Merge pull request #52 from lgallard/feature/dynamic-not-resources

Feature/dynamic not resources
lgallard · Jan 26, 2022 · 1af162c · 1af162c
2 parents e668d73 + b98ba05
commit 1af162c
Show file tree

Hide file tree

Showing 7 changed files with 127 additions and 9 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -2,14 +2,14 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+    rev: v4.1.0
     hooks:
     -   id: trailing-whitespace
     -   id: end-of-file-fixer
     -   id: check-added-large-files
     -   id: detect-aws-credentials
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.49.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  rev: v1.62.3 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
   hooks:
     - id: terraform_fmt
     - id: terraform_validate

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.13.0 (Jan 26, 2022)
+
+ENHANCEMENTS:
+
+* Add `not_resources` and `condition` support for selections
+* Update complete example & READMEs
+
 ## 0.12.2 (Jan 25, 2022)
 
 FIXES:

diff --git a/README.md b/README.md
@@ -157,7 +157,9 @@ No modules.
 | <a name="input_rule_schedule"></a> [rule\_schedule](#input\_rule\_schedule) | A CRON expression specifying when AWS Backup initiates a backup job | `string` | `null` | no |
 | <a name="input_rule_start_window"></a> [rule\_start\_window](#input\_rule\_start\_window) | The amount of time in minutes before beginning a backup | `number` | `null` | no |
 | <a name="input_rules"></a> [rules](#input\_rules) | A list of rule maps | `any` | `[]` | no |
+| <a name="input_selection_conditions"></a> [selection\_conditions](#input\_selection\_conditions) | A map of conditions that you define to assign resources to your backup plans using tags. | `map(any)` | `{}` | no |
 | <a name="input_selection_name"></a> [selection\_name](#input\_selection\_name) | The display name of a resource selection document | `string` | `null` | no |
+| <a name="input_selection_not_resources"></a> [selection\_not\_resources](#input\_selection\_not\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan. | `list(any)` | `[]` | no |
 | <a name="input_selection_resources"></a> [selection\_resources](#input\_selection\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list(any)` | `[]` | no |
 | <a name="input_selection_tags"></a> [selection\_tags](#input\_selection\_tags) | List of tags for `selection_name` var, when using variable definition. | `list(any)` | `[]` | no |
 | <a name="input_selections"></a> [selections](#input\_selections) | A list of selction maps | `any` | `[]` | no |

diff --git a/examples/complete_plan/README.md b/examples/complete_plan/README.md
@@ -39,6 +39,7 @@ module "aws_backup_example" {
     },
     {
       name                = "rule-2"
+      schedule            = "cron(0 7 * * ? *)"
       target_vault_name   = "Default"
       schedule            = null
       start_window        = 120
@@ -54,8 +55,40 @@ module "aws_backup_example" {
   #  - Selection-2: Only by resources
   selections = [
     {
-      name      = "selection-1"
-      resources = ["arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1"]
+      name          = "selection-1"
+      resources     = ["arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1"]
+      not_resources = []
+      conditions = {
+        string_equals = [
+          {
+            key   = "aws:ResourceTag/Component"
+            value = "rds"
+          }
+          ,
+          {
+            key   = "aws:ResourceTag/Project"
+            value = "Project1"
+          }
+        ]
+        string_like = [
+          {
+            key   = "aws:ResourceTag/Application"
+            value = "app*"
+          }
+        ]
+        string_not_equals = [
+          {
+            key   = "aws:ResourceTag/Backup"
+            value = "false"
+          }
+        ]
+        string_not_like = [
+          {
+            key   = "aws:ResourceTag/Environment"
+            value = "test*"
+          }
+        ]
+      }
       selection_tags = [
         {
           type  = "STRINGEQUALS"

