Fix counts. Add enabled flag. Use dynamic block for Deploy stage (#62)

* Fix counts * Use dynamic block for Deploy stage. Change AWS region for tests. Use var.enabled * Add `dynamic "action"` * Add `dynamic "action"` * Update variables * Update variables * Update variables * Update variables * Update variables
cloudposse · Oct 11, 2019 · 707731c · 707731c
1 parent debb772
commit 707731c
Show file tree

Hide file tree

Showing 9 changed files with 101 additions and 119 deletions.
diff --git a/README.md b/README.md
@@ -222,26 +222,27 @@ Available targets:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| app | Elastic Beanstalk application name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | aws_account_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
-| aws_region | AWS Region, e.g. `us-east-1`. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
 | branch | Branch of the GitHub repository, _e.g._ `master` | string | - | yes |
 | build_compute_type | `CodeBuild` instance size.  Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE``` | string | `BUILD_GENERAL1_SMALL` | no |
 | build_image | Docker image for build environment, _e.g._ `aws/codebuild/standard:2.0` or `aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0` | string | `aws/codebuild/standard:2.0` | no |
 | buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | string | `` | no |
 | codebuild_cache_bucket_suffix_enabled | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value | bool | `true` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
+| elastic_beanstalk_application_name | Elastic Beanstalk application name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
+| elastic_beanstalk_environment_name | Elastic Beanstalk environment name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | enabled | Enable ``CodePipeline`` creation | bool | `true` | no |
-| env | Elastic Beanstalk environment name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | environment_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | object | `<list>` | no |
-| github_oauth_token | GitHub Oauth Token with permissions to access private repositories | string | - | yes |
+| force_destroy | Force destroy the CI/CD S3 bucket even if it's not empty | bool | `false` | no |
+| github_oauth_token | GitHub Oauth Token | string | - | yes |
 | image_repo_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `UNSET` | no |
 | image_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `latest` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | string | - | yes |
 | namespace | Namespace, which could be your organization name, e.g. 'eg' or 'cp' | string | `` | no |
 | poll_source_changes | Periodically check the location of your source content and run the pipeline if changes are detected | bool | `true` | no |
 | privileged_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | bool | `false` | no |
+| region | AWS Region, e.g. `us-east-1`. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
 | repo_name | GitHub repository name of the application to be built (and deployed to Elastic Beanstalk if configured) | string | - | yes |
 | repo_owner | GitHub Organization or Person name | string | - | yes |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | `` | no |
@@ -385,11 +386,11 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 |---|---|---|
 
   [osterman_homepage]: https://github.com/osterman
-  [osterman_avatar]: https://github.com/osterman.png?size=150
+  [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png
   [goruha_homepage]: https://github.com/goruha
-  [goruha_avatar]: https://github.com/goruha.png?size=150
+  [goruha_avatar]: https://img.cloudposse.com/150x150/https://github.com/goruha.png
   [aknysh_homepage]: https://github.com/aknysh
-  [aknysh_avatar]: https://github.com/aknysh.png?size=150
+  [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png
 
