From f72e724185cb494fa1a5e6cdcace54b6c1db1216 Mon Sep 17 00:00:00 2001 From: Ryan Fisher <1899850+techfishio@users.noreply.github.com> Date: Fri, 20 Sep 2019 19:55:58 -0700 Subject: [PATCH 01/51] Add instance arn to outputs (#40) --- README.md | 1 + docs/terraform.md | 1 + outputs.tf | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 8266673..1928f46 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,7 @@ Available targets: |------|-------------| | hostname | DNS host name of the instance | | instance_address | Address of the instance | +| instance_arn | ARN of the instance | | instance_endpoint | DNS Endpoint of the instance | | instance_id | ID of the instance | | option_group_id | ID of the Option Group | diff --git a/docs/terraform.md b/docs/terraform.md index 286e40a..38724c9 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -55,6 +55,7 @@ |------|-------------| | hostname | DNS host name of the instance | | instance_address | Address of the instance | +| instance_arn | ARN of the instance | | instance_endpoint | DNS Endpoint of the instance | | instance_id | ID of the instance | | option_group_id | ID of the Option Group | diff --git a/outputs.tf b/outputs.tf index c25f3b6..285bb4b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -3,6 +3,11 @@ output "instance_id" { description = "ID of the instance" } +output "instance_arn" { + value = join("", aws_db_instance.default.*.arn) + description = "ARN of the instance" +} + output "instance_address" { value = join("", aws_db_instance.default.*.address) description = "Address of the instance" From d5c553468b491ddfc2ef79db557c399511914501 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Sat, 12 Oct 2019 16:44:09 +0600 Subject: [PATCH 02/51] fix for computed_major_engine_version in case of postgres (#42) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 7e9c635..6c824a4 100644 --- a/main.tf +++ b/main.tf @@ -21,7 +21,7 @@ module "final_snapshot_label" { } locals { - computed_major_engine_version = join(".", slice(split(".", var.engine_version), 0, 2)) + computed_major_engine_version = var.engine == "postgres" ? join(".", slice(split(".", var.engine_version), 0, 1)) : join(".", slice(split(".", var.engine_version), 0, 2)) major_engine_version = var.major_engine_version == "" ? local.computed_major_engine_version : var.major_engine_version } From 15cb9e2166dac79085988ebcda3f1c25d0b1f737 Mon Sep 17 00:00:00 2001 From: Matt Gowie Date: Fri, 18 Oct 2019 19:40:07 -0600 Subject: [PATCH 03/51] Adds `allowed_cidr_blocks` support to RDS SG (#43) * Adds `allowed_cidr_blocks` support to RDS SG Adds `allowed_cidr_blocks` to support whitelisting IP ranges for connecting to RDS instances outside of AWS. This is directly similar to cloudposse/terraform-aws-rds-cluster's `allowed_cidr_blocks` https://github.com/cloudposse/terraform-aws-rds-cluster/blob/master/variables.tf#L172 * Fixes cidr_blocks > cidr_block typo * Adds `make readme` output to address feedback --- README.md | 2 ++ README.yaml | 1 + docs/terraform.md | 1 + main.tf | 7 +++++++ variables.tf | 6 ++++++ 5 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 1928f46..0e4d72e 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ module "rds_instance" { dns_zone_id = "Z89FN1IW975KPE" host_name = "db" security_group_ids = ["sg-xxxxxxxx"] + allowed_cidr_blocks = ["XXX.XXX.XXX.XXX/32"] database_name = "wordpress" database_user = "admin" database_password = "xxxxxxxxxxxx" @@ -130,6 +131,7 @@ Available targets: |------|-------------|:----:|:-----:|:-----:| | allocated_storage | The allocated storage in GBs | number | - | yes | | allow_major_version_upgrade | Allow major version upgrade | bool | `false` | no | +| allowed_cidr_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | `false` | no | | associate_security_group_ids | The IDs of the existing security groups to associate with the DB instance | list(string) | `` | no | | attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | diff --git a/README.yaml b/README.yaml index 801f9da..48df493 100644 --- a/README.yaml +++ b/README.yaml @@ -76,6 +76,7 @@ usage: |- dns_zone_id = "Z89FN1IW975KPE" host_name = "db" security_group_ids = ["sg-xxxxxxxx"] + allowed_cidr_blocks = ["XXX.XXX.XXX.XXX/32"] database_name = "wordpress" database_user = "admin" database_password = "xxxxxxxxxxxx" diff --git a/docs/terraform.md b/docs/terraform.md index 38724c9..2e976da 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,6 +4,7 @@ |------|-------------|:----:|:-----:|:-----:| | allocated_storage | The allocated storage in GBs | number | - | yes | | allow_major_version_upgrade | Allow major version upgrade | bool | `false` | no | +| allowed_cidr_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | `false` | no | | associate_security_group_ids | The IDs of the existing security groups to associate with the DB instance | list(string) | `` | no | | attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | diff --git a/main.tf b/main.tf index 6c824a4..cecafc2 100644 --- a/main.tf +++ b/main.tf @@ -129,6 +129,13 @@ resource "aws_security_group" "default" { description = "Allow inbound traffic from the security groups" vpc_id = var.vpc_id + ingress { + from_port = var.database_port + to_port = var.database_port + protocol = "tcp" + cidr_blocks = var.allowed_cidr_blocks + } + ingress { from_port = var.database_port to_port = var.database_port diff --git a/variables.tf b/variables.tf index c8b939e..d72740f 100644 --- a/variables.tf +++ b/variables.tf @@ -39,6 +39,12 @@ variable "security_group_ids" { description = "The IDs of the security groups from which to allow `ingress` traffic to the DB instance" } +variable "allowed_cidr_blocks" { + type = list(string) + default = [] + description = "The whitelisted CIDRs which to allow `ingress` traffic to the DB instance" +} + variable "associate_security_group_ids" { type = list(string) default = [] From 85f6af36322046bacc650a0c08ec21177eaa37ac Mon Sep 17 00:00:00 2001 From: Andriy Knysh Date: Tue, 22 Oct 2019 14:25:32 -0400 Subject: [PATCH 04/51] Add standalone ingress/egress rules to the RDS security group. Change AWS region for tests (#44) * Add standalone ingress/egress rules to the RDS security group. Change AWS region for tests * Add standalone ingress/egress rules to the RDS security group. Change AWS region for tests --- ...est-1.tfvars => fixtures.us-east-2.tfvars} | 4 +- main.tf | 55 +++++++++++-------- test/src/examples_complete_test.go | 6 +- 3 files changed, 38 insertions(+), 27 deletions(-) rename examples/complete/{fixtures.us-west-1.tfvars => fixtures.us-east-2.tfvars} (87%) diff --git a/examples/complete/fixtures.us-west-1.tfvars b/examples/complete/fixtures.us-east-2.tfvars similarity index 87% rename from examples/complete/fixtures.us-west-1.tfvars rename to examples/complete/fixtures.us-east-2.tfvars index 52c5ebc..486641d 100644 --- a/examples/complete/fixtures.us-west-1.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -1,6 +1,6 @@ -region = "us-west-1" +region = "us-east-2" -availability_zones = ["us-west-1b", "us-west-1c"] +availability_zones = ["us-east-2a", "us-east-2b"] namespace = "eg" diff --git a/main.tf b/main.tf index cecafc2..734a1e8 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ module "label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.1" + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0" enabled = var.enabled namespace = var.namespace name = var.name @@ -10,7 +10,7 @@ module "label" { } module "final_snapshot_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.1" + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0" enabled = var.enabled namespace = var.namespace name = var.name @@ -128,29 +128,40 @@ resource "aws_security_group" "default" { name = module.label.id description = "Allow inbound traffic from the security groups" vpc_id = var.vpc_id + tags = module.label.tags +} - ingress { - from_port = var.database_port - to_port = var.database_port - protocol = "tcp" - cidr_blocks = var.allowed_cidr_blocks - } - - ingress { - from_port = var.database_port - to_port = var.database_port - protocol = "tcp" - security_groups = var.security_group_ids - } +resource "aws_security_group_rule" "ingress_security_groups" { + count = var.enabled ? length(var.security_group_ids) : 0 + description = "Allow inbound traffic from existing Security Groups" + type = "ingress" + from_port = var.database_port + to_port = var.database_port + protocol = "tcp" + source_security_group_id = var.security_group_ids[count.index] + security_group_id = join("", aws_security_group.default.*.id) +} - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } +resource "aws_security_group_rule" "ingress_cidr_blocks" { + count = var.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 + description = "Allow inbound traffic from CIDR blocks" + type = "ingress" + from_port = var.database_port + to_port = var.database_port + protocol = "tcp" + cidr_blocks = var.allowed_cidr_blocks + security_group_id = join("", aws_security_group.default.*.id) +} - tags = module.label.tags +resource "aws_security_group_rule" "egress" { + count = var.enabled ? 1 : 0 + description = "Allow all egress traffic" + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = join("", aws_security_group.default.*.id) } module "dns_host_name" { diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 90e1ace..66780d6 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -16,7 +16,7 @@ func TestExamplesComplete(t *testing.T) { TerraformDir: "../../examples/complete", Upgrade: true, // Variables to pass to our Terraform code using -var-file options - VarFiles: []string{"fixtures.us-west-1.tfvars"}, + VarFiles: []string{"fixtures.us-east-2.tfvars"}, } // At the end of the test, run `terraform destroy` to clean up any resources that were created @@ -33,12 +33,12 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable privateSubnetCidrs := terraform.OutputList(t, terraformOptions, "private_subnet_cidrs") // Verify we're getting back the outputs we expect - assert.Equal(t, []string{"172.16.0.0/18", "172.16.64.0/18"}, privateSubnetCidrs) + assert.Equal(t, []string{"172.16.0.0/19", "172.16.32.0/19"}, privateSubnetCidrs) // Run `terraform output` to get the value of an output variable publicSubnetCidrs := terraform.OutputList(t, terraformOptions, "public_subnet_cidrs") // Verify we're getting back the outputs we expect - assert.Equal(t, []string{"172.16.128.0/18", "172.16.192.0/18"}, publicSubnetCidrs) + assert.Equal(t, []string{"172.16.96.0/19", "172.16.128.0/19"}, publicSubnetCidrs) // Run `terraform output` to get the value of an output variable instanceId := terraform.Output(t, terraformOptions, "instance_id") From e16d1ba7a356dd94fe0e101eba0d31dada98cd10 Mon Sep 17 00:00:00 2001 From: Konrad Obal Date: Sat, 2 Nov 2019 06:28:57 +0100 Subject: [PATCH 05/51] feat: Add RDS Performance Insights arguments (#47) Motivation: Allow to configure Performance Insights for RDS --- README.md | 3 +++ docs/terraform.md | 3 +++ main.tf | 4 ++++ variables.tf | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+) diff --git a/README.md b/README.md index 0e4d72e..e5a99ab 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,9 @@ Available targets: | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | | option_group_name | Name of the DB option group to associate | string | `` | no | | parameter_group_name | Name of the DB parameter group to associate | string | `` | no | +| performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | +| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | string | `null` | no | +| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number | `7` | no | | publicly_accessible | Determines if database can be publicly available (NOT recommended) | bool | `false` | no | | security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 2e976da..1b34f28 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -39,6 +39,9 @@ | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | | option_group_name | Name of the DB option group to associate | string | `` | no | | parameter_group_name | Name of the DB parameter group to associate | string | `` | no | +| performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | +| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | string | `null` | no | +| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number | `7` | no | | publicly_accessible | Determines if database can be publicly available (NOT recommended) | bool | `false` | no | | security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | diff --git a/main.tf b/main.tf index 734a1e8..434eefd 100644 --- a/main.tf +++ b/main.tf @@ -67,6 +67,10 @@ resource "aws_db_instance" "default" { tags = module.label.tags deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id + + performance_insights_enabled = var.performance_insights_enabled + performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null + performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null } resource "aws_db_parameter_group" "default" { diff --git a/variables.tf b/variables.tf index d72740f..f9507e7 100644 --- a/variables.tf +++ b/variables.tf @@ -297,3 +297,21 @@ variable "kms_key_arn" { description = "The ARN of the existing KMS key to encrypt storage" default = "" } + +variable "performance_insights_enabled" { + type = bool + default = false + description = "Specifies whether Performance Insights are enabled." +} + +variable "performance_insights_kms_key_id" { + type = string + default = null + description = "The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed." +} + +variable "performance_insights_retention_period" { + type = number + default = 7 + description = "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)." +} From 477a0e5a640bd253e7510912b041f09d9c6d3232 Mon Sep 17 00:00:00 2001 From: Konrad Obal Date: Wed, 6 Nov 2019 19:21:56 +0100 Subject: [PATCH 06/51] feat: Add variable "enabled_cloudwatch_logs_exports" (#48) --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index e5a99ab..f373ecf 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,7 @@ Available targets: | delimiter | Delimiter to be used between `name`, `namespace`, `stage` and `attributes` | string | `-` | no | | dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | +| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | | engine | Database engine type | string | - | yes | | engine_version | Database engine version, depends on engine type | string | - | yes | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 1b34f28..1db7c1b 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,6 +23,7 @@ | delimiter | Delimiter to be used between `name`, `namespace`, `stage` and `attributes` | string | `-` | no | | dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | +| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | | engine | Database engine type | string | - | yes | | engine_version | Database engine version, depends on engine type | string | - | yes | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | diff --git a/main.tf b/main.tf index 434eefd..a5eb3f6 100644 --- a/main.tf +++ b/main.tf @@ -68,6 +68,7 @@ resource "aws_db_instance" "default" { deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports performance_insights_enabled = var.performance_insights_enabled performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null diff --git a/variables.tf b/variables.tf index f9507e7..f5fdb3a 100644 --- a/variables.tf +++ b/variables.tf @@ -315,3 +315,9 @@ variable "performance_insights_retention_period" { default = 7 description = "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)." } + +variable "enabled_cloudwatch_logs_exports" { + type = list(string) + default = [] + description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)." +} \ No newline at end of file From 367bd1bd306ea2ffa7c758c203bbae0dcce1eed3 Mon Sep 17 00:00:00 2001 From: Adam Crews Date: Sun, 5 Jan 2020 20:57:43 -0800 Subject: [PATCH 07/51] Use the latest label module to support the environment attribute (#49) --- README.md | 139 ++++++++++++++++++++++++++++++---------------- docs/terraform.md | 11 ++-- main.tf | 34 ++++++------ variables.tf | 53 ++++++++++-------- 4 files changed, 145 insertions(+), 92 deletions(-) diff --git a/README.md b/README.md index f373ecf..a9f7303 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,43 @@ - + [![README Header][readme_header_img]][readme_header_link] [![Cloud Posse][logo]](https://cpco.io/homepage) @@ -147,12 +186,13 @@ Available targets: | db_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | object | `` | no | | db_parameter_group | Parameter group, depends on DB engine used | string | - | yes | | deletion_protection | Set to true to enable deletion protection on the RDS instance | bool | `false` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage` and `attributes` | string | `-` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | | dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | | enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | | engine | Database engine type | string | - | yes | | engine_version | Database engine version, depends on engine type | string | - | yes | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | | host_name | The DB host name created in Route53 | string | `db` | no | | instance_class | Class of RDS instance | string | - | yes | @@ -163,8 +203,8 @@ Available targets: | major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | | max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | | multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | -| name | The Name of the application or solution (e.g. `bastion` or `portal`) | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | | option_group_name | Name of the DB option group to associate | string | `` | no | | parameter_group_name | Name of the DB parameter group to associate | string | `` | no | | performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | @@ -174,11 +214,11 @@ Available targets: | security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | | snapshot_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | string | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | | storage_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | bool | `false` | no | | storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | string | `standard` | no | | subnet_ids | List of subnets for the DB | list(string) | - | yes | -| tags | Additional tags (e.g. { BusinessUnit : ABC }) | map(string) | `` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | | vpc_id | VPC ID the DB instance will be created in | string | - | yes | ## Outputs @@ -216,34 +256,33 @@ Check out these related projects. ## Help -**Got a question?** +**Got a question?** We got answers. File a GitHub [issue](https://github.com/cloudposse/terraform-aws-rds/issues), send us an [email][email] or join our [Slack Community][slack]. [![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] -## Commercial Support - -Work directly with our team of DevOps experts via email, slack, and video conferencing. - -We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. +## DevOps Accelerator for Startups -[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)][email] -- **Questions.** We'll use a Shared Slack channel between your team and ours. -- **Troubleshooting.** We'll help you triage why things aren't working. -- **Code Reviews.** We'll review your Pull Requests and provide constructive feedback. -- **Bug Fixes.** We'll rapidly work to fix any bugs in our projects. -- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure. -- **Cloud Architecture.** We'll assist with your cloud strategy and design. -- **Implementation.** We'll provide hands-on support to implement our reference architectures. +We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. +[![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] +Work directly with our team of DevOps experts via email, slack, and video conferencing. -## Terraform Module Development - -Are you interested in custom Terraform module development? Submit your inquiry using [our form][module_development] today and we'll get back to you ASAP. +We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet. +- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code. +- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments. +- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices. +- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes. +- **GitOps.** You'll be able to operate your infrastructure via Pull Requests. +- **Training.** You'll receive hands-on training so your team can operate what we build. +- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel. +- **Troubleshooting.** You'll get help to triage when things aren't working. +- **Code Reviews.** You'll receive constructive feedback on Pull Requests. +- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects. ## Slack Community @@ -251,7 +290,13 @@ Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Ou ## Newsletter -Signup for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. +Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. + +## Office Hours + +[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! + +[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] ## Contributing @@ -276,7 +321,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) @@ -349,33 +394,31 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [osulli_homepage]: https://github.com/osulli [osulli_avatar]: https://img.cloudposse.com/150x150/https://github.com/osulli.png - - [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] [logo]: https://cloudposse.com/logo-300x69.svg - [docs]: https://cpco.io/docs - [website]: https://cpco.io/homepage - [github]: https://cpco.io/github - [jobs]: https://cpco.io/jobs - [hire]: https://cpco.io/hire - [slack]: https://cpco.io/slack - [linkedin]: https://cpco.io/linkedin - [twitter]: https://cpco.io/twitter - [testimonial]: https://cpco.io/leave-testimonial - [newsletter]: https://cpco.io/newsletter - [email]: https://cpco.io/email - [commercial_support]: https://cpco.io/commercial-support - [we_love_open_source]: https://cpco.io/we-love-open-source - [module_development]: https://cpco.io/module-development - [terraform_modules]: https://cpco.io/terraform-modules - [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/terraform-aws-rds - [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/terraform-aws-rds - [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/terraform-aws-rds - [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/terraform-aws-rds - [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/terraform-aws-rds - [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/terraform-aws-rds + [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=docs + [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=website + [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=github + [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=jobs + [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=hire + [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=slack + [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=linkedin + [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=twitter + [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=testimonial + [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=office_hours + [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=newsletter + [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=email + [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=commercial_support + [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=we_love_open_source + [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=terraform_modules + [readme_header_img]: https://cloudposse.com/readme/header/img + [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=readme_header_link + [readme_footer_img]: https://cloudposse.com/readme/footer/img + [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=readme_footer_link + [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img + [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=readme_commercial_support_link [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-rds&url=https://github.com/cloudposse/terraform-aws-rds [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-rds&url=https://github.com/cloudposse/terraform-aws-rds [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-rds diff --git a/docs/terraform.md b/docs/terraform.md index 1db7c1b..d31909f 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,12 +20,13 @@ | db_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | object | `` | no | | db_parameter_group | Parameter group, depends on DB engine used | string | - | yes | | deletion_protection | Set to true to enable deletion protection on the RDS instance | bool | `false` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage` and `attributes` | string | `-` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | | dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | | enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | | engine | Database engine type | string | - | yes | | engine_version | Database engine version, depends on engine type | string | - | yes | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | | host_name | The DB host name created in Route53 | string | `db` | no | | instance_class | Class of RDS instance | string | - | yes | @@ -36,8 +37,8 @@ | major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | | max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | | multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | -| name | The Name of the application or solution (e.g. `bastion` or `portal`) | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | | option_group_name | Name of the DB option group to associate | string | `` | no | | parameter_group_name | Name of the DB parameter group to associate | string | `` | no | | performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | @@ -47,11 +48,11 @@ | security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | | skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | | snapshot_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | string | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | | storage_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | bool | `false` | no | | storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | string | `standard` | no | | subnet_ids | List of subnets for the DB | list(string) | - | yes | -| tags | Additional tags (e.g. { BusinessUnit : ABC }) | map(string) | `` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | | vpc_id | VPC ID the DB instance will be created in | string | - | yes | ## Outputs diff --git a/main.tf b/main.tf index a5eb3f6..1a086c1 100644 --- a/main.tf +++ b/main.tf @@ -1,23 +1,25 @@ module "label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0" - enabled = var.enabled - namespace = var.namespace - name = var.name - stage = var.stage - delimiter = var.delimiter - attributes = var.attributes - tags = var.tags + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" + enabled = var.enabled + namespace = var.namespace + name = var.name + stage = var.stage + environment = var.environment + delimiter = var.delimiter + attributes = var.attributes + tags = var.tags } module "final_snapshot_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0" - enabled = var.enabled - namespace = var.namespace - name = var.name - stage = var.stage - delimiter = var.delimiter - attributes = compact(concat(var.attributes, ["final", "snapshot"])) - tags = var.tags + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" + enabled = var.enabled + namespace = var.namespace + name = var.name + stage = var.stage + environment = var.environment + delimiter = var.delimiter + attributes = compact(concat(var.attributes, ["final", "snapshot"])) + tags = var.tags } locals { diff --git a/variables.tf b/variables.tf index f5fdb3a..5ed7cef 100644 --- a/variables.tf +++ b/variables.tf @@ -1,24 +1,49 @@ variable "namespace" { type = string - description = "Namespace (e.g. `eg` or `cp`)" default = "" + description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" +} + +variable "environment" { + type = string + default = "" + description = "Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'" } variable "stage" { type = string - description = "Stage (e.g. `prod`, `dev`, `staging`)" default = "" + description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string - description = "The Name of the application or solution (e.g. `bastion` or `portal`)" + default = "" + description = "Solution name, e.g. 'app' or 'jenkins'" } variable "enabled" { type = bool - description = "Set to false to prevent the module from creating any resources" default = true + description = "Set to false to prevent the module from creating any resources" +} + +variable "delimiter" { + type = string + default = "-" + description = "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`" +} + +variable "attributes" { + type = list(string) + default = [] + description = "Additional attributes (e.g. `1`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } variable "dns_zone_id" { @@ -222,24 +247,6 @@ variable "backup_window" { default = "22:00-03:00" } -variable "delimiter" { - type = string - default = "-" - description = "Delimiter to be used between `name`, `namespace`, `stage` and `attributes`" -} - -variable "attributes" { - type = list(string) - default = [] - description = "Additional attributes (e.g. `1`)" -} - -variable "tags" { - type = map(string) - default = {} - description = "Additional tags (e.g. { BusinessUnit : ABC })" -} - variable "db_parameter" { type = list(object({ apply_method = string @@ -320,4 +327,4 @@ variable "enabled_cloudwatch_logs_exports" { type = list(string) default = [] description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)." -} \ No newline at end of file +} From e5d754e251e9958bee3b58cdef910daed36423d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fede=20C=C3=B3rdova?= Date: Mon, 10 Feb 2020 13:11:11 -0600 Subject: [PATCH 08/51] identifier of the CA certificate for the DB instance was added (#54) * ca_cert_identifier setting was added * ca_cert_identifier setting was added * ca_cert_identifier setting was added, identation fixed * md files and yml updated with ca_cert_identifier var * make commands were executed --- README.md | 8 ++++++-- README.yaml | 3 +++ docs/terraform.md | 1 + main.tf | 1 + variables.tf | 7 +++++++ 5 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a9f7303..f312912 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,7 @@ module "rds_instance" { dns_zone_id = "Z89FN1IW975KPE" host_name = "db" security_group_ids = ["sg-xxxxxxxx"] + ca_cert_identifier = "rds-ca-2019" allowed_cidr_blocks = ["XXX.XXX.XXX.XXX/32"] database_name = "wordpress" database_user = "admin" @@ -177,6 +178,7 @@ Available targets: | auto_minor_version_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | bool | `true` | no | | backup_retention_period | Backup retention period in days. Must be > 0 to enable backups | number | `0` | no | | backup_window | When AWS can perform DB snapshots, can't overlap with maintenance window | string | `22:00-03:00` | no | +| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | `rds-ca-2019` | no | | copy_tags_to_snapshot | Copy tags from DB to a snapshot | bool | `true` | no | | database_name | The name of the database to create when the DB instance is created | string | - | yes | | database_password | (Required unless a snapshot_identifier or replicate_source_db is provided) Password for the master DB user | string | `` | no | @@ -376,8 +378,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply ### Contributors -| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]
