Skip to content

Commit

Permalink
docs(readme): add terraform docs automation (#149)
Browse files Browse the repository at this point in the history
* docs(readme): add terraform docs automation
Add terraform docs script along with makefile target and gihub action for same

Signed-off-by: Timothy MacDonald <tim.macdonald@lacework.net>

* docs(readme): automate update and testing of README.md by terraform-docs
Add github action to test that README.md has been update. Also add update of README.md to /scripts/release.sh prepare

Signed-off-by: Timothy MacDonald <tim.macdonald@lacework.net>

---------

Signed-off-by: Timothy MacDonald <tim.macdonald@lacework.net>
  • Loading branch information
tmac1973 authored Oct 10, 2023
1 parent d453292 commit 48f2fbf
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 8 deletions.
29 changes: 29 additions & 0 deletions .github/workflows/terraform_docs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Test that terraform docs has been run
on: push
jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Install terraform-docs
run: curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz | (cd /usr/local/bin; tar zxvf -; chmod +x /usr/local/bin/terraform-docs)
- name: store hash of orig README.md
id: old_hash
run: echo "README_HASH=$(md5sum README.md)" >> $GITHUB_OUTPUT
- name: Update README.md using terraform-docs make target
run: make terraform-docs
- name: store hash of new README.md
id: new_hash
run: echo "README_HASH=$(md5sum README.md)" >> $GITHUB_OUTPUT
- name: echo hashes
run: |
echo ${{ steps.old_hash.outputs.README_HASH }}
echo ${{ steps.new_hash.outputs.README_HASH }}
- name: test to see of hashs are the same
if: ${{ steps.old_hash.outputs.README_HASH != steps.new_hash.outputs.README_HASH }}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Please run "make terraform-docs" and try again')
4 changes: 4 additions & 0 deletions .terraform-docs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
formatter: "markdown"
version: "0.16.0"
output:
file: README.md
5 changes: 5 additions & 0 deletions GNUmakefile
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,8 @@ ci: ## *CI ONLY* Runs tests on CI pipeline
.PHONY: release
release: ci ## *CI ONLY* Prepares a release of the Terraform module
scripts/release.sh prepare

.PHONY: terraform-docs
terraform-docs:
scripts/terraform-docs.sh

21 changes: 14 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@

Terraform module for configuring an integration with Lacework and AWS for CloudTrail analysis.

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 1.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.6 |
Expand All @@ -21,7 +22,7 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
| <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 1.0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.6 |
Expand All @@ -30,7 +31,7 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT

| Name | Source | Version |
|------|--------|---------|
| <a name="module_lacework_ct_iam_role"></a> [lacework\_ct\_iam\_role](#module\_lacework\_ct\_iam\_role) | lacework/iam-role/aws | ~> 0.1 |
| <a name="module_lacework_ct_iam_role"></a> [lacework\_ct\_iam\_role](#module\_lacework\_ct\_iam\_role) | lacework/iam-role/aws | ~> 0.4 |

