Merge pull request #347 from dasmeta/DMVP-5087-upgrade-waf

fix(DMVP-5087): upgrade waf module

modules/waf/README.md

@@ -1,12 +1,14 @@
+# module to setup/attach aws waf on alb or cdn
+
 ### Example 1. Simple example create waf. This example not set roles and doesn't have association.
 
 ```
 module "waf_alb" {
-  source                 = "dasmeta/modules/aws//modules/waf/"
-  name                   = "test"
+  source = "dasmeta/modules/aws//modules/waf/"
+  name   = "test"
 
   visibility_config = {
-    metric_name                = "test-waf"
+    metric_name = "test-waf"
   }
 }
 ```
@@ -18,7 +20,7 @@ module "waf_cloudfront" {
   source = "dasmeta/modules/aws//modules/waf/"
   name   = "test_cloudfront"
 
-  scope                  = "CLOUDFRONT"
+  scope = "CLOUDFRONT"
   visibility_config = {
     cloudwatch_metrics_enabled = true
     metric_name                = "test-waf"
@@ -325,20 +327,23 @@ module "waf_alb" {
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | > 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.50, < 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.50, < 6.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_alerts"></a> [alerts](#module\_alerts) | dasmeta/monitoring/aws//modules/alerts | 1.17.0 |
-| <a name="module_monitoring_dashboard"></a> [monitoring\_dashboard](#module\_monitoring\_dashboard) | dasmeta/monitoring/aws//modules/dashboard | 1.7.0 |
+| <a name="module_alerts"></a> [alerts](#module\_alerts) | dasmeta/monitoring/aws//modules/alerts | 1.19.0 |
+| <a name="module_monitoring_dashboard"></a> [monitoring\_dashboard](#module\_monitoring\_dashboard) | dasmeta/monitoring/aws//modules/dashboard | 1.19.0 |
 | <a name="module_waf"></a> [waf](#module\_waf) | dasmeta/waf-webaclv2/aws | 0.0.1 |
 
 ## Resources

modules/waf/alerts.tf

@@ -1,6 +1,6 @@
 module "alerts" {
   source  = "dasmeta/monitoring/aws//modules/alerts"
-  version = "1.17.0"
+  version = "1.19.0"
 
   count = var.alarms.enabled ? 1 : 0
 

modules/waf/dashboard.tf

@@ -1,6 +1,6 @@
 module "monitoring_dashboard" {
   source  = "dasmeta/monitoring/aws//modules/dashboard"
-  version = "1.7.0"
+  version = "1.19.0"
 
   count = var.create_dashboard ? 1 : 0
 

modules/waf/tests/alb-association-block-mode/0-setup.tf

@@ -1,9 +1,5 @@
 terraform {
   required_providers {
-    # test = {
-    #   source = "terraform.io/builtin/test"
-    # }
-
     aws = {
       source  = "hashicorp/aws"
       version = "~> 4.52"
@@ -14,3 +10,23 @@ terraform {
 provider "aws" {
   region = "eu-central-1"
 }
+
+# get region default vpc and its public subnets
+data "aws_vpc" "default" {
+  default  = true
+  provider = aws
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# create test alb
+resource "aws_lb" "test" {
+  name     = "test-waf-alb-association-bm"
+  provider = aws
+  subnets  = data.aws_subnets.default.ids
+}

modules/waf/tests/alb-association-block-mode/1-example.tf

@@ -4,8 +4,13 @@ module "waf_alb" {
 
   create_alb_association = true
 
-  alb_arn_list = ["arn:aws:elasticloadbalancing:eu-central-1:1234567890:loadbalancer/app/test/asadadadadada"]
+  alb_arn_list = [aws_lb.test.arn]
   visibility_config = {
     metric_name = "waf_test"
   }
+
+  alarms = {
+    enabled   = false
+    sns_topic = ""
+  }
 }

modules/waf/tests/alb-association-block-mode/README.md

@@ -9,7 +9,9 @@
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
 
 ## Modules
 
@@ -19,7 +21,11 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_lb.test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_subnets.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

modules/waf/tests/alb-association-count-mode/0-setup.tf

@@ -1,9 +1,5 @@
 terraform {
   required_providers {
-    # test = {
-    #   source = "terraform.io/builtin/test"
-    # }
-
     aws = {
       source  = "hashicorp/aws"
       version = "~> 4.52"
@@ -14,3 +10,23 @@ terraform {
 provider "aws" {
   region = "eu-central-1"
 }
+
+# get region default vpc and its public subnets
+data "aws_vpc" "default" {
+  default  = true
+  provider = aws
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# create test alb
+resource "aws_lb" "test" {
+  name     = "test-waf-alb-association-cm"
+  provider = aws
+  subnets  = data.aws_subnets.default.ids
+}

modules/waf/tests/alb-association-count-mode/1-example.tf

@@ -5,8 +5,13 @@ module "waf_alb" {
   mode                   = "count"
   create_alb_association = true
 
-  alb_arn_list = ["arn:aws:elasticloadbalancing:eu-central-1:1234567890:loadbalancer/app/test/asadadadadada"]
+  alb_arn_list = [aws_lb.test.arn]
   visibility_config = {
     metric_name = "waf_test_count"
   }
+
+  alarms = {
+    enabled   = false
+    sns_topic = ""
+  }
 }

modules/waf/tests/alb-association-count-mode/README.md

@@ -9,7 +9,9 @@
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
 
 ## Modules
 
@@ -19,7 +21,11 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_lb.test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_subnets.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

modules/waf/tests/overwrite-alarms/0-setup.tf

@@ -0,0 +1,39 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}
+
+# get region default vpc and its public subnets
+data "aws_vpc" "default" {
+  default  = true
+  provider = aws
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# create test alb
+resource "aws_lb" "test1" {
+  name     = "test-waf-alb-association-1"
+  provider = aws
+  subnets  = data.aws_subnets.default.ids
+}
+
+# create test alb
+resource "aws_lb" "test2" {
+  name     = "test-waf-alb-association-2"
+  provider = aws
+  subnets  = data.aws_subnets.default.ids
+}

modules/waf/tests/overwrite-alarms/main.tf → modules/waf/tests/overwrite-alarms/1-example.tf

@@ -7,8 +7,8 @@ module "waf_alb" {
   create_alb_association = true
 
   alb_arn_list = [
-    "arn:aws:elasticloadbalancing:eu-central-1:xxxxxx:loadbalancer/app/alb/13812613g187est87t",
-    "arn:aws:elasticloadbalancing:eu-central-1:xxxxxx:loadbalancer/app/alb2/132812613g17est87t"
+    aws_lb.test1.arn,
+    aws_lb.test2.arn
   ]
 
   visibility_config = {

modules/waf/tests/overwrite-alarms/README.md

@@ -3,11 +3,15 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.64.0 |
 
 ## Modules
 
@@ -17,7 +21,12 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_lb.test1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_lb.test2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_subnets.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

modules/waf/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "> 1.3.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.50, < 6.0"
+    }
+  }
+}