 
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -2,26 +2,27 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| app | Elastic Beanstalk application name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | aws_account_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
-| aws_region | AWS Region, e.g. `us-east-1`. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
 | branch | Branch of the GitHub repository, _e.g._ `master` | string | - | yes |
 | build_compute_type | `CodeBuild` instance size.  Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE``` | string | `BUILD_GENERAL1_SMALL` | no |
 | build_image | Docker image for build environment, _e.g._ `aws/codebuild/standard:2.0` or `aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0` | string | `aws/codebuild/standard:2.0` | no |
 | buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | string | `` | no |
 | codebuild_cache_bucket_suffix_enabled | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value | bool | `true` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
+| elastic_beanstalk_application_name | Elastic Beanstalk application name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
+| elastic_beanstalk_environment_name | Elastic Beanstalk environment name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | enabled | Enable ``CodePipeline`` creation | bool | `true` | no |
-| env | Elastic Beanstalk environment name. If not provided or set to empty string, the ``Deploy`` stage of the pipeline will not be created | string | `` | no |
 | environment_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | object | `<list>` | no |
-| github_oauth_token | GitHub Oauth Token with permissions to access private repositories | string | - | yes |
+| force_destroy | Force destroy the CI/CD S3 bucket even if it's not empty | bool | `false` | no |
+| github_oauth_token | GitHub Oauth Token | string | - | yes |
 | image_repo_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `UNSET` | no |
 | image_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `latest` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | string | - | yes |
 | namespace | Namespace, which could be your organization name, e.g. 'eg' or 'cp' | string | `` | no |
 | poll_source_changes | Periodically check the location of your source content and run the pipeline if changes are detected | bool | `true` | no |
 | privileged_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | bool | `false` | no |
+| region | AWS Region, e.g. `us-east-1`. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | string | `` | no |
 | repo_name | GitHub repository name of the application to be built (and deployed to Elastic Beanstalk if configured) | string | - | yes |
 | repo_owner | GitHub Organization or Person name | string | - | yes |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | `` | no |

diff --git a/examples/complete/fixtures.us-west-1.tfvars → examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-west-1.tfvars → examples/complete/fixtures.us-east-2.tfvars
@@ -1,10 +1,10 @@
-region = "us-west-1"
+region = "us-east-2"
 
 namespace = "eg"
 
 stage = "test"
 
-name = "cicd-test"
+name = "cicd"
 
 github_oauth_token = "test"
 
@@ -18,6 +18,8 @@ poll_source_changes = false
 
 codebuild_cache_bucket_suffix_enabled = false
 
+force_destroy = true
+
 environment_variables = [
   {
     name  = "APP_URL"

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -7,11 +7,13 @@ module "cicd" {
   namespace                             = var.namespace
   stage                                 = var.stage
   name                                  = var.name
+  region                                = var.region
   github_oauth_token                    = var.github_oauth_token
   repo_owner                            = var.repo_owner
   repo_name                             = var.repo_name
   branch                                = var.branch
   poll_source_changes                   = var.poll_source_changes
   environment_variables                 = var.environment_variables
   codebuild_cache_bucket_suffix_enabled = var.codebuild_cache_bucket_suffix_enabled
+  force_destroy                         = var.force_destroy
 }
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -20,7 +20,7 @@ variable "name" {
 
 variable "github_oauth_token" {
   type        = string
-  description = "GitHub Oauth Token with permissions to access private repositories"
+  description = "GitHub Oauth Token"
 }
 
 variable "repo_owner" {
@@ -63,3 +63,8 @@ variable "codebuild_cache_bucket_suffix_enabled" {
   type        = bool
   description = "The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value"
 }
+
+variable "force_destroy" {
+  type        = bool
+  description = "Force destroy the CI/CD S3 bucket even if it's not empty"
+}
diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@ data "aws_region" "default" {
 }
 
 module "label" {
-  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.1"
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0"
   enabled    = var.enabled
   namespace  = var.namespace
   name       = var.name
@@ -16,17 +16,22 @@ module "label" {
 }
 
 resource "aws_s3_bucket" "default" {
-  bucket = module.label.id
-  acl    = "private"
-  tags   = module.label.tags
+  count         = var.enabled ? 1 : 0
+  bucket        = module.label.id
+  acl           = "private"
+  force_destroy = var.force_destroy
+  tags          = module.label.tags
 }
 
 resource "aws_iam_role" "default" {
+  count              = var.enabled ? 1 : 0
   name               = module.label.id
-  assume_role_policy = data.aws_iam_policy_document.assume.json
+  assume_role_policy = join("", data.aws_iam_policy_document.assume.*.json)
 }
 
 data "aws_iam_policy_document" "assume" {
+  count = var.enabled ? 1 : 0
+
   statement {
     sid = ""
 
