From 8bf7731a2a24afb12dc5cb7b0b3d4bf2c89a9930 Mon Sep 17 00:00:00 2001 From: Michael Kania Date: Wed, 25 Mar 2020 21:36:20 -0700 Subject: [PATCH] refactor module to use terraform's iam policy docs rather than JSON --- .circleci/config.yml | 2 +- .pre-commit-config.yaml | 2 +- README.md | 5 +- examples/alb/main.tf | 20 +- examples/alb/variables.tf | 3 + examples/cloudtrail/main.tf | 19 +- examples/cloudtrail/variables.tf | 4 + examples/combined/main.tf | 58 ++- examples/config/main.tf | 18 +- examples/config/variables.tf | 3 + examples/elb/main.tf | 16 +- examples/elb/variables.tf | 3 + examples/nlb/main.tf | 20 +- examples/nlb/variables.tf | 4 + examples/redshift/main.tf | 45 +- examples/redshift/variables.tf | 12 + examples/s3/main.tf | 10 +- examples/s3/variables.tf | 3 + examples/simple/main.tf | 6 +- examples/simple/variables.tf | 1 - go.mod | 2 +- go.sum | 37 +- main.tf | 541 ++++++++++++--------- test/terraform_aws_logs_alb_test.go | 39 +- test/terraform_aws_logs_cloudtrail_test.go | 38 +- test/terraform_aws_logs_combined_test.go | 4 +- test/terraform_aws_logs_config_test.go | 37 +- test/terraform_aws_logs_elb_test.go | 39 +- test/terraform_aws_logs_nlb_test.go | 39 +- test/terraform_aws_logs_redshift_test.go | 44 +- test/terraform_aws_logs_s3_test.go | 35 +- test/terraform_aws_logs_test.go | 4 +- 32 files changed, 755 insertions(+), 358 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 63244e3..3005c54 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2 jobs: validate: docker: - - image: trussworks/circleci-docker-primary:40076395a6e6a349f92caa92c4de614e105fe672 + - image: trussworks/circleci-docker-primary:4013bb8c2428b3e2755d90a922abb2a6cea37ab4 steps: - checkout - restore_cache: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e6a5496..3e67c87 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,6 +23,6 @@ repos: - id: terraform_fmt - repo: git://github.com/golangci/golangci-lint - rev: v1.23.8 + rev: v1.24.0 hooks: - id: golangci-lint diff --git a/README.md b/README.md index 6b3a35f..1fc3be8 100644 --- a/README.md +++ b/README.md @@ -109,13 +109,12 @@ module "aws_logs" { | Name | Version | |------|---------| | aws | n/a | -| template | n/a | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:-----:| -| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | `list(string)` | 
[
  "alb"
]
| no | +| alb\_logs\_prefixes | S3 key prefixes for ALB logs. | `list(string)` | 
[
  "alb"
]
| no | | allow\_alb | Allow ALB service to log to bucket. | `bool` | `false` | no | | allow\_cloudtrail | Allow Cloudtrail service to log to bucket. | `bool` | `false` | no | | allow\_cloudwatch | Allow Cloudwatch service to export logs to bucket. | `bool` | `false` | no | @@ -133,7 +132,7 @@ module "aws_logs" { | elb\_accounts | List of accounts for ELB logs. By default limits to the current account. | `list(string)` | `[]` | no | | elb\_logs\_prefix | S3 prefix for ELB logs. | `string` | `"elb"` | no | | force\_destroy | A bool that indicates all objects (including any locked objects) should be deleted from the bucket so the bucket can be destroyed without error. | `bool` | `false` | no | -| nlb\_logs\_prefixes | S3 key prefixes for NLB logs. | `list(string)` | 
[
  "nlb"
]
| no | +| nlb\_logs\_prefixes | S3 key prefixes for NLB logs. | `list(string)` | 
[
  "nlb"
]
| no | | redshift\_logs\_prefix | S3 prefix for RedShift logs. | `string` | `"redshift"` | no | | region | Region where the AWS S3 bucket will be created. | `string` | n/a | yes | | s3\_bucket\_acl | Set bucket ACL per [AWS S3 Canned ACL]() list. | `string` | `"log-delivery-write"` | no | diff --git a/examples/alb/main.tf b/examples/alb/main.tf index 94c8148..97236f9 100644 --- a/examples/alb/main.tf +++ b/examples/alb/main.tf @@ -1,20 +1,26 @@ module "aws_logs" { - source = "../../" - s3_bucket_name = var.test_name - region = var.region - allow_alb = "true" - force_destroy = var.force_destroy + source = "../../" + + s3_bucket_name = var.test_name + alb_logs_prefixes = var.alb_logs_prefixes + region = var.region + allow_alb = true + default_allow = false + + force_destroy = var.force_destroy } resource "aws_lb" "test_lb" { - name = var.test_name + count = length(var.alb_logs_prefixes) + + name = "${var.test_name}${count.index}" internal = false load_balancer_type = "application" subnets = module.vpc.public_subnets access_logs { bucket = module.aws_logs.aws_logs_bucket - prefix = "alb" + prefix = element(var.alb_logs_prefixes, count.index) enabled = true } } diff --git a/examples/alb/variables.tf b/examples/alb/variables.tf index de55cdd..e71e4d3 100644 --- a/examples/alb/variables.tf +++ b/examples/alb/variables.tf @@ -14,3 +14,6 @@ variable "force_destroy" { type = bool } +variable "alb_logs_prefixes" { + type = list(string) +} diff --git a/examples/cloudtrail/main.tf b/examples/cloudtrail/main.tf index dc2e213..ff9aa31 100644 --- a/examples/cloudtrail/main.tf +++ b/examples/cloudtrail/main.tf @@ -1,13 +1,20 @@ module "aws_logs" { - source = "../../" - s3_bucket_name = var.test_name - region = var.region - force_destroy = var.force_destroy + source = "../../" + + s3_bucket_name = var.test_name + region = var.region + force_destroy = var.force_destroy + cloudtrail_logs_prefix = var.cloudtrail_logs_prefix + + default_allow = false + allow_cloudtrail = true } module "aws_cloudtrail" { - source = "trussworks/cloudtrail/aws" - version = "~> 2" + source = "trussworks/cloudtrail/aws" + version = "~> 2" + s3_bucket_name = module.aws_logs.aws_logs_bucket cloudwatch_log_group_name = var.test_name + s3_key_prefix = var.cloudtrail_logs_prefix } diff --git a/examples/cloudtrail/variables.tf b/examples/cloudtrail/variables.tf index 24a4586..d8b3302 100644 --- a/examples/cloudtrail/variables.tf +++ b/examples/cloudtrail/variables.tf @@ -9,3 +9,7 @@ variable "region" { variable "force_destroy" { type = bool } + +variable "cloudtrail_logs_prefix" { + type = string +} diff --git a/examples/combined/main.tf b/examples/combined/main.tf index 9d6538a..371b1dc 100644 --- a/examples/combined/main.tf +++ b/examples/combined/main.tf @@ -1,8 +1,11 @@ module "aws_logs" { - source = "../../" + source = "../../" + s3_bucket_name = var.test_name region = var.region - force_destroy = var.force_destroy + default_allow = true + + force_destroy = var.force_destroy } resource "aws_lb" "test_alb" { @@ -19,15 +22,18 @@ resource "aws_lb" "test_alb" { } module "aws_cloudtrail" { - source = "trussworks/cloudtrail/aws" - version = "~> 2" + source = "trussworks/cloudtrail/aws" + version = "~> 2" + s3_bucket_name = module.aws_logs.aws_logs_bucket + s3_key_prefix = "cloudtrail" cloudwatch_log_group_name = var.test_name } module "config" { - source = "trussworks/config/aws" - version = "~> 2" + source = "trussworks/config/aws" + version = "~> 2" + config_name = var.test_name config_logs_bucket = module.aws_logs.aws_logs_bucket config_logs_prefix = "config" @@ -65,19 +71,31 @@ resource "aws_lb" "test_nlb" { } resource "aws_redshift_cluster" "test_redshift" { - count = var.test_redshift ? 1 : 0 - cluster_identifier = var.test_name - node_type = "dc2.large" - cluster_type = "single-node" - master_username = "testredshiftuser" - master_password = "TestRedshiftpw123" - skip_final_snapshot = "true" + count = var.test_redshift ? 1 : 0 + + cluster_identifier = var.test_name + node_type = "dc2.large" + cluster_type = "single-node" + master_username = "testredshiftuser" + master_password = "TestRedshiftpw123" + skip_final_snapshot = true + cluster_subnet_group_name = var.test_name + publicly_accessible = false logging { bucket_name = module.aws_logs.aws_logs_bucket s3_key_prefix = "redshift" enable = true } + + depends_on = [aws_redshift_subnet_group.test_redshift] +} + +resource "aws_redshift_subnet_group" "test_redshift" { + count = var.test_redshift ? 1 : 0 + + name = var.test_name + subnet_ids = module.vpc.private_subnets } resource "aws_s3_bucket" "log_source_bucket" { @@ -92,10 +110,12 @@ resource "aws_s3_bucket" "log_source_bucket" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 2" - name = var.test_name - cidr = "10.0.0.0/16" - azs = var.vpc_azs - public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + source = "terraform-aws-modules/vpc/aws" + version = "~> 2" + + name = var.test_name + cidr = "10.0.0.0/16" + azs = var.vpc_azs + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] } diff --git a/examples/config/main.tf b/examples/config/main.tf index 3212fd8..0a0219c 100644 --- a/examples/config/main.tf +++ b/examples/config/main.tf @@ -1,16 +1,20 @@ module "aws_logs" { - source = "../../" + source = "../../" + s3_bucket_name = var.test_name region = var.region - allow_config = "true" - config_logs_prefix = "config" - force_destroy = var.force_destroy + allow_config = true + default_allow = false + config_logs_prefix = var.config_logs_prefix + + force_destroy = var.force_destroy } module "config" { - source = "trussworks/config/aws" - version = "~> 2" + source = "trussworks/config/aws" + version = "~> 2" + config_name = var.test_name config_logs_bucket = module.aws_logs.aws_logs_bucket - config_logs_prefix = "config" + config_logs_prefix = var.config_logs_prefix } diff --git a/examples/config/variables.tf b/examples/config/variables.tf index 63744eb..b786c7e 100644 --- a/examples/config/variables.tf +++ b/examples/config/variables.tf @@ -10,3 +10,6 @@ variable "force_destroy" { type = bool } +variable "config_logs_prefix" { + type = string +} diff --git a/examples/elb/main.tf b/examples/elb/main.tf index 5048c0a..b84ce26 100644 --- a/examples/elb/main.tf +++ b/examples/elb/main.tf @@ -1,9 +1,13 @@ module "aws_logs" { - source = "../../" - s3_bucket_name = var.test_name - region = var.region - allow_elb = "true" - force_destroy = var.force_destroy + source = "../../" + + s3_bucket_name = var.test_name + elb_logs_prefix = var.elb_logs_prefix + region = var.region + allow_elb = true + default_allow = false + + force_destroy = var.force_destroy } resource "aws_elb" "test_elb" { @@ -12,7 +16,7 @@ resource "aws_elb" "test_elb" { access_logs { bucket = module.aws_logs.aws_logs_bucket - bucket_prefix = "elb" + bucket_prefix = var.elb_logs_prefix enabled = true } diff --git a/examples/elb/variables.tf b/examples/elb/variables.tf index de55cdd..b8fe943 100644 --- a/examples/elb/variables.tf +++ b/examples/elb/variables.tf @@ -14,3 +14,6 @@ variable "force_destroy" { type = bool } +variable "elb_logs_prefix" { + type = string +} diff --git a/examples/nlb/main.tf b/examples/nlb/main.tf index 8f27116..af50441 100644 --- a/examples/nlb/main.tf +++ b/examples/nlb/main.tf @@ -1,20 +1,26 @@ module "aws_logs" { - source = "../../" - s3_bucket_name = var.test_name - region = var.region - allow_nlb = "true" - force_destroy = var.force_destroy + source = "../../" + + s3_bucket_name = var.test_name + nlb_logs_prefixes = var.nlb_logs_prefixes + region = var.region + allow_nlb = true + default_allow = false + + force_destroy = var.force_destroy } resource "aws_lb" "test_lb" { - name = var.test_name + count = length(var.nlb_logs_prefixes) + + name = "${var.test_name}${count.index}" internal = false load_balancer_type = "network" subnets = module.vpc.public_subnets access_logs { bucket = module.aws_logs.aws_logs_bucket - prefix = "nlb" + prefix = element(var.nlb_logs_prefixes, count.index) enabled = true } } diff --git a/examples/nlb/variables.tf b/examples/nlb/variables.tf index 9640f1b..9520969 100644 --- a/examples/nlb/variables.tf +++ b/examples/nlb/variables.tf @@ -13,3 +13,7 @@ variable "vpc_azs" { variable "force_destroy" { type = bool } + +variable "nlb_logs_prefixes" { + type = list(string) +} diff --git a/examples/redshift/main.tf b/examples/redshift/main.tf index 7e33da9..97656c8 100644 --- a/examples/redshift/main.tf +++ b/examples/redshift/main.tf @@ -1,21 +1,44 @@ module "aws_logs" { - source = "../../" - s3_bucket_name = var.test_name - region = var.region - allow_redshift = "true" + source = "../../" + + s3_bucket_name = var.test_name + redshift_logs_prefix = var.redshift_logs_prefix + region = var.region + allow_redshift = true + default_allow = false + + force_destroy = true } resource "aws_redshift_cluster" "test_redshift" { - cluster_identifier = var.test_name - node_type = "dc2.large" - cluster_type = "single-node" - master_username = "testredshiftuser" - master_password = "TestRedshiftpw123" - skip_final_snapshot = "true" + cluster_identifier = var.test_name + node_type = "dc2.large" + cluster_type = "single-node" + master_username = "testredshiftuser" + master_password = "TestRedshiftpw123" + skip_final_snapshot = true + cluster_subnet_group_name = var.test_name + publicly_accessible = false logging { bucket_name = module.aws_logs.aws_logs_bucket - s3_key_prefix = "redshift" + s3_key_prefix = var.redshift_logs_prefix enable = true } + + depends_on = [aws_redshift_subnet_group.test_redshift] +} + +resource "aws_redshift_subnet_group" "test_redshift" { + name = var.test_name + subnet_ids = module.vpc.private_subnets +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 2" + name = var.test_name + cidr = "10.0.0.0/16" + azs = var.vpc_azs + private_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] } diff --git a/examples/redshift/variables.tf b/examples/redshift/variables.tf index cb2abac..066ba83 100644 --- a/examples/redshift/variables.tf +++ b/examples/redshift/variables.tf @@ -5,3 +5,15 @@ variable "test_name" { variable "region" { type = string } + +variable "vpc_azs" { + type = list(string) +} + +variable "force_destroy" { + type = bool +} + +variable "redshift_logs_prefix" { + type = string +} diff --git a/examples/s3/main.tf b/examples/s3/main.tf index 22f382e..8945168 100644 --- a/examples/s3/main.tf +++ b/examples/s3/main.tf @@ -1,8 +1,12 @@ module "aws_logs" { - source = "../../" + source = "../../" + s3_bucket_name = var.test_name region = var.region - force_destroy = var.force_destroy + + default_allow = false + + force_destroy = var.force_destroy } resource "aws_s3_bucket" "log_source_bucket" { @@ -11,6 +15,6 @@ resource "aws_s3_bucket" "log_source_bucket" { logging { target_bucket = module.aws_logs.aws_logs_bucket - target_prefix = "log/" + target_prefix = var.s3_logs_prefix } } diff --git a/examples/s3/variables.tf b/examples/s3/variables.tf index 63744eb..d25606a 100644 --- a/examples/s3/variables.tf +++ b/examples/s3/variables.tf @@ -10,3 +10,6 @@ variable "force_destroy" { type = bool } +variable "s3_logs_prefix" { + type = string +} diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 444ebfc..1b86082 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -1,6 +1,8 @@ module "aws_logs" { - source = "../../" + source = "../../" + s3_bucket_name = var.test_name region = var.region - force_destroy = var.force_destroy + + force_destroy = var.force_destroy } diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf index 63744eb..24a4586 100644 --- a/examples/simple/variables.tf +++ b/examples/simple/variables.tf @@ -9,4 +9,3 @@ variable "region" { variable "force_destroy" { type = bool } - diff --git a/go.mod b/go.mod index aa5c827..fdc20f5 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,5 @@ module github.com/trussworks/terraform-aws-logs -go 1.13 +go 1.14 require github.com/gruntwork-io/terratest v0.25.2 diff --git a/go.sum b/go.sum index 3409ab2..f9255dd 100644 --- a/go.sum +++ b/go.sum @@ -5,6 +5,7 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.51.0 h1:PvKAVQWCtlGUSlZkGW3QLelKaWq7KYv/MW1EboG8bfM= cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= @@ -72,8 +73,10 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -92,12 +95,15 @@ github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avu github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c h1:ZfSZ3P3BedhKGUhzj7BQlPSU4OvT6tfOKe3DVHzOA7s= github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik= github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 h1:dWB6v3RcOy03t/bUadywsbyrQwCqZeNIEX6M1OtSZOM= github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -109,6 +115,7 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= @@ -130,6 +137,7 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -141,15 +149,18 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-containerregistry v0.0.0-20200110202235-f4fb41bf00a3/go.mod h1:2wIuQute9+hhWqvL3vEI7YB0EKluF4WcPzI1eAliazk= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -163,6 +174,7 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk= github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -173,11 +185,8 @@ github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/gruntwork-io/gruntwork-cli v0.5.1 h1:mVmVsFubUSLSCO8bGigI63HXzvzkC0uWXzm4dd9pXRg= github.com/gruntwork-io/gruntwork-cli v0.5.1/go.mod h1:IBX21bESC1/LGoV7jhXKUnTQTZgQ6dYRsoj/VqxUSZQ= -github.com/gruntwork-io/terratest v0.24.2 h1:ZL7s7ZaVPRds+HqtPFh8gXjFVpKRNAAbwyVPYx3lH50= -github.com/gruntwork-io/terratest v0.24.2/go.mod h1:0MCPUGIgQaAXOmw0qRLqyIXs8q6yoNPB3aZt4SkdH0M= -github.com/gruntwork-io/terratest v0.25.1 h1:iRjRwya0hkq+pxqkZPDj9k4w/Qi+q7LZInns7e4g32U= -github.com/gruntwork-io/terratest v0.25.1/go.mod h1:0MCPUGIgQaAXOmw0qRLqyIXs8q6yoNPB3aZt4SkdH0M= github.com/gruntwork-io/terratest v0.25.2 h1:UUdWzWgljehlwz88RD/AjSdn68UiTXrFQ7x+Be9gXAw= github.com/gruntwork-io/terratest v0.25.2/go.mod h1:0MCPUGIgQaAXOmw0qRLqyIXs8q6yoNPB3aZt4SkdH0M= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -187,6 +196,7 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= @@ -196,6 +206,7 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= @@ -225,12 +236,15 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -272,11 +286,14 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= +github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/shopspring/decimal v0.0.0-20200105231215-408a2507e114/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -291,6 +308,7 @@ github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb6 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -304,6 +322,7 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vdemeester/k8s-pkg-credentialprovider v0.0.0-20200107171650-7c61ffa44238/go.mod h1:JwQJCMWpUDqjZrB5jpw0f5VbN7U95zxFy1ZDpoEarGo= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= @@ -377,6 +396,7 @@ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAG golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -415,6 +435,7 @@ golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -444,6 +465,7 @@ golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200113040837-eac381796e91/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= @@ -486,6 +508,7 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= @@ -504,9 +527,12 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM= k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= +k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo= k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= +k8s.io/client-go v0.17.0 h1:8QOGvUGdqDMFrm9sD6IUFl256BcffynGoe80sxgTEDg= k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k= k8s.io/cloud-provider v0.17.0/go.mod h1:Ze4c3w2C0bRsjkBUoHpFi+qWe3ob1wI2/7cUn+YQIDE= k8s.io/code-generator v0.0.0-20191121015212-c4c8f8345c7e/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= @@ -516,10 +542,12 @@ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kubernetes v1.11.10/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/legacy-cloud-providers v0.17.0/go.mod h1:DdzaepJ3RtRy+e5YhNtrCYwlgyK87j/5+Yfp0L9Syp8= +k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= @@ -529,4 +557,5 @@ modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= +sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/main.tf b/main.tf index ffb431d..99ff0d8 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,4 @@ -# Get the account id of the AWS ELB service account in a given region for the +# Get the account id of the AWS ALB and ELB