From 9ca888d1c01f6d1f45928e44f04edc69c9b10c2b Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 8 May 2023 17:47:41 +0530 Subject: [PATCH 1/5] feat: auto changelog action added and _example main.tf updated --- .github/workflows/changelog.yml | 14 +++++ .github/workflows/tfsec.yml | 45 +++----------- CHANGELOG.md | 100 ++++++++++++++++++++++++++++++ _example/memcached/example.tf | 30 ++++----- _example/redis-cluster/example.tf | 7 ++- _example/redis/example.tf | 7 ++- main.tf | 2 +- 7 files changed, 147 insertions(+), 58 deletions(-) create mode 100644 .github/workflows/changelog.yml create mode 100644 CHANGELOG.md diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml new file mode 100644 index 0000000..85b1665 --- /dev/null +++ b/.github/workflows/changelog.yml @@ -0,0 +1,14 @@ +name: changelog +permissions: write-all + +on: + push: + tags: + - "*" + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +jobs: + call-workflow-changelog: + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + with: + branch: 'master' \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index e3d4a36..762b737 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -1,41 +1,14 @@ name: tfsec +permissions: write-all + on: pull_request: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: jobs: - tfsec: - name: tfsec sarif report - runs-on: ubuntu-latest - - steps: - - name: Clone repo - uses: actions/checkout@master - - - name: tfsec - uses: aquasecurity/tfsec-sarif-action@v0.1.0 - with: - sarif_file: tfsec.sarif - working_directory: ./_example/ - full_repo_scan: true - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 - with: - # Path to SARIF file relative to the root of the repository - sarif_file: tfsec.sarif - - - name: tfsec commenter for PR - uses: tfsec/tfsec-pr-commenter-action@main - with: - GITHUB_TOKEN: ${{ secrets.GITHUB}} - working_directory: ./_example/ - - - name: 'Terraform security scan Advanced' - uses: triat/terraform-security-scan@v3.0.3 - if: github.event_name == 'pull_request' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB}} - tfsec_actions_working_dir: ./_example/ - tfsec_actions_comment: true - tfsec_output_format: sarif - continue-on-error: true + call-workflow-tfsec: + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + secrets: inherit + with: + working_directory: './' diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..3561251 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,100 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [1.0.4] - 2023-04-05 +### :bug: Bug Fixes +- [`019d7dd`](https://github.com/clouddrove/terraform-aws-elasticache/commit/019d7dd7daae3b49a1a24e94adf7f56c657ffdc6) - updated deprecated variables +- [`55d833a`](https://github.com/clouddrove/terraform-aws-elasticache/commit/55d833a0fac8420284db0a06379c750b215d511a) - update workflows + +## [1.0.3] - 2022-09-16 +### :bug: Bug Fixes +- [`72c7b9f`](https://github.com/clouddrove/terraform-aws-elasticache/commit/72c7b9f70a3e9dfe5a6d1e41535575cbc2cb6668) - added arn outputs for redis/memcache + +## [1.0.2] - 2022-08-18 +### :sparkles: New Features +- [`93a2d36`](https://github.com/clouddrove/terraform-aws-elasticache/commit/93a2d36bc8dc8e153f04b4b286143c6fe7ecb940) - added retention_in_days + + +## [1.0.1] - 2022-05-19 +### :sparkles: New Features +- [`272aa17`](https://github.com/clouddrove/terraform-aws-elasticache/commit/272aa17ab7d4a038cf0e37ebd7d1abf25c30095d) - add cloudwatch_log_group and enabled redis logs + +## [0.15.1] - 2021-12-03 +### :bug: Bug Fixes +- [`41eb6a8`](https://github.com/clouddrove/terraform-aws-elasticache/commit/41eb6a841f205e5c15ebccec260e8aabcbb3988c) - update version +- [`6157bfa`](https://github.com/clouddrove/terraform-aws-elasticache/commit/6157bfa79ca7a3a607daacac9e8fbfe385c03813) - update github-action + + +## [0.12.7] - 2021-08-17 + +## [0.15.0] - 2021-01-24 +### :bug: Bug Fixes +- [`c5f7937`](https://github.com/clouddrove/terraform-aws-elasticache/commit/c5f7937cfc2215201c2f9d8a035b9de96139cd89) - added extra_tags variable for custom tags +- [`6405934`](https://github.com/clouddrove/terraform-aws-elasticache/commit/640593463a0c125818ed536da31be5e8180dca98) - update example.tf and added coustom tags with tag variable +- [`f2076be`](https://github.com/clouddrove/terraform-aws-elasticache/commit/f2076be7d25a2d757d10841f49100888e0a1bd36) - fix terratest +- [`1a9f237`](https://github.com/clouddrove/terraform-aws-elasticache/commit/1a9f2375e111d41ad63062223eb53afd5a669a4d) - fix terratest + +## [0.14.0] - 2021-05-10 +### :bug: Bug Fixes +- [`9d3aea3`](https://github.com/clouddrove/terraform-aws-elasticache/commit/9d3aea30030b2a5e59a8e44163477eb416690ef5) - upgrade redis version in example +- [`eef1a37`](https://github.com/clouddrove/terraform-aws-elasticache/commit/eef1a37695dce7012188f9e919de0626ca780117) - upgrade terraform version 0.15 + +## [0.13.0] - 2020-20-23 +### :bug: Bug Fixes +- [`85acad0`](https://github.com/clouddrove/terraform-aws-elasticache/commit/85acad025ecdcb09520ba534cf9ed76c3424411f) - snapshot_retention_limit +- [`3c7cd8a`](https://github.com/clouddrove/terraform-aws-elasticache/commit/3c7cd8aa922f0d83552ba34f4e46b9a91c4533e9) - fix the security bugs +- [`0f9e401`](https://github.com/clouddrove/terraform-aws-elasticache/commit/0f9e401c990bfdf346ebfdde8fed91bd5e51a335) - Upgrade terraform version to 0.14 and update +- [`dda84e7`](https://github.com/clouddrove/terraform-aws-elasticache/commit/dda84e77616114c7120000955d1fd960475b30e8) - precommit updated + +## [0.12.6] - 2020-06-10 +### :bug: Bug Fixes +- [`03ab463`](https://github.com/clouddrove/terraform-aws-elasticache/commit/03ab463cd2e94cba60ff796a037c967c39bd2b97) - terraform.yml changes +- [`4b5613a`](https://github.com/clouddrove/terraform-aws-elasticache/commit/4b5613aacb419cde8ba7a994578c5847a8dd79a4) - upgrade terrafomr to 0.13 + +## [0.12.5] - 2020-05-25 +### :sparkles: New Features +- [`7295372`](https://github.com/clouddrove/terraform-aws-elasticache/commit/72953724964b3890f53ed09cb959d2e1963cabc1) - add kms for encryption + +## [0.12.4] - 2020-03-30 +### :bug: Bug Fixes +- [`5af4c3d`](https://github.com/clouddrove/terraform-aws-elasticache/commit/5af4c3dc475fe8699f61d4d4984d73dbe738066e) - create variable for description +- [`dbad321`](https://github.com/clouddrove/terraform-aws-elasticache/commit/dbad321e2b42942b866ca278f740de205d502adb) - Split endpoint to redis_endpoint_address and memcached_endpoint_address +- [`d8ffe30`](https://github.com/clouddrove/terraform-aws-elasticache/commit/d8ffe304d87caed73d18dd8195d393dbf5f0f5eb) - Add endpoint address + +## [0.12.3] - 2020-01-23 +### :bug: Bug Fixes +- [`50ee184`](https://github.com/clouddrove/terraform-aws-elasticache/commit/50ee184da31b10caccde1608a4219c1fb98a48f2) - fix labels managedby variables + +## [0.12.2] - 2019-12-30 +### :bug: Bug Fixes +- [`3fdc09a`](https://github.com/clouddrove/terraform-aws-elasticache/commit/3fdc09aa401b09129bafbb88c10e64c149f52b43) - add bool option + +## [0.12.1] - 2019-09-24 +### :bug: Bug Fixes +- [`aafb837`](https://github.com/clouddrove/terraform-aws-elasticache/commit/aafb8370afe4e4c3f9b914d77e61b2a86b2c456d) - github action + +## [0.12.0] - 2019-09-12 +### :bug: Bug Fixes +- [`e3a1d17`](https://github.com/clouddrove/terraform-aws-elasticache/commit/e3a1d171cbec5d78b69f662497cad25a8c9f4d30) - change output syntax + + +[0.12.0]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.0...master +[0.12.1]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.1...master +[0.12.2]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.2...master +[0.12.3]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.3...master +[0.12.4]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.4...master +[0.12.5]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.5...master +[0.12.6]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.12.6...master +[0.13.0]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.13.0...master +[0.14.0]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.14.0...master +[0.15.0]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.15.0...master +[0.12.7]: https://github.com/clouddrove/terraform-aws-elasticache/releases/tag/0.12.7 +[0.15.1]: https://github.com/clouddrove/terraform-aws-elasticache/compare/0.15.1...master +[1.0.1]: https://github.com/clouddrove/terraform-aws-elasticache/compare/1.0.1...master +[1.0.2]: https://github.com/clouddrove/terraform-aws-elasticache/compare/1.0.2...master +[1.0.3]: https://github.com/clouddrove/terraform-aws-elasticache/compare/1.0.3...master +[1.0.4]: https://github.com/clouddrove/terraform-aws-elasticache/compare/1.0.4...master + diff --git a/_example/memcached/example.tf b/_example/memcached/example.tf index 135c7d8..ac27488 100644 --- a/_example/memcached/example.tf +++ b/_example/memcached/example.tf @@ -4,7 +4,7 @@ provider "aws" { module "vpc" { source = "clouddrove/vpc/aws" - version = "0.15.1" + version = "1.3.0" name = "vpc" environment = "test" @@ -16,7 +16,7 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "0.15.3" + version = "1.3.0" name = "subnets" environment = "test" @@ -32,7 +32,7 @@ module "subnets" { module "memcached-sg" { source = "clouddrove/security-group/aws" - version = "1.0.1" + version = "1.3.0" name = "memcached-sg" environment = "test" @@ -50,18 +50,18 @@ module "memcached" { environment = "test" label_order = ["name", "environment"] - cluster_enabled = true - engine = "memcached" - engine_version = "1.5.10" - family = "memcached1.5" - parameter_group_name = "default.memcached1.5" - az_mode = "cross-az" - port = 11211 - node_type = "cache.t2.micro" - num_cache_nodes = 2 - subnet_ids = module.subnets.public_subnet_id - security_group_ids = [module.memcached-sg.security_group_ids] - availability_zones = ["eu-west-1a", "eu-west-1b"] + cluster_enabled = true + engine = "memcached" + engine_version = "1.5.10" + family = "memcached1.5" + parameter_group_name = "default.memcached1.5" + az_mode = "cross-az" + port = 11211 + node_type = "cache.t2.micro" + num_cache_nodes = 2 + subnet_ids = module.subnets.public_subnet_id + security_group_ids = [module.memcached-sg.security_group_ids] + availability_zones = ["eu-west-1a", "eu-west-1b"] extra_tags = { Application = "CloudDrove" } diff --git a/_example/redis-cluster/example.tf b/_example/redis-cluster/example.tf index 3abc1de..59edae2 100644 --- a/_example/redis-cluster/example.tf +++ b/_example/redis-cluster/example.tf @@ -4,7 +4,7 @@ provider "aws" { module "vpc" { source = "clouddrove/vpc/aws" - version = "0.15.1" + version = "1.3.0" name = "vpc" environment = "test" @@ -15,7 +15,7 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "0.15.3" + version = "1.3.0" name = "subnets" environment = "test" @@ -30,7 +30,7 @@ module "subnets" { module "redis-sg" { source = "clouddrove/security-group/aws" - version = "1.0.1" + version = "1.3.0" name = "redis-sg" environment = "test" @@ -60,6 +60,7 @@ module "redis-cluster" { auto_minor_version_upgrade = true replicas_per_node_group = 2 num_node_groups = 1 + snapshot_retention_limit = 7 automatic_failover_enabled = true extra_tags = { Application = "CloudDrove" diff --git a/_example/redis/example.tf b/_example/redis/example.tf index 71fc8b1..c7df0c5 100644 --- a/_example/redis/example.tf +++ b/_example/redis/example.tf @@ -4,7 +4,7 @@ provider "aws" { module "vpc" { source = "clouddrove/vpc/aws" - version = "0.15.1" + version = "1.3.0" name = "vpc" environment = "test" @@ -14,7 +14,7 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "0.15.3" + version = "1.3.0" name = "subnets" environment = "test" @@ -30,7 +30,7 @@ module "subnets" { module "redis-sg" { source = "clouddrove/security-group/aws" - version = "1.0.1" + version = "1.3.0" name = "redis-sg" environment = "test" @@ -59,6 +59,7 @@ module "redis" { auto_minor_version_upgrade = true num_cache_clusters = 2 retention_in_days = 0 + snapshot_retention_limit = 7 log_delivery_configuration = [ { diff --git a/main.tf b/main.tf index 3869498..8b91eed 100644 --- a/main.tf +++ b/main.tf @@ -9,7 +9,7 @@ # naming convention. module "labels" { source = "clouddrove/labels/aws" - version = "0.15.0" + version = "1.3.0" enabled = var.enable name = var.name From 9f450d2d11a5d1da7587bc0767ab7eb5df2aeb77 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 8 May 2023 17:49:43 +0530 Subject: [PATCH 2/5] feat: added dependabot.yml file --- .github/dependabot.