Skip to content

Commit

Permalink
Convert to TF 0.12. Add tests. Add Codefresh test pipeline (#13)
Browse files Browse the repository at this point in the history
* Convert to TF 0.12. Add tests. Add Codefresh test pipeline

* Update outputs
  • Loading branch information
aknysh authored Jun 26, 2019
1 parent 0d0a773 commit 2cd311c
Show file tree
Hide file tree
Showing 24 changed files with 560 additions and 189 deletions.
5 changes: 1 addition & 4 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,10 @@
*.tfstate
*.tfstate.*

# .tfvars files
*.tfvars

# IDE files
.idea
*.iml

# Build harness files
.build-harness
build-harness
build-harness
16 changes: 0 additions & 16 deletions .travis.yml

This file was deleted.

47 changes: 26 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

[![Cloud Posse][logo]](https://cpco.io/homepage)

# terraform-aws-s3-bucket [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-s3-bucket.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-s3-bucket) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-s3-bucket.svg)](https://github.com/cloudposse/terraform-aws-s3-bucket/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
# terraform-aws-s3-bucket [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-s3-bucket?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d13993639efa9451b1a2aa4) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-s3-bucket.svg)](https://github.com/cloudposse/terraform-aws-s3-bucket/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)


This module creates an S3 bucket with support of versioning, encryption, ACL and bucket object policy.
Expand Down Expand Up @@ -47,16 +47,21 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are

## Usage


**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-s3-bucket/releases).


```hcl
module "s3_bucket" {
source = "git::https://github.com/cloudposse/terraform-aws-s3-bucket.git?ref=master"
enabled = "${var.enabled}"
user_enabled = "${var.user_enabled}"
versioning_enabled = "${var.versioning_enabled}"
allowed_bucket_actions = "${var.allowed_bucket_actions}"
name = "${var.name}"
stage = "${var.stage}"
namespace = "${var.namespace}"
enabled = true
user_enabled = true
versioning_enabled = false
allowed_bucket_actions = ["s3:GetObject", "s3:ListBucket", "s3:GetBucketLocation"]
name = "app"
stage = "test"
namespace = "eg"
}
```

Expand All @@ -80,22 +85,22 @@ Available targets:
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| acl | The canned ACL to apply. We recommend `private` to avoid exposing sensitive information | string | `private` | no |
| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | string | `false` | no |
| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list | `<list>` | no |
| attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
| attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
| enabled | Set to `false` to prevent the module from creating any resources | string | `true` | no |
| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string | `false` | no |
| enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
| name | Name (e.g. `app` or `db`) | string | - | yes |
| namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. | string | `` | no |
| name | Name (e.g. `app` or `cluster`) | string | - | yes |
| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map | `<map>` | no |
| user_enabled | Set to `true` to create an S3 user with permission to access the bucket | string | `false` | no |
| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket. | string | `false` | no |
| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `<map>` | no |
| user_enabled | Set to `true` to create an IAM user with permission to access the bucket | bool | `false` | no |
| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | `false` | no |

## Outputs

Expand Down
24 changes: 12 additions & 12 deletions README.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ github_repo: cloudposse/terraform-aws-s3-bucket

# Badges to display
badges:
- name: "Build Status"
image: "https://travis-ci.org/cloudposse/terraform-aws-s3-bucket.svg?branch=master"
url: "https://travis-ci.org/cloudposse/terraform-aws-s3-bucket"
- name: "Codefresh Build Status"
image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-s3-bucket?type=cf-1"
url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d13993639efa9451b1a2aa4"
- name: "Latest Release"
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-s3-bucket.svg"
url: "https://github.com/cloudposse/terraform-aws-s3-bucket/releases/latest"
Expand Down Expand Up @@ -68,23 +68,23 @@ related:
description: |-
This module creates an S3 bucket with support of versioning, encryption, ACL and bucket object policy.
If `user_enabled` variable is set to `true`, the module will provision a basic IAM user with permissions to access the bucket.
This basic IAM system user is suitable for CI/CD systems (_e.g._ TravisCI, CircleCI) or systems which are *external* to AWS that cannot leverage [AWS IAM Instance Profiles](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html).
We do not recommend creating IAM users this way for any other purpose.
# How to use this project
usage: |-
```hcl
module "s3_bucket" {
source = "git::https://github.com/cloudposse/terraform-aws-s3-bucket.git?ref=master"
enabled = "${var.enabled}"
user_enabled = "${var.user_enabled}"
versioning_enabled = "${var.versioning_enabled}"
allowed_bucket_actions = "${var.allowed_bucket_actions}"
name = "${var.name}"
stage = "${var.stage}"
namespace = "${var.namespace}"
enabled = true
user_enabled = true
versioning_enabled = false
allowed_bucket_actions = ["s3:GetObject", "s3:ListBucket", "s3:GetBucketLocation"]
name = "app"
stage = "test"
namespace = "eg"
}
```
Expand Down
74 changes: 74 additions & 0 deletions codefresh/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
version: '1.0'

