Fix issue #29 (#30)

* Fix issue #29 * Fix infracost pipeline
cn-terraform · Jun 22, 2022 · 859ace4 · 859ace4
1 parent 013ad11
commit 859ace4
Show file tree

Hide file tree

Showing 15 changed files with 299 additions and 14 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -17,32 +17,44 @@ jobs:
   validate:
     runs-on: ubuntu-latest
     container: hashicorp/terraform
+    strategy:
+      matrix: {
+        dir: ['examples/complete', 'examples/no-cert', 'examples/no-cert-no-hosted-zone', 'examples/no-hosted-zone']
+      }
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
       - name: Terraform Init
         run: terraform init -upgrade
-        working-directory: examples/test
+        working-directory: ${{ matrix.dir }}
       - name: Terraform Validate
         run: terraform validate
-        working-directory: examples/test
+        working-directory: ${{ matrix.dir }}
 
   mock-plan:
     runs-on: ubuntu-latest
     container: hashicorp/terraform
+    strategy:
+      matrix: {
+        dir: ['examples/complete', 'examples/no-cert', 'examples/no-cert-no-hosted-zone', 'examples/no-hosted-zone']
+      }
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
       - name: Terraform Init
         run: terraform init -upgrade
-        working-directory: examples/test
+        working-directory: ${{ matrix.dir }}
       - name: Terraform Plan (Mock)
         run: terraform plan
-        working-directory: examples/test
+        working-directory: ${{ matrix.dir }}
 
