ -68,6 +57,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +67,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -158,11 +159,44 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } } +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/versions.tf b/versions.tf index ed2b746..22849c0 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" From 28f18a28e90d7bbaf5d8300e079b7f05b864f70f Mon Sep 17 00:00:00 2001 From: Nuru Date: Thu, 4 Feb 2021 22:47:10 -0800 Subject: [PATCH 2/3] Remove readme build/check --- .github/workflows/lambda.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml index 9053d93..bc7562c 100644 --- a/.github/workflows/lambda.yml +++ b/.github/workflows/lambda.yml @@ -22,18 +22,6 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - # Rebuild README - - name: Prepare - shell: bash - run: | - set -ex - make init - make terraform/install - make terraform/get-plugins - make terraform/get-modules - make terraform/lint - make terraform/validate - - name: Build run: make build From 37901923167ca2252d59b652513a44c81bf35f8c Mon Sep 17 00:00:00 2001 From: actions-bot <58130806+actions-bot@users.noreply.github.com> Date: Fri, 5 Feb 2021 07:26:51 +0000 Subject: [PATCH 3/3] Updated README.md --- README.md | 2 ++ docs/targets.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 4f4c29f..0bc7edf 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,8 @@ by starting with `^`). ```text Available targets: + build Build Lambda function zip + dependencies Install dependencies help Help screen help/all Display help for all targets help/short This help short screen diff --git a/docs/targets.md b/docs/targets.md index 3dce8b3..058caf7 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -3,6 +3,8 @@ ```text Available targets: + build Build Lambda function zip + dependencies Install dependencies help Help screen help/all Display help for all targets help/short This help short screen