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c263d12 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "terraform" # See documentation for possible values + directory: "_example/memcached" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "terraform" # See documentation for possible values + directory: "_example/redis" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "terraform" # See documentation for possible values + directory: "_example/redis-cluster" # Location of package manifests + schedule: + interval: "weekly" From d46e96a64de6f7bcf847a94bcd39692f78217c29 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 8 May 2023 18:07:57 +0530 Subject: [PATCH 3/5] feat: auto changelog action added and _example main.tf updated --- _example/memcached/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_example/memcached/example.tf b/_example/memcached/example.tf index ac27488..694ff9e 100644 --- a/_example/memcached/example.tf +++ b/_example/memcached/example.tf @@ -54,7 +54,7 @@ module "memcached" { engine = "memcached" engine_version = "1.5.10" family = "memcached1.5" - parameter_group_name = "default.memcached1.5" + parameter_group_name = "" az_mode = "cross-az" port = 11211 node_type = "cache.t2.micro" From b93c8125fd15c4c11c516fa6211ce32ecc8d282d Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 8 May 2023 20:43:12 +0530 Subject: [PATCH 4/5] bug: updated tfsec.yml and changelog.yml --- .github/workflows/changelog.yml | 5 ++--- .github/workflows/tfsec.yml | 7 ++----- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 85b1665..4b735f5 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -1,14 +1,13 @@ name: changelog permissions: write-all - on: push: tags: - "*" - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: jobs: - call-workflow-changelog: + changelog: uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + secrets: inherit with: branch: 'master' \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 762b737..9aaf588 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -1,14 +1,11 @@ name: tfsec permissions: write-all - on: pull_request: - - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: jobs: - call-workflow-tfsec: + tfsec: uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: - working_directory: './' + working_directory: '.' \ No newline at end of file From 47b6718f87a4e23a00763bebf1b56db4bcd38328 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 8 May 2023 21:12:54 +0530 Subject: [PATCH 5/5] bug: added multi_az_enabled --- main.tf | 2 ++ variables.tf | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/main.tf b/main.tf index 8b91eed..cd06508 100644 --- a/main.tf +++ b/main.tf @@ -65,6 +65,7 @@ resource "aws_elasticache_replication_group" "default" { maintenance_window = var.maintenance_window at_rest_encryption_enabled = var.at_rest_encryption_enabled transit_encryption_enabled = var.transit_encryption_enabled + multi_az_enabled = var.multi_az_enabled auth_token = var.auth_token kms_key_id = var.kms_key_id tags = module.labels.tags @@ -108,6 +109,7 @@ resource "aws_elasticache_replication_group" "cluster" { maintenance_window = var.maintenance_window at_rest_encryption_enabled = var.at_rest_encryption_enabled transit_encryption_enabled = var.transit_encryption_enabled + multi_az_enabled = var.multi_az_enabled auth_token = var.auth_token kms_key_id = var.kms_key_id tags = module.labels.tags diff --git a/variables.tf b/variables.tf index ce3de96..3057dfb 100644 --- a/variables.tf +++ b/variables.tf @@ -247,3 +247,9 @@ variable "retention_in_days" { default = 0 description = "Specifies the number of days you want to retain log events in the specified log group." } + +variable "multi_az_enabled" { + type = bool + default = false + description = "Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled. Defaults to false." +}