## Resources

Expand All @@ -42,12 +43,15 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT
| [aws_kms_key.lacework_kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_s3_bucket.cloudtrail_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.cloudtrail_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_ownership_controls.cloudtrail_bucket_ownership_controls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
| [aws_s3_bucket_ownership_controls.cloudtrail_log_bucket_ownership_controls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
| [aws_s3_bucket_acl.cloudtrail_log_bucket_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
| [aws_s3_bucket_logging.cloudtrail_bucket_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
| [aws_s3_bucket_notification.cloudtrail_bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
| [aws_s3_bucket_ownership_controls.cloudtrail_bucket_ownership_controls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
| [aws_s3_bucket_ownership_controls.cloudtrail_log_bucket_ownership_controls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
| [aws_s3_bucket_policy.cloudtrail_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_s3_bucket_policy.cloudtrail_log_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_s3_bucket_public_access_block.cloudtrail_bucket_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_public_access_block.cloudtrail_log_bucket_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.cloudtrail_bucket_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.cloudtrail_log_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_versioning.cloudtrail_bucket_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
Expand All @@ -61,6 +65,7 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT
| [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.cloudtrail_log_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cloudtrail_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cross_account_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.kms_key_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
Expand All @@ -75,18 +80,19 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT
| <a name="input_bucket_arn"></a> [bucket\_arn](#input\_bucket\_arn) | The S3 bucket ARN is required when setting use\_existing\_cloudtrail to true | `string` | `""` | no |
| <a name="input_bucket_enable_mfa_delete"></a> [bucket\_enable\_mfa\_delete](#input\_bucket\_enable\_mfa\_delete) | Set this to `true` to require MFA for object deletion (Requires versioning) | `bool` | `false` | no |
| <a name="input_bucket_encryption_enabled"></a> [bucket\_encryption\_enabled](#input\_bucket\_encryption\_enabled) | Set this to `true` to enable encryption on a created S3 bucket | `bool` | `true` | no |
| <a name="input_bucket_force_destroy"></a> [bucket\_force\_destroy](#input\_bucket\_force\_destroy) |Force destroy bucket (When 'false' a non-empty bucket will NOT be destroyed.) | `bool` | `true` | no |
| <a name="input_bucket_force_destroy"></a> [bucket\_force\_destroy](#input\_bucket\_force\_destroy) | Force destroy bucket (When 'false' a non-empty bucket will NOT be destroyed.) | `bool` | `true` | no |
| <a name="input_bucket_logs_enabled"></a> [bucket\_logs\_enabled](#input\_bucket\_logs\_enabled) | Set this to `true` to enable access logging on a created S3 bucket | `bool` | `true` | no |
| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Optional value to specify name for a newly created S3 bucket. Not required when `use_existing_cloudtrail` is true. | `string` | `""` | no |
| <a name="input_bucket_sse_algorithm"></a> [bucket\_sse\_algorithm](#input\_bucket\_sse\_algorithm) | The encryption algorithm to use for S3 bucket server-side encryption | `string` | `"aws:kms"` | no |
| <a name="input_bucket_sse_key_arn"></a> [bucket\_sse\_key\_arn](#input\_bucket\_sse\_key\_arn) | The ARN of the KMS encryption key to be used for S3 (Required when `bucket_sse_algorithm` is `aws:kms` and using an existing aws\_kms\_key) | `string` | `""` | no |
| <a name="input_bucket_versioning_enabled"></a> [bucket\_versioning\_enabled](#input\_bucket\_versioning\_enabled) | Set this to `true` to enable access versioning on a created S3 bucket | `bool` | `true` | no |
| <a name="input_cloudtrail_name"></a> [cloudtrail\_name](#input\_cloudtrail\_name) | The name of the CloudTrail. Required when setting use_existing_cloudtrail to true | `string` | `"lacework-cloudtrail"` | no |
| <a name="input_cloudtrail_name"></a> [cloudtrail\_name](#input\_cloudtrail\_name) | The name of the CloudTrail. Required when setting use\_existing\_cloudtrail to true | `string` | `"lacework-cloudtrail"` | no |
| <a name="input_consolidated_trail"></a> [consolidated\_trail](#input\_consolidated\_trail) | Set this to true to configure a consolidated cloudtrail | `bool` | `false` | no |
| <a name="input_create_lacework_integration"></a> [create\_lacework\_integration](#input\_create\_lacework\_integration) | Set this to `false` if you don't want the module to automatically create a corresponding Lacework integration. | `bool` | `true` | no |
| <a name="input_cross_account_policy_name"></a> [cross\_account\_policy\_name](#input\_cross\_account\_policy\_name) | n/a | `string` | `""` | no |
| <a name="input_enable_cloudtrail_s3_management_events"></a> [enable\_cloudtrail\_s3\_management\_events](#input\_enable\_cloudtrail\_s3\_management\_events) | Enable CloudTrail Object-level logging | `bool` | `false` | no |
| <a name="input_enable_log_file_validation"></a> [enable\_log\_file\_validation](#input\_enable\_log\_file\_validation) | Specifies whether cloudtrail log file integrity validation is enabled | `bool` | `true` | no |
| <a name="input_external_id_length"></a> [external\_id\_length](#input\_external\_id\_length) | **Deprecated** - Will be removed on our next major release v3.0.0 | `number` | `16` | no |
| <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The IAM role ARN is required when setting use\_existing\_iam\_role to true | `string` | `""` | no |
| <a name="input_iam_role_external_id"></a> [iam\_role\_external\_id](#input\_iam\_role\_external\_id) | The external ID configured inside the IAM role is required when setting use\_existing\_iam\_role to true | `string` | `""` | no |
| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | The IAM role name. Required to match with iam\_role\_arn if use\_existing\_iam\_role is set to true | `string` | `""` | no |
Expand Down Expand Up @@ -136,3 +142,4 @@ Terraform module for configuring an integration with Lacework and AWS for CloudT
| <a name="output_sqs_arn"></a> [sqs\_arn](#output\_sqs\_arn) | SQS Queue ARN |
| <a name="output_sqs_name"></a> [sqs\_name](#output\_sqs\_name) | SQS Queue name |
| <a name="output_sqs_url"></a> [sqs\_url](#output\_sqs\_url) | SQS Queue URL |
<!-- END_TF_DOCS -->
7 changes: 6 additions & 1 deletion scripts/release_helpers.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#
# Name:: release_helpers.sh
# Description:: A set of helper funtions to be used by our release.sh script
# Description:: A set of helper functions to be used by our release.sh script
# Author:: Salim Afiune Maya (<afiune@lacework.net>)
#

Expand Down Expand Up @@ -137,6 +137,7 @@ prepare_release() {
prerequisites
remove_tag_version
check_for_minor_version_bump
generate_readme
generate_release_notes
update_changelog
push_release
Expand Down Expand Up @@ -192,6 +193,10 @@ generate_release_notes() {
echo "$(cat CHANGES.md)" >> RELEASE_NOTES.md
}

generate_readme() {
make terraform-docs
}

load_list_of_changes() {
latest_version=$(find_latest_version)
local _list_of_changes=$(git log --no-merges --pretty="* %s (%an)([%h](https://github.com/${org_name}/${project_name}/commit/%H))" ${latest_version}..${main_branch})
Expand Down
13 changes: 13 additions & 0 deletions scripts/terraform-docs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

if which terraform-docs >/dev/null; then
terraform-docs .
elif which docker >/dev/null; then
echo "## terraform-docs not found in PATH, but docker was found"
echo "## running terraform-docs in docker"
terraform_docs_version=$(cat .terraform-docs.yml | grep version | cut -d\" -f 2)
docker run --rm -v `pwd`:/data cytopia/terraform-docs:${terraform_docs_version} terraform-docs .
else
echo "## terraform-docs not found in PATH, neither was docker"
echo "## please install terraform-docs or docker"
exit 1
fi

0 comments on commit 48f2fbf

Please sign in to comment.