[Sergey Vasilyev][s2504s_homepage] | [![Valeriy][drama17_avatar]][drama17_homepage]
[Valeriy][drama17_homepage] | [![Konstantin B][comeanother_avatar]][comeanother_homepage]
[Konstantin B][comeanother_homepage] | [![drmikecrowe][drmikecrowe_avatar]][drmikecrowe_homepage]
[drmikecrowe][drmikecrowe_homepage] | [![Oscar Sullivan][osulli_avatar]][osulli_homepage]
[Oscar Sullivan][osulli_homepage] | -|---|---|---|---|---|---|---| +| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]
[Sergey Vasilyev][s2504s_homepage] | [![Valeriy][drama17_avatar]][drama17_homepage]
[Valeriy][drama17_homepage] | [![Konstantin B][comeanother_avatar]][comeanother_homepage]
[Konstantin B][comeanother_homepage] | [![drmikecrowe][drmikecrowe_avatar]][drmikecrowe_homepage]
[drmikecrowe][drmikecrowe_homepage] | [![Oscar Sullivan][osulli_avatar]][osulli_homepage]
[Oscar Sullivan][osulli_homepage] | [![Federico Márquez][fedemzcor_avatar]][fedemzcor_homepage]
[Federico Márquez][fedemzcor_homepage] | +|---|---|---|---|---|---|---|---| [osterman_homepage]: https://github.com/osterman [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png @@ -393,6 +395,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [drmikecrowe_avatar]: https://img.cloudposse.com/150x150/https://github.com/drmikecrowe.png [osulli_homepage]: https://github.com/osulli [osulli_avatar]: https://img.cloudposse.com/150x150/https://github.com/osulli.png + [fedemzcor_homepage]: https://github.com/fedemzcor + [fedemzcor_avatar]: https://img.cloudposse.com/150x150/https://github.com/fedemzcor.png [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] diff --git a/README.yaml b/README.yaml index 48df493..6978a4e 100644 --- a/README.yaml +++ b/README.yaml @@ -76,6 +76,7 @@ usage: |- dns_zone_id = "Z89FN1IW975KPE" host_name = "db" security_group_ids = ["sg-xxxxxxxx"] + ca_cert_identifier = "rds-ca-2019" allowed_cidr_blocks = ["XXX.XXX.XXX.XXX/32"] database_name = "wordpress" database_user = "admin" @@ -140,3 +141,5 @@ contributors: github: "drmikecrowe" - name: "Oscar Sullivan" github: "osulli" + - name: "Federico Márquez" + github: "fedemzcor" diff --git a/docs/terraform.md b/docs/terraform.md index d31909f..0219712 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -11,6 +11,7 @@ | auto_minor_version_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | bool | `true` | no | | backup_retention_period | Backup retention period in days. Must be > 0 to enable backups | number | `0` | no | | backup_window | When AWS can perform DB snapshots, can't overlap with maintenance window | string | `22:00-03:00` | no | +| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | `rds-ca-2019` | no | | copy_tags_to_snapshot | Copy tags from DB to a snapshot | bool | `true` | no | | database_name | The name of the database to create when the DB instance is created | string | - | yes | | database_password | (Required unless a snapshot_identifier or replicate_source_db is provided) Password for the master DB user | string | `` | no | diff --git a/main.tf b/main.tf index 1a086c1..20f85ba 100644 --- a/main.tf +++ b/main.tf @@ -49,6 +49,7 @@ resource "aws_db_instance" "default" { ) ) + ca_cert_identifier = var.ca_cert_identifier db_subnet_group_name = join("", aws_db_subnet_group.default.*.name) parameter_group_name = length(var.parameter_group_name) > 0 ? var.parameter_group_name : join("", aws_db_parameter_group.default.*.name) option_group_name = length(var.option_group_name) > 0 ? var.option_group_name : join("", aws_db_option_group.default.*.name) diff --git a/variables.tf b/variables.tf index 5ed7cef..7d8bc14 100644 --- a/variables.tf +++ b/variables.tf @@ -328,3 +328,10 @@ variable "enabled_cloudwatch_logs_exports" { default = [] description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)." } + + +variable "ca_cert_identifier" { + type = string + description = "The identifier of the CA certificate for the DB instance" + default = "rds-ca-2019" +} From 640708d56fd25b0251b5bea3d80a5d4716b71687 Mon Sep 17 00:00:00 2001 From: Jon Whitcraft Date: Thu, 9 Apr 2020 19:14:34 -0400 Subject: [PATCH 09/51] Add Monitoring Interval (#58) This allow enabled the monitoring interval for the RDS instance. Signed-off-by: Jon Whitcraft --- README.md | 6 ++++++ docs/terraform.md | 1 + main.tf | 2 ++ variables.tf | 6 +++++- 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f312912..278a686 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,7 @@ Available targets: | maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | string | `Mon:03:00-Mon:04:00` | no | | major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | | max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | +| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | string | `0` | no | | multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | | name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | @@ -290,6 +291,10 @@ We deliver 10x the value for a fraction of the cost of a full-time engineer. Our Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. +## Discourse Forums + +Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. + ## Newsletter Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. @@ -413,6 +418,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=testimonial [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=office_hours [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=newsletter + [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=discourse [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=email [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=commercial_support [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=we_love_open_source diff --git a/docs/terraform.md b/docs/terraform.md index 0219712..c933445 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -37,6 +37,7 @@ | maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | string | `Mon:03:00-Mon:04:00` | no | | major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | | max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | +| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | string | `0` | no | | multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | | name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | diff --git a/main.tf b/main.tf index 20f85ba..e7f3908 100644 --- a/main.tf +++ b/main.tf @@ -75,6 +75,8 @@ resource "aws_db_instance" "default" { performance_insights_enabled = var.performance_insights_enabled performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null + + monitoring_interval = var.monitoring_interval } resource "aws_db_parameter_group" "default" { diff --git a/variables.tf b/variables.tf index 7d8bc14..dd7c705 100644 --- a/variables.tf +++ b/variables.tf @@ -329,9 +329,13 @@ variable "enabled_cloudwatch_logs_exports" { description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)." } - variable "ca_cert_identifier" { type = string description = "The identifier of the CA certificate for the DB instance" default = "rds-ca-2019" } + +variable "monitoring_interval" { + description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60." + default = "0" +} From 2d6cf8fb3eb968444ba0ce657172a9fd088bbaa3 Mon Sep 17 00:00:00 2001 From: Erik Osterman Date: Sat, 13 Jun 2020 20:28:37 -0700 Subject: [PATCH 10/51] Migrate to ChatOps (#63) --- .github/CODEOWNERS | 4 + .github/ISSUE_TEMPLATE/bug_report.md | 37 +++++++ .github/ISSUE_TEMPLATE/config.yml | 18 ++++ .github/ISSUE_TEMPLATE/feature_request.md | 36 +++++++ .github/ISSUE_TEMPLATE/question.md | 0 .github/PULL_REQUEST_TEMPLATE.md | 13 +++ .github/workflows/chatops.yml | 37 +++++++ README.md | 2 +- README.yaml | 117 ++++++++-------------- codefresh/test.yml | 74 -------------- 10 files changed, 189 insertions(+), 149 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/question.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/workflows/chatops.yml delete mode 100644 codefresh/test.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..41c1baa --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# Use this file to define individuals or teams that are responsible for code in a repository. +# Read more: + +* @cloudposse/engineering \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..f3df96b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'bug' +assignees: '' + +--- + +Found a bug? Maybe our [Slack Community](https://slack.cloudposse.com) can help. + +[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +## Describe the Bug +A clear and concise description of what the bug is. + +## Expected Behavior +A clear and concise description of what you expected to happen. + +## Steps to Reproduce +Steps to reproduce the behavior: +1. Go to '...' +2. Run '....' +3. Enter '....' +4. See error + +## Screenshots +If applicable, add screenshots or logs to help explain your problem. + +## Environment (please complete the following information): + +Anything that will help us triage the bug will help. Here are some ideas: + - OS: [e.g. Linux, OSX, WSL, etc] + - Version [e.g. 10.15] + +## Additional Context +Add any other context about the problem here. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..76ae6d6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,18 @@ +blank_issues_enabled: false + +contact_links: + + - name: Community Slack Team + url: https://cloudposse.com/slack/ + about: |- + Please ask and answer questions here. + + - name: Office Hours + url: https://cloudposse.com/office-hours/ + about: |- + Join us every Wednesday for FREE Office Hours (lunch & learn). + + - name: DevOps Accelerator Program + url: https://cloudposse.com/accelerate/ + about: |- + Own your infrastructure in record time. We build it. You drive it. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..39a8686 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,36 @@ +--- +name: Feature Request +about: Suggest an idea for this project +title: '' +labels: 'feature request' +assignees: '' + +--- + +Have a question? Please checkout our [Slack Community](https://slack.cloudposse.com) or visit our [Slack Archive](https://archive.sweetops.com/). + +[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +## Describe the Feature + +A clear and concise description of what the bug is. + +## Expected Behavior + +A clear and concise description of what you expected to happen. + +## Use Case + +Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable. + +## Describe Ideal Solution + +A clear and concise description of what you want to happen. If you don't know, that's okay. + +## Alternatives Considered + +Explain what alternative solutions or features you've considered. + +## Additional Context + +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..e69de29 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..4b8f32d --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,13 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a GitHub issue `#123` + diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml new file mode 100644 index 0000000..a6bb11b --- /dev/null +++ b/.github/workflows/chatops.yml @@ -0,0 +1,37 @@ +name: chatops +on: + issue_comment: + types: [created] + +jobs: + default: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "Handle common commands" + uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: cloudposse/actions + commands: rebuild-readme, terraform-fmt + permission: none + issue-type: pull-request + + test: + runs-on: ubuntu-latest + steps: + - name: "Checkout commit" + uses: actions/checkout@v2 + - name: "Run tests" + uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: cloudposse/actions + commands: test + permission: none + issue-type: pull-request + reactions: false + + diff --git a/README.md b/README.md index 278a686..b762798 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ [![Cloud Posse][logo]](https://cpco.io/homepage) -# terraform-aws-rds [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-rds?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d33e2a97ff4a883c72e9fc0) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg)](https://github.com/cloudposse/terraform-aws-rds/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-rds [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg)](https://github.com/cloudposse/terraform-aws-rds/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) instances diff --git a/README.yaml b/README.yaml index 6978a4e..bcd9993 100644 --- a/README.yaml +++ b/README.yaml @@ -1,60 +1,34 @@ ---- -# -# This is the canonical configuration for the `README.md` -# Run `make readme` to rebuild the `README.md` -# - -# Name of this project name: terraform-aws-rds - -# Tags of this project tags: - - aws - - terraform - - terraform-modules - - databases - - rds - - aws-rds - - postgres - - mysql - -# Categories of this project +- aws +- terraform +- terraform-modules +- databases +- rds +- aws-rds +- postgres +- mysql categories: - - terraform-modules/databases - -# Logo for this project -#logo: docs/logo.png - -# License of this project -license: "APACHE2" - -# Canonical GitHub repo +- terraform-modules/databases +license: APACHE2 github_repo: cloudposse/terraform-aws-rds - -# Badges to display badges: - - name: "Codefresh Build Status" - image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-rds?type=cf-1" - url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d33e2a97ff4a883c72e9fc0" - - name: "Latest Release" - image: "https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg" - url: "https://github.com/cloudposse/terraform-aws-rds/releases/latest" - - name: "Slack Community" - image: "https://slack.cloudposse.com/badge.svg" - url: "https://slack.cloudposse.com" - +- name: Latest Release + image: https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg + url: https://github.com/cloudposse/terraform-aws-rds/releases/latest +- name: Slack Community + image: https://slack.cloudposse.com/badge.svg + url: https://slack.cloudposse.com related: - - name: "terraform-aws-rds-cluster" - description: "Terraform module to provision an RDS Aurora cluster for MySQL or Postgres" - url: "https://github.com/cloudposse/terraform-aws-rds-cluster" - - name: "terraform-aws-rds-cloudwatch-sns-alarms" - description: "Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic" - url: "https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms" - -# Short description of this project -description: |- - Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) instances - +- name: terraform-aws-rds-cluster + description: Terraform module to provision an RDS Aurora cluster for MySQL or Postgres + url: https://github.com/cloudposse/terraform-aws-rds-cluster +- name: terraform-aws-rds-cloudwatch-sns-alarms + description: Terraform module that configures important RDS alerts using CloudWatch + and sends them to an SNS topic + url: https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms +description: Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) + instances introduction: |- The module will create: @@ -64,8 +38,6 @@ introduction: |- * DB Subnet Group * DB Security Group * DNS Record in Route53 for the DB endpoint - -# How to use this project usage: |- ```hcl module "rds_instance" { @@ -120,26 +92,23 @@ usage: |- ] } ``` - include: - - "docs/targets.md" - - "docs/terraform.md" - -# Contributors to this project +- docs/targets.md +- docs/terraform.md contributors: - - name: "Erik Osterman" - github: "osterman" - - name: "Andriy Knysh" - github: "aknysh" - - name: "Sergey Vasilyev" - github: "s2504s" - - name: "Valeriy" - github: "drama17" - - name: "Konstantin B" - github: "comeanother" - - name: "drmikecrowe" - github: "drmikecrowe" - - name: "Oscar Sullivan" - github: "osulli" - - name: "Federico Márquez" - github: "fedemzcor" +- name: Erik Osterman + github: osterman +- name: Andriy Knysh + github: aknysh +- name: Sergey Vasilyev + github: s2504s +- name: Valeriy + github: drama17 +- name: Konstantin B + github: comeanother +- name: drmikecrowe + github: drmikecrowe +- name: Oscar Sullivan + github: osulli +- name: Federico Márquez + github: fedemzcor diff --git a/codefresh/test.yml b/codefresh/test.yml deleted file mode 100644 index ddd07f9..0000000 --- a/codefresh/test.yml +++ /dev/null @@ -1,74 +0,0 @@ -version: '1.0' - -stages: - - Prepare - - Test - -steps: - wait: - title: Wait - stage: Prepare - image: codefresh/cli:latest - commands: - - codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id' - retry: - maxAttempts: 10 - delay: 20 - exponentialFactor: 1.1 - - main_clone: - title: "Clone repository" - type: git-clone - stage: Prepare - description: "Initialize" - repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}} - git: CF-default - revision: ${{CF_REVISION}} - - clean_init: - title: Prepare build-harness and test-harness - image: ${{TEST_IMAGE}} - stage: Prepare - commands: - - cf_export PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - make init - - git -C build-harness checkout master - - make -C test/ clean init TEST_HARNESS_BRANCH=master - - make -C test/src clean init - - find . -type d -name '.terraform' | xargs rm -rf - - find . -type f -name 'terraform.tfstate*' -exec rm -f {} \; - - test: - type: "parallel" - title: "Run tests" - description: "Run all tests in parallel" - stage: Test - steps: - test_readme_lint: - title: "Test README.md updated" - stage: "Test" - image: ${{TEST_IMAGE}} - description: Test "readme/lint" - commands: - - make readme/lint - - test_module: - title: Test module with bats - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/ module - - test_examples_complete: - title: Test "examples/complete" with bats - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/ examples/complete - - test_examples_complete_terratest: - title: Test "examples/complete" with terratest - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/src From 0a51b169b10ff2d42e99bbf2d9fb3fcf05799b1e Mon Sep 17 00:00:00 2001 From: Francesco Cislaghi Date: Sun, 14 Jun 2020 08:10:14 +0200 Subject: [PATCH 11/51] Add IAM Authentication (#62) * add iam authentication * Updated README.md * Executed 'terraform fmt' Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index b762798..02ebf0a 100644 --- a/README.md +++ b/README.md @@ -197,6 +197,7 @@ Available targets: | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | | host_name | The DB host name created in Route53 | string | `db` | no | +| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | string | `false` | no | | instance_class | Class of RDS instance | string | - | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1'. Default is 0 if rds storage type is not 'io1' | number | `0` | no | | kms_key_arn | The ARN of the existing KMS key to encrypt storage | string | `` | no | diff --git a/docs/terraform.md b/docs/terraform.md index c933445..09b8a70 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -30,6 +30,7 @@ | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | | host_name | The DB host name created in Route53 | string | `db` | no | +| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | string | `false` | no | | instance_class | Class of RDS instance | string | - | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1'. Default is 0 if rds storage type is not 'io1' | number | `0` | no | | kms_key_arn | The ARN of the existing KMS key to encrypt storage | string | `` | no | diff --git a/main.tf b/main.tf index e7f3908..579f75d 100644 --- a/main.tf +++ b/main.tf @@ -71,6 +71,7 @@ resource "aws_db_instance" "default" { deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id + iam_database_authentication_enabled = var.iam_database_authentication_enabled enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports performance_insights_enabled = var.performance_insights_enabled performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null diff --git a/variables.tf b/variables.tf index dd7c705..302ecd3 100644 --- a/variables.tf +++ b/variables.tf @@ -339,3 +339,9 @@ variable "monitoring_interval" { description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60." default = "0" } + + +variable "iam_database_authentication_enabled" { + description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" + default = false +} \ No newline at end of file From 14f52381f1e436d564d8ccb3d549140f25f70b7f Mon Sep 17 00:00:00 2001 From: Matt Gowie Date: Tue, 18 Aug 2020 02:08:28 -0600 Subject: [PATCH 12/51] [AUTOMATED] Update terraform-null-label versions to support Terraform 0.13 (#68) * [AUTOMATED] Update terraform-null-label versions to support Terraform 0.13 * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 241 +++++++++++++++++++++++----------------------- docs/targets.md | 4 +- docs/terraform.md | 143 +++++++++++++++------------ main.tf | 4 +- 4 files changed, 204 insertions(+), 188 deletions(-) diff --git a/README.md b/README.md index 02ebf0a..c1884b8 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,20 @@ - -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) - -# terraform-aws-rds [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg)](https://github.com/cloudposse/terraform-aws-rds/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) - +--> Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) instances --- -This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. +This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. [][share_email] [][share_googleplus] [][share_facebook] @@ -71,7 +51,7 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). -We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! +We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! @@ -155,8 +135,9 @@ module "rds_instance" { + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -165,86 +146,102 @@ Available targets: lint Lint terraform code ``` + +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| allocated_storage | The allocated storage in GBs | number | - | yes | -| allow_major_version_upgrade | Allow major version upgrade | bool | `false` | no | -| allowed_cidr_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | list(string) | `` | no | -| apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | `false` | no | -| associate_security_group_ids | The IDs of the existing security groups to associate with the DB instance | list(string) | `` | no | -| attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | -| auto_minor_version_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | bool | `true` | no | -| backup_retention_period | Backup retention period in days. Must be > 0 to enable backups | number | `0` | no | -| backup_window | When AWS can perform DB snapshots, can't overlap with maintenance window | string | `22:00-03:00` | no | -| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | `rds-ca-2019` | no | -| copy_tags_to_snapshot | Copy tags from DB to a snapshot | bool | `true` | no | -| database_name | The name of the database to create when the DB instance is created | string | - | yes | -| database_password | (Required unless a snapshot_identifier or replicate_source_db is provided) Password for the master DB user | string | `` | no | -| database_port | Database port (_e.g._ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | number | - | yes | -| database_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | string | `` | no | -| db_options | A list of DB options to apply with an option group. Depends on DB engine | object | `` | no | -| db_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | object | `` | no | -| db_parameter_group | Parameter group, depends on DB engine used | string | - | yes | -| deletion_protection | Set to true to enable deletion protection on the RDS instance | bool | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | -| dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | -| engine | Database engine type | string | - | yes | -| engine_version | Database engine version, depends on engine type | string | - | yes | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | -| final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | -| host_name | The DB host name created in Route53 | string | `db` | no | -| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | string | `false` | no | -| instance_class | Class of RDS instance | string | - | yes | -| iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1'. Default is 0 if rds storage type is not 'io1' | number | `0` | no | -| kms_key_arn | The ARN of the existing KMS key to encrypt storage | string | `` | no | -| license_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included | bring-your-own-license | general-public-license | string | `` | no | -| maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | string | `Mon:03:00-Mon:04:00` | no | -| major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | -| max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | -| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | string | `0` | no | -| multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | -| option_group_name | Name of the DB option group to associate | string | `` | no | -| parameter_group_name | Name of the DB parameter group to associate | string | `` | no | -| performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | -| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | string | `null` | no | -| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number | `7` | no | -| publicly_accessible | Determines if database can be publicly available (NOT recommended) | bool | `false` | no | -| security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | -| skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | -| snapshot_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | string | `` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | -| storage_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | bool | `false` | no | -| storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | string | `standard` | no | -| subnet_ids | List of subnets for the DB | list(string) | - | yes | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | -| vpc_id | VPC ID the DB instance will be created in | string | - | yes | +|------|-------------|------|---------|:--------:| +| allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | +| allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | +| allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| apply\_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | +| associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | +| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | +| backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | +| ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | +| database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | +| database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| database\_port | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | +| database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | +| db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | +| db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | +| deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | +| engine | Database engine type | `string` | n/a | yes | +| engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | +| host\_name | The DB host name created in Route53 | `string` | `"db"` | no | +| iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| instance\_class | Class of RDS instance | `string` | n/a | yes | +| iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | +| kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | +| maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | +| major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | +| max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | +| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | +| parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | +| performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | +| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | +| performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | +| publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | +| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | +| storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | +| subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | hostname | DNS host name of the instance | -| instance_address | Address of the instance | -| instance_arn | ARN of the instance | -| instance_endpoint | DNS Endpoint of the instance | -| instance_id | ID of the instance | -| option_group_id | ID of the Option Group | -| parameter_group_id | ID of the Parameter Group | -| security_group_id | ID of the Security Group | -| subnet_group_id | ID of the Subnet Group | +| instance\_address | Address of the instance | +| instance\_arn | ARN of the instance | +| instance\_endpoint | DNS Endpoint of the instance | +| instance\_id | ID of the instance | +| option\_group\_id | ID of the Option Group | +| parameter\_group\_id | ID of the Parameter Group | +| security\_group\_id | ID of the Security Group | +| subnet\_group\_id | ID of the Subnet Group | -## Share the Love +## Share the Love -Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-rds)! (it helps us **a lot**) +Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-rds)! (it helps us **a lot**) Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) @@ -260,7 +257,7 @@ Check out these related projects. ## Help -**Got a question?