Upgrade to tf 12 syntax; add terratest plumbing

https://www.pivotaltracker.com/story/show/169407344
alexandervasylev · Nov 1, 2019 · 503c532 · 503c532
1 parent 6ddae24
commit 503c532
Show file tree

Hide file tree

Showing 16 changed files with 481 additions and 72 deletions.
diff --git a/.dependabot/config.yml b/.dependabot/config.yml
@@ -0,0 +1,12 @@
+version: 1
+update_configs:
+  # Keep go modules up to date, batching pull requests weekly
+  - package_manager: "go:modules"
+    directory: "/"
+    update_schedule: "weekly"
+    # Apply default reviewer @trussworks/waddlers group to PRs
+    default_reviewers:
+      - "trussworks/waddlers"
+    # Apply dependencies label to PRs
+    default_labels:
+      - "dependencies"
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+.DS_Store
+.terraform
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfstate.*.backup
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,6 @@
+linters:
+  enable:
+     - gosec
+     - golint
+     - gofmt
+     - goimports
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v2.2.3
+    rev: v2.4.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -12,13 +12,19 @@ repos:
       - id: trailing-whitespace
 
   - repo: git://github.com/igorshubovych/markdownlint-cli
-    rev: v0.17.0
+    rev: v0.19.0
     hooks:
       - id: markdownlint
 
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.12.0
+    rev: v1.19.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
-      - id: terraform_validate_no_variables
+
+  - repo: git://github.com/golangci/golangci-lint
+    rev: v1.21.0
+    hooks:
+      - id: golangci-lint
+        entry: golangci-lint run --verbose
+        verbose: true
diff --git a/.terraform-version b/.terraform-version
diff --git a/Makefile b/Makefile
@@ -0,0 +1,17 @@
+.PHONY: ensure_pre_commit
+ensure_pre_commit: .git/hooks/pre-commit ## Ensure pre-commit is installed
+.git/hooks/pre-commit: /usr/local/bin/pre-commit
+	pre-commit install
+	pre-commit install-hooks
+
+.PHONY: pre_commit_tests
+pre_commit_tests: ensure_pre_commit ## Run pre-commit tests
+	pre-commit run --all-files
+
+.PHONY: test
+test: pre_commit_tests
+	go test -count 1 -v -timeout 90m ./test/...
+
+.PHONY: clean
+clean:
+	rm -f .*.stamp
diff --git a/README.md b/README.md
@@ -1,4 +1,3 @@
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 Supports two main uses cases:
 
 1. Creates and configures a single private S3 bucket for storing logs from various AWS services, which are nested as bucket prefixes. Logs will expire after a default of 90 days, with option to configure retention value.
@@ -81,28 +80,35 @@ Logging from the following services is supported for both cases:
       ])
     }
 
+## Terraform Versions
+
+Terraform 0.12. Pin module version to ~> 4.x Submit pull-requests to master branch.
+
+Terraform 0.11. Pin module version to ~> 3.5.0. Submit pull-requests to terraform011 branch.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | list | `[ "alb" ]` | no |
+| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | list(string) | `[ "alb" ]` | no |
 | allow\_alb | Allow ALB service to log to bucket. | string | `"false"` | no |
 | allow\_cloudtrail | Allow Cloudtrail service to log to bucket. | string | `"false"` | no |
 | allow\_cloudwatch | Allow Cloudwatch service to export logs to bucket. | string | `"false"` | no |
 | allow\_config | Allow Config service to log to bucket. | string | `"false"` | no |
 | allow\_elb | Allow ELB service to log to bucket. | string | `"false"` | no |
 | allow\_nlb | Allow NLB service to log to bucket. | string | `"false"` | no |
 | allow\_redshift | Allow Redshift service to log to bucket. | string | `"false"` | no |
-| cloudtrail\_accounts | List of accounts for CloudTrail logs.  By default limits to the current account. | list | `[]` | no |
+| cloudtrail\_accounts | List of accounts for CloudTrail logs.  By default limits to the current account. | list(string) | `[]` | no |
 | cloudtrail\_logs\_prefix | S3 prefix for CloudTrail logs. | string | `"cloudtrail"` | no |
 | cloudwatch\_logs\_prefix | S3 prefix for CloudWatch log exports. | string | `"cloudwatch"` | no |
-| config\_accounts | List of accounts for Config logs.  By default limits to the current account. | list | `[]` | no |
+| config\_accounts | List of accounts for Config logs.  By default limits to the current account. | list(string) | `[]` | no |
 | config\_logs\_prefix | S3 prefix for AWS Config logs. | string | `"config"` | no |
 | create\_public\_access\_block | Whether to create a public_access_block restricting public access to the bucket. | string | `"true"` | no |
 | default\_allow | Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write. | string | `"true"` | no |
-| elb\_accounts | List of accounts for ELB logs.  By default limits to the current account. | list | `[]` | no |
+| elb\_accounts | List of accounts for ELB logs.  By default limits to the current account. | list(string) | `[]` | no |
 | elb\_logs\_prefix | S3 prefix for ELB logs. | string | `"elb"` | no |
-| nlb\_accounts | List of accounts for NLB logs.  By default limits to the current account. | list | `[]` | no |
+| nlb\_accounts | List of accounts for NLB logs.  By default limits to the current account. | list(string) | `[]` | no |
 | nlb\_logs\_prefix | S3 prefix for NLB logs. | string | `"nlb"` | no |
 | redshift\_logs\_prefix | S3 prefix for RedShift logs. | string | `"redshift"` | no |
 | region | Region where the AWS S3 bucket will be created. | string | n/a | yes |
@@ -150,3 +156,22 @@ As for policy creation, all policies are now turned on or off via the `allow_*`
 the `effect` block in the bucket policy for that resource will be modified to `Allow` whereas by default it will be
 set to `Deny`. Previously this module used a template to add or remove JSON text from the policy before rendering.
 The new module explicitly adds all resource policies as `Deny` and leaves it up to you to enable them.
+
+## Developer Setup
+
+Install dependencies (macOS)
+
+  brew install pre-commit go terraform terraform-docs
+
+### Testing
+
+[Terratest](https://github.com/gruntwork-io/terratest) is being used for
+automated testing with this module. Tests in the `test` folder can be run
+locally by running the following command:
+
+  make test
+
+Or with aws-vault:
+
+  AWS_VAULT_KEYCHAIN_NAME=YOUR-KEYCHAIN-NAME aws-vault exec YOUR-AWS-PROFILE -- make test
+
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -0,0 +1,5 @@
+module "aws_logs" {
+  source         = "../../"
+  s3_bucket_name = var.logs_bucket
+  region         = var.region
+}
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -0,0 +1,7 @@
+variable "logs_bucket" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
diff --git a/go.mod b/go.mod
@@ -0,0 +1,5 @@
+module github.com/trussworks/terraform-aws-logs
+
+go 1.13
+
+require github.com/gruntwork-io/terratest v0.22.2