From 3ff8e18c5449f610eb9ca99c8e89bd31717a8bd9 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Mon, 24 May 2021 19:36:54 +1200 Subject: [PATCH 1/3] Added null_resource to copy go mod files to top level directory, fixed paths --- Makefile | 8 ++++---- cmd/repositories/create.go | 2 +- locals.tf | 4 ++-- r_lambda.tf | 39 +++++++++++++++++++++++++++----------- 4 files changed, 35 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 6176ddb..8056e2c 100644 --- a/Makefile +++ b/Makefile @@ -2,10 +2,10 @@ build: export GO111MODULE=on - env GOOS=linux go build -ldflags="-s -w" -o bin/auth cmd/auth/. & - env GOOS=linux go build -ldflags="-s -w" -o bin/releases cmd/releases/. & - env GOOS=linux go build -ldflags="-s -w" -o bin/repositories cmd/repositories/. & - env GOOS=linux go build -ldflags="-s -w" -o bin/users cmd/users/. & + env GOOS=linux go build -ldflags="-s -w" -o ./bin/auth ./cmd/auth/. & + env GOOS=linux go build -ldflags="-s -w" -o ./bin/releases ./cmd/releases/. & + env GOOS=linux go build -ldflags="-s -w" -o ./bin/repositories ./cmd/repositories/. & + env GOOS=linux go build -ldflags="-s -w" -o ./bin/users ./cmd/users/. & test: diff --git a/cmd/repositories/create.go b/cmd/repositories/create.go index a011d11..9814902 100644 --- a/cmd/repositories/create.go +++ b/cmd/repositories/create.go @@ -87,7 +87,7 @@ func (app awsController) writeRepoToDB(e createRepoEvent, itemInput map[string]* } return err } - log.Info(fmt.Sprintf("wroterepository %s successfully", e.RepoName)) + log.Info(fmt.Sprintf("wrote repository %s successfully", e.RepoName)) return nil } diff --git a/locals.tf b/locals.tf index 0cebe6f..b0b16b7 100644 --- a/locals.tf +++ b/locals.tf @@ -1,6 +1,4 @@ locals { - path = "${path.module}/../.." - ssm_parameters = { client_pool_secret = { description = "Cognito User Pool client secret." @@ -26,6 +24,8 @@ locals { frontend_module_comprehension = [for module in jsondecode(file("${path.root}/.terraform/modules/modules.json"))["Modules"] : module if length(regexall("vuejs_frontend", module.Key)) > 0][0] frontend_module_path = "${path.root}/${local.frontend_module_comprehension.Dir}" + main_module_path = "./.terraform/modules/${local.main_module_name}" + main_module_name = split(".terraform/modules/", path.module)[1] lambdas = { auth = { diff --git a/r_lambda.tf b/r_lambda.tf index f2a2641..32db45d 100644 --- a/r_lambda.tf +++ b/r_lambda.tf @@ -1,15 +1,32 @@ +resource "null_resource" "go_setup" { + + triggers = { + hash_go_mod = filemd5("${local.main_module_path}/go.mod") + hash_go_sum = filemd5("${local.main_module_path}/go.sum") + } + + provisioner "local-exec" { + command = "cp -f ${local.main_module_path}/go.mod ." + } + + provisioner "local-exec" { + command = "cp -f ${local.main_module_path}/go.sum ." + } +} + resource "null_resource" "lambda_build" { - for_each = local.lambdas + for_each = local.lambdas + depends_on = [null_resource.go_setup] triggers = { binary_exists = local.null.lambda_binary_exists[each.key] - main = join("", [ - for file in fileset("${path.module}/cmd/${each.key}", "*.go") : filebase64("${path.module}/cmd/${each.key}/${file}") + hash_main = join("", [ + for file in fileset("${path.module}/cmd/${each.key}", "*.go") : filemd5("${path.module}/cmd/${each.key}/${file}") ]) - util = join("", [ - for file in fileset("${path.module}/internal/util", "*.go") : filebase64("${path.module}/internal/util/${file}") + hash_util = join("", [ + for file in fileset("${path.module}/internal/util", "*.go") : filemd5("${path.module}/internal/util/${file}") ]) } @@ -18,7 +35,7 @@ resource "null_resource" "lambda_build" { } provisioner "local-exec" { - command = "GOOS=linux go build -ldflags '-s -w' -o ${path.module}/bin/${each.key} ${path.module}/cmd/${each.key}/." + command = "cd ${local.main_module_path} && GOOS=linux go build -ldflags '-s -w' -o ./bin/${each.key} ./cmd/${each.key}/." } } @@ -26,17 +43,17 @@ resource "null_resource" "lambda_test" { for_each = local.lambdas triggers = { - main = join("", [ - for file in fileset("${path.module}/cmd/${each.key}", "*.go") : filebase64("${path.module}/cmd/${each.key}/${file}") + hash_main = join("", [ + for file in fileset("${path.module}/cmd/${each.key}", "*.go") : filemd5("${path.module}/cmd/${each.key}/${file}") ]) - util = join("", [ - for file in fileset("${path.module}/internal/util", "*.go") : filebase64("${path.module}/internal/util/${file}") + hash_util = join("", [ + for file in fileset("${path.module}/internal/util", "*.go") : filemd5("${path.module}/internal/util/${file}") ]) } provisioner "local-exec" { - command = "go test ${path.module}/cmd/${each.key}" + command = "cd ${local.main_module_path} && go test ./cmd/${each.key}" } } From 42e79e080274f6e8085f27df02aa46b0e31fa5d7 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Mon, 24 May 2021 20:37:06 +1200 Subject: [PATCH 2/3] Added support for dashboard using cloudfront DNS --- r_api_gateway.tf | 2 +- r_cognito.tf | 2 +- r_route53.tf | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/r_api_gateway.tf b/r_api_gateway.tf index 48b1eef..8de87af 100644 --- a/r_api_gateway.tf +++ b/r_api_gateway.tf @@ -7,7 +7,7 @@ resource "aws_apigatewayv2_api" "this" { allow_credentials = true allow_headers = ["Content-Type", "Authorization", "X-Session-Id"] allow_methods = ["GET", "OPTIONS", "POST"] - allow_origins = ["https://${var.fqdn_alias}"] + allow_origins = [var.hosted_zone_name != "" && var.fqdn_alias != "" ? "https://${var.fqdn_alias}" : "https://${module.cloudfront.cloudfront_distribution_domain_name}"] max_age = 600 } diff --git a/r_cognito.tf b/r_cognito.tf index 5aa4974..15c6651 100644 --- a/r_cognito.tf +++ b/r_cognito.tf @@ -41,7 +41,7 @@ resource "aws_cognito_user_pool_client" "this" { allowed_oauth_flows_user_pool_client = true allowed_oauth_scopes = ["email", "openid"] supported_identity_providers = ["COGNITO"] - callback_urls = ["https://${var.fqdn_alias}"] + callback_urls = [var.hosted_zone_name != "" && var.fqdn_alias != "" ? "https://${var.fqdn_alias}" : "https://${module.cloudfront.cloudfront_distribution_domain_name}"] explicit_auth_flows = [ "ALLOW_ADMIN_USER_PASSWORD_AUTH", diff --git a/r_route53.tf b/r_route53.tf index c18db7d..98893c3 100644 --- a/r_route53.tf +++ b/r_route53.tf @@ -13,13 +13,13 @@ resource "aws_route53_record" "alias" { } resource "aws_route53_record" "acm" { - for_each = { + for_each = var.hosted_zone_name != "" && var.fqdn_alias != "" ? { for dvo in aws_acm_certificate.this[0].domain_validation_options : dvo.domain_name => { name = dvo.resource_record_name record = dvo.resource_record_value type = dvo.resource_record_type - } if var.hosted_zone_name != "" && var.fqdn_alias != "" - } + } + } : {} allow_overwrite = true name = each.value.name From 9fd768eb6ccbf28552a050b76ffc714cd6405f85 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Mon, 24 May 2021 20:54:13 +1200 Subject: [PATCH 3/3] Added example utilising cloudfront DNS --- terraform_examples/README.md | 7 ++ .../cloudfront_dns/.terraform.lock.hcl | 75 +++++++++++++++++++ terraform_examples/cloudfront_dns/main.tf | 12 +++ terraform_examples/cloudfront_dns/provider.tf | 3 + .../cloudfront_dns/terraform.tfvars | 4 + .../cloudfront_dns/variables.tf | 37 +++++++++ terraform_examples/complete/main.tf | 2 +- 7 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 terraform_examples/README.md create mode 100644 terraform_examples/cloudfront_dns/.terraform.lock.hcl create mode 100644 terraform_examples/cloudfront_dns/main.tf