Fixes to support terraform-docs 0.8.x

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   validate:
     docker:
-      - image: trussworks/circleci-docker-primary:tf12-7552e0866ce831fb2e2459ddc1faa1017267c402
+      - image: trussworks/circleci-docker-primary:40076395a6e6a349f92caa92c4de614e105fe672
     steps:
       - checkout
       - restore_cache:

.markdownlintrc

@@ -3,5 +3,6 @@
   "first-header-h1": false,
   "first-line-h1": false,
   "line_length": false,
-  "no-multiple-blanks": false
+  "no-multiple-blanks": false,
+  "no-inline-html": false
 }

.pre-commit-config.yaml

@@ -17,13 +17,13 @@ repos:
       - id: markdownlint
 
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.22.0
+    rev: v1.24.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
 
   - repo: git://github.com/golangci/golangci-lint
-    rev: v1.22.2
+    rev: v1.23.1
     hooks:
       - id: golangci-lint
 

README.md

@@ -87,35 +87,42 @@ Terraform 0.12. Pin module version to ~> 4.x Submit pull-requests to master bran
 Terraform 0.11. Pin module version to ~> 3.5.0. Submit pull-requests to terraform011 branch.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+| template | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | list(string) | `[ "alb" ]` | no |
-| allow\_alb | Allow ALB service to log to bucket. | string | `"false"` | no |
-| allow\_cloudtrail | Allow Cloudtrail service to log to bucket. | string | `"false"` | no |
-| allow\_cloudwatch | Allow Cloudwatch service to export logs to bucket. | string | `"false"` | no |
-| allow\_config | Allow Config service to log to bucket. | string | `"false"` | no |
-| allow\_elb | Allow ELB service to log to bucket. | string | `"false"` | no |
-| allow\_nlb | Allow NLB service to log to bucket. | string | `"false"` | no |
-| allow\_redshift | Allow Redshift service to log to bucket. | string | `"false"` | no |
-| cloudtrail\_accounts | List of accounts for CloudTrail logs.  By default limits to the current account. | list(string) | `[]` | no |
-| cloudtrail\_logs\_prefix | S3 prefix for CloudTrail logs. | string | `"cloudtrail"` | no |
-| cloudwatch\_logs\_prefix | S3 prefix for CloudWatch log exports. | string | `"cloudwatch"` | no |
-| config\_accounts | List of accounts for Config logs.  By default limits to the current account. | list(string) | `[]` | no |
-| config\_logs\_prefix | S3 prefix for AWS Config logs. | string | `"config"` | no |
-| create\_public\_access\_block | Whether to create a public\_access\_block restricting public access to the bucket. | string | `"true"` | no |
-| default\_allow | Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write. | string | `"true"` | no |
-| elb\_accounts | List of accounts for ELB logs.  By default limits to the current account. | list(string) | `[]` | no |
-| elb\_logs\_prefix | S3 prefix for ELB logs. | string | `"elb"` | no |
-| force\_destroy | A bool that indicates all objects \(including any locked objects\) should be deleted from the bucket so the bucket can be destroyed without error. | bool | `"false"` | no |
-| nlb\_accounts | List of accounts for NLB logs.  By default limits to the current account. | list(string) | `[]` | no |
-| nlb\_logs\_prefix | S3 prefix for NLB logs. | string | `"nlb"` | no |
-| redshift\_logs\_prefix | S3 prefix for RedShift logs. | string | `"redshift"` | no |
-| region | Region where the AWS S3 bucket will be created. | string | n/a | yes |
-| s3\_bucket\_acl | Set bucket ACL per \[AWS S3 Canned ACL\]\(<https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>\) list. | string | `"log-delivery-write"` | no |
-| s3\_bucket\_name | S3 bucket to store AWS logs in. | string | n/a | yes |
-| s3\_log\_bucket\_retention | Number of days to keep AWS logs around. | string | `"90"` | no |
+|------|-------------|------|---------|:-----:|
+| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | `list(string)` | <pre>[<br>  "alb"<br>]<br></pre> | no |
+| allow\_alb | Allow ALB service to log to bucket. | `string` | `false` | no |
+| allow\_cloudtrail | Allow Cloudtrail service to log to bucket. | `string` | `false` | no |
+| allow\_cloudwatch | Allow Cloudwatch service to export logs to bucket. | `string` | `false` | no |
+| allow\_config | Allow Config service to log to bucket. | `string` | `false` | no |
+| allow\_elb | Allow ELB service to log to bucket. | `string` | `false` | no |
+| allow\_nlb | Allow NLB service to log to bucket. | `string` | `false` | no |
+| allow\_redshift | Allow Redshift service to log to bucket. | `string` | `false` | no |
+| cloudtrail\_accounts | List of accounts for CloudTrail logs.  By default limits to the current account. | `list(string)` | `[]` | no |
+| cloudtrail\_logs\_prefix | S3 prefix for CloudTrail logs. | `string` | `"cloudtrail"` | no |
+| cloudwatch\_logs\_prefix | S3 prefix for CloudWatch log exports. | `string` | `"cloudwatch"` | no |
+| config\_accounts | List of accounts for Config logs.  By default limits to the current account. | `list(string)` | `[]` | no |
+| config\_logs\_prefix | S3 prefix for AWS Config logs. | `string` | `"config"` | no |
+| create\_public\_access\_block | Whether to create a public\_access\_block restricting public access to the bucket. | `string` | `true` | no |
+| default\_allow | Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write. | `string` | `true` | no |
+| elb\_accounts | List of accounts for ELB logs.  By default limits to the current account. | `list(string)` | `[]` | no |
+| elb\_logs\_prefix | S3 prefix for ELB logs. | `string` | `"elb"` | no |
+| force\_destroy | A bool that indicates all objects (including any locked objects) should be deleted from the bucket so the bucket can be destroyed without error. | `bool` | `false` | no |
+| nlb\_accounts | List of accounts for NLB logs.  By default limits to the current account. | `list(string)` | `[]` | no |
+| nlb\_logs\_prefix | S3 prefix for NLB logs. | `string` | `"nlb"` | no |
+| redshift\_logs\_prefix | S3 prefix for RedShift logs. | `string` | `"redshift"` | no |
+| region | Region where the AWS S3 bucket will be created. | `string` | n/a | yes |
+| s3\_bucket\_acl | Set bucket ACL per [AWS S3 Canned ACL](<https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>) list. | `string` | `"log-delivery-write"` | no |
+| s3\_bucket\_name | S3 bucket to store AWS logs in. | `string` | n/a | yes |
+| s3\_log\_bucket\_retention | Number of days to keep AWS logs around. | `string` | `90` | no |
 
