diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..d42f04d --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,69 @@ +version: 2 + +jobs: + build: + docker: + - image: hashicorp/terraform:0.11.3 + entrypoint: /bin/sh + steps: + - checkout + - run: + name: "Validate tf files (terraform validate)" + command: | + find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (terraform validate -check-variables=false "$m" && echo "√ $m") || exit 1 ; done + - run: + name: "Check: Terraform formatting (terraform fmt)" + command: | + if [ `terraform fmt --list=true -diff=true -write=false | tee format-issues | wc -c` -ne 0 ]; then + echo "Some terraform files need be formatted, run 'terraform fmt' to fix" + echo "Formatting issues:" + cat format-issues + exit 1 + fi + - run: + name: "Install: tflint" + command: | + apk add jq wget + # Get latest version of tflint + pkg_arch=linux_amd64 + dl_url=$(curl -s https://api.github.com/repos/wata727/tflint/releases/latest | jq -r ".assets[] | select(.name | test(\"${pkg_arch}\")) | .browser_download_url") + wget ${dl_url} + unzip tflint_linux_amd64.zip + mkdir -p /usr/local/tflint/bin + # Setup PATH for later run steps - ONLY for Bash and not in Bash + #echo 'export PATH=/usr/local/tflint/bin:$PATH' >> $BASH_ENV + echo "Installing tflint..." + install tflint /usr/local/tflint/bin + echo "Configuring tflint..." + tf_ver=$(terraform version | awk 'FNR <= 1' | cut -dv -f2) + echo -e "\tConfig for terraform version: ${tf_ver}" + if [ -f '.tflint.hcl' ]; then + sed -i "/terraform_version =/s/\".*\"/\"${tf_ver}\"/" .tflint.hcl + else + { + echo -e "config {\nterraform_version = \"${tf_ver}\"\ndeep_check = true\nignore_module = {" + for module in $(grep -h '[^a-zA-Z]source[ =]' *.tf | sed -r 's/.*=\s+//' | sort -u); do + # if not ^"../ + echo "${module} = true" + done + echo "}}" + } > .tflint.hcl + fi + echo "tflint configuration:" + cat .tflint.hcl + - run: + # Not supporting modules from registry ?? v0.5.4 + # For now, must ignore in config file + name: "Check: tflint" + command: | + #echo "Initializing terraform..." + #terraform init -input=false + echo "Running tflint..." + /usr/local/tflint/bin/tflint --version + /usr/local/tflint/bin/tflint + +workflows: + version: 2 + build: + jobs: + - build diff --git a/README.md b/README.md index 3e75476..88c3df9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![CircleCI](https://circleci.com/gh/devops-workflow/terraform-aws-s3-buckets?style=svg)](https://circleci.com/gh/devops-workflow/terraform-aws-s3-buckets) + AWS S3 Buckets Terraform module ======================== diff --git a/main.tf b/main.tf index e394446..1dbfd17 100644 --- a/main.tf +++ b/main.tf @@ -48,13 +48,17 @@ module "label" { resource "aws_s3_bucket" "this" { count = "${module.enabled.value ? length(var.names) : 0}" + bucket = "${var.namespaced ? format("%s-%s-%s", var.org, var.environment, replace(element(var.names, count.index), "_", "-")) : format("%s-%s", var.org, replace(element(var.names, count.index), "_", "-"))}" + acl = "${var.public ? "public-read" : "private"}" + versioning { enabled = "${var.versioned}" } + #acceleration_status #force_destroy = true #lifecycle_rule {} @@ -91,8 +95,10 @@ resource "aws_s3_bucket_policy" "bucket_policy" { } */ + #resource "aws_s3_bucket_notification" + /* resource "aws_s3_bucket_object" "this" { count = "${length(var.files)}" @@ -102,3 +108,4 @@ resource "aws_s3_bucket_object" "this" { etag = "${md5(file("${lookup(var.files, element(keys(var.files), count.index))}"))}" } */ + diff --git a/outputs.tf b/outputs.tf index 5afb0b0..9af35df 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,29 +1,34 @@ - output "arns" { description = "List of AWS S3 Bucket ARNs" - value = "${aws_s3_bucket.this.*.arn}" + value = "${aws_s3_bucket.this.*.arn}" } + output "domain_names" { description = "List of AWS S3 Bucket Domain Names" - value = "${aws_s3_bucket.this.*.bucket_domain_name}" + value = "${aws_s3_bucket.this.*.bucket_domain_name}" } + output "hosted_zone_ids" { description = "List of AWS S3 Bucket Hosted Zone IDs" - value = "${aws_s3_bucket.this.*.hosted_zone_id}" + value = "${aws_s3_bucket.this.*.hosted_zone_id}" } + output "ids" { description = "List of AWS S3 Bucket IDs" value = "${aws_s3_bucket.this.*.id}" } + output "names" { description = "List of AWS S3 Bucket Names" - value = "${aws_s3_bucket.this.*.id}" + value = "${aws_s3_bucket.this.*.id}" } + output "regions" { description = "List of AWS S3 Bucket Regions" - value = "${aws_s3_bucket.this.*.region}" + value = "${aws_s3_bucket.this.*.region}" } #aws_s3_bucket_object.this.id #aws_s3_bucket_object.this.etag #aws_s3_bucket_object.this.version_id + diff --git a/test/main.tf b/test/main.tf index 29f667f..60ad2d5 100644 --- a/test/main.tf +++ b/test/main.tf @@ -1,4 +1,3 @@ - module "s3-none" { source = ".." names = [] diff --git a/test/variables.tf b/test/variables.tf index 6708f92..1433c5b 100644 --- a/test/variables.tf +++ b/test/variables.tf @@ -1,9 +1,11 @@ variable "environment" { default = "dev" } + variable "organization" { default = "testorg" } + variable "region" { default = "us-west-2" } diff --git a/variables.tf b/variables.tf index 9bce7e7..a3f368c 100644 --- a/variables.tf +++ b/variables.tf @@ -1,22 +1,24 @@ - - // Standard Variables variable "names" { description = "List of S3 bucket names" type = "list" } + variable "environment" { description = "Environment (ex: dev, qa, stage, prod)" } + variable "namespaced" { description = "Namespace all resources (prefixed with the environment)?" default = true } + variable "tags" { description = "A map of tags to add to all resources" default = {} } + variable "org" { description = "Organization name to prefix S3 buckets with" } @@ -32,10 +34,12 @@ variable "principal" { description = "principal" default = "*" } + variable "public" { description = "Allow public read access to bucket" default = false } + variable "versioned" { description = "Version the bucket" default = false