feat: Automatic https support with Caddy (#2)

* feat: Add Atlantis resources (#1)

* feat: Add Atlantis resources

* feat: Take advantage of atlantis-repo-config module for configuring repos and workflows

* chore: Bump Terraform version

* feat: Add automatic HTTPS and change variables namings

* docs: Add documentation on Caddy support

* chore: Update checkov pre-commit hook version

* chore: Update checkov pre-commit hook version

* chore: Update checkov pre-commit hook version

* chore: Change formatting and description of variable

* feat: Add persistence storage for Caddy data

* feat: Allow passing custom Caddyfile and add extra module outputs

* feat: Allow passing multiple sinks to the diagnostic settings and parametrise atlantis port for Caddy

.pre-commit-config.yaml

@@ -16,9 +16,10 @@ repos:
         args: ["."]
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '2.0.1161' # Get the latest from: https://github.com/bridgecrewio/checkov/releases
+    rev: '2.2.130' # Get the latest from: https://github.com/bridgecrewio/checkov/releases
     hooks:
       - id: checkov
+        args: [--skip-check, "CKV2_GHA_1"]
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: "v4.3.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases

.terraform-docs.yml

@@ -39,6 +39,9 @@ sort:
   enabled: true
   by: name
 
+recursive:
+  enabled: true
+
 settings:
   anchor: true
   color: true

examples/complete/README.md

@@ -51,6 +51,10 @@ module "this_atlantis" {
      ATLANTIS_GITLAB_TOKEN          = ""
      ATLANTIS_GITLAB_USER           = ""
      ATLANTIS_GITLAB_WEBHOOK_SECRET = ""
+
+     ATLANTIS_WEB_BASIC_AUTH = true
+     ATLANTIS_WEB_USERNAME = ""
+     ATLANTIS_WEB_PASSWORD = ""
    }
    ```
 3. Run the commands from below:

examples/complete/fixtures.west-europe.tfvars

@@ -8,7 +8,7 @@ descriptor_formats = {
     labels = ["name"]
     format = "%v-rg"
   }
-  container-group = {
+  azure-container-group = {
     labels = ["namespace", "environment", "stage", "name", "attributes"]
     format = "%v-%v-%v-%v-%v-aci"
   }
@@ -22,7 +22,7 @@ atlantis_server_config = {
   repo_allowlist = "gitlab.com/getindata/*"
 }
 
-repo_config_repos = [
+atlantis_repo_config_repos = [
   {
     id                     = "/.*/"
     allowed_overrides      = ["workflow", "apply_requirements", "delete_source_branch_on_merge"]

examples/complete/main.tf

@@ -21,19 +21,24 @@ module "resource_group" {
 }
 
 module "this_atlantis" {
-  source = "../../"
+  source = "../../modules/caddy-automatic-https"
 
   context = module.this.context
 
+  name = "atlantis"
+
   resource_group_name = module.resource_group.name
   location            = module.resource_group.location
 
   attributes = [random_id.this.hex]
 
-  atlantis_server_config = var.atlantis_server_config
-  repo_config_repos      = var.repo_config_repos
+  atlantis_server_config     = var.atlantis_server_config
+  atlantis_repo_config_repos = var.atlantis_repo_config_repos
 
-  secure_environment_variables = var.secure_environment_variables
+  atlantis_container = {
+    secure_environment_variables = var.atlantis_secure_environment_variables
+  }
 
-  identity = {}
+  dns_name_label = format("atlantis-%s", random_id.this.hex)
+  identity       = {}
 }

examples/complete/variables.tf

@@ -17,7 +17,7 @@ variable "atlantis_server_config" {
   default = {}
 }
 
-variable "repo_config_repos" {
+variable "atlantis_repo_config_repos" {
   description = "Map of repositories and their configs. Refer to https://www.runatlantis.io/docs/server-side-repo-config.html#example-server-side-repo"
   type = list(object({
     id                            = optional(string, "/.*/")
@@ -50,7 +50,7 @@ variable "repo_config_repos" {
   default = []
 }
 
-variable "secure_environment_variables" {
+variable "atlantis_secure_environment_variables" {
   description = "A list of sensitive environment variables to be set on the container"
   type        = map(string)
   default     = {}

locals.tf

@@ -12,7 +12,6 @@ locals {
       lookup(local.atlantis_environment_variables_from_terraform_config, "ATLANTIS_REPO_CONFIG_JSON", null),
       module.atlantis_repo_config.repos_config_json
     ) },
-    var.environment_variables
+    var.atlantis_container.environment_variables
   )
-  atlantis_secure_environment_variables = merge(var.secure_environment_variables)
 }

main.tf

@@ -2,48 +2,41 @@ module "atlantis_repo_config" {
   source  = "getindata/atlantis-repo-config/null"
   version = "1.1.0"
 
-  repos               = var.repo_config_repos
-  repos_common_config = var.repo_config_repos_common_config
+  repos               = var.atlantis_repo_config_repos
+  repos_common_config = var.atlantis_repo_config_repos_common_config
 
-  workflows                = var.repo_config_workflows
-  use_predefined_workflows = var.repo_config_use_predefined_workflows
+  workflows                = var.atlantis_repo_config_workflows
+  use_predefined_workflows = var.atlantis_repo_config_use_predefined_workflows
 
-  repo_config_file = var.repo_config_file
+  repo_config_file = var.atlantis_repo_config_file
 }
 
 module "azure_container_group" {
   source  = "getindata/container-group/azurerm"
-  version = "1.1.0"
+  version = "2.0.0"
 
   context = module.this.context
 
   resource_group_name = var.resource_group_name
   location            = var.location
 
-  name = coalesce(var.name, "atlantis")
-
-  containers = {
-    atlantis = {
-      image  = var.image
-      cpu    = var.cpu
-      memory = var.memory
-      ports = [
-        {
-          port = var.port
-        }
-      ]
-      commands                                    = ["atlantis", "server"]
-      environment_variables                       = local.atlantis_environment_variables
-      secure_environment_variables                = local.atlantis_secure_environment_variables
-      secure_environment_variables_from_key_vault = var.secure_environment_variables_from_key_vault
-    }
-  }
+  name            = coalesce(var.name, "atlantis")
+  descriptor_name = var.descriptor_name
+
+  diagnostic_settings = var.diagnostic_settings
+
+  containers = merge({
+    atlantis = merge(var.atlantis_container, {
+      environment_variables = local.atlantis_environment_variables
+    })
+  }, var.containers)
 
   subnet_ids                          = var.subnet_ids
   dns_name_label                      = var.dns_name_label
   dns_name_servers                    = var.dns_name_servers
+  exposed_ports                       = var.exposed_ports
+  restart_policy                      = var.restart_policy
   identity                            = var.identity
   image_registry_credential           = var.image_registry_credential
   container_diagnostics_log_analytics = var.container_diagnostics_log_analytics
-  container_group_diagnostics_setting = var.container_group_diagnostics_setting
 }

modules/caddy-automatic-https/.terraform-docs.yml

@@ -0,0 +1,55 @@
+formatter: "md tbl" # this is required
+
+version: ">= 0.14"
+
+sections:
+  hide: []
+  show: [all]
+
+content: |-
+  {{ .Header }}
+
+  {{ .Footer }}
+
+  {{ .Inputs }}
+
+  {{ .Modules }}
+
+  {{ .Outputs }}
+
+  {{ .Providers }}
+
+  {{ .Requirements }}
+
+  {{ .Resources }}
+
+output:
+  file: "README.md"
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: false
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true