   infracost:
     runs-on: ubuntu-latest
     name: Show infracost diff
+    strategy:
+      matrix: {
+        dir: ['examples/complete', 'examples/no-cert', 'examples/no-cert-no-hosted-zone', 'examples/no-hosted-zone']
+      }
     steps:
       - name: Check out repository
         uses: actions/checkout@v2
@@ -52,4 +64,4 @@ jobs:
           INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          path: examples/test
+          path: ${{ matrix.dir }}
diff --git a/README.md b/README.md
@@ -76,18 +76,17 @@ In order to run all checks at any point run the following command:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_acm_certificate_arn_to_use"></a> [acm\_certificate\_arn\_to\_use](#input\_acm\_certificate\_arn\_to\_use) | ACM Certificate ARN to use in case you disable automatic certificate creation. Certificate must be in us-east-1 region. | `string` | `""` | no |
-| <a name="input_cloudfront_web_acl_id"></a> [cloudfront\_web\_acl\_id](#input\_cloudfront\_web\_acl\_id) | (Optional) - A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.
-To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. | `string` | `null` | no |
 | <a name="input_aws_accounts_with_read_view_log_bucket"></a> [aws\_accounts\_with\_read\_view\_log\_bucket](#input\_aws\_accounts\_with\_read\_view\_log\_bucket) | List of AWS accounts with read permissions to log bucket | `list(string)` | `[]` | no |
 | <a name="input_cloudfront_allowed_cached_methods"></a> [cloudfront\_allowed\_cached\_methods](#input\_cloudfront\_allowed\_cached\_methods) | (Optional) Specifies which methods are allowed and cached by CloudFront. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and HEAD | `list(string)` | <pre>[<br>  "GET",<br>  "HEAD"<br>]</pre> | no |
+| <a name="input_cloudfront_custom_error_responses"></a> [cloudfront\_custom\_error\_responses](#input\_cloudfront\_custom\_error\_responses) | A list of custom error responses | <pre>list(object({<br>    error_caching_min_ttl = number<br>    error_code            = number<br>    response_code         = number<br>    response_page_path    = string<br>  }))</pre> | `[]` | no |
 | <a name="input_cloudfront_default_root_object"></a> [cloudfront\_default\_root\_object](#input\_cloudfront\_default\_root\_object) | (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html | `string` | `"index.html"` | no |
-| <a name="input_cloudfront_function_association"></a> [cloudfront\_function\_association](#input\_cloudfront\_function\_association) | (Optional) Map containing information to associate a function to cloudfront. The first field is `event_type` of the function associated with default cache behavior, it can be viewer-request, viewer-response, origin-request, origin-response. The second field is `function_arn`, the ARN of the function associated with default cache behavior | <pre>list(<br>object({<br>    event_type   = string<br>    function_arn = string<br>  }))</pre> | `null` | no |
-| <a name="input_cloudfront_custom_error_responses"></a> [cloudfront\_custom\_error\_responses](#input\_cloudfront\_custom\_erro\r_responses) | (Optional) A list of Cloudfront custom error messages objects | <pre>list(<br> object({ <br>error_caching_min_ttl = number<br>error_code = number <br>response_code = number<br>response_page_path = string <br>}))</pre> | `[]` | no |
+| <a name="input_cloudfront_function_association"></a> [cloudfront\_function\_association](#input\_cloudfront\_function\_association) | (Optional - up to 2 per distribution) List containing information to associate a CF function to cloudfront. The first field is `event_type` of the CF function associated with default cache behavior, it can be viewer-request or viewer-response | <pre>list(object({<br>    event_type   = string<br>    function_arn = string<br>  }))</pre> | `[]` | no |
 | <a name="input_cloudfront_geo_restriction_locations"></a> [cloudfront\_geo\_restriction\_locations](#input\_cloudfront\_geo\_restriction\_locations) | (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). Defaults to [] | `list(string)` | `[]` | no |
 | <a name="input_cloudfront_geo_restriction_type"></a> [cloudfront\_geo\_restriction\_type](#input\_cloudfront\_geo\_restriction\_type) | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. Defaults to none | `string` | `"none"` | no |
 | <a name="input_cloudfront_http_version"></a> [cloudfront\_http\_version](#input\_cloudfront\_http\_version) | (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | `string` | `"http2"` | no |
 | <a name="input_cloudfront_price_class"></a> [cloudfront\_price\_class](#input\_cloudfront\_price\_class) | (Optional) - The price class for this distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100. Defaults to PriceClass\_100 | `string` | `"PriceClass_100"` | no |
 | <a name="input_cloudfront_viewer_protocol_policy"></a> [cloudfront\_viewer\_protocol\_policy](#input\_cloudfront\_viewer\_protocol\_policy) | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. Defautls to redirect-to-https | `string` | `"redirect-to-https"` | no |
+| <a name="input_cloudfront_web_acl_id"></a> [cloudfront\_web\_acl\_id](#input\_cloudfront\_web\_acl\_id) | (Optional) A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. | `string` | `null` | no |
 | <a name="input_cloudfront_website_retain_on_delete"></a> [cloudfront\_website\_retain\_on\_delete](#input\_cloudfront\_website\_retain\_on\_delete) | (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Defaults to false. | `bool` | `false` | no |
 | <a name="input_cloudfront_website_wait_for_deployment"></a> [cloudfront\_website\_wait\_for\_deployment](#input\_cloudfront\_website\_wait\_for\_deployment) | (Optional) - If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Defaults to true. | `bool` | `true` | no |
 | <a name="input_comment_for_cloudfront_website"></a> [comment\_for\_cloudfront\_website](#input\_comment\_for\_cloudfront\_website) | Comment for the Website CloudFront Distribution | `string` | `""` | no |

diff --git a/examples/test/.terraform.lock.hcl → examples/complete/.terraform.lock.hcl b/examples/test/.terraform.lock.hcl → examples/complete/.terraform.lock.hcl
diff --git a/examples/test/main.tf → examples/complete/main.tf b/examples/test/main.tf → examples/complete/main.tf
@@ -7,8 +7,10 @@ module "test_website" {
     aws.acm_provider = aws.acm_provider
   }
 