service account in a given region for the # purpose of whitelisting in a S3 bucket policy. data "aws_elb_service_account" "main" { } @@ -8,10 +8,6 @@ data "aws_elb_service_account" "main" { data "aws_redshift_service_account" "main" { } -# The AWS region currently being used. -data "aws_region" "current" { -} - # The AWS account id data "aws_caller_identity" "current" { } @@ -20,255 +16,314 @@ data "aws_caller_identity" "current" { data "aws_partition" "current" { } +locals { + # S3 bucket ARN + bucket_arn = "arn:${data.aws_partition.current.partition}:s3:::${var.s3_bucket_name}" + + # + # CloudTrail locals + # + + # supports logging to multiple accounts + # doesn't support to multiple prefixes + + # allow cloudtrail policies if default_allow or allow_cloudtrail are true + cloudtrail_effect = var.default_allow || var.allow_cloudtrail ? "Allow" : "Deny" + + # use the cloudtrail_accounts to grant access if provided, otherwise grant access to the current account id + cloudtrail_accounts = length(var.cloudtrail_accounts) > 0 ? var.cloudtrail_accounts : [data.aws_caller_identity.current.account_id] + + # if var.cloudtrail_logs_prefix is empty then be sure to remove // in the path + cloudtrail_logs_path = var.cloudtrail_logs_prefix == "" ? "AWSLogs" : "${var.cloudtrail_logs_prefix}/AWSLogs" + + # finally, format the full final resources ARN list + cloudtrail_resources = toset(formatlist("${local.bucket_arn}/${local.cloudtrail_logs_path}/%s/*", local.cloudtrail_accounts)) + + # + # Cloudwatch Logs locals + # + + # doesn't support logging to multiple accounts + # doesn't support logging to mulitple prefixes + cloudwatch_effect = var.default_allow || var.allow_cloudwatch ? "Allow" : "Deny" + + # region specific logs service principal + cloudwatch_service = "logs.${var.region}.amazonaws.com" + + cloudwatch_resource = "${local.bucket_arn}/${var.cloudwatch_logs_prefix}/*" + + # + # Config locals + # + + # supports logging to muliple accounts + # doesn't support logging to muliple prefixes + config_effect = var.default_allow || var.allow_config ? "Allow" : "Deny" + + config_accounts = length(var.config_accounts) > 0 ? var.config_accounts : [data.aws_caller_identity.current.account_id] + + config_logs_path = var.config_logs_prefix == "" ? "AWSLogs" : "${var.config_logs_prefix}/AWSLogs" + + config_resources = sort(formatlist("${local.bucket_arn}/${local.config_logs_path}/%s/Config/*", local.config_accounts)) + + # + # ELB locals + # + + # supports logging to muliple accounts + # doesn't support logging to multiple prefixes + elb_effect = var.default_allow || var.allow_elb ? "Allow" : "Deny" + + elb_accounts = length(var.elb_accounts) > 0 ? var.elb_accounts : [data.aws_caller_identity.current.account_id] + + elb_logs_path = var.elb_logs_prefix == "" ? "AWSLogs" : "${var.elb_logs_prefix}/AWSLogs" + + elb_resources = sort(formatlist("${local.bucket_arn}/${local.elb_logs_path}/%s/*", local.elb_accounts)) + + # + # ALB locals + # + + # doesn't support logging to multiple accounts + # supports logging to multiple prefixes + alb_effect = var.default_allow || var.allow_alb ? "Allow" : "Deny" + + # if the list of prefixes contains "", set an append_root_prefix flag + alb_include_root_prefix = contains(var.alb_logs_prefixes, "") ? true : false + + # create a list of paths, but remove any prefixes containing "" using compact + alb_logs_path_temp = formatlist("%s/AWSLogs", compact(var.alb_logs_prefixes)) + + # now append an "AWSLogs" path to the list if alb_include_root_prefix is true + alb_logs_path = local.alb_include_root_prefix ? concat(local.alb_logs_path_temp, ["AWSLogs"]) : local.alb_logs_path_temp + + # finally, format the full final resources ARN list + alb_resources = sort(formatlist("${local.bucket_arn}/%s/${data.aws_caller_identity.current.account_id}/*", local.alb_logs_path)) + + # + # NLB locals + # + + # doesn't support logging to multiple accounts + # supports logging to multiple prefixes + nlb_effect = var.default_allow || var.allow_nlb ? "Allow" : "Deny" + + nlb_include_root_prefix = contains(var.nlb_logs_prefixes, "") ? true : false + + nlb_logs_path_temp = formatlist("%s/AWSLogs", compact(var.nlb_logs_prefixes)) + + nlb_logs_path = local.nlb_include_root_prefix ? concat(local.nlb_logs_path_temp, ["AWSLogs"]) : local.nlb_logs_path_temp + + nlb_resources = sort(formatlist("${local.bucket_arn}/%s/${data.aws_caller_identity.current.account_id}/*", local.nlb_logs_path)) + + # + # Redshift locals + # + + # doesn't support logging to multiple accounts + # doesn't support logging to multiple prefixes + redshift_effect = var.default_allow || var.allow_redshift ? "Allow" : "Deny" + + # redshift logs user in our region + redshift_principal = "arn:${data.aws_partition.current.partition}:iam::${data.aws_redshift_service_account.main.id}:user/logs" + + redshift_resource = "${local.bucket_arn}/${var.redshift_logs_prefix}/*" +} + # # S3 Bucket # -data "template_file" "bucket_policy" { - template = < 0 ? jsonencode( - sort( - formatlist( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%%s/*", - var.s3_bucket_name, - var.cloudtrail_logs_prefix, - ), - var.cloudtrail_accounts, - ), - ), - ) : jsonencode( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%s/*", - var.s3_bucket_name, - var.cloudtrail_logs_prefix, - data.aws_caller_identity.current.account_id, - ), - ) - config_effect = var.default_allow || var.allow_config ? "Allow" : "Deny" - config_resources = length(var.config_accounts) > 0 ? jsonencode( - sort( - formatlist( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%%s/Config/*", - var.s3_bucket_name, - var.config_logs_prefix, - ), - var.config_accounts, - ), - ), - ) : jsonencode( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%s/Config/*", - var.s3_bucket_name, - var.config_logs_prefix, - data.aws_caller_identity.current.account_id, - ), - ) - elb_effect = var.default_allow || var.allow_elb ? "Allow" : "Deny" - elb_principal = data.aws_elb_service_account.main.arn - elb_resources = length(var.elb_accounts) > 0 ? jsonencode( - sort( - formatlist( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%%s/*", - var.s3_bucket_name, - var.elb_logs_prefix, - ), - var.elb_accounts, - ), - ), - ) : jsonencode( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/AWSLogs/%s/*", - var.s3_bucket_name, - var.elb_logs_prefix, - data.aws_caller_identity.current.account_id, - ), - ) - nlb_effect = var.default_allow || var.allow_nlb ? "Allow" : "Deny" - nlb_resources = jsonencode( - formatlist( - format("arn:${data.aws_partition.current.partition}:s3:::%s/%%s/*", var.s3_bucket_name), - var.nlb_logs_prefixes, - ), - ) - redshift_effect = var.default_allow || var.allow_redshift ? "Allow" : "Deny" - redshift_principal = format( - "arn:${data.aws_partition.current.partition}:iam::%s:user/logs", - data.aws_redshift_service_account.main.id, - ) - redshift_resources = jsonencode( - format( - "arn:${data.aws_partition.current.partition}:s3:::%s/%s/*", - var.s3_bucket_name, - var.redshift_logs_prefix, - ), - ) +data "aws_iam_policy_document" "main" { + + # + # CloudTrail bucket policies + # + + statement { + sid = "cloudtrail-logs-get-bucket-acl" + effect = local.cloudtrail_effect + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + actions = ["s3:GetBucketAcl"] + resources = [local.bucket_arn] } + + statement { + sid = "cloudtrail-logs-put-object" + effect = local.cloudtrail_effect + principals { + type = "Service" + identifiers = ["cloudtrail.amazonaws.com"] + } + actions = ["s3:PutObject"] + resources = local.cloudtrail_resources + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + } + + # + # CloudWatch bucket policies + # + + statement { + sid = "cloudwatch-logs-get-bucket-acl" + effect = local.cloudwatch_effect + principals { + type = "Service" + identifiers = [local.cloudwatch_service] + } + actions = ["s3:GetBucketAcl"] + resources = [local.bucket_arn] + } + + statement { + sid = "cloudwatch-logs-put-object" + effect = local.cloudwatch_effect + principals { + type = "Service" + identifiers = [local.cloudwatch_service] + } + actions = ["s3:PutObject"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + resources = [local.cloudwatch_resource] + } + + # + # Config bucket policies + # + + statement { + sid = "config-permissions-check" + effect = local.config_effect + principals { + type = "Service" + identifiers = ["config.amazonaws.com"] + } + actions = ["s3:GetBucketAcl"] + resources = [local.bucket_arn] + } + + statement { + sid = "config-bucket-delivery" + effect = local.config_effect + principals { + type = "Service" + identifiers = ["config.amazonaws.com"] + } + actions = ["s3:PutObject"] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + resources = local.config_resources + } + + # + # ELB bucket policies + # + + statement { + sid = "elb-logs-put-object" + effect = local.elb_effect + principals { + type = "AWS" + identifiers = [data.aws_elb_service_account.main.arn] + } + actions = ["s3:PutObject"] + resources = local.elb_resources + } + + # + # ALB bucket policies + # + + statement { + sid = "alb-logs-put-object" + effect = local.alb_effect + principals { + type = "AWS" + identifiers = [data.aws_elb_service_account.main.arn] + } + actions = ["s3:PutObject"] + resources = local.alb_resources + } + + # + # NLB bucket policies + # + + statement { + sid = "nlb-logs-put-object" + effect = local.nlb_effect + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = ["s3:PutObject"] + resources = local.nlb_resources + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + } + + statement { + sid = "nlb-logs-acl-check" + effect = local.nlb_effect + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = ["s3:GetBucketAcl"] + resources = [local.bucket_arn] + } + + # + # Redshift bucket policies + # + + statement { + sid = "redshift-logs-put-object" + effect = local.redshift_effect + principals { + type = "AWS" + identifiers = [local.redshift_principal] + } + actions = ["s3:PutObject"] + resources = [local.redshift_resource] + } + + statement { + sid = "redshift-logs-get-bucket-acl" + effect = local.redshift_effect + principals { + type = "AWS" + identifiers = [local.redshift_principal] + } + actions = ["s3:GetBucketAcl"] + resources = [local.bucket_arn] + } + } + resource "aws_s3_bucket" "aws_logs" { bucket = var.s3_bucket_name acl = var.s3_bucket_acl region = var.region - policy = data.template_file.bucket_policy.rendered + policy = data.aws_iam_policy_document.main.json force_destroy = var.force_destroy lifecycle_rule { diff --git a/test/terraform_aws_logs_alb_test.go b/test/terraform_aws_logs_alb_test.go index eff3fe3..5135fa3 100644 --- a/test/terraform_aws_logs_alb_test.go +++ b/test/terraform_aws_logs_alb_test.go @@ -8,22 +8,51 @@ import ( "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsAlb(t *testing.T) { t.Parallel() + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/alb") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) awsRegion := "us-west-2" vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] terraformOptions := &terraform.Options{ - TerraformDir: "../examples/alb/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "alb_logs_prefixes": []string{testName}, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsAlbRootPrefix(t *testing.T) { + t.Parallel() + + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/alb") + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + awsRegion := "us-west-2" + vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "alb_logs_prefixes": []string{"", testName}, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_cloudtrail_test.go b/test/terraform_aws_logs_cloudtrail_test.go index 9c31ed4..68c2ec8 100644 --- a/test/terraform_aws_logs_cloudtrail_test.go +++ b/test/terraform_aws_logs_cloudtrail_test.go @@ -7,22 +7,46 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsCloudtrail(t *testing.T) { - // Note: do not run this test in t.Parallel() mode. - // Running this test in parallel with other tests in the module - // often causes issues when attempting to empty and delete the bucket. + // Note: do not run this test in t.Parallel() mode. because the + // Cloudtrail module doesn't support running multiple instances testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/cloudtrail") awsRegion := "us-west-2" terraformOptions := &terraform.Options{ - TerraformDir: "../examples/cloudtrail/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "cloudtrail_logs_prefix": testName, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsCloudtrailRootPrefix(t *testing.T) { + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/cloudtrail") + awsRegion := "us-west-2" + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "cloudtrail_logs_prefix": "", }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_combined_test.go b/test/terraform_aws_logs_combined_test.go index cfabae4..e002a43 100644 --- a/test/terraform_aws_logs_combined_test.go +++ b/test/terraform_aws_logs_combined_test.go @@ -8,11 +8,13 @@ import ( "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsCombined(t *testing.T) { // Note: do not run this test in t.Parallel() mode. + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/combined") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) // AWS only supports one configuration recorder per region. // Each test using aws-config will need to specify a different region. @@ -21,7 +23,7 @@ func TestTerraformAwsLogsCombined(t *testing.T) { testRedshift := !testing.Short() terraformOptions := &terraform.Options{ - TerraformDir: "../examples/combined/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ "region": awsRegion, "vpc_azs": vpcAzs, diff --git a/test/terraform_aws_logs_config_test.go b/test/terraform_aws_logs_config_test.go index 1f5c60c..35c9461 100644 --- a/test/terraform_aws_logs_config_test.go +++ b/test/terraform_aws_logs_config_test.go @@ -7,22 +7,51 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsConfig(t *testing.T) { t.Parallel() testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config") // AWS only supports one configuration recorder per region. // Each test using aws-config will need to specify a different region. awsRegion := "us-east-2" terraformOptions := &terraform.Options{ - TerraformDir: "../examples/config/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "config_logs_prefix": testName, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) { + t.Parallel() + + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config") + // AWS only supports one configuration recorder per region. + // Each test using aws-config will need to specify a different region. + awsRegion := "us-east-1" + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "config_logs_prefix": "", }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_elb_test.go b/test/terraform_aws_logs_elb_test.go index bbb88e2..5673655 100644 --- a/test/terraform_aws_logs_elb_test.go +++ b/test/terraform_aws_logs_elb_test.go @@ -8,22 +8,51 @@ import ( "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsElb(t *testing.T) { t.Parallel() + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/elb") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) awsRegion := "us-west-2" vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] terraformOptions := &terraform.Options{ - TerraformDir: "../examples/elb/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "elb_logs_prefix": testName, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsElbRootPrefix(t *testing.T) { + t.Parallel() + + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/elb") + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + awsRegion := "us-west-2" + vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "elb_logs_prefix": "", }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_nlb_test.go b/test/terraform_aws_logs_nlb_test.go index 7f0a561..fef5ef7 100644 --- a/test/terraform_aws_logs_nlb_test.go +++ b/test/terraform_aws_logs_nlb_test.go @@ -8,22 +8,51 @@ import ( "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsNlb(t *testing.T) { t.Parallel() + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/nlb") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) awsRegion := "us-west-2" vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nlb/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "nlb_logs_prefixes": []string{testName}, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsNlbRootPrefix(t *testing.T) { + t.Parallel() + + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/nlb") + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + awsRegion := "us-west-2" + vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "nlb_logs_prefixes": []string{"", testName}, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_redshift_test.go b/test/terraform_aws_logs_redshift_test.go index f2aac06..d3af4d5 100644 --- a/test/terraform_aws_logs_redshift_test.go +++ b/test/terraform_aws_logs_redshift_test.go @@ -5,8 +5,10 @@ import ( "strings" "testing" + "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsRedshift(t *testing.T) { @@ -17,14 +19,48 @@ func TestTerraformAwsLogsRedshift(t *testing.T) { t.Parallel() testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/redshift") awsRegion := "us-west-2" + vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] terraformOptions := &terraform.Options{ - TerraformDir: "../examples/redshift/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "redshift_logs_prefix": testName, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsRedshiftRootPrefix(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } + + t.Parallel() + + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/redshift") + awsRegion := "us-west-2" + vpcAzs := aws.GetAvailabilityZones(t, awsRegion)[:3] + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, + "redshift_logs_prefix": "", }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_s3_test.go b/test/terraform_aws_logs_s3_test.go index acc2636..a0bb939 100644 --- a/test/terraform_aws_logs_s3_test.go +++ b/test/terraform_aws_logs_s3_test.go @@ -7,20 +7,47 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogsS3(t *testing.T) { t.Parallel() + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/s3") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) awsRegion := "us-west-2" terraformOptions := &terraform.Options{ - TerraformDir: "../examples/s3/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, - "force_destroy": true, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "s3_logs_prefix": testName, + }, + EnvVars: map[string]string{ + "AWS_DEFAULT_REGION": awsRegion, + }, + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} + +func TestTerraformAwsLogsS3RootPrefix(t *testing.T) { + t.Parallel() + + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/s3") + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) + awsRegion := "us-west-2" + + terraformOptions := &terraform.Options{ + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "region": awsRegion, + "test_name": testName, + "force_destroy": true, + "s3_logs_prefix": "", }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, diff --git a/test/terraform_aws_logs_test.go b/test/terraform_aws_logs_test.go index c4c2de5..15ddcb4 100644 --- a/test/terraform_aws_logs_test.go +++ b/test/terraform_aws_logs_test.go @@ -7,16 +7,18 @@ import ( "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" + test_structure "github.com/gruntwork-io/terratest/modules/test-structure" ) func TestTerraformAwsLogs(t *testing.T) { t.Parallel() + tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/simple") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) awsRegion := "us-west-2" terraformOptions := &terraform.Options{ - TerraformDir: "../examples/simple/", + TerraformDir: tempTestFolder, Vars: map[string]interface{}{ "region": awsRegion, "test_name": testName,