@@ -44,16 +49,20 @@ data "aws_iam_policy_document" "assume" {
 }
 
 resource "aws_iam_role_policy_attachment" "default" {
-  role       = aws_iam_role.default.id
-  policy_arn = aws_iam_policy.default.arn
+  count      = var.enabled ? 1 : 0
+  role       = join("", aws_iam_role.default.*.id)
+  policy_arn = join("", aws_iam_policy.default.*.arn)
 }
 
 resource "aws_iam_policy" "default" {
+  count  = var.enabled ? 1 : 0
   name   = module.label.id
-  policy = data.aws_iam_policy_document.default.json
+  policy = join("", data.aws_iam_policy_document.default.*.json)
 }
 
 data "aws_iam_policy_document" "default" {
+  count = var.enabled ? 1 : 0
+
   statement {
     sid = ""
 
@@ -79,16 +88,20 @@ data "aws_iam_policy_document" "default" {
 }
 
 resource "aws_iam_role_policy_attachment" "s3" {
-  role       = aws_iam_role.default.id
-  policy_arn = aws_iam_policy.s3.arn
+  count      = var.enabled ? 1 : 0
+  role       = join("", aws_iam_role.default.*.id)
+  policy_arn = join("", aws_iam_policy.s3.*.arn)
 }
 
 resource "aws_iam_policy" "s3" {
+  count  = var.enabled ? 1 : 0
   name   = "${module.label.id}-s3"
-  policy = data.aws_iam_policy_document.s3.json
+  policy = join("", data.aws_iam_policy_document.s3.*.json)
 }
 
 data "aws_iam_policy_document" "s3" {
+  count = var.enabled ? 1 : 0
+
   statement {
     sid = ""
 
@@ -100,8 +113,8 @@ data "aws_iam_policy_document" "s3" {
     ]
 
     resources = [
-      aws_s3_bucket.default.arn,
-      "${aws_s3_bucket.default.arn}/*",
+      join("", aws_s3_bucket.default.*.arn),
+      "${join("", aws_s3_bucket.default.*.arn)}/*",
       "arn:aws:s3:::elasticbeanstalk*"
     ]
 
@@ -110,21 +123,25 @@ data "aws_iam_policy_document" "s3" {
 }
 
 resource "aws_iam_role_policy_attachment" "codebuild" {
-  role       = aws_iam_role.default.id
-  policy_arn = aws_iam_policy.codebuild.arn
+  count      = var.enabled ? 1 : 0
+  role       = join("", aws_iam_role.default.*.id)
+  policy_arn = join("", aws_iam_policy.codebuild.*.arn)
 }
 
 resource "aws_iam_policy" "codebuild" {
+  count  = var.enabled ? 1 : 0
   name   = "${module.label.id}-codebuild"
-  policy = data.aws_iam_policy_document.codebuild.json
+  policy = join("", data.aws_iam_policy_document.codebuild.*.json)
 }
 
 data "aws_iam_policy_document" "codebuild" {
+  count = var.enabled ? 1 : 0
+
   statement {
     sid = ""
 
     actions = [
-      "codebuild:*",
+      "codebuild:*"
     ]
 
     resources = [module.codebuild.project_id]
@@ -134,6 +151,7 @@ data "aws_iam_policy_document" "codebuild" {
 
 module "codebuild" {
   source                      = "git::https://github.com/cloudposse/terraform-aws-codebuild.git?ref=tags/0.17.0"
+  enabled                     = var.enabled
   namespace                   = var.namespace
   name                        = var.name
   stage                       = var.stage
@@ -144,8 +162,8 @@ module "codebuild" {
   attributes                  = concat(var.attributes, ["build"])
   tags                        = var.tags
   privileged_mode             = var.privileged_mode
-  aws_region                  = signum(length(var.aws_region)) == 1 ? var.aws_region : data.aws_region.default.name
-  aws_account_id              = signum(length(var.aws_account_id)) == 1 ? var.aws_account_id : data.aws_caller_identity.default.account_id
+  aws_region                  = var.region != "" ? var.region : data.aws_region.default.name
+  aws_account_id              = var.aws_account_id != "" ? var.aws_account_id : data.aws_caller_identity.default.account_id
   image_repo_name             = var.image_repo_name
   image_tag                   = var.image_tag
   github_token                = var.github_oauth_token
@@ -154,8 +172,9 @@ module "codebuild" {
 }
 