** We got answers. +**Got a question?** We got answers. File a GitHub [issue](https://github.com/cloudposse/terraform-aws-rds/issues), send us an [email][email] or join our [Slack Community][slack]. @@ -269,7 +266,7 @@ File a GitHub [issue](https://github.com/cloudposse/terraform-aws-rds/issues), s ## DevOps Accelerator for Startups -We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. +We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. [![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] @@ -298,11 +295,11 @@ Participate in our [Discourse Forums][discourse]. Here you'll find answers to co ## Newsletter -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. +Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. ## Office Hours -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! +[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! [![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] @@ -333,28 +330,30 @@ Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) -## License +## License -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) See [LICENSE](LICENSE) for full details. - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. +```text +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +``` @@ -376,7 +375,7 @@ This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? P We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. -We offer [paid support][commercial_support] on all of our projects. +We offer [paid support][commercial_support] on all of our projects. Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. diff --git a/docs/targets.md b/docs/targets.md index 3d4be2a..3dce8b3 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -1,5 +1,6 @@ + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -8,3 +9,4 @@ Available targets: lint Lint terraform code ``` + diff --git a/docs/terraform.md b/docs/terraform.md index 09b8a70..e195c5a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,74 +1,89 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| allocated_storage | The allocated storage in GBs | number | - | yes | -| allow_major_version_upgrade | Allow major version upgrade | bool | `false` | no | -| allowed_cidr_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | list(string) | `` | no | -| apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | `false` | no | -| associate_security_group_ids | The IDs of the existing security groups to associate with the DB instance | list(string) | `` | no | -| attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | -| auto_minor_version_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | bool | `true` | no | -| backup_retention_period | Backup retention period in days. Must be > 0 to enable backups | number | `0` | no | -| backup_window | When AWS can perform DB snapshots, can't overlap with maintenance window | string | `22:00-03:00` | no | -| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | `rds-ca-2019` | no | -| copy_tags_to_snapshot | Copy tags from DB to a snapshot | bool | `true` | no | -| database_name | The name of the database to create when the DB instance is created | string | - | yes | -| database_password | (Required unless a snapshot_identifier or replicate_source_db is provided) Password for the master DB user | string | `` | no | -| database_port | Database port (_e.g._ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | number | - | yes | -| database_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | string | `` | no | -| db_options | A list of DB options to apply with an option group. Depends on DB engine | object | `` | no | -| db_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | object | `` | no | -| db_parameter_group | Parameter group, depends on DB engine used | string | - | yes | -| deletion_protection | Set to true to enable deletion protection on the RDS instance | bool | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | -| dns_zone_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | string | `` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | `` | no | -| engine | Database engine type | string | - | yes | -| engine_version | Database engine version, depends on engine type | string | - | yes | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | -| final_snapshot_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | string | `` | no | -| host_name | The DB host name created in Route53 | string | `db` | no | -| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | string | `false` | no | -| instance_class | Class of RDS instance | string | - | yes | -| iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1'. Default is 0 if rds storage type is not 'io1' | number | `0` | no | -| kms_key_arn | The ARN of the existing KMS key to encrypt storage | string | `` | no | -| license_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included | bring-your-own-license | general-public-license | string | `` | no | -| maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | string | `Mon:03:00-Mon:04:00` | no | -| major_engine_version | Database MAJOR engine version, depends on engine type | string | `` | no | -| max_allocated_storage | The upper limit to which RDS can automatically scale the storage in GBs | number | `0` | no | -| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | string | `0` | no | -| multi_az | Set to true if multi AZ deployment must be supported | bool | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | -| option_group_name | Name of the DB option group to associate | string | `` | no | -| parameter_group_name | Name of the DB parameter group to associate | string | `` | no | -| performance_insights_enabled | Specifies whether Performance Insights are enabled. | bool | `false` | no | -| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | string | `null` | no | -| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number | `7` | no | -| publicly_accessible | Determines if database can be publicly available (NOT recommended) | bool | `false` | no | -| security_group_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | list(string) | `` | no | -| skip_final_snapshot | If true (default), no snapshot will be made before deleting DB | bool | `true` | no | -| snapshot_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | string | `` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | -| storage_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | bool | `false` | no | -| storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | string | `standard` | no | -| subnet_ids | List of subnets for the DB | list(string) | - | yes | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | -| vpc_id | VPC ID the DB instance will be created in | string | - | yes | +|------|-------------|------|---------|:--------:| +| allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | +| allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | +| allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| apply\_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | +| associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | +| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | +| backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | +| ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | +| database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | +| database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| database\_port | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | +| database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | +| db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | +| db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | +| deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | +| engine | Database engine type | `string` | n/a | yes | +| engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | +| host\_name | The DB host name created in Route53 | `string` | `"db"` | no | +| iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| instance\_class | Class of RDS instance | `string` | n/a | yes | +| iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | +| kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | +| maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | +| major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | +| max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | +| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | +| parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | +| performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | +| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | +| performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | +| publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | +| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | +| storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | +| subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | hostname | DNS host name of the instance | -| instance_address | Address of the instance | -| instance_arn | ARN of the instance | -| instance_endpoint | DNS Endpoint of the instance | -| instance_id | ID of the instance | -| option_group_id | ID of the Option Group | -| parameter_group_id | ID of the Parameter Group | -| security_group_id | ID of the Security Group | -| subnet_group_id | ID of the Subnet Group | +| instance\_address | Address of the instance | +| instance\_arn | ARN of the instance | +| instance\_endpoint | DNS Endpoint of the instance | +| instance\_id | ID of the instance | +| option\_group\_id | ID of the Option Group | +| parameter\_group\_id | ID of the Parameter Group | +| security\_group\_id | ID of the Security Group | +| subnet\_group\_id | ID of the Subnet Group | diff --git a/main.tf b/main.tf index 579f75d..77e4c24 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ module "label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.17.0" enabled = var.enabled namespace = var.namespace name = var.name @@ -11,7 +11,7 @@ module "label" { } module "final_snapshot_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.17.0" enabled = var.enabled namespace = var.namespace name = var.name From 3ccb6ec3c6e56cd2da13df320106821910a47c94 Mon Sep 17 00:00:00 2001 From: Matt Gowie Date: Tue, 18 Aug 2020 02:25:59 -0600 Subject: [PATCH 13/51] [AUTOMATED] Update Version Pinning for Terraform to support 0.13 (#65) ## What 1. Update Version Pinning for Terraform to support 0.13 ## Why 1. This is a relatively minor update that the CloudPosse module already likely supports. 1. This allows module consumers to not individually update our Terraform module to support Terraform 0.13. Co-authored-by: Erik Osterman --- README.md | 2 +- docs/terraform.md | 2 +- versions.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c1884b8..961d245 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ Available targets: | Name | Version | |------|---------| -| terraform | ~> 0.12.0 | +| terraform | >= 0.12.0, < 0.14.0 | | aws | ~> 2.0 | | null | ~> 2.0 | | template | ~> 2.0 | diff --git a/docs/terraform.md b/docs/terraform.md index e195c5a..f93002d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -2,7 +2,7 @@ | Name | Version | |------|---------| -| terraform | ~> 0.12.0 | +| terraform | >= 0.12.0, < 0.14.0 | | aws | ~> 2.0 | | null | ~> 2.0 | | template | ~> 2.0 | diff --git a/versions.tf b/versions.tf index 484c1d6..298a3d1 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 0.12.0" + required_version = ">= 0.12.0, < 0.14.0" required_providers { aws = "~> 2.0" From c01e0ea25e5e64bdbf0474754aa87e28f9a13e05 Mon Sep 17 00:00:00 2001 From: Sam Sullivan Date: Thu, 20 Aug 2020 06:41:04 -0700 Subject: [PATCH 14/51] Additional TF 0.13.0 changes (#69) Upgrade cloudposse/terraform-aws-route-53-cluster-hostname to 0.5.0 for TF 0.13.0 support: https://github.com/cloudposse/terraform-aws-route53-cluster-hostname/releases/tag/0.5.0 --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 77e4c24..0c1fe59 100644 --- a/main.tf +++ b/main.tf @@ -176,7 +176,7 @@ resource "aws_security_group_rule" "egress" { } module "dns_host_name" { - source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.3.0" + source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.5.0" enabled = length(var.dns_zone_id) > 0 && var.enabled ? true : false name = var.host_name zone_id = var.dns_zone_id From 6672a325b3be6bf137907494d3e47a1bc8c8a1d1 Mon Sep 17 00:00:00 2001 From: Sam Sullivan Date: Wed, 30 Sep 2020 19:28:35 -0700 Subject: [PATCH 15/51] Support monitoring_role_arn; required for monitoring_interval (#75) * Support monitoring_role_arn; required for monitoring_interval * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 3 +++ docs/terraform.md | 3 +++ main.tf | 1 + variables.tf | 7 ++++++- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 961d245..927cc42 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ Available targets: ``` + ## Requirements | Name | Version | @@ -203,6 +204,7 @@ Available targets: | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | | max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | | monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | @@ -236,6 +238,7 @@ Available targets: | security\_group\_id | ID of the Security Group | | subnet\_group\_id | ID of the Subnet Group | + diff --git a/docs/terraform.md b/docs/terraform.md index f93002d..62f81a3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,3 +1,4 @@ + ## Requirements | Name | Version | @@ -54,6 +55,7 @@ | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | | max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | | monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | @@ -87,3 +89,4 @@ | security\_group\_id | ID of the Security Group | | subnet\_group\_id | ID of the Subnet Group | + diff --git a/main.tf b/main.tf index 0c1fe59..6192a38 100644 --- a/main.tf +++ b/main.tf @@ -78,6 +78,7 @@ resource "aws_db_instance" "default" { performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null monitoring_interval = var.monitoring_interval + monitoring_role_arn = var.monitoring_role_arn } resource "aws_db_parameter_group" "default" { diff --git a/variables.tf b/variables.tf index 302ecd3..c27bf7e 100644 --- a/variables.tf +++ b/variables.tf @@ -340,8 +340,13 @@ variable "monitoring_interval" { default = "0" } +variable "monitoring_role_arn" { + type = string + description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs" + default = null +} variable "iam_database_authentication_enabled" { description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" default = false -} \ No newline at end of file +} From 17070fe82b0d4b7fa7f539098eb130f4c06c186b Mon Sep 17 00:00:00 2001 From: Tirumerla <57160285+tirumerla@users.noreply.github.com> Date: Sat, 31 Oct 2020 13:56:21 -0700 Subject: [PATCH 16/51] fix: update aws provider version (#77) * fix: update aws provider version * update versions for all the plugins * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 10 +++++----- docs/terraform.md | 10 +++++----- versions.tf | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 927cc42..f038ee2 100644 --- a/README.md +++ b/README.md @@ -152,16 +152,16 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.12.0, < 0.14.0 | -| aws | ~> 2.0 | -| null | ~> 2.0 | -| template | ~> 2.0 | +| terraform | >= 0.12.0 | +| aws | >= 2.0 | +| null | >= 2.0 | +| template | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.0 | +| aws | >= 2.0 | ## Inputs diff --git a/docs/terraform.md b/docs/terraform.md index 62f81a3..760dd82 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,16 +3,16 @@ | Name | Version | |------|---------| -| terraform | >= 0.12.0, < 0.14.0 | -| aws | ~> 2.0 | -| null | ~> 2.0 | -| template | ~> 2.0 | +| terraform | >= 0.12.0 | +| aws | >= 2.0 | +| null | >= 2.0 | +| template | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.0 | +| aws | >= 2.0 | ## Inputs diff --git a/versions.tf b/versions.tf index 298a3d1..7c5a568 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,9 @@ terraform { - required_version = ">= 0.12.0, < 0.14.0" + required_version = ">= 0.12.0" required_providers { - aws = "~> 2.0" - template = "~> 2.0" - null = "~> 2.0" + aws = ">= 2.0" + template = ">= 2.0" + null = ">= 2.0" } } From a802859ba7b91c1969379c0c89dc4be5d06b8640 Mon Sep 17 00:00:00 2001 From: John Bevan Date: Thu, 12 Nov 2020 02:27:11 +0000 Subject: [PATCH 17/51] Bump terraform-aws-route53-cluster-hostname (#78) module terraform-aws-route53-cluster-hostname v0.5.0 had restriction `aws ~> 2.0`. v0.6.0 onwards have `aws >= 2.0`. V0.7.0 is the latest version, and there are no breaking changes. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 6192a38..0abbe04 100644 --- a/main.tf +++ b/main.tf @@ -177,7 +177,7 @@ resource "aws_security_group_rule" "egress" { } module "dns_host_name" { - source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.5.0" + source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.7.0" enabled = length(var.dns_zone_id) > 0 && var.enabled ? true : false name = var.host_name zone_id = var.dns_zone_id From 9f48aaaa09c6434da36ed5bc6afc260fe8fa446a Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 17 Dec 2020 16:31:31 +0700 Subject: [PATCH 18/51] Terraform 0.14 upgrade (#81) * Upgrade dependency modules for support tf14 * Updated README.md * updates to properly migtare to TF 0.14 * enabled usage fixed * typo fix Co-authored-by: guy elia Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- .github/CODEOWNERS | 22 ++- .github/auto-release.yml | 45 ++++++ .github/mergify.yml | 52 +++++++ .github/renovate.json | 12 ++ .github/workflows/auto-context.yml | 55 +++++++ .github/workflows/auto-readme.yml | 41 ++++++ .github/workflows/auto-release.yml | 19 +++ .github/workflows/chatops.yml | 8 +- .github/workflows/validate-codeowners.yml | 25 ++++ README.md | 38 +++-- README.yaml | 4 +- context.tf | 169 ++++++++++++++++++++++ docs/terraform.md | 19 ++- examples/complete/context.tf | 169 ++++++++++++++++++++++ examples/complete/main.tf | 18 +-- examples/complete/variables.tf | 15 -- main.tf | 67 ++++----- test/src/Gopkg.lock | 92 ------------ test/src/Gopkg.toml | 7 - test/src/Makefile | 48 ++---- test/src/go.mod | 13 ++ test/src/go.sum | 43 ++++++ variables.tf | 48 ------ versions.tf | 17 ++- 24 files changed, 771 insertions(+), 275 deletions(-) create mode 100644 .github/auto-release.yml create mode 100644 .github/mergify.yml create mode 100644 .github/renovate.json create mode 100644 .github/workflows/auto-context.yml create mode 100644 .github/workflows/auto-readme.yml create mode 100644 .github/workflows/auto-release.yml create mode 100644 .github/workflows/validate-codeowners.yml create mode 100644 context.tf create mode 100644 examples/complete/context.tf delete mode 100644 test/src/Gopkg.lock delete mode 100644 test/src/Gopkg.toml create mode 100644 test/src/go.mod create mode 100644 test/src/go.sum diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 41c1baa..ceb4644 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,24 @@ # Use this file to define individuals or teams that are responsible for code in a repository. # Read more: +# +# Order is important: the last matching pattern has the highest precedence -* @cloudposse/engineering \ No newline at end of file +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering + +# Cloud Posse must review any changes to standard context definition, +# but some changes can be rubber-stamped. +**/context.tf @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers + +# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration +.github/mergify.yml @cloudposse/admins +.github/CODEOWNERS @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml new file mode 100644 index 0000000..18a1ca6 --- /dev/null +++ b/.github/auto-release.yml @@ -0,0 +1,45 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +version-template: '$MAJOR.$MINOR.$PATCH' +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + - 'enhancement' + patch: + labels: + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' + default: 'minor' + +categories: +- title: '🚀 Enhancements' + labels: + - 'enhancement' + - 'patch' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' +- title: '🤖 Automatic Updates' + labels: + - 'auto-update' + +change-template: | +
+ $TITLE @$AUTHOR (#$NUMBER) + + $BODY +
+ +template: | + $CHANGES diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..485982f --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,52 @@ +pull_request_rules: +- name: "approve automated PRs that have passed checks" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "author=cloudpossebot" + - "head~=auto-update/.*" + actions: + review: + type: "APPROVE" + bot_account: "cloudposse-mergebot" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." + +- name: "merge automated PRs when approved and tests pass" + conditions: + - "check-success~=test/bats" + - "check-success~=test/readme" + - "check-success~=test/terratest" + - "base=master" + - "head~=auto-update/.*" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + - "base=master" + - "author=cloudpossebot" + actions: + merge: + method: "squash" + +- name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} + +- name: "ask to resolve conflict" + conditions: + - "conflict" + actions: + comment: + message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" + +- name: "remove outdated reviews" + conditions: + - "base=master" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..ae4f0aa --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,12 @@ +{ + "extends": [ + "config:base", + ":preserveSemverRanges" + ], + "labels": ["auto-update"], + "enabledManagers": ["terraform"], + "terraform": { + "ignorePaths": ["**/context.tf", "examples/**"] + } +} + diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml new file mode 100644 index 0000000..df1a857 --- /dev/null +++ b/.github/workflows/auto-context.yml @@ -0,0 +1,55 @@ +name: "auto-context" +on: + schedule: + # Update context.tf nightly + - cron: '0 3 * * *' + +jobs: + update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update context.tf + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + if [[ -f context.tf ]]; then + echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." + curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + if git diff --no-patch --exit-code context.tf; then + echo "No changes detected! Exiting the job..." + else + echo "context.tf file has changed. Update examples and rebuild README.md." + make init + make github/init/context.tf + make readme/build + echo "::set-output name=create_pull_request=true" + fi + else + echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." + fi + + - name: Create Pull Request + if: steps.update.outputs.create_pull_request == 'true' + uses: cloudposse/actions/github/create-pull-request@0.22.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update context.tf from origin source + title: Update context.tf + body: |- + ## what + This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` + + ## why + To support all the features of the `context` interface. + + branch: auto-update/context.tf + base: master + delete-branch: true + labels: | + auto-update + context diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml new file mode 100644 index 0000000..6229e60 --- /dev/null +++ b/.github/workflows/auto-readme.yml @@ -0,0 +1,41 @@ +name: "auto-readme" +on: + schedule: + # Update README.md nightly + - cron: '0 4 * * *' + +jobs: + update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + make init + make readme/build + + - name: Create Pull Request + uses: cloudposse/actions/github/create-pull-request@0.20.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs + + ## why + To have most recent changes of README.md and doc from origin templates + + branch: auto-update/readme + base: master + delete-branch: true + labels: | + auto-update + readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml new file mode 100644 index 0000000..ccc27be --- /dev/null +++ b/.github/workflows/auto-release.yml @@ -0,0 +1,19 @@ +name: auto-release + +on: + push: + branches: + - master + +jobs: + semver: + runs-on: ubuntu-latest + steps: + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + with: + publish: true + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index a6bb11b..4ddc067 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -9,13 +9,13 @@ jobs: steps: - uses: actions/checkout@v2 - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: rebuild-readme, terraform-fmt - permission: none + permission: triage issue-type: pull-request test: @@ -24,13 +24,13 @@ jobs: - name: "Checkout commit" uses: actions/checkout@v2 - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: test - permission: none + permission: triage issue-type: pull-request reactions: false diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml new file mode 100644 index 0000000..386eb28 --- /dev/null +++ b/.github/workflows/validate-codeowners.yml @@ -0,0 +1,25 @@ +name: Validate Codeowners +on: + pull_request: + +jobs: + validate-codeowners: + runs-on: ubuntu-latest + steps: + - name: "Checkout source code at current commit" + uses: actions/checkout@v2 + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name == github.repository + name: "Full check of CODEOWNERS" + with: + # For now, remove "files" check to allow CODEOWNERS to specify non-existent + # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos + # checks: "files,syntax,owners,duppatterns" + checks: "syntax,owners,duppatterns" + # GitHub access token is required only if the `owners` check is enabled + github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name != github.repository + name: "Syntax check of CODEOWNERS" + with: + checks: "syntax,duppatterns" diff --git a/README.md b/README.md index f038ee2..3c23796 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ + # terraform-aws-rds [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg)](https://github.com/cloudposse/terraform-aws-rds/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + [![README Header][readme_header_img]][readme_header_link] @@ -72,13 +74,22 @@ The module will create: ## Usage -**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases. -Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-rds/releases). +**IMPORTANT:** We do not pin modules to versions in our examples because of the +difficulty of keeping the versions in the documentation in sync with the latest released versions. +We highly recommend that in your code you pin the version to the exact version you are +using so that your infrastructure remains stable, and update versions in a +systematic way so that they do not catch you by surprise. + +Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), +the registry shows many of our inputs as required when in fact they are optional. +The table below correctly indicates which inputs are required. ```hcl module "rds_instance" { - source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=master" + source = "cloudposse/rds/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" namespace = "eg" stage = "prod" name = "app" @@ -152,7 +163,7 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.12.0 | +| terraform | >= 0.12.26 | | aws | >= 2.0 | | null | >= 2.0 | | template | >= 2.0 | @@ -167,6 +178,7 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | | allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | | allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | @@ -177,6 +189,7 @@ Available targets: | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -186,19 +199,21 @@ Available targets: | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | | engine | Database engine type | `string` | n/a | yes | | engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | host\_name | The DB host name created in Route53 | `string` | `"db"` | no | | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | @@ -206,18 +221,19 @@ Available targets: | monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | | monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | | parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | | performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | | performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | | performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | @@ -386,8 +402,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply ### Contributors + | [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]
[Sergey Vasilyev][s2504s_homepage] | [![Valeriy][drama17_avatar]][drama17_homepage]
[Valeriy][drama17_homepage] | [![Konstantin B][comeanother_avatar]][comeanother_homepage]
[Konstantin B][comeanother_homepage] | [![drmikecrowe][drmikecrowe_avatar]][drmikecrowe_homepage]
[drmikecrowe][drmikecrowe_homepage] | [![Oscar Sullivan][osulli_avatar]][osulli_homepage]
[Oscar Sullivan][osulli_homepage] | [![Federico Márquez][fedemzcor_avatar]][fedemzcor_homepage]
