Skip to content

Commit

Permalink
Terraform 0.12 upgrade (#6)
Browse files Browse the repository at this point in the history 
* Revert "Revert "Upgrade to Terraform 0.12""

This reverts commit 6e56c46.

* Upgrade tests to use terraform 0.12

* Convert tests to use json output in Terraform 0.12
  • Loading branch information
@agassner
agassner authored Dec 19, 2019
1 parent 6e56c46 commit c68d340
Show file tree
Hide file tree
Showing 11 changed files with 784 additions and 204 deletions.
15 changes: 10 additions & 5 deletions iam.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
resource "aws_iam_role" "iam_for_lambda" {
name_prefix = "${replace(replace(var.function_name, "/(.{0,32}).*/", "$1"), "/^-+|-+$/", "")}"
name_prefix = replace(
replace(var.function_name, "/(.{0,32}).*/", "$1"),
"/^-+|-+$/",
"",
)
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
Expand All @@ -14,18 +18,19 @@ resource "aws_iam_role" "iam_for_lambda" {
]
}
EOF

}

resource "aws_iam_role_policy" "lambda_policy" {
role = "${aws_iam_role.iam_for_lambda.id}"
role = aws_iam_role.iam_for_lambda.id
name = "policy"

policy = "${var.lambda_role_policy}"
policy = var.lambda_role_policy
}

resource "aws_iam_role_policy_attachment" "vpc_permissions" {
role = "${aws_iam_role.iam_for_lambda.name}"
role = aws_iam_role.iam_for_lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"

count = "${length(var.subnet_ids) != 0 ? 1 : 0}"
count = length(var.subnet_ids) != 0 ? 1 : 0
}
44 changes: 24 additions & 20 deletions main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,40 @@
terraform {
required_version = ">= 0.12"
}

resource "aws_lambda_function" "lambda_function" {
s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
function_name = "${var.function_name}"
role = "${aws_iam_role.iam_for_lambda.arn}"
handler = "${var.handler}"
runtime = "${var.runtime}"
timeout = "${var.timeout}"
memory_size = "${var.memory_size}"
reserved_concurrent_executions = "${var.reserved_concurrent_executions}"
tags = "${var.tags}"
s3_bucket = var.s3_bucket
s3_key = var.s3_key
function_name = var.function_name
role = aws_iam_role.iam_for_lambda.arn
handler = var.handler
runtime = var.runtime
timeout = var.timeout
memory_size = var.memory_size
reserved_concurrent_executions = var.reserved_concurrent_executions
tags = var.tags

vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
}
subnet_ids = var.subnet_ids
security_group_ids = var.security_group_ids
}

environment {
variables = "${var.lambda_env}"
variables = var.lambda_env
}
}

resource "aws_cloudwatch_log_group" "lambda_loggroup" {
name = "/aws/lambda/${var.function_name}"
retention_in_days = 7
depends_on = ["aws_lambda_function.lambda_function"]
depends_on = [aws_lambda_function.lambda_function]
}

resource "aws_cloudwatch_log_subscription_filter" "kinesis_log_stream" {
count = "${var.datadog_log_subscription_arn != "" ? 1 : 0}"
count = var.datadog_log_subscription_arn != "" ? 1 : 0
name = "kinesis-log-stream-${var.function_name}"
destination_arn = "${var.datadog_log_subscription_arn}"
log_group_name = "${aws_cloudwatch_log_group.lambda_loggroup.name}"
filter_pattern = "${var.log_subscription_filter}"
depends_on = ["aws_lambda_function.lambda_function"]
destination_arn = var.datadog_log_subscription_arn
log_group_name = aws_cloudwatch_log_group.lambda_loggroup.name
filter_pattern = var.log_subscription_filter
depends_on = [aws_lambda_function.lambda_function]
}
8 changes: 4 additions & 4 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
output "lambda_arn" {
value = "${aws_lambda_function.lambda_function.arn}"
value = aws_lambda_function.lambda_function.arn
}

output "lambda_function_name" {
value = "${aws_lambda_function.lambda_function.function_name}"
value = aws_lambda_function.lambda_function.function_name
}

output "lambda_iam_role_name" {
value = "${aws_iam_role.iam_for_lambda.name}"
value = aws_iam_role.iam_for_lambda.name
}

output "lambda_invoke_arn" {
value = "${aws_lambda_function.lambda_function.invoke_arn}"
value = aws_lambda_function.lambda_function.invoke_arn
}
5 changes: 2 additions & 3 deletions test/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM python:3-alpine
COPY requirements.txt .

