Merge pull request #4 from MavenCode:feature-policy-parallel-dev

Feature-policy-parallel-dev

.github/workflows/aws-sqs-moduleTest.yml

@@ -2,63 +2,28 @@
 # with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
 # `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
 # to the main branch, `terraform apply` will be executed.
-#
-# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
-#
-# To use this workflow, you will need to complete the following setup steps.
-#
-# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
-#   Example `main.tf`:
-#     # The configuration for the `remote` backend.
-#     terraform {
-#       backend "remote" {
-#         # The name of your Terraform Cloud organization.
-#         organization = "example-organization"
-#
-#         # The name of the Terraform Cloud workspace to store Terraform state files in.
-#         workspaces {
-#           name = "example-workspace"
-#         }
-#       }
-#     }
-#
-#     # An example resource that does nothing.
-#     resource "null_resource" "example" {
-#       triggers = {
-#         value = "A example resource that does nothing!"
-#       }
-#     }
-#
-#
-# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
-#   Documentation:
-#     - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
-#     - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
-#
-# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
-#   Example:
-#     - name: Setup Terraform
-#       uses: hashicorp/setup-terraform@v1
-#       with:
-#         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
-name: 'AWS-sqs-module-Test'
+name: "AWS-sqs-module-Test"
 
 on:
   push:
-    branches:
+    branch:
       - main
+      - master
     paths-ignore:
-      -'docs/**'
-      -'Docs/**'
+      - "docs/**"
+      - "Docs/**"
   pull_request:
+    branch:
+      - main
+      - master
     paths-ignore:
-      -'docs/**'
-      -'Docs/**'
+      - "docs/**"
+      - "Docs/**"
 
 jobs:
   terraform:
-    name: 'AWS-sqs-Terraform'
+    name: "AWS-sqs-Terraform"
     runs-on: ubuntu-latest
     environment: development
 
@@ -68,56 +33,44 @@ jobs:
         shell: bash
 
     steps:
-#     # Checkout the repository to the GitHub Actions runner
-#     - name: Checkout
-#       uses: actions/checkout@v2
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+
+      # Export aws secret and access key as vars
+      - name: Export secre_key, access_key and region
+        with:
+          export TF_VAR_region: ${{ secrets.MAVEN_AWS_REGION }}
+          export TF_VAR_access_key: ${{ secrets.MAVEN_AWS_ACCESS_KEY }}
+          export TF_VAR_secret_key: ${{ secrets.MAVEN_AWS_SECRET_KEY }}
+
+      ## Using terraform implementation in workflow above. Can be changed to AWS configuration below.
 
-#     # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
-#     - name: Setup Terraform
-#       uses: hashicorp/setup-terraform@v1
-
-#     # Export aws secret and access key as vars
-#     - name: Export secre_key, access_key and region
-#       with:
-#         export TF_VAR_region: ${{ secrets.MAVEN_AWS_REGION }}
-#         export TF_VAR_access_key: ${{ secrets.MAVEN_AWS_ACCESS_KEY }}
-#         export TF_VAR_secret_key: ${{ secrets.MAVEN_AWS_SECRET_KEY }}
-
-#     ## Using terraform implementation in workflow above. Can be changed to AWS configuration below.
-
-# #     - name: Configure AWS Credentials
-# #       uses: aws-actions/configure-aws-credentials@v1
-# #       with:
-# #         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-# #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-# #         aws-region: us-west-1
+      #     - name: Configure AWS Credentials
+      #       uses: aws-actions/configure-aws-credentials@v1
+      #       with:
+      #         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      #         aws-region: us-west-1
 
-#     # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
-#     - name: Terraform Init
-#       run: terraform init
+      # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+      - name: Terraform Init
+        run: terraform init
 
-#     # Checks that all Terraform configuration files adhere to a canonical format
-#     - name: Terraform Format
-#       run: terraform fmt -check
+      # Checks that all Terraform configuration files adhere to a canonical format
+      - name: Terraform Format
+        run: terraform fmt -check
 
-#     # Generates an execution plan for Terraform
-#     - name: Terraform Plan
-#       run: terraform plan
+      # Generates an execution plan for Terraform
+      - name: Terraform Plan
+        run: terraform plan
 