[Federico Márquez][fedemzcor_homepage] | |---|---|---|---|---|---|---|---| + [osterman_homepage]: https://github.com/osterman [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png diff --git a/README.yaml b/README.yaml index bcd9993..a464d8f 100644 --- a/README.yaml +++ b/README.yaml @@ -41,7 +41,9 @@ introduction: |- usage: |- ```hcl module "rds_instance" { - source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=master" + source = "cloudposse/rds/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" namespace = "eg" stage = "prod" name = "app" diff --git a/context.tf b/context.tf new file mode 100644 index 0000000..e5734b7 --- /dev/null +++ b/context.tf @@ -0,0 +1,169 @@ +# +# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label +# All other instances of this file should be a copy of that one +# +# +# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf +# and then place it in your Terraform module to automatically get +# Cloud Posse's standard configuration inputs suitable for passing +# to Cloud Posse modules. +# +# Modules should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# +# For example, when using defaults, `module.this.context.delimiter` +# will be null, and `module.this.delimiter` will be `-` (hyphen). +# + + +module "this" { + source = "cloudposse/label/null" + version = "0.22.0" // requires Terraform >= 0.12.26 + + enabled = var.enabled + namespace = var.namespace + environment = var.environment + stage = var.stage + name = var.name + delimiter = var.delimiter + attributes = var.attributes + tags = var.tags + additional_tag_map = var.additional_tag_map + label_order = var.label_order + regex_replace_chars = var.regex_replace_chars + id_length_limit = var.id_length_limit + + context = var.context +} + +# Copy contents of cloudposse/terraform-null-label/variables.tf here + +variable "context" { + type = object({ + enabled = bool + namespace = string + environment = string + stage = string + name = string + delimiter = string + attributes = list(string) + tags = map(string) + additional_tag_map = map(string) + regex_replace_chars = string + label_order = list(string) + id_length_limit = number + }) + default = { + enabled = true + namespace = null + environment = null + stage = null + name = null + delimiter = null + attributes = [] + tags = {} + additional_tag_map = {} + regex_replace_chars = null + label_order = [] + id_length_limit = null + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes, tags, and additional_tag_map, which are merged. + EOT +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "namespace" { + type = string + default = null + description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" +} + +variable "environment" { + type = string + default = null + description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" +} + +variable "stage" { + type = string + default = null + description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" +} + +variable "name" { + type = string + default = null + description = "Solution name, e.g. 'app' or 'jenkins'" +} + +variable "delimiter" { + type = string + default = null + description = <<-EOT + Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. + EOT +} + +variable "attributes" { + type = list(string) + default = [] + description = "Additional attributes (e.g. `1`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" +} + +variable "additional_tag_map" { + type = map(string) + default = {} + description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." +} + +variable "label_order" { + type = list(string) + default = null + description = <<-EOT + The naming order of the id output and Name tag. + Defaults to ["namespace", "environment", "stage", "name", "attributes"]. + You can omit any of the 5 elements, but at least one must be present. + EOT +} + +variable "regex_replace_chars" { + type = string + default = null + description = <<-EOT + Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. + EOT +} + +variable "id_length_limit" { + type = number + default = null + description = <<-EOT + Limit `id` to this many characters. + Set to `0` for unlimited length. + Set to `null` for default, which is `0`. + Does not affect `id_full`. + EOT +} + +#### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index 760dd82..13d79a4 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| terraform | >= 0.12.0 | +| terraform | >= 0.12.26 | | aws | >= 2.0 | | null | >= 2.0 | | template | >= 2.0 | @@ -18,6 +18,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | | allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | | allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | @@ -28,6 +29,7 @@ | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -37,19 +39,21 @@ | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | | engine | Database engine type | `string` | n/a | yes | | engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | host\_name | The DB host name created in Route53 | `string` | `"db"` | no | | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | @@ -57,18 +61,19 @@ | monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | | monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | | parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | | performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | | performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | | performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | diff --git a/examples/complete/context.tf b/examples/complete/context.tf new file mode 100644 index 0000000..e5734b7 --- /dev/null +++ b/examples/complete/context.tf @@ -0,0 +1,169 @@ +# +# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label +# All other instances of this file should be a copy of that one +# +# +# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf +# and then place it in your Terraform module to automatically get +# Cloud Posse's standard configuration inputs suitable for passing +# to Cloud Posse modules. +# +# Modules should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# +# For example, when using defaults, `module.this.context.delimiter` +# will be null, and `module.this.delimiter` will be `-` (hyphen). +# + + +module "this" { + source = "cloudposse/label/null" + version = "0.22.0" // requires Terraform >= 0.12.26 + + enabled = var.enabled + namespace = var.namespace + environment = var.environment + stage = var.stage + name = var.name + delimiter = var.delimiter + attributes = var.attributes + tags = var.tags + additional_tag_map = var.additional_tag_map + label_order = var.label_order + regex_replace_chars = var.regex_replace_chars + id_length_limit = var.id_length_limit + + context = var.context +} + +# Copy contents of cloudposse/terraform-null-label/variables.tf here + +variable "context" { + type = object({ + enabled = bool + namespace = string + environment = string + stage = string + name = string + delimiter = string + attributes = list(string) + tags = map(string) + additional_tag_map = map(string) + regex_replace_chars = string + label_order = list(string) + id_length_limit = number + }) + default = { + enabled = true + namespace = null + environment = null + stage = null + name = null + delimiter = null + attributes = [] + tags = {} + additional_tag_map = {} + regex_replace_chars = null + label_order = [] + id_length_limit = null + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes, tags, and additional_tag_map, which are merged. + EOT +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "namespace" { + type = string + default = null + description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" +} + +variable "environment" { + type = string + default = null + description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" +} + +variable "stage" { + type = string + default = null + description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" +} + +variable "name" { + type = string + default = null + description = "Solution name, e.g. 'app' or 'jenkins'" +} + +variable "delimiter" { + type = string + default = null + description = <<-EOT + Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. + EOT +} + +variable "attributes" { + type = list(string) + default = [] + description = "Additional attributes (e.g. `1`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" +} + +variable "additional_tag_map" { + type = map(string) + default = {} + description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." +} + +variable "label_order" { + type = list(string) + default = null + description = <<-EOT + The naming order of the id output and Name tag. + Defaults to ["namespace", "environment", "stage", "name", "attributes"]. + You can omit any of the 5 elements, but at least one must be present. + EOT +} + +variable "regex_replace_chars" { + type = string + default = null + description = <<-EOT + Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. + EOT +} + +variable "id_length_limit" { + type = number + default = null + description = <<-EOT + Limit `id` to this many characters. + Set to `0` for unlimited length. + Set to `null` for default, which is `0`. + Does not affect `id_full`. + EOT +} + +#### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b0fa29e..f104aa2 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,19 +3,17 @@ provider "aws" { } module "vpc" { - source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.7.0" - namespace = var.namespace - stage = var.stage - name = var.name + source = "cloudposse/vpc/aws" + version = "0.18.1" + context = module.this.context cidr_block = "172.16.0.0/16" } module "subnets" { - source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.0" + source = "cloudposse/dynamic-subnets/aws" + version = "0.32.0" + context = module.this.context availability_zones = var.availability_zones - namespace = var.namespace - stage = var.stage - name = var.name vpc_id = module.vpc.vpc_id igw_id = module.vpc.igw_id cidr_block = module.vpc.vpc_cidr_block @@ -25,9 +23,7 @@ module "subnets" { module "rds_instance" { source = "../../" - namespace = var.namespace - stage = var.stage - name = var.name + context = module.this.context database_name = var.database_name database_user = var.database_user database_password = var.database_password diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index efab8fd..dcc4be0 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -7,21 +7,6 @@ variable "availability_zones" { type = list(string) } -variable "namespace" { - type = string - description = "Namespace (e.g. `eg` or `cp`)" -} - -variable "stage" { - type = string - description = "Stage (e.g. `prod`, `dev`, `staging`, `infra`)" -} - -variable "name" { - type = string - description = "Name (e.g. `app` or `cluster`)" -} - variable "database_name" { type = string description = "The name of the database to create when the DB instance is created" diff --git a/main.tf b/main.tf index 0abbe04..10fb845 100644 --- a/main.tf +++ b/main.tf @@ -1,25 +1,8 @@ -module "label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.17.0" - enabled = var.enabled - namespace = var.namespace - name = var.name - stage = var.stage - environment = var.environment - delimiter = var.delimiter - attributes = var.attributes - tags = var.tags -} - module "final_snapshot_label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.17.0" - enabled = var.enabled - namespace = var.namespace - name = var.name - stage = var.stage - environment = var.environment - delimiter = var.delimiter - attributes = compact(concat(var.attributes, ["final", "snapshot"])) - tags = var.tags + source = "cloudposse/label/null" + version = "0.22.0" + attributes = ["final", "snapshot"] + context = module.this.context } locals { @@ -28,8 +11,8 @@ locals { } resource "aws_db_instance" "default" { - count = var.enabled ? 1 : 0 - identifier = module.label.id + count = module.this.enabled ? 1 : 0 + identifier = module.this.id name = var.database_name username = var.database_user password = var.database_password @@ -67,7 +50,7 @@ resource "aws_db_instance" "default" { copy_tags_to_snapshot = var.copy_tags_to_snapshot backup_retention_period = var.backup_retention_period backup_window = var.backup_window - tags = module.label.tags + tags = module.this.tags deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id @@ -82,10 +65,10 @@ resource "aws_db_instance" "default" { } resource "aws_db_parameter_group" "default" { - count = length(var.parameter_group_name) == 0 && var.enabled ? 1 : 0 - name = module.label.id + count = length(var.parameter_group_name) == 0 && module.this.enabled ? 1 : 0 + name = module.this.id family = var.db_parameter_group - tags = module.label.tags + tags = module.this.tags dynamic "parameter" { for_each = var.db_parameter @@ -98,11 +81,11 @@ resource "aws_db_parameter_group" "default" { } resource "aws_db_option_group" "default" { - count = length(var.option_group_name) == 0 && var.enabled ? 1 : 0 - name = module.label.id + count = length(var.option_group_name) == 0 && module.this.enabled ? 1 : 0 + name = module.this.id engine_name = var.engine major_engine_version = local.major_engine_version - tags = module.label.tags + tags = module.this.tags dynamic "option" { for_each = var.db_options @@ -129,22 +112,22 @@ resource "aws_db_option_group" "default" { } resource "aws_db_subnet_group" "default" { - count = var.enabled ? 1 : 0 - name = module.label.id + count = module.this.enabled ? 1 : 0 + name = module.this.id subnet_ids = var.subnet_ids - tags = module.label.tags + tags = module.this.tags } resource "aws_security_group" "default" { - count = var.enabled ? 1 : 0 - name = module.label.id + count = module.this.enabled ? 1 : 0 + name = module.this.id description = "Allow inbound traffic from the security groups" vpc_id = var.vpc_id - tags = module.label.tags + tags = module.this.tags } resource "aws_security_group_rule" "ingress_security_groups" { - count = var.enabled ? length(var.security_group_ids) : 0 + count = module.this.enabled ? length(var.security_group_ids) : 0 description = "Allow inbound traffic from existing Security Groups" type = "ingress" from_port = var.database_port @@ -155,7 +138,7 @@ resource "aws_security_group_rule" "ingress_security_groups" { } resource "aws_security_group_rule" "ingress_cidr_blocks" { - count = var.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 + count = module.this.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 description = "Allow inbound traffic from CIDR blocks" type = "ingress" from_port = var.database_port @@ -166,7 +149,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" { } resource "aws_security_group_rule" "egress" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 description = "Allow all egress traffic" type = "egress" from_port = 0 @@ -177,9 +160,11 @@ resource "aws_security_group_rule" "egress" { } module "dns_host_name" { - source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.7.0" - enabled = length(var.dns_zone_id) > 0 && var.enabled ? true : false + source = "cloudposse/route53-cluster-hostname/aws" + version = "0.8.0" + enabled = length(var.dns_zone_id) > 0 && module.this.enabled name = var.host_name zone_id = var.dns_zone_id records = coalescelist(aws_db_instance.default.*.address, [""]) + context = module.this.context } diff --git a/test/src/Gopkg.lock b/test/src/Gopkg.lock deleted file mode 100644 index 87bb6bd..0000000 --- a/test/src/Gopkg.lock +++ /dev/null @@ -1,92 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" - name = "github.com/davecgh/go-spew" - packages = ["spew"] - pruneopts = "UT" - revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73" - version = "v1.1.1" - -[[projects]] - digest = "1:75d6042fc66aebc974cc49b0c6c7cc3b9adb5f8130fbfa0dbec0820d990afa25" - name = "github.com/gruntwork-io/terratest" - packages = [ - "modules/collections", - "modules/customerrors", - "modules/files", - "modules/logger", - "modules/retry", - "modules/shell", - "modules/ssh", - "modules/terraform", - ] - pruneopts = "UT" - revision = "892abb2c35878d0808101bbfe6559e931dc2d354" - version = "v0.16.0" - -[[projects]] - digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe" - name = "github.com/pmezard/go-difflib" - packages = ["difflib"] - pruneopts = "UT" - revision = "792786c7400a136282c1664665ae0a8db921c6c2" - version = "v1.0.0" - -[[projects]] - digest = "1:5da8ce674952566deae4dbc23d07c85caafc6cfa815b0b3e03e41979cedb8750" - name = "github.com/stretchr/testify" - packages = [ - "assert", - "require", - ] - pruneopts = "UT" - revision = "ffdc059bfe9ce6a4e144ba849dbedead332c6053" - version = "v1.3.0" - -[[projects]] - branch = "master" - digest = "1:831470c2758c8b733941144f2803a0ccad0632c5a767415b777ebd296b5f463e" - name = "golang.org/x/crypto" - packages = [ - "curve25519", - "ed25519", - "ed25519/internal/edwards25519", - "internal/chacha20", - "internal/subtle", - "poly1305", - "ssh", - "ssh/agent", - ] - pruneopts = "UT" - revision = "22d7a77e9e5f409e934ed268692e56707cd169e5" - -[[projects]] - branch = "master" - digest = "1:76ee51c3f468493aff39dbacc401e8831fbb765104cbf613b89bef01cf4bad70" - name = "golang.org/x/net" - packages = ["context"] - pruneopts = "UT" - revision = "f3200d17e092c607f615320ecaad13d87ad9a2b3" - -[[projects]] - branch = "master" - digest = "1:181f3fd33e620b958b5ab77da177cf775cdcccd7db82963607875fbd09ae995e" - name = "golang.org/x/sys" - packages = [ - "cpu", - "unix", - ] - pruneopts = "UT" - revision = "9cd6430ef91e39e1a0ec0470cf1321a33ef1b887" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - input-imports = [ - "github.com/gruntwork-io/terratest/modules/terraform", - "github.com/stretchr/testify/assert", - ] - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/test/src/Gopkg.toml b/test/src/Gopkg.toml deleted file mode 100644 index 995bac5..0000000 --- a/test/src/Gopkg.toml +++ /dev/null @@ -1,7 +0,0 @@ -[[constraint]] - name = "github.com/stretchr/testify" - version = "1.2.2" - -[prune] - go-tests = true - unused-packages = true diff --git a/test/src/Makefile b/test/src/Makefile index d4c7a82..2707cd2 100644 --- a/test/src/Makefile +++ b/test/src/Makefile @@ -1,50 +1,30 @@ -PACKAGE = terraform-aws-rds -GOEXE ?= /usr/bin/go -GOPATH = $(CURDIR)/.gopath -GOBIN = $(GOPATH)/bin -BASE = $(GOPATH)/src/$(PACKAGE) -PATH := $(PATH):$(GOBIN) - -export TF_DATA_DIR ?= $(CURDIR)/.terraform export TF_CLI_ARGS_init ?= -get-plugins=true -export GOPATH +export TERRAFORM_VERSION ?= $(shell curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version' | cut -d. -f1-2) + +.DEFAULT_GOAL : all .PHONY: all ## Default target all: test -ifneq (,$(wildcard /sbin/apk)) -## Install go, if not installed -$(GOEXE): - apk add --update go -endif - -ifeq ($(shell uname -s),Linux) -## Install all `dep`, if not installed -$(GOBIN)/dep: - @mkdir -p $(GOBIN) - @curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -endif - -## Prepare the GOPATH -$(BASE): $(GOEXE) - @mkdir -p $(dir $@) - @ln -sf $(CURDIR) $@ - -## Download vendor dependencies to vendor/ -$(BASE)/vendor: $(BASE) $(GOBIN)/dep - cd $(BASE) && dep ensure - .PHONY : init ## Initialize tests -init: $(BASE)/vendor +init: + @exit 0 .PHONY : test ## Run tests test: init - cd $(BASE) && go test -v -timeout 30m -run TestExamplesComplete + go mod download + go test -v -timeout 60m -run TestExamplesComplete + +## Run tests in docker container +docker/test: + docker run --name terratest --rm -it -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e GITHUB_TOKEN \ + -e PATH="/usr/local/terraform/$(TERRAFORM_VERSION)/bin:/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ + -v $(CURDIR)/../../:/module/ cloudposse/test-harness:latest -C /module/test/src test .PHONY : clean ## Clean up files clean: - rm -rf .gopath/ vendor/ $(TF_DATA_DIR) + rm -rf ../../examples/complete/*.tfstate* diff --git a/test/src/go.mod b/test/src/go.mod new file mode 100644 index 0000000..ec022cb --- /dev/null +++ b/test/src/go.mod @@ -0,0 +1,13 @@ +module github.com/cloudposse/terraform-aws-rds + +go 1.14 + +require ( + github.com/aws/aws-sdk-go v1.36.9 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/go-sql-driver/mysql v1.5.0 // indirect + github.com/google/uuid v1.1.2 // indirect + github.com/gruntwork-io/terratest v0.16.0 + github.com/pquerna/otp v1.3.0 // indirect + github.com/stretchr/testify v1.3.0 +) diff --git a/test/src/go.sum b/test/src/go.sum new file mode 100644 index 0000000..7fc8731 --- /dev/null +++ b/test/src/go.sum @@ -0,0 +1,43 @@ +github.com/aws/aws-sdk-go v1.36.9 h1:TS667yc08a/EHGBqFrfOItpnzSrBFwIf2gQGlDhhQsg= +github.com/aws/aws-sdk-go v1.36.9/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gruntwork-io/terratest v0.16.0 h1:8dDdkAzqwVDclmefcy//oBPWs5bVrWuKYCUwG0WFG4c= +github.com/gruntwork-io/terratest v0.16.0/go.mod h1:NjUn6YXA5Skxt8Rs20t3isYx5Rl+EgvGB8/+RRXddqk= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= +github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/variables.tf b/variables.tf index c27bf7e..bb3d09b 100644 --- a/variables.tf +++ b/variables.tf @@ -1,51 +1,3 @@ -variable "namespace" { - type = string - default = "" - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" -} - -variable "environment" { - type = string - default = "" - description = "Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'" -} - -variable "stage" { - type = string - default = "" - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" -} - -variable "name" { - type = string - default = "" - description = "Solution name, e.g. 'app' or 'jenkins'" -} - -variable "enabled" { - type = bool - default = true - description = "Set to false to prevent the module from creating any resources" -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`" -} - -variable "attributes" { - type = list(string) - default = [] - description = "Additional attributes (e.g. `1`)" -} - -variable "tags" { - type = map(string) - default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" -} - variable "dns_zone_id" { type = string default = "" diff --git a/versions.tf b/versions.tf index 7c5a568..9b6d904 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,18 @@ terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" required_providers { - aws = ">= 2.0" - template = ">= 2.0" - null = ">= 2.0" + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + template = { + source = "hashicorp/template" + version = ">= 2.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } } From 155a3161266b5d2eab1b1a6221029f9122b39cf7 Mon Sep 17 00:00:00 2001 From: Frank <639906+syphernl@users.noreply.github.com> Date: Mon, 21 Dec 2020 11:29:53 +0100 Subject: [PATCH 19/51] fix: use correct variable with route53-cluster-hostname (#83) * fix: use correct variable with route53-cluster-hostname * fix: use correct variable with route53-cluster-hostname --- main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 10fb845..f22b352 100644 --- a/main.tf +++ b/main.tf @@ -160,11 +160,11 @@ resource "aws_security_group_rule" "egress" { } module "dns_host_name" { - source = "cloudposse/route53-cluster-hostname/aws" - version = "0.8.0" - enabled = length(var.dns_zone_id) > 0 && module.this.enabled - name = var.host_name - zone_id = var.dns_zone_id - records = coalescelist(aws_db_instance.default.*.address, [""]) - context = module.this.context + source = "cloudposse/route53-cluster-hostname/aws" + version = "0.8.0" + enabled = length(var.dns_zone_id) > 0 && module.this.enabled + dns_name = var.host_name + zone_id = var.dns_zone_id + records = coalescelist(aws_db_instance.default.*.address, [""]) + context = module.this.context } From 9f753afa2620f75effeb5fdbfd8a0691d9966a8d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 24 Dec 2020 13:04:42 +0700 Subject: [PATCH 20/51] chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.9.0 (#85) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f22b352..b530889 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ resource "aws_security_group_rule" "egress" { module "dns_host_name" { source = "cloudposse/route53-cluster-hostname/aws" - version = "0.8.0" + version = "0.9.0" enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name zone_id = var.dns_zone_id From 5c17df77af7f7777e059a5e6b5c214ddc55da373 Mon Sep 17 00:00:00 2001 From: Nuru Date: Fri, 25 Dec 2020 17:24:31 -0800 Subject: [PATCH 21/51] [auto-context] Create pull request when context.tf changes (#86) --- .github/workflows/auto-context.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index df1a857..0d175a8 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,7 +27,7 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request=true" + echo "::set-output name=create_pull_request::true" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." From bc274dec1499d9b8415d15695d85d1267235778f Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Fri, 25 Dec 2020 19:59:04 -0800 Subject: [PATCH 22/51] Update context.tf from origin source (#87) Co-authored-by: joe-niland --- context.tf | 3 +-- examples/complete/context.tf | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/context.tf b/context.tf index e5734b7..f5f2797 100644 --- a/context.tf +++ b/context.tf @@ -18,10 +18,9 @@ # will be null, and `module.this.delimiter` will be `-` (hyphen). # - module "this" { source = "cloudposse/label/null" - version = "0.22.0" // requires Terraform >= 0.12.26 + version = "0.22.1" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace diff --git a/examples/complete/context.tf b/examples/complete/context.tf index e5734b7..f5f2797 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -18,10 +18,9 @@ # will be null, and `module.this.delimiter` will be `-` (hyphen). # - module "this" { source = "cloudposse/label/null" - version = "0.22.0" // requires Terraform >= 0.12.26 + version = "0.22.1" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace From ba59189481234a2115cd49e9d9311ae79576fcb7 Mon Sep 17 00:00:00 2001 From: Iaroslav Sheptykin Date: Mon, 28 Dec 2020 08:17:23 +0100 Subject: [PATCH 23/51] Clarify description of db_parameter_group (#67) * Clarify description of db_parameter_group * Updated README.md * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3c23796..6b5315a 100644 --- a/README.md +++ b/README.md @@ -197,7 +197,7 @@ Available targets: | database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | | db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | -| db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | +| db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 13d79a4..4927dc3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -37,7 +37,7 @@ | database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | | db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | -| db\_parameter\_group | Parameter group, depends on DB engine used | `string` | n/a | yes | +| db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | diff --git a/variables.tf b/variables.tf index bb3d09b..a240a73 100644 --- a/variables.tf +++ b/variables.tf @@ -130,7 +130,7 @@ variable "instance_class" { # We're "cloning" default ones, but we need to specify which should be copied variable "db_parameter_group" { type = string - description = "Parameter group, depends on DB engine used" + description = "The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value." # "mysql5.6" # "postgres9.5" } From c682edbe99827cad491c3344d98dd75f0ecc47fe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 28 Dec 2020 15:04:15 +0700 Subject: [PATCH 24/51] chore(deps): update terraform cloudposse/label/null to v0.22.1 (#84) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b530889..bc9d01c 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "final_snapshot_label" { source = "cloudposse/label/null" - version = "0.22.0" + version = "0.22.1" attributes = ["final", "snapshot"] context = module.this.context } From f947533dd7f0adea67d703f8152ebb06579218d6 Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Wed, 6 Jan 2021 08:57:27 -0800 Subject: [PATCH 25/51] Update README.md and docs (#88) Co-authored-by: joe-niland --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b5315a..631037a 100644 --- a/README.md +++ b/README.md @@ -345,7 +345,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) From b1e02e420737a53568042ad5368525c63762eaed Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 7 Jan 2021 00:21:23 +0700 Subject: [PATCH 26/51] Terraform 0.14 upgrade (#89) --- .github/workflows/auto-context.yml | 4 ++-- .github/workflows/validate-codeowners.yml | 7 ------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 0d175a8..739a3c9 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,14 +27,14 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request::true" + echo "::set-output name=create_pull_request=true" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." fi - name: Create Pull Request - if: steps.update.outputs.create_pull_request == 'true' + if: {{ steps.update.outputs.create_pull_request == 'true' }} uses: cloudposse/actions/github/create-pull-request@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 386eb28..8044289 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -9,8 +9,6 @@ jobs: - name: "Checkout source code at current commit" uses: actions/checkout@v2 - uses: mszostok/codeowners-validator@v0.5.0 - if: github.event.pull_request.head.repo.full_name == github.repository - name: "Full check of CODEOWNERS" with: # For now, remove "files" check to allow CODEOWNERS to specify non-existent # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos @@ -18,8 +16,3 @@ jobs: checks: "syntax,owners,duppatterns" # GitHub access token is required only if the `owners` check is enabled github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.5.0 - if: github.event.pull_request.head.repo.full_name != github.repository - name: "Syntax check of CODEOWNERS" - with: - checks: "syntax,duppatterns" From ab39f6af0299a5ff6afba6e29b74f29614a650ab Mon Sep 17 00:00:00 2001 From: Amit Karpe Date: Fri, 8 Jan 2021 01:59:54 +0800 Subject: [PATCH 27/51] Added Microsoft SQL Server example (#79) Co-authored-by: Joe Niland Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- examples/mssql/fixtures.us-east-2.tfvars | 46 ++++++++ examples/mssql/main.tf | 51 +++++++++ examples/mssql/outputs.tf | 51 +++++++++ examples/mssql/variables.tf | 132 +++++++++++++++++++++++ 4 files changed, 280 insertions(+) create mode 100644 examples/mssql/fixtures.us-east-2.tfvars create mode 100644 examples/mssql/main.tf create mode 100644 examples/mssql/outputs.tf create mode 100644 examples/mssql/variables.tf diff --git a/examples/mssql/fixtures.us-east-2.tfvars b/examples/mssql/fixtures.us-east-2.tfvars new file mode 100644 index 0000000..1c18ac6 --- /dev/null +++ b/examples/mssql/fixtures.us-east-2.tfvars @@ -0,0 +1,46 @@ +region = "us-east-2" + +availability_zones = ["us-east-2a","us-east-2b"] + +namespace = "eg" + +stage = "test" + +name = "rds-mssql" + +deletion_protection = false + +database_name = null + +database_user = "admin" + +database_password = "admin_password" + +database_port = 1433 + +multi_az = false + +storage_type = "standard" + +storage_encrypted = false + +allocated_storage = 20 + +# Microsoft SQL Server on Amazon RDS +# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html +engine = "sqlserver-ex" + +# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport +engine_version = "14.00.1000.169.v1" + +#major_engine_version = "5.7" +major_engine_version = "14.00.1000.169.v1" + +instance_class = "db.t2.small" + +#db_parameter_group = "mysql5.7" +db_parameter_group = "sqlserver-ex-14.0" + +publicly_accessible = false + +apply_immediately = true diff --git a/examples/mssql/main.tf b/examples/mssql/main.tf new file mode 100644 index 0000000..3757435 --- /dev/null +++ b/examples/mssql/main.tf @@ -0,0 +1,51 @@ +provider "aws" { + region = var.region +} + +module "vpc" { + source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.7.0" + namespace = var.namespace + stage = var.stage + name = var.name + cidr_block = "172.16.0.0/16" +} + +module "subnets" { + source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.0" + availability_zones = var.availability_zones + namespace = var.namespace + stage = var.stage + name = var.name + vpc_id = module.vpc.vpc_id + igw_id = module.vpc.igw_id + cidr_block = module.vpc.vpc_cidr_block + nat_gateway_enabled = false + nat_instance_enabled = false +} + +module "rds_instance" { + source = "../../" + namespace = var.namespace + stage = var.stage + name = var.name + database_name = var.database_name + database_user = var.database_user + database_password = var.database_password + database_port = var.database_port + multi_az = var.multi_az + storage_type = var.storage_type + allocated_storage = var.allocated_storage + storage_encrypted = var.storage_encrypted + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + db_parameter_group = var.db_parameter_group + + publicly_accessible = var.publicly_accessible + allowed_cidr_blocks = ["172.16.0.0/16"] + vpc_id = module.vpc.vpc_id + subnet_ids = module.subnets.private_subnet_ids + security_group_ids = [module.vpc.vpc_default_security_group_id] + apply_immediately = var.apply_immediately + +} diff --git a/examples/mssql/outputs.tf b/examples/mssql/outputs.tf new file mode 100644 index 0000000..989b967 --- /dev/null +++ b/examples/mssql/outputs.tf @@ -0,0 +1,51 @@ +output "instance_id" { + value = module.rds_instance.instance_id + description = "ID of the instance" +} + +output "instance_address" { + value = module.rds_instance.instance_address + description = "Address of the instance" +} + +output "instance_endpoint" { + value = module.rds_instance.instance_endpoint + description = "DNS Endpoint of the instance" +} + +output "subnet_group_id" { + value = module.rds_instance.subnet_group_id + description = "ID of the Subnet Group" +} + +output "security_group_id" { + value = module.rds_instance.security_group_id + description = "ID of the Security Group" +} + +output "parameter_group_id" { + value = module.rds_instance.parameter_group_id + description = "ID of the Parameter Group" +} + +output "option_group_id" { + value = module.rds_instance.option_group_id + description = "ID of the Option Group" +} + +output "hostname" { + value = module.rds_instance.hostname + description = "DNS host name of the instance" +} + +output "public_subnet_cidrs" { + value = module.subnets.public_subnet_cidrs +} + +output "private_subnet_cidrs" { + value = module.subnets.private_subnet_cidrs +} + +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} diff --git a/examples/mssql/variables.tf b/examples/mssql/variables.tf new file mode 100644 index 0000000..acc2d6e --- /dev/null +++ b/examples/mssql/variables.tf @@ -0,0 +1,132 @@ +variable "region" { + type = string + description = "AWS region" +} + +variable "availability_zones" { + type = list(string) +} + +variable "namespace" { + type = string + description = "Namespace (e.g. `eg` or `cp`)" +} + +variable "stage" { + type = string + description = "Stage (e.g. `prod`, `dev`, `staging`, `infra`)" +} + +variable "name" { + type = string + description = "Name (e.g. `app` or `cluster`)" +} + +variable "database_name" { + type = string + description = "The name of the database to create when the DB instance is created" +} + +variable "database_user" { + type = string + description = "Username for the master DB user" +} + +variable "database_password" { + type = string + description = "Password for the master DB user" +} + +variable "database_port" { + type = number + description = "Database port (_e.g._ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids`" +} + +variable "deletion_protection" { + type = bool + description = "Set to true to enable deletion protection on the RDS instance" +} + +variable "multi_az" { + type = bool + description = "Set to true if multi AZ deployment must be supported" +} + +variable "storage_type" { + type = string + description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD)" +} + +variable "storage_encrypted" { + type = bool + description = "(Optional) Specifies whether the DB instance is encrypted. The default is false if not specified" +} + +variable "allocated_storage" { + type = number + description = "The allocated storage in GBs" +} + +variable "engine" { + type = string + description = "Database engine type" + # http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html + # - mysql + # - postgres + # - oracle-* + # - sqlserver-* +} + +variable "engine_version" { + type = string + description = "Database engine version, depends on engine type" + # http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html +} + +variable "major_engine_version" { + type = string + description = "Database MAJOR engine version, depends on engine type" + # https://docs.aws.amazon.com/cli/latest/reference/rds/create-option-group.html +} + +variable "instance_class" { + type = string + description = "Class of RDS instance" + # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html +} + +variable "db_parameter_group" { + type = string + description = "Parameter group, depends on DB engine used" + # "mysql5.6" + # "postgres9.5" +} + +variable "publicly_accessible" { + type = bool + description = "Determines if database can be publicly available (NOT recommended)" +} + +variable "apply_immediately" { + type = bool + description = "Specifies whether any database modifications are applied immediately, or during the next maintenance window" +} + +variable "subnet_ids" { + description = "A list of VPC subnet IDs" + default = [] + type = list(string) +} + +variable "security_group_ids" { + description = "List of VPC security groups to associate" + default = [] + type = list(string) +} + +variable "vpc_id" { + type = string + default = "" + description = "VPC ID the DB instance will be created in" +} + From 5e99e9379aa0cbc5082e275bdc5cd6b34141b3c6 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Tue, 26 Jan 2021 11:49:32 +0700 Subject: [PATCH 28/51] storage_encrypted default value changed to true (#92) --- .gitignore | 1 + README.md | 2 +- docs/terraform.md | 2 +- examples/complete/main.tf | 4 +- main.tf | 2 +- test/src/go.mod | 5 +- test/src/go.sum | 555 ++++++++++++++++++++++++++++++++++++++ variables.tf | 2 +- 8 files changed, 564 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 7993aaa..f63d8d9 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ .terraform .idea *.iml +**/.terraform.lock.hcl .build-harness build-harness diff --git a/README.md b/README.md index 631037a..99cbc9d 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ Available targets: | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | +| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 4927dc3..cceddfa 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -74,7 +74,7 @@ | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `false` | no | +| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f104aa2..c5f8f44 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -4,14 +4,14 @@ provider "aws" { module "vpc" { source = "cloudposse/vpc/aws" - version = "0.18.1" + version = "0.18.2" context = module.this.context cidr_block = "172.16.0.0/16" } module "subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.32.0" + version = "0.34.0" context = module.this.context availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id diff --git a/main.tf b/main.tf index bc9d01c..e176725 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ resource "aws_security_group_rule" "egress" { module "dns_host_name" { source = "cloudposse/route53-cluster-hostname/aws" - version = "0.9.0" + version = "0.10.0" enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name zone_id = var.dns_zone_id diff --git a/test/src/go.mod b/test/src/go.mod index ec022cb..ea9feb9 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -4,10 +4,9 @@ go 1.14 require ( github.com/aws/aws-sdk-go v1.36.9 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect github.com/go-sql-driver/mysql v1.5.0 // indirect github.com/google/uuid v1.1.2 // indirect - github.com/gruntwork-io/terratest v0.16.0 + github.com/gruntwork-io/terratest v0.31.3 github.com/pquerna/otp v1.3.0 // indirect - github.com/stretchr/testify v1.3.0 + github.com/stretchr/testify v1.4.0 ) diff --git a/test/src/go.sum b/test/src/go.sum index 7fc8731..ef4193d 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -1,43 +1,598 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v46.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= +github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0= +github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= +github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.5/go.mod h1:foo3aIXRQ90zFve3r0QiDsrjGDUwWhKl0ZOQy1CT14k= +github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= +github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= +github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= +github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= +github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.2/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.1/go.mod h1:ea90/jvmnAwDrSooLH4sRIehEPtG/EPUXavDh31MnA4= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= +github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= +github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= +github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= +github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= +github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= +github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.36.9 h1:TS667yc08a/EHGBqFrfOItpnzSrBFwIf2gQGlDhhQsg= github.com/aws/aws-sdk-go v1.36.9/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v0.0.0-20200109221225-a4f60165b7a3/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= +github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-containerregistry v0.0.0-20200110202235-f4fb41bf00a3/go.mod h1:2wIuQute9+hhWqvL3vEI7YB0EKluF4WcPzI1eAliazk= +github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/gruntwork-io/gruntwork-cli v0.7.0/go.mod h1:jp6Z7NcLF2avpY8v71fBx6hds9eOFPELSuD/VPv7w00= github.com/gruntwork-io/terratest v0.16.0 h1:8dDdkAzqwVDclmefcy//oBPWs5bVrWuKYCUwG0WFG4c= github.com/gruntwork-io/terratest v0.16.0/go.mod h1:NjUn6YXA5Skxt8Rs20t3isYx5Rl+EgvGB8/+RRXddqk= +github.com/gruntwork-io/terratest v0.31.3 h1:iyTRcIaB3rPHwKNLPBpoRHfo18H79dLt71jFhif/K0o= +github.com/gruntwork-io/terratest v0.31.3/go.mod h1:EEgJie28gX/4AD71IFqgMj6e99KP5mi81hEtzmDjxTo= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o= +github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= +github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/oracle/oci-go-sdk v7.1.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= +github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vdemeester/k8s-pkg-credentialprovider v0.0.0-20200107171650-7c61ffa44238/go.mod h1:JwQJCMWpUDqjZrB5jpw0f5VbN7U95zxFy1ZDpoEarGo= +github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191205215504-7b8c8591a921/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200113040837-eac381796e91/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= +k8s.io/api v0.19.3/go.mod h1:VF+5FT1B74Pw3KxMdKyinLo+zynBaMBiAfGMuldcNDs= +k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/apimachinery v0.19.3/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= +k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k= +k8s.io/client-go v0.19.3/go.mod h1:+eEMktZM+MG0KO+PTkci8xnbCZHvj9TqR6Q1XDUIJOM= +k8s.io/cloud-provider v0.17.0/go.mod h1:Ze4c3w2C0bRsjkBUoHpFi+qWe3ob1wI2/7cUn+YQIDE= +k8s.io/code-generator v0.0.0-20191121015212-c4c8f8345c7e/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= +k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= +k8s.io/csi-translation-lib v0.17.0/go.mod h1:HEF7MEz7pOLJCnxabi45IPkhSsE/KmxPQksuCrHKWls= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= +k8s.io/legacy-cloud-providers v0.17.0/go.mod h1:DdzaepJ3RtRy+e5YhNtrCYwlgyK87j/5+Yfp0L9Syp8= +k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= +modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= +modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= +modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= +modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/variables.tf b/variables.tf index a240a73..67946f0 100644 --- a/variables.tf +++ b/variables.tf @@ -71,7 +71,7 @@ variable "storage_type" { variable "storage_encrypted" { type = bool description = "(Optional) Specifies whether the DB instance is encrypted. The default is false if not specified" - default = false + default = true } variable "iops" { From 5ac9a669c0ee6eba08cdda64d6bd0a57324cf812 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 4 Feb 2021 11:53:02 +0700 Subject: [PATCH 29/51] minimum required Terraform version bumped to 0.13.0, context.tf updated, readme updated (#99) --- .github/auto-release.yml | 8 +++ .github/mergify.yml | 28 +++++--- .github/workflows/auto-context.yml | 6 +- .github/workflows/auto-format.yml | 86 +++++++++++++++++++++++ .github/workflows/auto-release.yml | 2 +- .github/workflows/validate-codeowners.yml | 7 ++ README.md | 25 ++++++- context.tf | 45 +++++++++++- docs/terraform.md | 6 +- examples/complete/context.tf | 45 +++++++++++- main.tf | 4 +- versions.tf | 2 +- 12 files changed, 241 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/auto-format.yml diff --git a/.github/auto-release.yml b/.github/auto-release.yml index 18a1ca6..c78a4d8 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -43,3 +43,11 @@ change-template: | template: | $CHANGES + +replacers: +# Remove irrelevant information from Renovate bot +- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm' + replace: '' +# Remove Renovate bot banner image +- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' + replace: '' diff --git a/.github/mergify.yml b/.github/mergify.yml index 485982f..b010656 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -1,12 +1,16 @@ +# https://docs.mergify.io/conditions.html +# https://docs.mergify.io/actions.html pull_request_rules: - name: "approve automated PRs that have passed checks" conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" + - "author~=^(cloudpossebot|renovate\\[bot\\])$" - "base=master" - - "author=cloudpossebot" - - "head~=auto-update/.*" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" actions: review: type: "APPROVE" @@ -15,16 +19,17 @@ pull_request_rules: - name: "merge automated PRs when approved and tests pass" conditions: - - "check-success~=test/bats" - - "check-success~=test/readme" - - "check-success~=test/terratest" + - "author~=^(cloudpossebot|renovate\\[bot\\])$" - "base=master" - - "head~=auto-update/.*" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" - "#approved-reviews-by>=1" - "#changes-requested-reviews-by=0" - "#commented-reviews-by=0" - - "base=master" - - "author=cloudpossebot" actions: merge: method: "squash" @@ -38,6 +43,7 @@ pull_request_rules: - name: "ask to resolve conflict" conditions: - "conflict" + - "-closed" actions: comment: message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 739a3c9..ab979e0 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,17 +27,19 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request=true" + echo "::set-output name=create_pull_request::true" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." fi - name: Create Pull Request - if: {{ steps.update.outputs.create_pull_request == 'true' }} + if: steps.update.outputs.create_pull_request == 'true' uses: cloudposse/actions/github/create-pull-request@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' + author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' commit-message: Update context.tf from origin source title: Update context.tf body: |- diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml new file mode 100644 index 0000000..990abed --- /dev/null +++ b/.github/workflows/auto-format.yml @@ -0,0 +1,86 @@ +name: Auto Format +on: + pull_request_target: + types: [opened, synchronize] + +jobs: + auto-format: + runs-on: ubuntu-latest + container: cloudposse/build-harness:slim-latest + steps: + # Checkout the pull request branch + # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using + # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains + # a workflow configured to run when push events occur." + # However, using a personal access token will cause events to be triggered. + # We need that to ensure a status gets posted after the auto-format commit. + # We also want to trigger tests if the auto-format made no changes. + - uses: actions/checkout@v2 + if: github.event.pull_request.state == 'open' + name: Privileged Checkout + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + # Check out the PR commit, not the merge commit + # Use `ref` instead of `sha` to enable pushing back to `ref` + ref: ${{ github.event.pull_request.head.ref }} + + # Do all the formatting stuff + - name: Auto Format + if: github.event.pull_request.state == 'open' + shell: bash + run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host + + # Commit changes (if any) to the PR branch + - name: Commit changes to the PR branch + if: github.event.pull_request.state == 'open' + shell: bash + id: commit + env: + SENDER: ${{ github.event.sender.login }} + run: | + set -x + output=$(git diff --name-only) + + if [ -n "$output" ]; then + echo "Changes detected. Pushing to the PR branch" + git config --global user.name 'cloudpossebot' + git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' + git add -A + git commit -m "Auto Format" + # Prevent looping by not pushing changes in response to changes from cloudpossebot + [[ $SENDER == "cloudpossebot" ]] || git push + # Set status to fail, because the push should trigger another status check, + # and we use success to indicate the checks are finished. + printf "::set-output name=%s::%s\n" "changed" "true" + exit 1 + else + printf "::set-output name=%s::%s\n" "changed" "false" + echo "No changes detected" + fi + + - name: Auto Test + uses: cloudposse/actions/github/repository-dispatch@0.22.0 + # match users by ID because logins (user names) are inconsistent, + # for example in the REST API Renovate Bot is `renovate[bot]` but + # in GraphQL it is just `renovate`, plus there is a non-bot + # user `renovate` with ID 1832810. + # Mergify bot: 37929162 + # Renovate bot: 29139614 + # Cloudpossebot: 11232728 + # Need to use space separators to prevent "21" from matching "112144" + if: > + contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) + && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: cloudposse/actions + event-type: test-command + client-payload: |- + { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, + "pull_request": ${{ toJSON(github.event.pull_request) }}, + "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, + "comment": {"id": ""} + } + } + } diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index ccc27be..3f48017 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -6,7 +6,7 @@ on: - master jobs: - semver: + publish: runs-on: ubuntu-latest steps: # Drafts your next Release notes as Pull Requests are merged into "master" diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 8044289..386eb28 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -9,6 +9,8 @@ jobs: - name: "Checkout source code at current commit" uses: actions/checkout@v2 - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name == github.repository + name: "Full check of CODEOWNERS" with: # For now, remove "files" check to allow CODEOWNERS to specify non-existent # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos @@ -16,3 +18,8 @@ jobs: checks: "syntax,owners,duppatterns" # GitHub access token is required only if the `owners` check is enabled github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name != github.repository + name: "Syntax check of CODEOWNERS" + with: + checks: "syntax,duppatterns" diff --git a/README.md b/README.md index 99cbc9d..668cdcb 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,25 @@ The module will create: * DB Security Group * DNS Record in Route53 for the DB endpoint +## Security & Compliance [](https://bridgecrew.io/) + +Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. + +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-rds/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-rds&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | + + + ## Usage @@ -163,7 +182,7 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | null | >= 2.0 | | template | >= 2.0 | @@ -189,7 +208,7 @@ Available targets: | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -213,7 +232,9 @@ Available targets: | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | diff --git a/context.tf b/context.tf index f5f2797..ff90b1c 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.23.0" // requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -54,6 +54,8 @@ variable "context" { regex_replace_chars = string label_order = list(string) id_length_limit = number + label_key_case = string + label_value_case = string }) default = { enabled = true @@ -68,6 +70,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +80,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -165,4 +179,33 @@ variable "id_length_limit" { EOT } +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index cceddfa..d963a77 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | null | >= 2.0 | | template | >= 2.0 | @@ -29,7 +29,7 @@ | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -53,7 +53,9 @@ | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index f5f2797..ff90b1c 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.23.0" // requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -54,6 +54,8 @@ variable "context" { regex_replace_chars = string label_order = list(string) id_length_limit = number + label_key_case = string + label_value_case = string }) default = { enabled = true @@ -68,6 +70,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +80,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -165,4 +179,33 @@ variable "id_length_limit" { EOT } +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/main.tf b/main.tf index e176725..93342bc 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "final_snapshot_label" { source = "cloudposse/label/null" - version = "0.22.1" + version = "0.23.0" attributes = ["final", "snapshot"] context = module.this.context } @@ -161,7 +161,7 @@ resource "aws_security_group_rule" "egress" { module "dns_host_name" { source = "cloudposse/route53-cluster-hostname/aws" - version = "0.10.0" + version = "0.11.0" enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name zone_id = var.dns_zone_id diff --git a/versions.tf b/versions.tf index 9b6d904..fa5b7ea 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { From 6c50d09c6bc098531819deb3dc58071ef04bb2df Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 09:06:19 +0000 Subject: [PATCH 30/51] chore(deps): update terraform cloudposse/label/null to v0.24.0 (#100) * chore(deps): update terraform cloudposse/label/null to v0.24.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- examples/mssql/fixtures.us-east-2.tfvars | 2 +- examples/mssql/main.tf | 34 ++++++++++++------------ main.tf | 2 +- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/examples/mssql/fixtures.us-east-2.tfvars b/examples/mssql/fixtures.us-east-2.tfvars index 1c18ac6..f3f6104 100644 --- a/examples/mssql/fixtures.us-east-2.tfvars +++ b/examples/mssql/fixtures.us-east-2.tfvars @@ -1,6 +1,6 @@ region = "us-east-2" -availability_zones = ["us-east-2a","us-east-2b"] +availability_zones = ["us-east-2a", "us-east-2b"] namespace = "eg" diff --git a/examples/mssql/main.tf b/examples/mssql/main.tf index 3757435..42c7875 100644 --- a/examples/mssql/main.tf +++ b/examples/mssql/main.tf @@ -24,23 +24,23 @@ module "subnets" { } module "rds_instance" { - source = "../../" - namespace = var.namespace - stage = var.stage - name = var.name - database_name = var.database_name - database_user = var.database_user - database_password = var.database_password - database_port = var.database_port - multi_az = var.multi_az - storage_type = var.storage_type - allocated_storage = var.allocated_storage - storage_encrypted = var.storage_encrypted - engine = var.engine - engine_version = var.engine_version - instance_class = var.instance_class - db_parameter_group = var.db_parameter_group - + source = "../../" + namespace = var.namespace + stage = var.stage + name = var.name + database_name = var.database_name + database_user = var.database_user + database_password = var.database_password + database_port = var.database_port + multi_az = var.multi_az + storage_type = var.storage_type + allocated_storage = var.allocated_storage + storage_encrypted = var.storage_encrypted + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + db_parameter_group = var.db_parameter_group + publicly_accessible = var.publicly_accessible allowed_cidr_blocks = ["172.16.0.0/16"] vpc_id = module.vpc.vpc_id diff --git a/main.tf b/main.tf index 93342bc..79f10d0 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "final_snapshot_label" { source = "cloudposse/label/null" - version = "0.23.0" + version = "0.24.0" attributes = ["final", "snapshot"] context = module.this.context } From 52208ffb25710ee7d91bef77eb645512084c9b11 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 10:24:09 +0000 Subject: [PATCH 31/51] chore(deps): update terraform cloudposse/label/null to v0.24.1 (#101) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 79f10d0..2cf024e 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "final_snapshot_label" { source = "cloudposse/label/null" - version = "0.24.0" + version = "0.24.1" attributes = ["final", "snapshot"] context = module.this.context } From 078937c4679c06973730d8b4a45e0e62b4a332bd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 20:44:23 +0000 Subject: [PATCH 32/51] chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.12.0 (#104) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 2cf024e..de4c1a1 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ resource "aws_security_group_rule" "egress" { module "dns_host_name" { source = "cloudposse/route53-cluster-hostname/aws" - version = "0.11.0" + version = "0.12.0" enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name zone_id = var.dns_zone_id From 2e5547d17bd92c117db39e9b904117eb3a3c257e Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Thu, 4 Feb 2021 19:31:35 -0800 Subject: [PATCH 33/51] Update context.tf from origin source (#105) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 8 ++++---- context.tf | 35 +++++++++++++---------------------- docs/terraform.md | 8 ++++---- examples/complete/context.tf | 35 +++++++++++++---------------------- 4 files changed, 34 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index 668cdcb..37d1704 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ Available targets: | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -228,13 +228,13 @@ Available targets: | final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | host\_name | The DB host name created in Route53 | `string` | `"db"` | no | | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | diff --git a/context.tf b/context.tf index ff90b1c..81f99b4 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.23.0" // requires Terraform >= 0.13.0 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,22 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - label_key_case = string - label_value_case = string - }) + type = any default = { enabled = true namespace = null @@ -82,12 +69,12 @@ variable "context" { EOT validation { - condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) error_message = "Allowed values: `lower`, `title`, `upper`." } validation { - condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } @@ -172,11 +159,15 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } } variable "label_key_case" { @@ -184,7 +175,7 @@ variable "label_key_case" { default = null description = <<-EOT The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. + Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -199,7 +190,7 @@ variable "label_value_case" { default = null description = <<-EOT The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). Default value: `lower`. EOT diff --git a/docs/terraform.md b/docs/terraform.md index d963a77..c1385f7 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -29,7 +29,7 @@ | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | | database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | | database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -49,13 +49,13 @@ | final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | host\_name | The DB host name created in Route53 | `string` | `"db"` | no | | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | instance\_class | Class of RDS instance | `string` | n/a | yes | | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index ff90b1c..81f99b4 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.23.0" // requires Terraform >= 0.13.0 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,22 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - label_key_case = string - label_value_case = string - }) + type = any default = { enabled = true namespace = null @@ -82,12 +69,12 @@ variable "context" { EOT validation { - condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) error_message = "Allowed values: `lower`, `title`, `upper`." } validation { - condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } @@ -172,11 +159,15 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } } variable "label_key_case" { @@ -184,7 +175,7 @@ variable "label_key_case" { default = null description = <<-EOT The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. + Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -199,7 +190,7 @@ variable "label_value_case" { default = null description = <<-EOT The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). Default value: `lower`. EOT From 07dcdd257875e93a8f322e5132bc1e848865a22a Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Fri, 5 Feb 2021 14:43:40 +0700 Subject: [PATCH 34/51] context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated (#103) --- .github/CODEOWNERS | 7 +++--- .github/workflows/auto-readme.yml | 41 ------------------------------- 2 files changed, 4 insertions(+), 44 deletions(-) delete mode 100644 .github/workflows/auto-readme.