-  website_domain_name        = "test.com"
-  create_acm_certificate     = true
+  website_domain_name = "test.com"
+
+  create_acm_certificate = true
+
   create_route53_hosted_zone = true
 
   aws_accounts_with_read_view_log_bucket = ["mock_account"]

diff --git a/examples/test/mock_provider.tf → examples/complete/mock_provider.tf b/examples/test/mock_provider.tf → examples/complete/mock_provider.tf
diff --git a/examples/no-cert-no-hosted-zone/.terraform.lock.hcl b/examples/no-cert-no-hosted-zone/.terraform.lock.hcl
diff --git a/examples/no-cert-no-hosted-zone/main.tf b/examples/no-cert-no-hosted-zone/main.tf
@@ -0,0 +1,19 @@
+module "test_website" {
+  source      = "../../"
+  name_prefix = "test-website"
+
+  providers = {
+    aws.main         = aws.main
+    aws.acm_provider = aws.acm_provider
+  }
+
+  website_domain_name = "test.com"
+
+  create_acm_certificate     = false
+  acm_certificate_arn_to_use = "arn:aws:acm:us-east-1:123456789000:certificate/01234567-89a-bcde-f012-3456789abcde"
+
+  create_route53_hosted_zone = false
+  route53_hosted_zone_id     = "0123456789ABCDEFGHIJK"
+
+  aws_accounts_with_read_view_log_bucket = ["mock_account"]
+}
diff --git a/examples/no-cert-no-hosted-zone/mock_provider.tf b/examples/no-cert-no-hosted-zone/mock_provider.tf
@@ -0,0 +1,31 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}
+
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  s3_use_path_style           = true
+  access_key                  = "mock_access_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  secret_key                  = "mock_secret_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  alias                       = "main"
+}
+
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  s3_use_path_style           = true
+  access_key                  = "mock_access_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  secret_key                  = "mock_secret_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  alias                       = "acm_provider"
+}
diff --git a/examples/no-cert/.terraform.lock.hcl b/examples/no-cert/.terraform.lock.hcl
diff --git a/examples/no-cert/main.tf b/examples/no-cert/main.tf
@@ -0,0 +1,18 @@
+module "test_website" {
+  source      = "../../"
+  name_prefix = "test-website"
+
+  providers = {
+    aws.main         = aws.main
+    aws.acm_provider = aws.acm_provider
+  }
+
+  website_domain_name = "test.com"
+
+  create_acm_certificate     = false
+  acm_certificate_arn_to_use = "arn:aws:acm:us-east-1:123456789000:certificate/01234567-89a-bcde-f012-3456789abcde"
+
+  create_route53_hosted_zone = true
+
+  aws_accounts_with_read_view_log_bucket = ["mock_account"]
+}
diff --git a/examples/no-cert/mock_provider.tf b/examples/no-cert/mock_provider.tf
@@ -0,0 +1,31 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}
+
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  s3_use_path_style           = true
+  access_key                  = "mock_access_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  secret_key                  = "mock_secret_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  alias                       = "main"
+}
+
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  s3_use_path_style           = true
+  access_key                  = "mock_access_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  secret_key                  = "mock_secret_key" # tfsec:ignore:general-secrets-no-plaintext-exposure
+  alias                       = "acm_provider"
+}
diff --git a/examples/no-hosted-zone/.terraform.lock.hcl b/examples/no-hosted-zone/.terraform.lock.hcl
diff --git a/examples/no-hosted-zone/main.tf b/examples/no-hosted-zone/main.tf
@@ -0,0 +1,19 @@
+module "test_website" {
+  source      = "../../"
+  name_prefix = "test-website"
+
+  providers = {
+    aws.main         = aws.main
+    aws.acm_provider = aws.acm_provider
+  }
+
+  website_domain_name = "test.com"
+
+  create_acm_certificate = true
+
+  create_route53_hosted_zone = false
+  route53_hosted_zone_id     = "0123456789ABCDEFGHIJK"
+
+
+  aws_accounts_with_read_view_log_bucket = ["mock_account"]
+}