 resource "aws_iam_role_policy_attachment" "codebuild_s3" {
+  count      = var.enabled ? 1 : 0
   role       = module.codebuild.role_id
-  policy_arn = aws_iam_policy.s3.arn
+  policy_arn = join("", aws_iam_policy.s3.*.arn)
 }
 
 # Only one of the `aws_codepipeline` resources below will be created:
@@ -174,14 +193,14 @@ resource "aws_iam_role_policy_attachment" "codebuild_s3" {
 
 # 1. GitHub -> ECR (Docker image)
 
-resource "aws_codepipeline" "source_build_deploy" {
+resource "aws_codepipeline" "default" {
   # Elastic Beanstalk application name and environment name are specified
-  count    = var.enabled && signum(length(var.app)) == 1 && signum(length(var.env)) == 1 ? 1 : 0
+  count    = var.enabled ? 1 : 0
   name     = module.label.id
-  role_arn = aws_iam_role.default.arn
+  role_arn = join("", aws_iam_role.default.*.arn)
 
   artifact_store {
-    location = aws_s3_bucket.default.bucket
+    location = join("", aws_s3_bucket.default.*.bucket)
     type     = "S3"
   }
 
@@ -225,71 +244,23 @@ resource "aws_codepipeline" "source_build_deploy" {
     }
   }
 
-  stage {
-    name = "Deploy"
-
-    action {
-      name            = "Deploy"
-      category        = "Deploy"
-      owner           = "AWS"
-      provider        = "ElasticBeanstalk"
-      input_artifacts = ["package"]
-      version         = "1"
-
-      configuration = {
-        ApplicationName = var.app
-        EnvironmentName = var.env
-      }
-    }
-  }
-}
-
-resource "aws_codepipeline" "source_build" {
-  count    = var.enabled && signum(length(var.app)) == 0 || signum(length(var.env)) == 0 ? 1 : 0
-  name     = module.label.id
-  role_arn = aws_iam_role.default.arn
-
-  artifact_store {
-    location = aws_s3_bucket.default.bucket
-    type     = "S3"
-  }
-
-  stage {
-    name = "Source"
-
-    action {
-      name             = "Source"
-      category         = "Source"
-      owner            = "ThirdParty"
-      provider         = "GitHub"
-      version          = "1"
-      output_artifacts = ["code"]
-
-      configuration = {
-        OAuthToken           = var.github_oauth_token
-        Owner                = var.repo_owner
-        Repo                 = var.repo_name
-        Branch               = var.branch
-        PollForSourceChanges = var.poll_source_changes
-      }
-    }
-  }
-
-  stage {
-    name = "Build"
-
-    action {
-      name     = "Build"
-      category = "Build"
-      owner    = "AWS"
-      provider = "CodeBuild"
-      version  = "1"
-
-      input_artifacts  = ["code"]
-      output_artifacts = ["package"]
-
-      configuration = {
-        ProjectName = module.codebuild.project_name
+  dynamic "stage" {
+    for_each = var.elastic_beanstalk_application_name != "" && var.elastic_beanstalk_environment_name != "" ? ["true"] : []
+    content {
+      name = "Deploy"
+
+      action {
+        name            = "Deploy"
+        category        = "Deploy"
+        owner           = "AWS"
+        provider        = "ElasticBeanstalk"
+        input_artifacts = ["package"]
+        version         = "1"
+
+        configuration = {
+          ApplicationName = var.elastic_beanstalk_application_name
+          EnvironmentName = var.elastic_beanstalk_environment_name
+        }
       }
     }
   }