diff --git a/examples/complete_plan/main.tf b/examples/complete_plan/main.tf
@@ -55,6 +55,7 @@ module "aws_backup_example" {
     },
     {
       name                = "rule-2"
+      schedule            = "cron(0 7 * * ? *)"
       target_vault_name   = "Default"
       schedule            = null
       start_window        = 120
@@ -70,8 +71,40 @@ module "aws_backup_example" {
   #  - Selection-2: Only by resources
   selections = [
     {
-      name      = "selection-1"
-      resources = ["arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1"]
+      name          = "selection-1"
+      resources     = ["arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1"]
+      not_resources = []
+      conditions = {
+        string_equals = [
+          {
+            key   = "aws:ResourceTag/Component"
+            value = "rds"
+          }
+          ,
+          {
+            key   = "aws:ResourceTag/Project"
+            value = "Project1"
+          }
+        ]
+        string_like = [
+          {
+            key   = "aws:ResourceTag/Application"
+            value = "app*"
+          }
+        ]
+        string_not_equals = [
+          {
+            key   = "aws:ResourceTag/Backup"
+            value = "false"
+          }
+        ]
+        string_not_like = [
+          {
+            key   = "aws:ResourceTag/Environment"
+            value = "test*"
+          }
+        ]
+      }
       selection_tags = [
         {
           type  = "STRINGEQUALS"

diff --git a/selection.tf b/selection.tf
@@ -6,7 +6,8 @@ resource "aws_backup_selection" "ab_selection" {
   name         = lookup(element(local.selections, count.index), "name", null)
   plan_id      = aws_backup_plan.ab_plan[0].id
 
-  resources = lookup(element(local.selections, count.index), "resources", null)
+  resources     = lookup(element(local.selections, count.index), "resources", null)
+  not_resources = lookup(element(local.selections, count.index), "not_resources", null)
 
   dynamic "selection_tag" {
     for_each = length(lookup(element(local.selections, count.index), "selection_tags", [])) == 0 ? [] : lookup(element(local.selections, count.index), "selection_tags", [])
@@ -17,8 +18,36 @@ resource "aws_backup_selection" "ab_selection" {
     }
   }
 
-  not_resources = []
-  condition {}
+  condition {
+    dynamic "string_equals" {
+      for_each = lookup(lookup(element(local.selections, count.index), "conditions", {}), "string_equals", [])
+      content {
+        key   = lookup(string_equals.value, "key", null)
+        value = lookup(string_equals.value, "value", null)
+      }
+    }
+    dynamic "string_like" {
+      for_each = lookup(lookup(element(local.selections, count.index), "conditions", {}), "string_like", [])
+      content {
+        key   = lookup(string_like.value, "key", null)
+        value = lookup(string_like.value, "value", null)
+      }
+    }
+    dynamic "string_not_equals" {
+      for_each = lookup(lookup(element(local.selections, count.index), "conditions", {}), "string_not_equals", [])
+      content {
+        key   = lookup(string_not_equals.value, "key", null)
+        value = lookup(string_not_equals.value, "value", null)
+      }
+    }
+    dynamic "string_not_like" {
+      for_each = lookup(lookup(element(local.selections, count.index), "conditions", {}), "string_not_like", [])
+      content {
+        key   = lookup(string_not_like.value, "key", null)
+        value = lookup(string_not_like.value, "value", null)
+      }
+    }
+  }
 }
 
 locals {
@@ -28,6 +57,8 @@ locals {
     {
       name           = var.selection_name
       resources      = var.selection_resources
+      not_resources  = var.selection_not_resources
+      conditions     = var.selection_conditions
       selection_tags = var.selection_tags
     }
   ]

diff --git a/variables.tf b/variables.tf
@@ -111,6 +111,18 @@ variable "selection_resources" {
   default     = []
 }
 
+variable "selection_not_resources" {
+  description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan."
+  type        = list(any)
+  default     = []
+}
+
+variable "selection_conditions" {
+  description = "A map of conditions that you define to assign resources to your backup plans using tags."
+  type        = map(any)
+  default     = {}
+}
+
 variable "selection_tags" {
   description = "List of tags for `selection_name` var, when using variable definition."
   type        = list(any)