From 09efbc35f2fd6461910de140486c585880665623 Mon Sep 17 00:00:00 2001 From: Steven Nemetz Date: Fri, 15 Dec 2017 11:20:41 -0800 Subject: [PATCH] Convert to use my label module, add enable option, add future upstream changes --- main.tf | 71 +++++++++++++++++++++------------ outputs.tf | 23 ++++++----- test/main.tf | 16 ++++++++ variables.tf | 108 ++++++++++++++++++++++++++++++++++++--------------- 4 files changed, 152 insertions(+), 66 deletions(-) create mode 100644 test/main.tf diff --git a/main.tf b/main.tf index 9a60f91..228f8d2 100644 --- a/main.tf +++ b/main.tf @@ -5,60 +5,81 @@ # https://www.terraform.io/docs/providers/aws/r/efs_mount_target.html # Define composite variables for resources +data "aws_region" "default" { + count = "${var.enabled ? 1 : 0}" + current = "true" +} + +locals { + region = "${length(var.region) > 0 ? var.region : element(concat(data.aws_region.default.*.name, list("")),0)}" +} + module "label" { source = "devops-workflow/label/local" version = "0.1.0" - organization = "${var.namespace}" + organization = "${var.organization}" name = "${var.name}" - namespace-env = "${}" - namespace-org = "${}" - environment = "${var.stage}" + namespace-env = "${var.namespace-env}" + namespace-org = "${var.namespace-org}" + environment = "${var.environment}" delimiter = "${var.delimiter}" attributes = "${var.attributes}" tags = "${var.tags}" } resource "aws_efs_file_system" "default" { - tags = "${module.label.tags}" + count = "${var.enabled ? 1 : 0}" + performance_mode = "${var.performance_mode}" + encrypted = "${var.encrypted}" + kms_key_id = "${var.kms_key_id}" + tags = "${module.label.tags}" } resource "aws_efs_mount_target" "default" { - count = "${length(var.availability_zones)}" + count = "${var.enabled ? length(compact(var.subnets)) : 0}" file_system_id = "${aws_efs_file_system.default.id}" - subnet_id = "${element(var.subnets, count.index)}" + subnet_id = "${element(compact(var.subnets), count.index)}" security_groups = ["${aws_security_group.default.id}"] } resource "aws_security_group" "default" { + count = "${var.enabled ? 1 : 0}" name = "${module.label.id}" description = "EFS" vpc_id = "${var.vpc_id}" - + tags = "${module.label.tags}" lifecycle { create_before_destroy = true } +} - ingress { - from_port = "2049" # NFS - to_port = "2049" - protocol = "tcp" - security_groups = ["${var.security_groups}"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } +resource "aws_security_group_rule" "ingress" { + count = "${var.enabled ? length(compact(var.security_groups)) : 0}" + type = "ingress" + from_port = "2049" + to_port = "2049" + protocol = "tcp" + source_security_group_id = "${element(compact(var.security_groups), count.index)}" + security_group_id = "${aws_security_group.default.id}" +} - tags = "${module.label.tags}" +resource "aws_security_group_rule" "egress" { + count = "${var.enabled ? 1 : 0}" + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = "${aws_security_group.default.id}" } module "dns" { - source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.1.1" + source = "cloudposse/route53-cluster-hostname/aws" + version = "0.2.1" name = "${module.label.id}" - ttl = 60 + ttl = "${var.dns_ttl}" zone_id = "${var.zone_id}" - records = ["${aws_efs_file_system.default.id}.efs.${var.aws_region}.amazonaws.com"] + #records = ["${aws_efs_file_system.default.id}.efs.${local.region}.amazonaws.com"] + records = ["${element(concat(aws_efs_file_system.default.*.id, list("")),0)}.efs.${local.region}.amazonaws.com"] + enabled = "${var.enabled ? (length(var.zone_id) > 0 ? "true" : "false") : "false"}" } diff --git a/outputs.tf b/outputs.tf index 5e652e0..23e1685 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,21 +1,26 @@ output "id" { - value = "${aws_efs_file_system.default.id}" + description = "ID of EFS" + value = "${element(concat(aws_efs_file_system.default.*.id, list("")),0)}" } - +/* output "host" { - value = "${module.dns.hostname}" + description = "Assigned DNS-record for the EFS" + value = "${module.dns.hostname}" } - +*/ output "dns_name" { - value = "${aws_efs_file_system.default.id}.efs.