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ceb4644..2537f2f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,9 +15,10 @@ # Cloud Posse must review any changes to standard context definition, # but some changes can be rubber-stamped. -**/context.tf @cloudposse/engineering @cloudposse/approvers -README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers -docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +**/*.tf @cloudposse/engineering @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers # Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration .github/mergify.yml @cloudposse/admins diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index 6229e60..0000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "auto-readme" -on: - schedule: - # Update README.md nightly - - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - make init - make readme/build - - - name: Create Pull Request - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: master - delete-branch: true - labels: | - auto-update - readme From caebe2f8da8767d4b88ac953cdf86d13e026f9c9 Mon Sep 17 00:00:00 2001 From: nnsense Date: Fri, 26 Feb 2021 19:34:56 +0000 Subject: [PATCH 35/51] Terraform 0.13 requires snapshot_identifier explicitly set to null (#106) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 22 ++++++++++++++++++++-- docs/terraform.md | 22 ++++++++++++++++++++-- variables.tf | 2 +- 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 37d1704..5cddbff 100644 --- a/README.md +++ b/README.md @@ -193,6 +193,25 @@ Available targets: |------|---------| | aws | >= 2.0 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| dns_host_name | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| final_snapshot_label | cloudposse/label/null | 0.24.1 | +| this | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | +|------| +| [aws_db_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | +| [aws_db_option_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | +| [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | +| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | +| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | + ## Inputs | Name | Description | Type | Default | Required | @@ -253,7 +272,7 @@ Available targets: | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | -| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | +| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | @@ -274,7 +293,6 @@ Available targets: | parameter\_group\_id | ID of the Parameter Group | | security\_group\_id | ID of the Security Group | | subnet\_group\_id | ID of the Subnet Group | - diff --git a/docs/terraform.md b/docs/terraform.md index c1385f7..a6f78c0 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -14,6 +14,25 @@ |------|---------| | aws | >= 2.0 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| dns_host_name | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| final_snapshot_label | cloudposse/label/null | 0.24.1 | +| this | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | +|------| +| [aws_db_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | +| [aws_db_option_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | +| [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | +| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | +| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | + ## Inputs | Name | Description | Type | Default | Required | @@ -74,7 +93,7 @@ | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | -| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | +| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | @@ -95,5 +114,4 @@ | parameter\_group\_id | ID of the Parameter Group | | security\_group\_id | ID of the Security Group | | subnet\_group\_id | ID of the Subnet Group | - diff --git a/variables.tf b/variables.tf index 67946f0..4121011 100644 --- a/variables.tf +++ b/variables.tf @@ -230,7 +230,7 @@ variable "db_options" { variable "snapshot_identifier" { type = string description = "Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot" - default = "" + default = null } variable "final_snapshot_identifier" { From e215164e6efb481327f84447e8ff276479615ca8 Mon Sep 17 00:00:00 2001 From: Andriy Knysh Date: Tue, 16 Mar 2021 09:01:54 -0400 Subject: [PATCH 36/51] Add `create_before_destroy` for parameter group. Make subnet group optional (#110) * Update parameter and option groups. Update tests * Update parameter and option groups. Update tests * Update parameter and option groups. Update tests * Auto Format * Update parameter and option groups. Update tests Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- .github/mergify.yml | 7 ++++ .github/workflows/auto-format.yml | 4 +- .github/workflows/auto-release.yml | 24 +++++++---- LICENSE | 2 +- README.md | 6 ++- docs/terraform.md | 6 ++- examples/complete/main.tf | 57 ++++++++++++++----------- examples/complete/outputs.tf | 2 +- examples/complete/variables.tf | 12 ++++++ main.tf | 67 +++++++++++++++++++++++------- outputs.tf | 2 +- test/src/examples_complete_test.go | 19 +++++++-- variables.tf | 15 ++++++- 13 files changed, 161 insertions(+), 62 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index b010656..ef15545 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -56,3 +56,10 @@ pull_request_rules: changes_requested: true approved: true message: "This Pull Request has been updated, so we're dismissing all reviews." + +- name: "close Pull Requests without files changed" + conditions: + - "#files=0" + actions: + close: + message: "This pull request has been automatically closed by Mergify because there are no longer any changes." diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index 990abed..375d0fd 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -6,7 +6,7 @@ on: jobs: auto-format: runs-on: ubuntu-latest - container: cloudposse/build-harness:slim-latest + container: cloudposse/build-harness:latest steps: # Checkout the pull request branch # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using @@ -29,6 +29,8 @@ jobs: - name: Auto Format if: github.event.pull_request.state == 'open' shell: bash + env: + GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host # Commit changes (if any) to the PR branch diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3f48017..c766b1f 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -3,17 +3,23 @@ name: auto-release on: push: branches: - - master + - master jobs: publish: runs-on: ubuntu-latest steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - with: - publish: true - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Get PR from merged commit to master + - uses: actions-ecosystem/action-get-merged-pull-request@v1 + id: get-merged-pull-request + with: + github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')" + with: + publish: true + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/LICENSE b/LICENSE index a6e3b3e..42e40b6 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2017-2019 Cloud Posse, LLC + Copyright 2017-2021 Cloud Posse, LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 5cddbff..dde6391 100644 --- a/README.md +++ b/README.md @@ -224,6 +224,7 @@ Available targets: | associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| availability\_zone | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | @@ -236,6 +237,7 @@ Available targets: | db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | +| db\_subnet\_group\_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | @@ -276,7 +278,7 @@ Available targets: | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | -| subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | +| subnet\_ids | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | @@ -292,7 +294,7 @@ Available targets: | option\_group\_id | ID of the Option Group | | parameter\_group\_id | ID of the Parameter Group | | security\_group\_id | ID of the Security Group | -| subnet\_group\_id | ID of the Subnet Group | +| subnet\_group\_id | ID of the created Subnet Group | diff --git a/docs/terraform.md b/docs/terraform.md index a6f78c0..28958bc 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -45,6 +45,7 @@ | associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| availability\_zone | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | @@ -57,6 +58,7 @@ | db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | +| db\_subnet\_group\_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | | deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | @@ -97,7 +99,7 @@ | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | -| subnet\_ids | List of subnets for the DB | `list(string)` | n/a | yes | +| subnet\_ids | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | @@ -113,5 +115,5 @@ | option\_group\_id | ID of the Option Group | | parameter\_group\_id | ID of the Parameter Group | | security\_group\_id | ID of the Security Group | -| subnet\_group\_id | ID of the Subnet Group | +| subnet\_group\_id | ID of the created Subnet Group | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index c5f8f44..d3fcec4 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,44 +3,49 @@ provider "aws" { } module "vpc" { - source = "cloudposse/vpc/aws" - version = "0.18.2" - context = module.this.context + source = "cloudposse/vpc/aws" + version = "0.21.1" + cidr_block = "172.16.0.0/16" + + context = module.this.context } module "subnets" { - source = "cloudposse/dynamic-subnets/aws" - version = "0.34.0" - context = module.this.context + source = "cloudposse/dynamic-subnets/aws" + version = "0.38.0" + availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id igw_id = module.vpc.igw_id cidr_block = module.vpc.vpc_cidr_block nat_gateway_enabled = false nat_instance_enabled = false + + context = module.this.context } module "rds_instance" { - source = "../../" - context = module.this.context - database_name = var.database_name - database_user = var.database_user - database_password = var.database_password - database_port = var.database_port - multi_az = var.multi_az - storage_type = var.storage_type - allocated_storage = var.allocated_storage - storage_encrypted = var.storage_encrypted - engine = var.engine - engine_version = var.engine_version - instance_class = var.instance_class - db_parameter_group = var.db_parameter_group - publicly_accessible = var.publicly_accessible - vpc_id = module.vpc.vpc_id - subnet_ids = module.subnets.private_subnet_ids - security_group_ids = [module.vpc.vpc_default_security_group_id] - apply_immediately = var.apply_immediately + source = "../../" + database_name = var.database_name + database_user = var.database_user + database_password = var.database_password + database_port = var.database_port + multi_az = var.multi_az + storage_type = var.storage_type + allocated_storage = var.allocated_storage + storage_encrypted = var.storage_encrypted + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + db_parameter_group = var.db_parameter_group + publicly_accessible = var.publicly_accessible + vpc_id = module.vpc.vpc_id + subnet_ids = module.subnets.private_subnet_ids + security_group_ids = [module.vpc.vpc_default_security_group_id] + apply_immediately = var.apply_immediately + availability_zone = var.availability_zone + db_subnet_group_name = var.db_subnet_group_name db_parameter = [ { @@ -54,4 +59,6 @@ module "rds_instance" { apply_method = "immediate" } ] + + context = module.this.context } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 989b967..8407177 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -15,7 +15,7 @@ output "instance_endpoint" { output "subnet_group_id" { value = module.rds_instance.subnet_group_id - description = "ID of the Subnet Group" + description = "ID of the created Subnet Group" } output "security_group_id" { diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index dcc4be0..f2244ea 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -37,6 +37,18 @@ variable "multi_az" { description = "Set to true if multi AZ deployment must be supported" } +variable "availability_zone" { + type = string + default = null + description = "The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic" +} + +variable "db_subnet_group_name" { + type = string + default = null + description = "Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`" +} + variable "storage_type" { type = string description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD)" diff --git a/main.tf b/main.tf index de4c1a1..9579337 100644 --- a/main.tf +++ b/main.tf @@ -8,10 +8,20 @@ module "final_snapshot_label" { locals { computed_major_engine_version = var.engine == "postgres" ? join(".", slice(split(".", var.engine_version), 0, 1)) : join(".", slice(split(".", var.engine_version), 0, 2)) major_engine_version = var.major_engine_version == "" ? local.computed_major_engine_version : var.major_engine_version + + subnet_ids_provided = var.subnet_ids != null && length(var.subnet_ids) > 0 + db_subnet_group_name_provided = var.db_subnet_group_name != null && var.db_subnet_group_name != "" + + db_subnet_group_name = local.db_subnet_group_name_provided ? var.db_subnet_group_name : ( + local.subnet_ids_provided ? join("", aws_db_subnet_group.default.*.name) : null + ) + + availability_zone = var.multi_az ? null : var.availability_zone } resource "aws_db_instance" "default" { - count = module.this.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 + identifier = module.this.id name = var.database_name username = var.database_user @@ -32,8 +42,10 @@ resource "aws_db_instance" "default" { ) ) + db_subnet_group_name = local.db_subnet_group_name + availability_zone = local.availability_zone + ca_cert_identifier = var.ca_cert_identifier - db_subnet_group_name = join("", aws_db_subnet_group.default.*.name) parameter_group_name = length(var.parameter_group_name) > 0 ? var.parameter_group_name : join("", aws_db_parameter_group.default.*.name) option_group_name = length(var.option_group_name) > 0 ? var.option_group_name : join("", aws_db_option_group.default.*.name) license_model = var.license_model @@ -62,13 +74,27 @@ resource "aws_db_instance" "default" { monitoring_interval = var.monitoring_interval monitoring_role_arn = var.monitoring_role_arn + + depends_on = [ + aws_db_subnet_group.default, + aws_security_group.default, + aws_db_parameter_group.default, + aws_db_option_group.default + ] + + lifecycle { + ignore_changes = [ + snapshot_identifier, # if created from a snapshot, will be non-null at creation, but null afterwards + ] + } } resource "aws_db_parameter_group" "default" { - count = length(var.parameter_group_name) == 0 && module.this.enabled ? 1 : 0 - name = module.this.id - family = var.db_parameter_group - tags = module.this.tags + count = length(var.parameter_group_name) == 0 && module.this.enabled ? 1 : 0 + + name_prefix = "${module.this.id}${module.this.delimiter}" + family = var.db_parameter_group + tags = module.this.tags dynamic "parameter" { for_each = var.db_parameter @@ -78,11 +104,16 @@ resource "aws_db_parameter_group" "default" { value = parameter.value.value } } + + lifecycle { + create_before_destroy = true + } } resource "aws_db_option_group" "default" { - count = length(var.option_group_name) == 0 && module.this.enabled ? 1 : 0 - name = module.this.id + count = length(var.option_group_name) == 0 && module.this.enabled ? 1 : 0 + + name_prefix = "${module.this.id}${module.this.delimiter}" engine_name = var.engine major_engine_version = local.major_engine_version tags = module.this.tags @@ -112,14 +143,16 @@ resource "aws_db_option_group" "default" { } resource "aws_db_subnet_group" "default" { - count = module.this.enabled ? 1 : 0 + count = module.this.enabled && local.subnet_ids_provided && ! local.db_subnet_group_name_provided ? 1 : 0 + name = module.this.id subnet_ids = var.subnet_ids tags = module.this.tags } resource "aws_security_group" "default" { - count = module.this.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 + name = module.this.id description = "Allow inbound traffic from the security groups" vpc_id = var.vpc_id @@ -127,7 +160,8 @@ resource "aws_security_group" "default" { } resource "aws_security_group_rule" "ingress_security_groups" { - count = module.this.enabled ? length(var.security_group_ids) : 0 + count = module.this.enabled ? length(var.security_group_ids) : 0 + description = "Allow inbound traffic from existing Security Groups" type = "ingress" from_port = var.database_port @@ -138,7 +172,8 @@ resource "aws_security_group_rule" "ingress_security_groups" { } resource "aws_security_group_rule" "ingress_cidr_blocks" { - count = module.this.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 + count = module.this.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 + description = "Allow inbound traffic from CIDR blocks" type = "ingress" from_port = var.database_port @@ -160,11 +195,13 @@ resource "aws_security_group_rule" "egress" { } module "dns_host_name" { - source = "cloudposse/route53-cluster-hostname/aws" - version = "0.12.0" + source = "cloudposse/route53-cluster-hostname/aws" + version = "0.12.0" + enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name zone_id = var.dns_zone_id records = coalescelist(aws_db_instance.default.*.address, [""]) - context = module.this.context + + context = module.this.context } diff --git a/outputs.tf b/outputs.tf index 285bb4b..e07c26b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -20,7 +20,7 @@ output "instance_endpoint" { output "subnet_group_id" { value = join("", aws_db_subnet_group.default.*.id) - description = "ID of the Subnet Group" + description = "ID of the created Subnet Group" } output "security_group_id" { diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 66780d6..22ab17e 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -1,7 +1,10 @@ package test import ( + "math/rand" + "strconv" "testing" + "time" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" @@ -11,12 +14,20 @@ import ( func TestExamplesComplete(t *testing.T) { t.Parallel() + rand.Seed(time.Now().UnixNano()) + + randId := strconv.Itoa(rand.Intn(100000)) + attributes := []string{randId} + terraformOptions := &terraform.Options{ // The path to where our Terraform code is located TerraformDir: "../../examples/complete", Upgrade: true, // Variables to pass to our Terraform code using -var-file options VarFiles: []string{"fixtures.us-east-2.tfvars"}, + Vars: map[string]interface{}{ + "attributes": attributes, + }, } // At the end of the test, run `terraform destroy` to clean up any resources that were created @@ -43,20 +54,20 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable instanceId := terraform.Output(t, terraformOptions, "instance_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-rds-test", instanceId) + assert.Equal(t, "eg-test-rds-test-"+randId, instanceId) // Run `terraform output` to get the value of an output variable optionGroupId := terraform.Output(t, terraformOptions, "option_group_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-rds-test", optionGroupId) + assert.Contains(t, optionGroupId, "eg-test-rds-test") // Run `terraform output` to get the value of an output variable parameterGroupId := terraform.Output(t, terraformOptions, "parameter_group_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-rds-test", parameterGroupId) + assert.Contains(t, parameterGroupId, "eg-test-rds-test") // Run `terraform output` to get the value of an output variable subnetGroupId := terraform.Output(t, terraformOptions, "subnet_group_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-rds-test", subnetGroupId) + assert.Equal(t, "eg-test-rds-test-"+randId, subnetGroupId) } diff --git a/variables.tf b/variables.tf index 4121011..861af46 100644 --- a/variables.tf +++ b/variables.tf @@ -142,8 +142,21 @@ variable "publicly_accessible" { } variable "subnet_ids" { - description = "List of subnets for the DB" + description = "List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`" type = list(string) + default = [] +} + +variable "availability_zone" { + type = string + default = null + description = "The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic" +} + +variable "db_subnet_group_name" { + type = string + default = null + description = "Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`" } variable "vpc_id" { From 1da1851db808299589d965c49549fa770a303c99 Mon Sep 17 00:00:00 2001 From: Jessica Blackburn <3924323+jblackburn22@users.noreply.github.com> Date: Fri, 2 Apr 2021 17:32:36 -0400 Subject: [PATCH 37/51] Add an output to export resource_id (#112) Co-authored-by: Jessica Blackburn --- .github/workflows/validate-codeowners.yml | 1 + README.md | 183 +++++++++++----------- docs/terraform.md | 183 +++++++++++----------- outputs.tf | 5 + 4 files changed, 192 insertions(+), 180 deletions(-) diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 386eb28..8f531cf 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -1,5 +1,6 @@ name: Validate Codeowners on: + workflow_dispatch: pull_request: jobs: diff --git a/README.md b/README.md index dde6391..4145141 100644 --- a/README.md +++ b/README.md @@ -182,119 +182,122 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | -| null | >= 2.0 | -| template | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [null](#requirement\_null) | >= 2.0 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | +| [aws](#provider\_aws) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| dns_host_name | cloudposse/route53-cluster-hostname/aws | 0.12.0 | -| final_snapshot_label | cloudposse/label/null | 0.24.1 | -| this | cloudposse/label/null | 0.24.1 | +| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_db_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | -| [aws_db_option_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | -| [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | -| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | -| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | +| Name | Type | +|------|------| +| [aws_db_instance.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | +| [aws_db_option_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | resource | +| [aws_db_parameter_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource | +| [aws_db_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | +| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | -| allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | -| allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | -| apply\_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | -| associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | -| availability\_zone | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | -| backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | -| backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | -| ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | -| database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | -| database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | -| database\_port | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | -| database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | -| db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | -| db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | -| db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | -| db\_subnet\_group\_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | -| deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| engine | Database engine type | `string` | n/a | yes | -| engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | -| host\_name | The DB host name created in Route53 | `string` | `"db"` | no | -| iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| instance\_class | Class of RDS instance | `string` | n/a | yes | -| iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | -| kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | -| maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | -| major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | -| max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | -| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | -| monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | -| multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | -| parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | -| performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | -| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | -| performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | -| publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | -| skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | -| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | -| storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | -| subnet\_ids | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | n/a | yes | +| [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | +| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | +| [associate\_security\_group\_ids](#input\_associate\_security\_group\_ids) | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | +| [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | +| [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | +| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | +| [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| [database\_port](#input\_database\_port) | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | +| [database\_user](#input\_database\_user) | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| [db\_options](#input\_db\_options) | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | +| [db\_parameter](#input\_db\_parameter) | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | +| [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | +| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | +| [deletion\_protection](#input\_deletion\_protection) | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | +| [engine](#input\_engine) | Database engine type | `string` | n/a | yes | +| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | +| [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | +| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [instance\_class](#input\_instance\_class) | Class of RDS instance | `string` | n/a | yes | +| [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [license\_model](#input\_license\_model) | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | +| [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | +| [major\_engine\_version](#input\_major\_engine\_version) | Database MAJOR engine version, depends on engine type | `string` | `""` | no | +| [max\_allocated\_storage](#input\_max\_allocated\_storage) | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | +| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | +| [multi\_az](#input\_multi\_az) | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate | `string` | `""` | no | +| [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | +| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | +| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | +| [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | +| [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [storage\_encrypted](#input\_storage\_encrypted) | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | +| [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | +| [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| hostname | DNS host name of the instance | -| instance\_address | Address of the instance | -| instance\_arn | ARN of the instance | -| instance\_endpoint | DNS Endpoint of the instance | -| instance\_id | ID of the instance | -| option\_group\_id | ID of the Option Group | -| parameter\_group\_id | ID of the Parameter Group | -| security\_group\_id | ID of the Security Group | -| subnet\_group\_id | ID of the created Subnet Group | +| [hostname](#output\_hostname) | DNS host name of the instance | +| [instance\_address](#output\_instance\_address) | Address of the instance | +| [instance\_arn](#output\_instance\_arn) | ARN of the instance | +| [instance\_endpoint](#output\_instance\_endpoint) | DNS Endpoint of the instance | +| [instance\_id](#output\_instance\_id) | ID of the instance | +| [option\_group\_id](#output\_option\_group\_id) | ID of the Option Group | +| [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the Parameter Group | +| [resource\_id](#output\_resource\_id) | The RDS Resource ID of this instance. | +| [security\_group\_id](#output\_security\_group\_id) | ID of the Security Group | +| [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the created Subnet Group | diff --git a/docs/terraform.md b/docs/terraform.md index 28958bc..f6ef59a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,117 +3,120 @@ | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | -| null | >= 2.0 | -| template | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [null](#requirement\_null) | >= 2.0 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | +| [aws](#provider\_aws) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| dns_host_name | cloudposse/route53-cluster-hostname/aws | 0.12.0 | -| final_snapshot_label | cloudposse/label/null | 0.24.1 | -| this | cloudposse/label/null | 0.24.1 | +| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_db_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | -| [aws_db_option_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | -| [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | -| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | -| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | +| Name | Type | +|------|------| +| [aws_db_instance.