ENV TERRAFORM_VERSION=0.11.11
ENV TERRAFORM_VERSION=0.12.17
ENV TERRAFORM_ZIP=terraform_${TERRAFORM_VERSION}_linux_amd64.zip
ENV TERRAFORM_SUM=94504f4a67bad612b5c8e3a4b7ce6ca2772b3c1559630dfd71e9c519e3d6149c
ENV TERRAFORM_SUM=8124c7dfe5036377de0637378ad32cf530477403c29ab1ccefbaa50a05d059c2

RUN apk add -U ca-certificates curl && \
cd /tmp && \
Expand All @@ -14,4 +14,3 @@ RUN apk add -U ca-certificates curl && \

RUN pip install --no-cache-dir -r requirements.txt
ADD infra /infra

148 changes: 148 additions & 0 deletions test/files/create_lambda.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
{
"resource_changes": [
{
"address": "module.lambda.aws_cloudwatch_log_group.lambda_loggroup",
"module_address": "module.lambda",
"mode": "managed",
"type": "aws_cloudwatch_log_group",
"name": "lambda_loggroup",
"provider_name": "aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"kms_key_id": null,
"name": "/aws/lambda/check_lambda_function",
"name_prefix": null,
"retention_in_days": 7,
"tags": null
},
"after_unknown": {
"arn": true,
"id": true
}
}
},
{
"address": "module.lambda.aws_iam_role.iam_for_lambda",
"module_address": "module.lambda",
"mode": "managed",
"type": "aws_iam_role",
"name": "iam_for_lambda",
"provider_name": "aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"assume_role_policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n",
"description": null,
"force_detach_policies": false,
"max_session_duration": 3600,
"name_prefix": "check_lambda_function",
"path": "/",
"permissions_boundary": null,
"tags": null
},
"after_unknown": {
"arn": true,
"create_date": true,
"id": true,
"name": true,
"unique_id": true
}
}
},
{
"address": "module.lambda.aws_iam_role_policy.lambda_policy",
"module_address": "module.lambda",
"mode": "managed",
"type": "aws_iam_role_policy",
"name": "lambda_policy",
"provider_name": "aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"name": "policy",
"name_prefix": null,
"policy": "{\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"arn:aws:logs:*:*:*\"\n }\n ]\n}\n"
},
"after_unknown": {
"id": true,
"role": true
}
}
},
{
"address": "module.lambda.aws_lambda_function.lambda_function",
"module_address": "module.lambda",
"mode": "managed",
"type": "aws_lambda_function",
"name": "lambda_function",
"provider_name": "aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"dead_letter_config": [],
"description": null,
"environment": [
{
"variables": null
}
],
"filename": null,
"function_name": "check_lambda_function",
"handler": "some_handler",
"kms_key_arn": null,
"layers": null,
"memory_size": 128,
"publish": false,
"reserved_concurrent_executions": -1,
"runtime": "python3.7",
"s3_bucket": "cdflow-lambda-releases",
"s3_key": "s3key.zip",
"s3_object_version": null,
"tags": null,
"timeout": 3,
"timeouts": null,
"vpc_config": [
{
"security_group_ids": null,
"subnet_ids": null
}
]
},
"after_unknown": {
"arn": true,
"dead_letter_config": [],
"environment": [
{}
],
"id": true,
"invoke_arn": true,
"last_modified": true,
"qualified_arn": true,
"role": true,
"source_code_hash": true,
"source_code_size": true,
"tracing_config": true,
"version": true,
"vpc_config": [
{
"vpc_id": true
}
]
}
}
}
]
}
Loading

0 comments on commit c68d340

Please sign in to comment.