-#       # On push to main, build or change infrastructure according to Terraform configuration files
-#       # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
-#     - name: Terraform Apply
-#       if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-#       run: terraform apply -auto-approve
-
-    - name: Create tag
-      uses: actions/github-script@v3
-      with:
-        github-token: ${{ github.token }}
-        script: |
-          github.git.createRef({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            ref: "refs/tags/tagname",
-            sha: context.sha
-          })
+        # On push to main, build or change infrastructure according to Terraform configuration files
+        # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve

.github/workflows/tag-versioning.yml

@@ -0,0 +1,46 @@
+# Tag and versioning of commits on push and pull-request to main.
+
+name: "tags & versions"
+
+on:
+  push:
+    branch:
+      - main
+    paths-ignore:
+      - "docs/**"
+      - "Docs/**"
+  pull_request:
+    branch:
+      - main
+    paths-ignore:
+      - "docs/**"
+      - "Docs/**"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: "0"
+      - name: Bump version and push tag
+        id: current_tag
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WITH_V: true
+          RELEASE_BRANCHES: master, main
+          DEFAULT_BUMP: patch
+          VERBOSE: false
+
+      - name: Git release versioning
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.current_tag.outputs.new_tag }}
+          name: Release ${{ steps.current_tag.outputs.new_tag }}
+          body: ${{ steps.current_tag.outputs.changelog }}

.gitignore

@@ -0,0 +1,31 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files 
+.terraform.lock.hcl
+
+.DS_Store

default-policy.json

@@ -1,15 +1,18 @@
 {
-    "Version": "2012-10-17",
-    "Id": "sqspolicy",
-    "Statement": [
-      {
-        "Effect": "Allow",
-        "Principal": "*",
-        "Action": "sqs:*",
-        "Resource": "arn:aws:sqs:*:*:s3-event-queue",
-        "Condition": {
-            "ArnEquals": { "aws:SourceArn": "${var.bucket_arn}" }
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${resource_arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${bucket_arn}"
         }
       }
-    ]
+    }
+  ]
 }

example/test/main.tf

@@ -10,11 +10,39 @@ module "aws_sqs_queue" {
   tag_name = var.tag
   env_name = var.env
 }
+data "aws_s3_bucket" "bucket_vars" {
+  bucket = aws_s3_bucket.storage.id
+}
+
+# s3 bucket resource declaration with full access permissions for dev-env
+resource "aws_s3_bucket" "storage" {
+  bucket        = "${var.bucket_name}-${random_string.random.result}"
+  acl           = var.acl
+  force_destroy = true
+
+  # terraform-dev-env tag attached to all resources in test, dev or prod 
+  tags = {
+    Name        = var.tag_name
+    Environment = var.env_name
+  }
+}
+
+# random string appended to created uid for deployed s3 bucket
+resource "random_string" "random" {
+  length  = 6
+  special = false
+  upper   = false
+}
+
+variable "bucket_name" {}
+variable "acl" {}
+variable "tag_name" {}
+variable "env_name" {}
 
-variable "name" { type = string }
-variable "policy" { type = string }
-variable "bucket_arn" { type = string }
-variable "bucket_id" { type = string }
-variable "dependency" { type = list(string) }
-variable "tag" { type = string }
-variable "env" { type = string }
+variable "name" {}
+variable "policy" {}
+variable "bucket_arn" {}
+variable "bucket_id" {}
+variable "dependency" {}
+variable "tag" {}
+variable "env" {}

example/test/providers.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.67.0"
+    }
+  }
+}
+
+provider "aws" {
+  region     = var.region
+  access_key = var.access_key
+  secret_key = var.secret_key
+}

example/test/terraform.tfvars

@@ -1,7 +1,13 @@
+# queue module variables
 name       = "s3-event-queue"
-policy     = default-policy.json
-bucket_arn = "null"
-bucket_id  = "null"
-dependency = []
+policy     = "test-policy.json"
+bucket_arn = data.aws_s3_bucket.bucket_vars.arn
+bucket_id  = data.aws_s3_bucket.bucket_vars.id
+dependency = [data.aws_s3_bucket.bucket_vars.id] # = [] for no implenmentation
 tag        = "terraform-IaC"
 env        = "test"
+# bucket resource test variables
+bucket_name = "s3-bucket"
+acl         = "private"
+tag_name    = "terraform-IaC"
+env_name    = "test"

example/test/test-policy.json

@@ -0,0 +1,18 @@
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${resource_arn}",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "${bucket_arn}"
+        }
+      }
+    }
+  ]
+}