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | +| [aws_db_option_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | resource | +| [aws_db_parameter_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource | +| [aws_db_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | +| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| allocated\_storage | The allocated storage in GBs | `number` | n/a | yes | -| allow\_major\_version\_upgrade | Allow major version upgrade | `bool` | `false` | no | -| allowed\_cidr\_blocks | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | -| apply\_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | -| associate\_security\_group\_ids | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| auto\_minor\_version\_upgrade | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | -| availability\_zone | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | -| backup\_retention\_period | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | -| backup\_window | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | -| ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| copy\_tags\_to\_snapshot | Copy tags from DB to a snapshot | `bool` | `true` | no | -| database\_name | The name of the database to create when the DB instance is created | `string` | n/a | yes | -| database\_password | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | -| database\_port | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | -| database\_user | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | -| db\_options | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | -| db\_parameter | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | -| db\_parameter\_group | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | -| db\_subnet\_group\_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | -| deletion\_protection | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| dns\_zone\_id | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| enabled\_cloudwatch\_logs\_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| engine | Database engine type | `string` | n/a | yes | -| engine\_version | Database engine version, depends on engine type | `string` | n/a | yes | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| final\_snapshot\_identifier | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | -| host\_name | The DB host name created in Route53 | `string` | `"db"` | no | -| iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| instance\_class | Class of RDS instance | `string` | n/a | yes | -| iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | -| kms\_key\_arn | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| license\_model | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | -| maintenance\_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | -| major\_engine\_version | Database MAJOR engine version, depends on engine type | `string` | `""` | no | -| max\_allocated\_storage | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | -| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | -| monitoring\_role\_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | -| multi\_az | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| option\_group\_name | Name of the DB option group to associate | `string` | `""` | no | -| parameter\_group\_name | Name of the DB parameter group to associate | `string` | `""` | no | -| performance\_insights\_enabled | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | -| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | -| performance\_insights\_retention\_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | -| publicly\_accessible | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| security\_group\_ids | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | -| skip\_final\_snapshot | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | -| snapshot\_identifier | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| storage\_encrypted | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | -| storage\_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | -| subnet\_ids | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| vpc\_id | VPC ID the DB instance will be created in | `string` | n/a | yes | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | n/a | yes | +| [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | +| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | +| [associate\_security\_group\_ids](#input\_associate\_security\_group\_ids) | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | +| [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | +| [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | +| [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | +| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | +| [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| [database\_port](#input\_database\_port) | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | +| [database\_user](#input\_database\_user) | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| [db\_options](#input\_db\_options) | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | +| [db\_parameter](#input\_db\_parameter) | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | +| [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | +| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | +| [deletion\_protection](#input\_deletion\_protection) | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | +| [engine](#input\_engine) | Database engine type | `string` | n/a | yes | +| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | +| [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | +| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [instance\_class](#input\_instance\_class) | Class of RDS instance | `string` | n/a | yes | +| [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [license\_model](#input\_license\_model) | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | +| [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | +| [major\_engine\_version](#input\_major\_engine\_version) | Database MAJOR engine version, depends on engine type | `string` | `""` | no | +| [max\_allocated\_storage](#input\_max\_allocated\_storage) | The upper limit to which RDS can automatically scale the storage in GBs | `number` | `0` | no | +| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | +| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | +| [multi\_az](#input\_multi\_az) | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate | `string` | `""` | no | +| [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | +| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | +| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | +| [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | +| [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [storage\_encrypted](#input\_storage\_encrypted) | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | +| [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | +| [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| hostname | DNS host name of the instance | -| instance\_address | Address of the instance | -| instance\_arn | ARN of the instance | -| instance\_endpoint | DNS Endpoint of the instance | -| instance\_id | ID of the instance | -| option\_group\_id | ID of the Option Group | -| parameter\_group\_id | ID of the Parameter Group | -| security\_group\_id | ID of the Security Group | -| subnet\_group\_id | ID of the created Subnet Group | +| [hostname](#output\_hostname) | DNS host name of the instance | +| [instance\_address](#output\_instance\_address) | Address of the instance | +| [instance\_arn](#output\_instance\_arn) | ARN of the instance | +| [instance\_endpoint](#output\_instance\_endpoint) | DNS Endpoint of the instance | +| [instance\_id](#output\_instance\_id) | ID of the instance | +| [option\_group\_id](#output\_option\_group\_id) | ID of the Option Group | +| [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the Parameter Group | +| [resource\_id](#output\_resource\_id) | The RDS Resource ID of this instance. | +| [security\_group\_id](#output\_security\_group\_id) | ID of the Security Group | +| [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the created Subnet Group | diff --git a/outputs.tf b/outputs.tf index e07c26b..ddbb5a1 100644 --- a/outputs.tf +++ b/outputs.tf @@ -42,3 +42,8 @@ output "hostname" { value = module.dns_host_name.hostname description = "DNS host name of the instance" } + +output "resource_id" { + value = join("", aws_db_instance.default.*.resource_id) + description = "The RDS Resource ID of this instance." +} From 3b6b1e80156e21a85d9f3943900e6981b9f0d4a5 Mon Sep 17 00:00:00 2001 From: nnsense Date: Mon, 14 Jun 2021 17:02:50 +0100 Subject: [PATCH 38/51] Setting ca_cert_identifier default value to null (#115) Co-authored-by: Matteo Migliaccio Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 9 ++++----- docs/terraform.md | 2 +- variables.tf | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4145141..bf15ace 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ + # terraform-aws-rds [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-rds.svg)](https://github.com/cloudposse/terraform-aws-rds/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) @@ -29,7 +30,6 @@ Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) instances - --- This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. @@ -59,7 +59,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are - ## Introduction The module will create: @@ -71,6 +70,7 @@ The module will create: * DB Security Group * DNS Record in Route53 for the DB endpoint + ## Security & Compliance [](https://bridgecrew.io/) Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. @@ -229,7 +229,7 @@ Available targets: | [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | -| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | @@ -309,6 +309,7 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) + ## Related Projects Check out these related projects. @@ -316,8 +317,6 @@ Check out these related projects. - [terraform-aws-rds-cluster](https://github.com/cloudposse/terraform-aws-rds-cluster) - Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - [terraform-aws-rds-cloudwatch-sns-alarms](https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms) - Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic - - ## Help **Got a question?** We got answers. diff --git a/docs/terraform.md b/docs/terraform.md index f6ef59a..f99deb0 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -50,7 +50,7 @@ | [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | -| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `"rds-ca-2019"` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | diff --git a/variables.tf b/variables.tf index 861af46..69a4ddd 100644 --- a/variables.tf +++ b/variables.tf @@ -297,7 +297,7 @@ variable "enabled_cloudwatch_logs_exports" { variable "ca_cert_identifier" { type = string description = "The identifier of the CA certificate for the DB instance" - default = "rds-ca-2019" + default = null } variable "monitoring_interval" { From cb41a4c878df92d03efa845323f9704078417c43 Mon Sep 17 00:00:00 2001 From: Iaroslav Sheptykin Date: Wed, 7 Jul 2021 20:08:25 +0200 Subject: [PATCH 39/51] Add option to define character set (#71) * Add option to define character set * Document selection of character set * Updated README.md * Auto Format Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> Co-authored-by: nitrocode Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 37 +++++++++++++++++++++++++++++++++++++ README.yaml | 36 ++++++++++++++++++++++++++++++++++++ docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 5 files changed, 81 insertions(+) diff --git a/README.md b/README.md index bf15ace..9a59e79 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,42 @@ module "rds_instance" { ] } ``` +### Character Sets + +If you wish to create the database in a specific character set you can use one of the following options depending +on your database engine of choice. + +For Oracle and Microsoft SQL you can specify charset name as an input variable +to this module. For example, for Microsoft SQL, you could use: +```hcl +module "rds_instance" { + ... + charset_name = "Korean_Wansung_CI_AS" + ... +} +``` + +For `mysql` and `mariadb` engines character set of the database can be defined via `db_parameter`. In this example +the database is created with `utf8mb4` (character set) and utf8mb4_unicode_ci (collation): + +```hcl +module "rds_instance" { + ... + db_parameter = [ + { + name = "character_set_server" + value = "utf8mb4" + apply_method = "immediate" + }, + { + name = "collation_server" + value = "utf8mb4_unicode_ci" + apply_method = "immediate" + } + ] + ... +} +``` @@ -230,6 +266,7 @@ Available targets: | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | +| [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | diff --git a/README.yaml b/README.yaml index a464d8f..68f48e2 100644 --- a/README.yaml +++ b/README.yaml @@ -94,6 +94,42 @@ usage: |- ] } ``` + ### Character Sets + + If you wish to create the database in a specific character set you can use one of the following options depending + on your database engine of choice. + + For Oracle and Microsoft SQL you can specify charset name as an input variable + to this module. For example, for Microsoft SQL, you could use: + ```hcl + module "rds_instance" { + ... + charset_name = "Korean_Wansung_CI_AS" + ... + } + ``` + + For `mysql` and `mariadb` engines character set of the database can be defined via `db_parameter`. In this example + the database is created with `utf8mb4` (character set) and utf8mb4_unicode_ci (collation): + + ```hcl + module "rds_instance" { + ... + db_parameter = [ + { + name = "character_set_server" + value = "utf8mb4" + apply_method = "immediate" + }, + { + name = "collation_server" + value = "utf8mb4_unicode_ci" + apply_method = "immediate" + } + ] + ... + } + ``` include: - docs/targets.md - docs/terraform.md diff --git a/docs/terraform.md b/docs/terraform.md index f99deb0..862a7b3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -51,6 +51,7 @@ | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | +| [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | diff --git a/main.tf b/main.tf index 9579337..8b8614e 100644 --- a/main.tf +++ b/main.tf @@ -29,6 +29,7 @@ resource "aws_db_instance" "default" { port = var.database_port engine = var.engine engine_version = var.engine_version + character_set_name = var.charset_name instance_class = var.instance_class allocated_storage = var.allocated_storage max_allocated_storage = var.max_allocated_storage diff --git a/variables.tf b/variables.tf index 69a4ddd..1fc7db4 100644 --- a/variables.tf +++ b/variables.tf @@ -114,6 +114,12 @@ variable "major_engine_version" { # https://docs.aws.amazon.com/cli/latest/reference/rds/create-option-group.html } +variable "charset_name" { + type = string + description = "The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter`" + default = null +} + variable "license_model" { type = string description = "License model for this DB. Optional, but required for some DB Engines. Valid values: license-included | bring-your-own-license | general-public-license" From 414d6caa261cc9992d5e5a829cf3fac4a1bed1aa Mon Sep 17 00:00:00 2001 From: nitrocode Date: Wed, 11 Aug 2021 17:11:08 -0400 Subject: [PATCH 40/51] Add `replicate_source_db` (#120) * replicate_source_db Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 5 +++-- docs/terraform.md | 5 +++-- main.tf | 1 + variables.tf | 8 ++++++++ 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9a59e79..ab89972 100644 --- a/README.md +++ b/README.md @@ -255,7 +255,7 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | n/a | yes | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | @@ -282,7 +282,7 @@ Available targets: | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | Database engine type | `string` | n/a | yes | +| [engine](#input\_engine) | Database engine type | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | @@ -311,6 +311,7 @@ Available targets: | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no | | [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 862a7b3..02fb7cb 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -40,7 +40,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | n/a | yes | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | @@ -67,7 +67,7 @@ | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | Database engine type | `string` | n/a | yes | +| [engine](#input\_engine) | Database engine type | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | @@ -96,6 +96,7 @@ | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no | | [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | diff --git a/main.tf b/main.tf index 8b8614e..60c59b2 100644 --- a/main.tf +++ b/main.tf @@ -66,6 +66,7 @@ resource "aws_db_instance" "default" { tags = module.this.tags deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id + replicate_source_db = var.replicate_source_db iam_database_authentication_enabled = var.iam_database_authentication_enabled enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports diff --git a/variables.tf b/variables.tf index 1fc7db4..51f6c07 100644 --- a/variables.tf +++ b/variables.tf @@ -83,6 +83,7 @@ variable "iops" { variable "allocated_storage" { type = number description = "The allocated storage in GBs" + default = null } variable "max_allocated_storage" { @@ -94,6 +95,7 @@ variable "max_allocated_storage" { variable "engine" { type = string description = "Database engine type" + default = null # http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html # - mysql # - postgres @@ -321,3 +323,9 @@ variable "iam_database_authentication_enabled" { description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" default = false } + +variable "replicate_source_db" { + type = string + description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication." + default = null +} From 863759741a75760375ba48c54b5d8723e5869a34 Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Mon, 23 Aug 2021 20:36:37 -0700 Subject: [PATCH 41/51] Update context.tf from origin source (#122) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 33 ++++++----- context.tf | 109 ++++++++++++++++++++++++++++++----- docs/terraform.md | 33 ++++++----- examples/complete/context.tf | 109 ++++++++++++++++++++++++++++++----- 4 files changed, 222 insertions(+), 62 deletions(-) diff --git a/README.md b/README.md index ab89972..6ce577a 100644 --- a/README.md +++ b/README.md @@ -235,7 +235,7 @@ Available targets: |------|--------|---------| | [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | | [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -254,20 +254,20 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | | [associate\_security\_group\_ids](#input\_associate\_security\_group\_ids) | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | | [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | | [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | | [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -278,23 +278,25 @@ Available targets: | [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | | [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | | [deletion\_protection](#input\_deletion\_protection) | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | | [engine](#input\_engine) | Database engine type | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | | [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [instance\_class](#input\_instance\_class) | Class of RDS instance | `string` | n/a | yes | | [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [license\_model](#input\_license\_model) | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | [major\_engine\_version](#input\_major\_engine\_version) | Database MAJOR engine version, depends on engine type | `string` | `""` | no | @@ -302,24 +304,25 @@ Available targets: | [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | | [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | [multi\_az](#input\_multi\_az) | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate | `string` | `""` | no | | [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | | [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no | | [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [storage\_encrypted](#input\_storage\_encrypted) | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs diff --git a/context.tf b/context.tf index 81f99b4..5e0ef88 100644 --- a/context.tf +++ b/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -20,10 +22,11 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -36,6 +39,8 @@ module "this" { id_length_limit = var.id_length_limit label_key_case = var.label_key_case label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -47,6 +52,7 @@ variable "context" { default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -59,6 +65,15 @@ variable "context" { id_length_limit = null label_key_case = null label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -88,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -121,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -161,7 +214,7 @@ variable "id_length_limit" { description = <<-EOT Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT validation { @@ -174,7 +227,8 @@ variable "label_key_case" { type = string default = null description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -189,8 +243,11 @@ variable "label_value_case" { type = string default = null description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. Default value: `lower`. EOT @@ -199,4 +256,24 @@ variable "label_value_case" { error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT +} + #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index 02fb7cb..50b08c2 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ |------|--------|---------| | [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | | [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -39,20 +39,20 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | | [associate\_security\_group\_ids](#input\_associate\_security\_group\_ids) | The IDs of the existing security groups to associate with the DB instance | `list(string)` | `[]` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `bool` | `true` | no | | [availability\_zone](#input\_availability\_zone) | The AZ for the RDS instance. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone`. If `availability_zone` is provided, the instance will be placed into the default VPC or EC2 Classic | `string` | `null` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | | [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | | [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | | [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | @@ -63,23 +63,25 @@ | [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | | [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `string` | `null` | no | | [deletion\_protection](#input\_deletion\_protection) | Set to true to enable deletion protection on the RDS instance | `bool` | `false` | no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | | [engine](#input\_engine) | Database engine type | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | | [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [instance\_class](#input\_instance\_class) | Class of RDS instance | `string` | n/a | yes | | [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `number` | `0` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the existing KMS key to encrypt storage | `string` | `""` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [license\_model](#input\_license\_model) | License model for this DB. Optional, but required for some DB Engines. Valid values: license-included \| bring-your-own-license \| general-public-license | `string` | `""` | no | | [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | | [major\_engine\_version](#input\_major\_engine\_version) | Database MAJOR engine version, depends on engine type | `string` | `""` | no | @@ -87,24 +89,25 @@ | [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | | [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `string` | `null` | no | | [multi\_az](#input\_multi\_az) | Set to true if multi AZ deployment must be supported | `bool` | `false` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate | `string` | `""` | no | | [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled. | `bool` | `false` | no | | [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. Once KMS key is set, it can never be changed. | `string` | `null` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no | | [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [storage\_encrypted](#input\_storage\_encrypted) | (Optional) Specifies whether the DB instance is encrypted. The default is false if not specified | `bool` | `true` | no | | [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD) | `string` | `"standard"` | no | | [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs diff --git a/examples/complete/context.tf b/examples/complete/context.tf index 81f99b4..5e0ef88 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -20,10 +22,11 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -36,6 +39,8 @@ module "this" { id_length_limit = var.id_length_limit label_key_case = var.label_key_case label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -47,6 +52,7 @@ variable "context" { default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -59,6 +65,15 @@ variable "context" { id_length_limit = null label_key_case = null label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -88,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -121,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -161,7 +214,7 @@ variable "id_length_limit" { description = <<-EOT Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT validation { @@ -174,7 +227,8 @@ variable "label_key_case" { type = string default = null description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -189,8 +243,11 @@ variable "label_value_case" { type = string default = null description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. Default value: `lower`. EOT @@ -199,4 +256,24 @@ variable "label_value_case" { error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT +} + #### End of copy of cloudposse/terraform-null-label/variables.tf From 0a6e2d79418aa50e5233ee3b0817b92612e338cf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 07:56:49 +0000 Subject: [PATCH 42/51] chore(deps): update terraform cloudposse/label/null to v0.25.0 (#126) * chore(deps): update terraform cloudposse/label/null to v0.25.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6ce577a..2aef4cc 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| | [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | -| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | +| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.25.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index 50b08c2..ddff096 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -19,7 +19,7 @@ | Name | Source | Version | |------|--------|---------| | [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | -| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.24.1 | +| [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.25.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/main.tf b/main.tf index 60c59b2..498fdd6 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "final_snapshot_label" { source = "cloudposse/label/null" - version = "0.24.1" + version = "0.25.0" attributes = ["final", "snapshot"] context = module.this.context } From 7457a8af353f7a2d3e68afcceddf0edf4ed1fa0e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 14:01:01 +0000 Subject: [PATCH 43/51] chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.12.2 (#125) * chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.12.2 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2aef4cc..52c0d50 100644 --- a/README.md +++ b/README.md @@ -233,7 +233,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.2 | | [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.25.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index ddff096..fc6d8e9 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ | Name | Source | Version | |------|--------|---------| -| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.0 | +| [dns\_host\_name](#module\_dns\_host\_name) | cloudposse/route53-cluster-hostname/aws | 0.12.2 | | [final\_snapshot\_label](#module\_final\_snapshot\_label) | cloudposse/label/null | 0.25.