create mode 100644 terraform_examples/cloudfront_dns/provider.tf create mode 100644 terraform_examples/cloudfront_dns/terraform.tfvars create mode 100644 terraform_examples/cloudfront_dns/variables.tf diff --git a/terraform_examples/README.md b/terraform_examples/README.md new file mode 100644 index 0000000..21371a1 --- /dev/null +++ b/terraform_examples/README.md @@ -0,0 +1,7 @@ +### Complete Example + +This is a full invocation and provides everything the module has to offer. + +### Cloudfront DNS Example + +This example creates everything which is created by the complete example. However, it does not create ACM or Route53 resources, and uses the default cloudfront DNS and certficate. The Terraform module invocation is not extenable such that it is possible to provide an ACM certificate ARN and alias to utilise non-default cloudfront DNS and certificate. diff --git a/terraform_examples/cloudfront_dns/.terraform.lock.hcl b/terraform_examples/cloudfront_dns/.terraform.lock.hcl new file mode 100644 index 0000000..80c6ea3 --- /dev/null +++ b/terraform_examples/cloudfront_dns/.terraform.lock.hcl @@ -0,0 +1,75 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "2.2.0" + hashes = [ + "h1:2K5LQkuWRS2YN1/YoNaHn9MAzjuTX8Gaqy6i8Mbfv8Y=", + "zh:06bd875932288f235c16e2237142b493c2c2b6aba0e82e8c85068332a8d2a29e", + "zh:0c681b481372afcaefddacc7ccdf1d3bb3a0c0d4678a526bc8b02d0c331479bc", + "zh:100fc5b3fc01ea463533d7bbfb01cb7113947a969a4ec12e27f5b2be49884d6c", + "zh:55c0d7ddddbd0a46d57c51fcfa9b91f14eed081a45101dbfc7fd9d2278aa1403", + "zh:73a5dd68379119167934c48afa1101b09abad2deb436cd5c446733e705869d6b", + "zh:841fc4ac6dc3479981330974d44ad2341deada8a5ff9e3b1b4510702dfbdbed9", + "zh:91be62c9b41edb137f7f835491183628d484e9d6efa82fcb75cfa538c92791c5", + "zh:acd5f442bd88d67eb948b18dc2ed421c6c3faee62d3a12200e442bfff0aa7d8b", + "zh:ad5720da5524641ad718a565694821be5f61f68f1c3c5d2cfa24426b8e774bef", + "zh:e63f12ea938520b3f83634fc29da28d92eed5cfbc5cc8ca08281a6a9c36cca65", + "zh:f6542918faa115df46474a36aabb4c3899650bea036b5f8a5e296be6f8f25767", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.42.0" + constraints = ">= 3.37.0" + hashes = [ + "h1:C6/yDp6BhuDFx0qdkBuJj/OWUJpAoraHTJaU6ac38Rw=", + "zh:126c856a6eedddd8571f161a826a407ba5655a37a6241393560a96b8c4beca1a", + "zh:1a4868e6ac734b5fc2e79a4a889d176286b66664aad709435aa6acee5871d5b0", + "zh:40fed7637ab8ddeb93bef06aded35d970f0628025b97459ae805463e8aa0a58a", + "zh:68def3c0a5a1aac1db6372c51daef858b707f03052626d3427ac24cba6f2014d", + "zh:6db7ec9c8d1803a0b6f40a664aa892e0f8894562de83061fa7ac1bc51ff5e7e5", + "zh:7058abaad595930b3f97dc04e45c112b2dbf37d098372a849081f7081da2fb52", + "zh:8c25adb15a19da301c478aa1f4a4d8647cabdf8e5dae8331d4490f80ea718c26", + "zh:8e129b847401e39fcbc54817726dab877f36b7f00ff5ed76f7b43470abe99ff9", + "zh:d268bb267a2d6b39df7ddee8efa7c1ef7a15cf335dfa5f2e64c9dae9b623a1b8", + "zh:d6eeb3614a0ab50f8e9ab5666ae5754ea668ce327310e5b21b7f04a18d7611a8", + "zh:f5d3c58055dff6e38562b75d3edc908cb2f1e45c6914f6b00f4773359ce49324", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.1.0" + hashes = [ + "h1:LTl5CGW8wiIEe16AC4MtXN/95xWWNDbap70zJsBTk0w=", + "zh:0d83ffb72fbd08986378204a7373d8c43b127049096eaf2765bfdd6b00ad9853", + "zh:7577d6edc67b1e8c2cf62fe6501192df1231d74125d90e51d570d586d95269c5", + "zh:9c669ded5d5affa4b2544952c4b6588dfed55260147d24ced02dca3a2829f328", + "zh:a404d46f2831f90633947ab5d57e19dbfe35b3704104ba6ec80bcf50b058acfd", + "zh:ae1caea1c936d459ceadf287bb5c5bd67b5e2a7819df6f5c4114b7305df7f822", + "zh:afb4f805477694a4b9dde86b268d2c0821711c8aab1c6088f5f992228c4c06fb", + "zh:b993b4a1de8a462643e78f4786789e44ce5064b332fee1cb0d6250ed085561b8", + "zh:c84b2c13fa3ea2c0aa7291243006d560ce480a5591294b9001ce3742fc9c5791", + "zh:c8966f69b7eccccb771704fd5335923692eccc9e0e90cb95d14538fe2e92a3b8", + "zh:d5fe68850d449b811e633a300b114d0617df6d450305e8251643b4d143dc855b", + "zh:ddebfd1e674ba336df09b1f27bbaa0e036c25b7a7087dc8081443f6e5954028b", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.1.0" + hashes = [ + "h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=", + "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2", + "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515", + "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521", + "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2", + "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e", + "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53", + "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d", + "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8", + "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70", + "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b", + "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e", + ] +} diff --git a/terraform_examples/cloudfront_dns/main.tf b/terraform_examples/cloudfront_dns/main.tf new file mode 100644 index 0000000..a16e0f1 --- /dev/null +++ b/terraform_examples/cloudfront_dns/main.tf @@ -0,0 +1,12 @@ +module "moot" { + source = "github.com/seanturner026/moot.git" + + name = "moot" + admin_user_email = var.admin_user_email + enable_delete_admin_user = false + github_token = var.github_token + gitlab_token = var.gitlab_token + slack_webhook_url = var.slack_webhook_url + enable_api_gateway_access_logs = true + tags = var.tags +} diff --git a/terraform_examples/cloudfront_dns/provider.tf b/terraform_examples/cloudfront_dns/provider.tf new file mode 100644 index 0000000..c125940 --- /dev/null +++ b/terraform_examples/cloudfront_dns/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "us-east-1" +} diff --git a/terraform_examples/cloudfront_dns/terraform.tfvars b/terraform_examples/cloudfront_dns/terraform.tfvars new file mode 100644 index 0000000..43a5b93 --- /dev/null +++ b/terraform_examples/cloudfront_dns/terraform.tfvars @@ -0,0 +1,4 @@ +tags = { + name = "moot" + managed_by = "terraform" +} diff --git a/terraform_examples/cloudfront_dns/variables.tf b/terraform_examples/cloudfront_dns/variables.tf new file mode 100644 index 0000000..57c8d32 --- /dev/null +++ b/terraform_examples/cloudfront_dns/variables.tf @@ -0,0 +1,37 @@ +variable "tags" { + type = map(string) + description = "Map of tags to be applied to resources." +} + +variable "admin_user_email" { + type = string + description = <<-DESC + Controls the creation of an admin user that is required to initially gain access to the + dashboard. + + If access to the dashboard is completely lost, do the following + • `var.enable_delete_admin_user = true` + • `terraform apply` + • `var.enable_delete_admin_user = false` + • `terraform apply` + + If the initial admin user should no longer be able to access the dashboard, revoke access by + setting `var.enable_delete_admin_user = true` and running `terraform apply` + DESC + default = "" +} + +variable "github_token" { + type = string + description = "Token for Github." +} + +variable "gitlab_token" { + type = string + description = "Token for Gitlab." +} + +variable "slack_webhook_url" { + type = string + description = "URL to send slack message payloads to." +} diff --git a/terraform_examples/complete/main.tf b/terraform_examples/complete/main.tf index a53ad7b..3913786 100644 --- a/terraform_examples/complete/main.tf +++ b/terraform_examples/complete/main.tf @@ -1,5 +1,5 @@ module "moot" { - source = "github.com/seanturner026/moot.git?ref=terraform-module" + source = "github.com/seanturner026/moot.git" name = "moot" admin_user_email = var.admin_user_email