 ## Outputs
 

main.tf

@@ -1,87 +1,3 @@
-/**
- * Supports two main uses cases:
- *
- * 1. Creates and configures a single private S3 bucket for storing logs from various AWS services, which are nested as bucket prefixes. Logs will expire after a default of 90 days, with option to configure retention value.
- * 1. Creates and configures a single private S3 bucket for a single AWS service. Logs will expire after a default of 90 days, with option to configure retention value.
- *
- * Logging from the following services is supported for both cases:
- *
- * * [CloudTrail](https://aws.amazon.com/cloudtrail/)
- * * [Config](https://aws.amazon.com/config/)
- * * [Classic Load Balancer (ELB) and Application Load Balancer (ALB)](https://aws.amazon.com/elasticloadbalancing/)
- * * [RedShift](https://aws.amazon.com/redshift/)
- * * [S3](https://aws.amazon.com/s3/)
- *
- * ## Usage for a single log bucket storing logs from all services
- *
- *     # Allows all services to log to bucket
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs"
- *       region         = "us-west-2"
- *     }
- *
- * ## Usage for a single log bucket storing logs from a single service
- *
- *     #  Allows only the service specified (elb in this case) to log to the bucket
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs-elb"
- *       region         = "us-west-2"
- *       default_allow  = false
- *       allow_elb      = true
- *     }
- *
- * ## Usage for a single log bucket storing logs from multiple specified services
- *
- *     #  Allows only the services specified (alb and elb in this case) to log to the bucket
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs-elb"
- *       region         = "us-west-2"
- *       default_allow  = false
- *       allow_alb      = true
- *       allow_elb      = true
- *     }
- *
- * ## Usage for a private bucket with no policies
- *
- *     #  Allows no services to log to the bucket
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs-elb"
- *       s3_bucket_acl  = "private"
- *       region         = "us-west-2"
- *       default_allow  = false
- *     }
- *
- * ## Usage for a single log bucket storing logs from multiple accounts
- *
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs-elb"
- *       region         = "us-west-2"
- *       default_allow  = false
- *       allow_cloudtrail      = true
- *       cloudtrail_accounts = ["${data.aws_caller_identity.current.account_id}", "${aws_organizations_account.example.id}"]
- *     }
- *
- * ## Usage for a single log bucket storing logs from multiple application load balancers
- *
- *     module "aws_logs" {
- *       source         = "trussworks/logs/aws"
- *       s3_bucket_name = "my-company-aws-logs-alb"
- *       region         = "us-west-2"
- *       default_allow  = false
- *       allow_alb      = true
- *       alb_logs_prefixes = formatlist(format("alb/%%s/AWSLogs/%s", data.aws_caller_identity.current.account_id), [
- *        "hello-world-prod",
- *        "hello-world-staging",
- *        "hello-world-experimental",
- *       ])
- *     }
- */
-
 # Get the account id of the AWS ELB service account in a given region for the
 # purpose of whitelisting in a S3 bucket policy.
 data "aws_elb_service_account" "main" {