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/main.tf b/main.tf index 498fdd6..437f5dc 100644 --- a/main.tf +++ b/main.tf @@ -198,7 +198,7 @@ resource "aws_security_group_rule" "egress" { module "dns_host_name" { source = "cloudposse/route53-cluster-hostname/aws" - version = "0.12.0" + version = "0.12.2" enabled = length(var.dns_zone_id) > 0 && module.this.enabled dns_name = var.host_name From 159faa7c6eaac732c0969a4f444b29ee6f280740 Mon Sep 17 00:00:00 2001 From: Josh Friend Date: Fri, 3 Dec 2021 12:30:31 -0500 Subject: [PATCH 44/51] Remove unused provider: hashicorp/template (#129) --- README.md | 1 - docs/terraform.md | 1 - versions.tf | 4 ---- 3 files changed, 6 deletions(-) diff --git a/README.md b/README.md index 52c0d50..daf1c83 100644 --- a/README.md +++ b/README.md @@ -221,7 +221,6 @@ Available targets: | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 2.0 | | [null](#requirement\_null) | >= 2.0 | -| [template](#requirement\_template) | >= 2.0 | ## Providers diff --git a/docs/terraform.md b/docs/terraform.md index fc6d8e9..74ab246 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -6,7 +6,6 @@ | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 2.0 | | [null](#requirement\_null) | >= 2.0 | -| [template](#requirement\_template) | >= 2.0 | ## Providers diff --git a/versions.tf b/versions.tf index fa5b7ea..971ae24 100644 --- a/versions.tf +++ b/versions.tf @@ -6,10 +6,6 @@ terraform { source = "hashicorp/aws" version = ">= 2.0" } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } null = { source = "hashicorp/null" version = ">= 2.0" From 558eb8f2aac9dc79b741f866bbbf8bb44d73e911 Mon Sep 17 00:00:00 2001 From: dylanbannon Date: Sun, 1 May 2022 16:01:32 -0700 Subject: [PATCH 45/51] git.io->cloudposse.tools update (#138) --- .github/CODEOWNERS | 4 +- .github/auto-release.yml | 3 +- .github/workflows/auto-context.yml | 2 +- .github/workflows/auto-format.yml | 2 +- .github/workflows/auto-readme.yml | 71 +++++++++++++++++++++++ .github/workflows/auto-release.yml | 7 ++- .github/workflows/chatops.yml | 4 +- .github/workflows/validate-codeowners.yml | 7 ++- Makefile | 2 +- README.md | 2 +- 10 files changed, 90 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/auto-readme.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2537f2f..6f64b5a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,8 +15,8 @@ # Cloud Posse must review any changes to standard context definition, # but some changes can be rubber-stamped. -**/*.tf @cloudposse/engineering @cloudposse/approvers -README.yaml @cloudposse/engineering @cloudposse/approvers +**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers diff --git a/.github/auto-release.yml b/.github/auto-release.yml index c78a4d8..b45efb7 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,6 +17,7 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' + - 'no-release' default: 'minor' categories: @@ -46,7 +47,7 @@ template: | replacers: # Remove irrelevant information from Renovate bot -- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm' +- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm' replace: '' # Remove Renovate bot banner image - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index ab979e0..665833a 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -35,7 +35,7 @@ jobs: - name: Create Pull Request if: steps.update.outputs.create_pull_request == 'true' - uses: cloudposse/actions/github/create-pull-request@0.22.0 + uses: cloudposse/actions/github/create-pull-request@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index 375d0fd..c600d60 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -62,7 +62,7 @@ jobs: fi - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.22.0 + uses: cloudposse/actions/github/repository-dispatch@0.30.0 # match users by ID because logins (user names) are inconsistent, # for example in the REST API Renovate Bot is `renovate[bot]` but # in GraphQL it is just `renovate`, plus there is a non-bot diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml new file mode 100644 index 0000000..6f25b8d --- /dev/null +++ b/.github/workflows/auto-readme.yml @@ -0,0 +1,71 @@ +name: "auto-readme" +on: + workflow_dispatch: + + schedule: + # Example of job definition: + # .---------------- minute (0 - 59) + # | .------------- hour (0 - 23) + # | | .---------- day of month (1 - 31) + # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... + # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat + # | | | | | + # * * * * * user-name command to be executed + + # Update README.md nightly at 4am UTC + - cron: '0 4 * * *' + +jobs: + update: + if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Find default branch name + id: defaultBranch + shell: bash + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) + printf "::set-output name=defaultBranch::%s\n" "${default_branch}" + printf "defaultBranchRef.name=%s\n" "${default_branch}" + + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}" + run: | + make init + make readme/build + # Ignore changes if they are only whitespace + if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then + git restore README.md + echo Ignoring whitespace-only changes in README + fi + + - name: Create Pull Request + # This action will not create or change a pull request if there are no changes to make. + # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. + uses: cloudposse/actions/github/create-pull-request@0.30.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs + + ## why + To have most recent changes of README.md and doc from origin templates + + branch: auto-update/readme + base: ${{ steps.defaultBranch.outputs.defaultBranch }} + delete-branch: true + labels: | + auto-update + no-release + readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index c766b1f..3a38fae 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -3,7 +3,9 @@ name: auto-release on: push: branches: + - main - master + - production jobs: publish: @@ -14,11 +16,10 @@ jobs: id: get-merged-pull-request with: github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - # Drafts your next Release notes as Pull Requests are merged into "master" + # Drafts your next Release notes as Pull Requests are merged into "main" - uses: release-drafter/release-drafter@v5 - if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')" with: - publish: true + publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }} prerelease: false config-name: auto-release.yml env: diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index 4ddc067..23f96d8 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -9,7 +9,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} @@ -24,7 +24,7 @@ jobs: - name: "Checkout commit" uses: actions/checkout@v2 - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 8f531cf..70f829e 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -1,6 +1,7 @@ name: Validate Codeowners on: workflow_dispatch: + pull_request: jobs: @@ -9,7 +10,7 @@ jobs: steps: - name: "Checkout source code at current commit" uses: actions/checkout@v2 - - uses: mszostok/codeowners-validator@v0.5.0 + - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name == github.repository name: "Full check of CODEOWNERS" with: @@ -17,10 +18,12 @@ jobs: # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos # checks: "files,syntax,owners,duppatterns" checks: "syntax,owners,duppatterns" + owner_checker_allow_unowned_patterns: "false" # GitHub access token is required only if the `owners` check is enabled github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.5.0 + - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name != github.repository name: "Syntax check of CODEOWNERS" with: checks: "syntax,duppatterns" + owner_checker_allow_unowned_patterns: "false" diff --git a/Makefile b/Makefile index 655f630..d1d7461 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ SHELL := /bin/bash # List of targets the `readme` target should call before generating the readme export README_DEPS ?= docs/targets.md docs/terraform.md --include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness) +-include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness) ## Lint terraform code lint: diff --git a/README.md b/README.md index daf1c83..4bd1488 100644 --- a/README.md +++ b/README.md @@ -428,7 +428,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) From 6c9b4851aa9f4892163f0025ff93e0cd1372a987 Mon Sep 17 00:00:00 2001 From: mbroers Date: Fri, 17 Jun 2022 10:08:14 -0500 Subject: [PATCH 46/51] Add `timezone` variable for mssql (#141) * adding timezone variable for mssql * Auto Format * Update variables.tf Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> * Auto Format * Add versions.tf to examples/complete * Remove unused null provider * Auto Format * Bump examples/complete versions, omit patch version * Reduce examples/complete versions Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- .github/renovate.json | 2 +- README.md | 2 +- docs/terraform.md | 2 +- examples/complete/fixtures.us-east-2.tfvars | 4 ++-- examples/complete/main.tf | 4 ++-- examples/complete/versions.tf | 10 ++++++++++ main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 4 ---- 9 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 examples/complete/versions.tf diff --git a/.github/renovate.json b/.github/renovate.json index ae4f0aa..a780298 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -4,9 +4,9 @@ ":preserveSemverRanges" ], "labels": ["auto-update"], + "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], "terraform": { "ignorePaths": ["**/context.tf", "examples/**"] } } - diff --git a/README.md b/README.md index 4bd1488..aaa2df8 100644 --- a/README.md +++ b/README.md @@ -220,7 +220,6 @@ Available targets: |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 2.0 | -| [null](#requirement\_null) | >= 2.0 | ## Providers @@ -322,6 +321,7 @@ Available targets: | [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | +| [timezone](#input\_timezone) | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See [MSSQL User Guide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone) for more information. | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs diff --git a/docs/terraform.md b/docs/terraform.md index 74ab246..c6547e0 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -5,7 +5,6 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 2.0 | -| [null](#requirement\_null) | >= 2.0 | ## Providers @@ -107,6 +106,7 @@ | [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the DB. DB instance will be created in the VPC associated with the DB subnet group provisioned using the subnet IDs. Specify one of `subnet_ids`, `db_subnet_group_name` or `availability_zone` | `list(string)` | `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | +| [timezone](#input\_timezone) | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See [MSSQL User Guide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone) for more information. | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | ## Outputs diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 486641d..ea7886f 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -28,9 +28,9 @@ allocated_storage = 5 engine = "mysql" -engine_version = "5.7.17" +engine_version = "5.7" -major_engine_version = "5.7" +major_engine_version = "5" instance_class = "db.t2.small" diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d3fcec4..5c71c87 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -4,7 +4,7 @@ provider "aws" { module "vpc" { source = "cloudposse/vpc/aws" - version = "0.21.1" + version = "0.28.1" cidr_block = "172.16.0.0/16" @@ -13,7 +13,7 @@ module "vpc" { module "subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.38.0" + version = "0.40.1" availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 0000000..5b2c49b --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 0.13.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + } +} diff --git a/main.tf b/main.tf index 437f5dc..2c3df2d 100644 --- a/main.tf +++ b/main.tf @@ -67,6 +67,7 @@ resource "aws_db_instance" "default" { deletion_protection = var.deletion_protection final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id replicate_source_db = var.replicate_source_db + timezone = var.timezone iam_database_authentication_enabled = var.iam_database_authentication_enabled enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports diff --git a/variables.tf b/variables.tf index 51f6c07..f548f20 100644 --- a/variables.tf +++ b/variables.tf @@ -329,3 +329,9 @@ variable "replicate_source_db" { description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication." default = null } + +variable "timezone" { + type = string + description = "Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See [MSSQL User Guide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone) for more information." + default = null +} diff --git a/versions.tf b/versions.tf index 971ae24..5b2c49b 100644 --- a/versions.tf +++ b/versions.tf @@ -6,9 +6,5 @@ terraform { source = "hashicorp/aws" version = ">= 2.0" } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } } } From b9ae8e77cad87ceb3b7d4d935e4e139c37d2f789 Mon Sep 17 00:00:00 2001 From: Mihai PLESA Date: Sun, 19 Jun 2022 15:49:09 +0300 Subject: [PATCH 47/51] Make certain arguments optional to allow creation of replicas (#136) * fixed replica db creation * Auto Format * Update main.tf Co-authored-by: nitrocode * edited variable descriptions * Auto Format * Update main.tf Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> * Auto Format * more fixes * Auto Format * description improvements * formatting * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- README.md | 12 ++++++------ docs/terraform.md | 12 ++++++------ examples/complete/variables.tf | 4 ++-- examples/mssql/variables.tf | 4 ++-- main.tf | 10 +++++----- variables.tf | 15 ++++++++------- 6 files changed, 29 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index aaa2df8..43ee53e 100644 --- a/README.md +++ b/README.md @@ -253,7 +253,7 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | -| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | @@ -267,10 +267,10 @@ Available targets: | [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | -| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | -| [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | `null` | no | +| [database\_password](#input\_database\_password) | Password for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | | [database\_port](#input\_database\_port) | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | -| [database\_user](#input\_database\_user) | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| [database\_user](#input\_database\_user) | Username for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | | [db\_options](#input\_db\_options) | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | [db\_parameter](#input\_db\_parameter) | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | @@ -281,8 +281,8 @@ Available targets: | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | Database engine type | `string` | `null` | no | -| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | +| [engine](#input\_engine) | Database engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | +| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | n/a | yes | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | diff --git a/docs/terraform.md b/docs/terraform.md index c6547e0..404e9d8 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -38,7 +38,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | -| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs | `number` | `null` | no | +| [allocated\_storage](#input\_allocated\_storage) | The allocated storage in GBs. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `number` | `null` | no | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `bool` | `false` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | The whitelisted CIDRs which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no | @@ -52,10 +52,10 @@ | [charset\_name](#input\_charset\_name) | The character set name to use for DB encoding. [Oracle & Microsoft SQL only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#character_set_name). For other engines use `db_parameter` | `string` | `null` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `bool` | `true` | no | -| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | n/a | yes | -| [database\_password](#input\_database\_password) | (Required unless a snapshot\_identifier or replicate\_source\_db is provided) Password for the master DB user | `string` | `""` | no | +| [database\_name](#input\_database\_name) | The name of the database to create when the DB instance is created | `string` | `null` | no | +| [database\_password](#input\_database\_password) | Password for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | | [database\_port](#input\_database\_port) | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `number` | n/a | yes | -| [database\_user](#input\_database\_user) | (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user | `string` | `""` | no | +| [database\_user](#input\_database\_user) | Username for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | | [db\_options](#input\_db\_options) | A list of DB options to apply with an option group. Depends on DB engine | 
list(object({
    db_security_group_memberships  = list(string)
    option_name                    = string
    port                           = number
    version                        = string
    vpc_security_group_memberships = list(string)

    option_settings = list(object({
      name  = string
      value = string
    }))
  }))
| `[]` | no | | [db\_parameter](#input\_db\_parameter) | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | 
list(object({
    apply_method = string
    name         = string
    value        = string
  }))
| `[]` | no | | [db\_parameter\_group](#input\_db\_parameter\_group) | The DB parameter group family name. The value depends on DB engine used. See [DBParameterGroupFamily](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html#API_CreateDBParameterGroup_RequestParameters) for instructions on how to retrieve applicable value. | `string` | n/a | yes | @@ -66,8 +66,8 @@ | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | Database engine type | `string` | `null` | no | -| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type | `string` | n/a | yes | +| [engine](#input\_engine) | Database engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | `null` | no | +| [engine\_version](#input\_engine\_version) | Database engine version, depends on engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided. | `string` | n/a | yes | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2019-06-26-06-05 | `string` | `""` | no | | [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index f2244ea..b79dcbb 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -14,12 +14,12 @@ variable "database_name" { variable "database_user" { type = string - description = "Username for the master DB user" + description = "Username for the primary DB user" } variable "database_password" { type = string - description = "Password for the master DB user" + description = "Password for the primary DB user" } variable "database_port" { diff --git a/examples/mssql/variables.tf b/examples/mssql/variables.tf index acc2d6e..fea9c5c 100644 --- a/examples/mssql/variables.tf +++ b/examples/mssql/variables.tf @@ -29,12 +29,12 @@ variable "database_name" { variable "database_user" { type = string - description = "Username for the master DB user" + description = "Username for the primary DB user" } variable "database_password" { type = string - description = "Password for the master DB user" + description = "Password for the primary DB user" } variable "database_port" { diff --git a/main.tf b/main.tf index 2c3df2d..14a2451 100644 --- a/main.tf +++ b/main.tf @@ -24,14 +24,14 @@ resource "aws_db_instance" "default" { identifier = module.this.id name = var.database_name - username = var.database_user - password = var.database_password + username = try(length(var.replicate_source_db), 0) == 0 ? var.database_user : null + password = try(length(var.replicate_source_db), 0) == 0 ? var.database_password : null port = var.database_port - engine = var.engine - engine_version = var.engine_version + engine = try(length(var.replicate_source_db), 0) == 0 ? var.engine : null + engine_version = try(length(var.replicate_source_db), 0) == 0 ? var.engine_version : null character_set_name = var.charset_name instance_class = var.instance_class - allocated_storage = var.allocated_storage + allocated_storage = try(length(var.replicate_source_db), 0) == 0 ? var.allocated_storage : null max_allocated_storage = var.max_allocated_storage storage_encrypted = var.storage_encrypted kms_key_id = var.kms_key_arn diff --git a/variables.tf b/variables.tf index f548f20..15e9c65 100644 --- a/variables.tf +++ b/variables.tf @@ -30,19 +30,20 @@ variable "associate_security_group_ids" { variable "database_name" { type = string + default = null description = "The name of the database to create when the DB instance is created" } variable "database_user" { type = string - default = "" - description = "(Required unless a `snapshot_identifier` or `replicate_source_db` is provided) Username for the master DB user" + default = null + description = "Username for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided." } variable "database_password" { type = string - default = "" - description = "(Required unless a snapshot_identifier or replicate_source_db is provided) Password for the master DB user" + default = null + description = "Password for the primary DB user. Required unless a `snapshot_identifier` or `replicate_source_db` is provided." } variable "database_port" { @@ -82,7 +83,7 @@ variable "iops" { variable "allocated_storage" { type = number - description = "The allocated storage in GBs" + description = "The allocated storage in GBs. Required unless a `snapshot_identifier` or `replicate_source_db` is provided." default = null } @@ -94,7 +95,7 @@ variable "max_allocated_storage" { variable "engine" { type = string - description = "Database engine type" + description = "Database engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided." default = null # http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html # - mysql @@ -105,7 +106,7 @@ variable "engine" { variable "engine_version" { type = string - description = "Database engine version, depends on engine type" + description = "Database engine version, depends on engine type. Required unless a `snapshot_identifier` or `replicate_source_db` is provided." # http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html } From 9a218ceeebfc063a0e4ba501d0251550710fadfe Mon Sep 17 00:00:00 2001 From: elkh510 <60512579+elkh510@users.noreply.github.com> Date: Tue, 21 Jun 2022 02:09:36 +0300 Subject: [PATCH 48/51] fix 'Warning: Argument is deprecated' db_name (#140) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix 'Warning: Argument is deprecated' │ Warning: Argument is deprecated │ │ with module.rds_instance.aws_db_instance.default, │ on .terraform/modules/rds_instance/main.tf line 26, in resource "aws_db_instance" "default": │ 26: name = var.database_name │ │ Use db_name instead │ │ (and one more similar warning elsewhere) * Update versions.tf * Auto Format * Update versions.tf * Update versions.tf * Auto Format Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 4 ++-- docs/terraform.md | 4 ++-- examples/complete/versions.tf | 2 +- main.tf | 2 +- versions.tf | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 43ee53e..ccf0e74 100644 --- a/README.md +++ b/README.md @@ -219,13 +219,13 @@ Available targets: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 3.0 | ## Modules diff --git a/docs/terraform.md b/docs/terraform.md index 404e9d8..2377489 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 3.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5b2c49b..85d1d00 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" + version = ">= 3.0" } } } diff --git a/main.tf b/main.tf index 14a2451..4c5fd36 100644 --- a/main.tf +++ b/main.tf @@ -23,7 +23,7 @@ resource "aws_db_instance" "default" { count = module.this.enabled ? 1 : 0 identifier = module.this.id - name = var.database_name + db_name = var.database_name username = try(length(var.replicate_source_db), 0) == 0 ? var.database_user : null password = try(length(var.replicate_source_db), 0) == 0 ? var.database_password : null port = var.database_port diff --git a/versions.tf b/versions.tf index 5b2c49b..85d1d00 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" + version = ">= 3.0" } } } From 1f956845ffd5c65124f219c4d932f719f73870b2 Mon Sep 17 00:00:00 2001 From: Maksym Vlasov Date: Tue, 21 Jun 2022 16:37:45 +0300 Subject: [PATCH 49/51] Set right var type acording to readme (#139) --- variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/variables.tf b/variables.tf index 15e9c65..4d196c3 100644 --- a/variables.tf +++ b/variables.tf @@ -321,6 +321,7 @@ variable "monitoring_role_arn" { } variable "iam_database_authentication_enabled" { + type = bool description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" default = false } From 26b384877a7dada72297018cd00c5f1e756901ca Mon Sep 17 00:00:00 2001 From: Benjamin Smith Date: Fri, 15 Jul 2022 16:10:03 -0700 Subject: [PATCH 50/51] Allow null subnets for Replicas (#142) * update to allow null value for replicas * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- .github/auto-release.yml | 1 - main.tf | 17 +++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/auto-release.yml b/.github/auto-release.yml index b45efb7..17cd39c 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,7 +17,6 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' - - 'no-release' default: 'minor' categories: diff --git a/main.tf b/main.tf index 4c5fd36..1a066f3 100644 --- a/main.tf +++ b/main.tf @@ -11,9 +11,14 @@ locals { subnet_ids_provided = var.subnet_ids != null && length(var.subnet_ids) > 0 db_subnet_group_name_provided = var.db_subnet_group_name != null && var.db_subnet_group_name != "" + is_replica = try(length(var.replicate_source_db), 0) > 0 + # Db Subnet group name should equal the name if provided + # we then check if this is a replica, if it is, and no name is provided, this should be null, see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#db_subnet_group_name + # finally, if no name is provided, and it is not a replica, we check if subnets were provided. db_subnet_group_name = local.db_subnet_group_name_provided ? var.db_subnet_group_name : ( - local.subnet_ids_provided ? join("", aws_db_subnet_group.default.*.name) : null + local.is_replica ? null : ( + local.subnet_ids_provided ? join("", aws_db_subnet_group.default.*.name) : null) ) availability_zone = var.multi_az ? null : var.availability_zone @@ -24,14 +29,14 @@ resource "aws_db_instance" "default" { identifier = module.this.id db_name = var.database_name - username = try(length(var.replicate_source_db), 0) == 0 ? var.database_user : null - password = try(length(var.replicate_source_db), 0) == 0 ? var.database_password : null + username = local.is_replica ? null : var.database_user + password = local.is_replica ? null : var.database_password port = var.database_port - engine = try(length(var.replicate_source_db), 0) == 0 ? var.engine : null - engine_version = try(length(var.replicate_source_db), 0) == 0 ? var.engine_version : null + engine = local.is_replica ? null : var.engine + engine_version = local.is_replica ? null : var.engine_version character_set_name = var.charset_name instance_class = var.instance_class - allocated_storage = try(length(var.replicate_source_db), 0) == 0 ? var.allocated_storage : null + allocated_storage = local.is_replica ? null : var.allocated_storage max_allocated_storage = var.max_allocated_storage storage_encrypted = var.storage_encrypted kms_key_id = var.kms_key_arn From 28a0ca53ea30f8c03e33e4d113d2da092bfe3719 Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Tue, 11 Oct 2022 14:02:51 -0700 Subject: [PATCH 51/51] Update AWS version requirements (#144) --- .github/workflows/validate-codeowners.yml | 1 + README.md | 9 +++++---- docs/terraform.md | 6 +++--- examples/complete/versions.tf | 4 ++-- main.tf | 2 +- versions.tf | 4 ++-- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 70f829e..4b4a226 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -10,6 +10,7 @@ jobs: steps: - name: "Checkout source code at current commit" uses: actions/checkout@v2 + # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name == github.repository name: "Full check of CODEOWNERS" diff --git a/README.md b/README.md index ccf0e74..4b3ed39 100644 --- a/README.md +++ b/README.md @@ -218,14 +218,14 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 3.0 | +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [aws](#requirement\_aws) | >= 4.9.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.0 | +| [aws](#provider\_aws) | >= 4.9.0 | ## Modules @@ -509,7 +509,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] - + [logo]: https://cloudposse.com/logo-300x69.svg [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=docs [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds&utm_content=website @@ -540,3 +540,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-rds [share_email]: mailto:?subject=terraform-aws-rds&body=https://github.com/cloudposse/terraform-aws-rds [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-rds?pixel&cs=github&cm=readme&an=terraform-aws-rds + diff --git a/docs/terraform.md b/docs/terraform.md index 2377489..46f2d0c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,14 +3,14 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 3.0 | +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [aws](#requirement\_aws) | >= 4.9.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.0 | +| [aws](#provider\_aws) | >= 4.9.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 85d1d00..cc73ffd 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.0.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" + version = ">= 4.9.0" } } } diff --git a/main.tf b/main.tf index 1a066f3..3204460 100644 --- a/main.tf +++ b/main.tf @@ -151,7 +151,7 @@ resource "aws_db_option_group" "default" { } resource "aws_db_subnet_group" "default" { - count = module.this.enabled && local.subnet_ids_provided && ! local.db_subnet_group_name_provided ? 1 : 0 + count = module.this.enabled && local.subnet_ids_provided && !local.db_subnet_group_name_provided ? 1 : 0 name = module.this.id subnet_ids = var.subnet_ids diff --git a/versions.tf b/versions.tf index 85d1d00..cc73ffd 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.0.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" + version = ">= 4.9.0" } } }