stages:
- Prepare
- Test

steps:
wait:
title: Wait
stage: Prepare
image: codefresh/cli:latest
commands:
- codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id'
retry:
maxAttempts: 10
delay: 20
exponentialFactor: 1.1

main_clone:
title: "Clone repository"
type: git-clone
stage: Prepare
description: "Initialize"
repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}
git: CF-default
revision: ${{CF_REVISION}}

clean_init:
title: Prepare build-harness and test-harness
image: ${{TEST_IMAGE}}
stage: Prepare
commands:
- cf_export PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- make init
- git -C build-harness checkout master
- make -C test/ clean init TEST_HARNESS_BRANCH=master
- make -C test/src clean init
- find . -type d -name '.terraform' | xargs rm -rf
- find . -type f -name 'terraform.tfstate*' -exec rm -f {} \;

test:
type: "parallel"
title: "Run tests"
description: "Run all tests in parallel"
stage: Test
steps:
test_readme_lint:
title: "Test README.md updated"
stage: "Test"
image: ${{TEST_IMAGE}}
description: Test "readme/lint"
commands:
- make readme/lint

test_module:
title: Test module with bats
image: ${{TEST_IMAGE}}
stage: Test
commands:
- make -C test/ module

test_examples_complete:
title: Test "examples/complete" with bats
image: ${{TEST_IMAGE}}
stage: Test
commands:
- make -C test/ examples/complete

test_examples_complete_terratest:
title: Test "examples/complete" with terratest
image: ${{TEST_IMAGE}}
stage: Test
commands:
- make -C test/src
26 changes: 13 additions & 13 deletions docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| acl | The canned ACL to apply. We recommend `private` to avoid exposing sensitive information | string | `private` | no |
| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | string | `false` | no |
| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list | `<list>` | no |
| attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
| attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
| enabled | Set to `false` to prevent the module from creating any resources | string | `true` | no |
| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string | `false` | no |
| enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
| name | Name (e.g. `app` or `db`) | string | - | yes |
| namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. | string | `` | no |
| name | Name (e.g. `app` or `cluster`) | string | - | yes |
| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map | `<map>` | no |
| user_enabled | Set to `true` to create an S3 user with permission to access the bucket | string | `false` | no |
| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket. | string | `false` | no |
| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `<map>` | no |
| user_enabled | Set to `true` to create an IAM user with permission to access the bucket | bool | `false` | no |
| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | `false` | no |

## Outputs

Expand Down
9 changes: 0 additions & 9 deletions examples/basic/main.tf

This file was deleted.

41 changes: 0 additions & 41 deletions examples/basic/outputs.tf

This file was deleted.

17 changes: 17 additions & 0 deletions examples/complete/fixtures.us-west-1.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
region = "us-west-1"

namespace = "eg"

stage = "test"

name = "s3-test"

acl = "private"

force_destroy = true

versioning_enabled = false

allow_encrypted_uploads_only = true

allowed_bucket_actions = ["s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetBucketLocation", "s3:AbortMultipartUpload"]
19 changes: 19 additions & 0 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
provider "aws" {
region = var.region
}

module "s3_bucket" {
source = "../../"

enabled = true
user_enabled = true
region = var.region
namespace = var.namespace
stage = var.stage
name = var.name
acl = var.acl
force_destroy = var.force_destroy
versioning_enabled = var.versioning_enabled
allow_encrypted_uploads_only = var.allow_encrypted_uploads_only
allowed_bucket_actions = var.allowed_bucket_actions
}
29 changes: 29 additions & 0 deletions examples/complete/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
output "bucket_domain_name" {
value = module.s3_bucket.bucket_domain_name
description = "FQDN of bucket"
}

output "bucket_id" {
value = module.s3_bucket.bucket_id
description = "Bucket Name (aka ID)"
}

output "bucket_arn" {
value = module.s3_bucket.bucket_arn
description = "Bucket ARN"
}

output "user_name" {
value = module.s3_bucket.user_name
description = "Normalized IAM user name"
}

output "user_arn" {
value = module.s3_bucket.user_arn
description = "The ARN assigned by AWS for the user"
}

output "user_unique_id" {
value = module.s3_bucket.user_unique_id
description = "The user unique ID assigned by AWS"
}
Loading

0 comments on commit 2cd311c

Please sign in to comment.