${var.aws_region}.amazonaws.com" + description = "" + value = "${element(concat(aws_efs_file_system.default.*.id, list("")),0)}.efs.${local.region}.amazonaws.com" } output "security_group" { - value = "${aws_security_group.default.id}" + description = "" + value = "${element(concat(aws_security_group.default.*.id, list("")),0)}" } output "mount_target_ids" { - value = ["${aws_efs_mount_target.default.*.id}"] + description = "List of IDs of the EFS mount targets" + value = ["${aws_efs_mount_target.default.*.id}"] } - output "mount_target_ips" { - value = ["${aws_efs_mount_target.default.*.ip_address}"] + description = "List of IPs of the EFS mount targets" + value = ["${aws_efs_mount_target.default.*.ip_address}"] } diff --git a/test/main.tf b/test/main.tf new file mode 100644 index 0000000..cd776e2 --- /dev/null +++ b/test/main.tf @@ -0,0 +1,16 @@ +module "efs" { + source = "../" + name = "CapMe" + environment = "Dev" + #organization = "CorpXyZ" + #attributes = ["role", "policy", "use", ""] + #tags = "${map("Key", "Value")}" + zone_id = "" + security_groups = [] + subnets = [] + vpc_id = "" + #enabled = false +} + +# Test: +# enabled = false diff --git a/variables.tf b/variables.tf index a112bb5..9993b26 100644 --- a/variables.tf +++ b/variables.tf @@ -1,44 +1,88 @@ -variable "namespace" { - default = "global" -} -variable "stage" { - default = "default" +// Variables specific to module label +variable "attributes" { + description = "Suffix name with additional attributes (policy, role, etc.)" + type = "list" + default = [] +} +variable "delimiter" { + description = "Delimiter to be used between `name`, `namespaces`, `attributes`, etc." + type = "string" + default = "-" +} +variable "environment" { + description = "Environment (ex: dev, qa, stage, prod)" + type = "string" } - variable "name" { - default = "app" + description = "Base name for resource" + type = "string" } - -variable "security_groups" { - type = "list" +variable "namespace-env" { + description = "Prefix name with the environment" + default = true } - -variable "vpc_id" {} - -variable "aws_region" {} - -variable "subnets" { - type = "list" +variable "namespace-org" { + description = "Prefix name with the organization. If both env and org namespaces are used, format will be --" + default = false } - -variable "availability_zones" { - type = "list" +variable "organization" { + description = "Organization name" + type = "string" + default = "" } - -variable "zone_id" {} - -variable "delimiter" { - type = "string" - default = "-" +variable "tags" { + description = "A map of additional tags to add" + type = "map" + default = {} } -variable "attributes" { - type = "list" - default = [] +// Variables specific to module route53-cluster-hostname +variable "dns_ttl" { + description = "TTL of the DNS record" + type = "string" + default = "60" +} +variable "zone_id" { + description = "Route53 DNS zone ID" + type = "string" + default = "" } -variable "tags" { - type = "map" - default = {} +// Variables specific to this module +variable "enabled" { + description = "Set to false to prevent the module from creating anything" + default = true +} +variable "encrypted" { + description = "If true, the disk will be encrypted" + type = "string" + default = "false" +} +variable "kms_key_id" { + description = "ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true" + type = "string" + default = "" +} +variable "performance_mode" { + description = "The file system performance mode. Can be either generalPurpose or maxIO" + type = "string" + default = "generalPurpose" +} +variable "region" { + description = "AWS region" + type = "string" + default = "" +} +variable "security_groups" { + description = "AWS security group IDs to allow to connect to the EFS" + type = "list" +} +variable "subnets" { + description = "AWS subnet IDs" + type = "list" +} +variable "vpc_id" { + description = "AWS VPC ID" + type = "string" }