Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update precommit config #10

Merged
merged 8 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .github/labels.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- name: bug
color: "c2e0c6"
description: Bug
- name: do-not-merge
color: "e99695"
description: Do not merge commit
- name: documentation
color: "feaef7"
description: Documentation
- name: enhancement
color: "8d6fc8"
description: Enhancement
- name: release/major
color: "d93f0b"
description: Major version
- name: release/minor
color: "fbca04"
description: Minor version
- name: release/patch
color: "0e8a16"
description: Patch version
- name: security
color: "db175c"
description: Security
2 changes: 1 addition & 1 deletion .github/workflows/ci-checks-tf.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ permissions:
jobs:
pre-commit:
runs-on: ubuntu-latest
container: ghcr.io/antonbabenko/pre-commit-terraform:v1.79.1
container: ghcr.io/antonbabenko/pre-commit-terraform:v1.88.4
steps:
- uses: actions/checkout@v3

Expand Down
49 changes: 0 additions & 49 deletions .github/workflows/terraform.yml

This file was deleted.

3 changes: 3 additions & 0 deletions .github/workflows/v1-func-create-tag-and-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ on:
pull_request:
types: [closed]

permissions:
contents: write

jobs:
create-new-release:
runs-on: ubuntu-latest
Expand Down
28 changes: 27 additions & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,33 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: check-json
- id: check-merge-conflict
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
- id: pretty-format-json
args:
- --autofix
- id: detect-aws-credentials
args:
- --allow-missing-credentials
- id: detect-private-key
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.77.0
rev: v1.89.1
hooks:
- id: terraform_fmt
- id: terraform_docs
args:
- --hook-config=--use-standard-markers=true
- id: terraform_validate
- repo: https://github.com/bridgecrewio/checkov
rev: 3.0.37
hooks:
- id: checkov
verbose: false
args: [--download-external-modules, "true", --quiet, --compact]
additional_dependencies:
- "cyclonedx-python-lib==5.2.0"
39 changes: 27 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
# terraform-aws-mcaf-opensearch
<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.49.0 |
| <a name="requirement_elasticsearch"></a> [elasticsearch](#requirement\_elasticsearch) | >= 2.0.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.9.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.49.0 |

## Modules

Expand All @@ -22,18 +20,21 @@ No modules.

| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.cw_application](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_index](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_search](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_resource_policy.cw_resource_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_resource_policy) | resource |
| [aws_elasticsearch_domain.opensearch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain) | resource |
| [aws_iam_policy_document.cw_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_cloudwatch_log_group.cw_application](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_audit](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_index](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_group.cw_search](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/cloudwatch_log_group) | resource |
| [aws_cloudwatch_log_resource_policy.cw_resource_policy](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/cloudwatch_log_resource_policy) | resource |
| [aws_elasticsearch_domain.opensearch](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/elasticsearch_domain) | resource |
| [aws_elasticsearch_domain_saml_options.opensearch_saml_options](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/resources/elasticsearch_domain_saml_options) | resource |
| [aws_iam_policy_document.cw_policy](https://registry.terraform.io/providers/hashicorp/aws/5.49.0/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_autotune_enabled"></a> [autotune\_enabled](#input\_autotune\_enabled) | Enable autotune options | `bool` | `false` | no |
| <a name="input_autotune_options"></a> [autotune\_options](#input\_autotune\_options) | n/a | <pre>object({<br> desired_state = string<br> rollback_on_disable = string<br> maintenance_schedule = object({<br> cron_expression = string<br> duration = number<br> start_at = string<br> })<br> })</pre> | <pre>{<br> "desired_state": "ENABLED",<br> "maintenance_schedule": {<br> "cron_expression": "cron(0 0 ? * 1 *)",<br> "duration": 1,<br> "start_at": "2000-01-01T00:00:00.00Z"<br> },<br> "rollback_on_disable": "NO_ROLLBACK"<br>}</pre> | no |
| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. | `number` | `3` | no |
| <a name="input_cloudwatch_log_enabled"></a> [cloudwatch\_log\_enabled](#input\_cloudwatch\_log\_enabled) | Enabled Cloudwatch. | `bool` | `true` | no |
| <a name="input_cloudwatch_log_kms_key_id"></a> [cloudwatch\_log\_kms\_key\_id](#input\_cloudwatch\_log\_kms\_key\_id) | The ARN of the KMS key to use when encrypting log data. | `string` | `null` | no |
Expand All @@ -45,20 +46,35 @@ No modules.
| <a name="input_cognito_identity_pool_id"></a> [cognito\_identity\_pool\_id](#input\_cognito\_identity\_pool\_id) | ID of the Cognito identity pool to use. | `string` | `null` | no |
| <a name="input_cognito_role_arn"></a> [cognito\_role\_arn](#input\_cognito\_role\_arn) | ARN of the IAM role that has the AmazonESCognitoAccess policy. | `string` | `null` | no |
| <a name="input_cognito_user_pool_id"></a> [cognito\_user\_pool\_id](#input\_cognito\_user\_pool\_id) | ID of the Cognito user pool to use. | `string` | `null` | no |
| <a name="input_cold_enabled"></a> [cold\_enabled](#input\_cold\_enabled) | Enable cold storage. | `bool` | `false` | no |
| <a name="input_custom_endpoint"></a> [custom\_endpoint](#input\_custom\_endpoint) | FQDN of the custom endpoint | `string` | `null` | no |
| <a name="input_custom_endpoint_certificate_arn"></a> [custom\_endpoint\_certificate\_arn](#input\_custom\_endpoint\_certificate\_arn) | ACM certificate ARN for your custom endpoint. | `string` | `null` | no |
| <a name="input_custom_endpoint_enabled"></a> [custom\_endpoint\_enabled](#input\_custom\_endpoint\_enabled) | Enable custom endpoint. | `bool` | `false` | no |
| <a name="input_ebs_enabled"></a> [ebs\_enabled](#input\_ebs\_enabled) | Enable EBS volumes for data nodes | `bool` | `false` | no |
| <a name="input_ebs_iops"></a> [ebs\_iops](#input\_ebs\_iops) | Baseline I/O performance of EBS volumes attached to data nodes. | `number` | `null` | no |
| <a name="input_ebs_volume_size"></a> [ebs\_volume\_size](#input\_ebs\_volume\_size) | EBS Volume size in GiB | `number` | `null` | no |
| <a name="input_ebs_volume_type"></a> [ebs\_volume\_type](#input\_ebs\_volume\_type) | EBS volume type. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html | `string` | `null` | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | Enable OpenSearch. | `bool` | `true` | no |
| <a name="input_encrypt_at_rest"></a> [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Enable encryption at rest | `bool` | `true` | no |
| <a name="input_encrypt_kms_key_id"></a> [encrypt\_kms\_key\_id](#input\_encrypt\_kms\_key\_id) | KMS key id to encrypt OpenSearch domain with. | `string` | `null` | no |
| <a name="input_enforce_https"></a> [enforce\_https](#input\_enforce\_https) | Enforce HTTPS domain endpoint. | `string` | `null` | no |
| <a name="input_hot_instance_count"></a> [hot\_instance\_count](#input\_hot\_instance\_count) | The number of dedicated hot nodes in the cluster. | `number` | `3` | no |
| <a name="input_hot_instance_type"></a> [hot\_instance\_type](#input\_hot\_instance\_type) | The instance type for dedicated hot nodes in the cluster. | `string` | `"t3.small.elasticsearch"` | no |
| <a name="input_internal_user_database_enabled"></a> [internal\_user\_database\_enabled](#input\_internal\_user\_database\_enabled) | Enable internal user database. | `bool` | `true` | no |
| <a name="input_master_instance_count"></a> [master\_instance\_count](#input\_master\_instance\_count) | The number of dedicated master nodes in the cluster. | `number` | `3` | no |
| <a name="input_master_instance_type"></a> [master\_instance\_type](#input\_master\_instance\_type) | Instance type for the OpenSearch master nodes. | `string` | `"t3.small.elasticsearch"` | no |
| <a name="input_master_user_arn"></a> [master\_user\_arn](#input\_master\_user\_arn) | ARN of the main user. | `string` | `null` | no |
| <a name="input_master_user_name"></a> [master\_user\_name](#input\_master\_user\_name) | Name of the main user. | `string` | `null` | no |
| <a name="input_master_user_password"></a> [master\_user\_password](#input\_master\_user\_password) | Password of the main user. | `string` | `null` | no |
| <a name="input_node_to_node_encryption"></a> [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Enable node-to-node encryption. | `bool` | `true` | no |
| <a name="input_saml_options_enabled"></a> [saml\_options\_enabled](#input\_saml\_options\_enabled) | Enable saml\_options | `bool` | `false` | no |
| <a name="input_saml_options_idp_entity_id"></a> [saml\_options\_idp\_entity\_id](#input\_saml\_options\_idp\_entity\_id) | URL of the entity id | `string` | `null` | no |
| <a name="input_saml_options_idp_metadata_content"></a> [saml\_options\_idp\_metadata\_content](#input\_saml\_options\_idp\_metadata\_content) | Contents of the saml-metadata.xml file | `string` | `null` | no |
| <a name="input_saml_options_master_backend_role"></a> [saml\_options\_master\_backend\_role](#input\_saml\_options\_master\_backend\_role) | (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. | `string` | `null` | no |
| <a name="input_saml_options_master_user_name"></a> [saml\_options\_master\_user\_name](#input\_saml\_options\_master\_user\_name) | (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. | `string` | `null` | no |
| <a name="input_saml_options_roles_key"></a> [saml\_options\_roles\_key](#input\_saml\_options\_roles\_key) | (Optional) Element of the SAML assertion to use for backend roles. Default is roles. e.g. http://schemas.microsoft.com/ws/2008/06/identity/claims/groups | `string` | `null` | no |
| <a name="input_saml_options_session_timeout_minutes"></a> [saml\_options\_session\_timeout\_minutes](#input\_saml\_options\_session\_timeout\_minutes) | (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. | `number` | `null` | no |
| <a name="input_saml_options_subject_key"></a> [saml\_options\_subject\_key](#input\_saml\_options\_subject\_key) | (Optional) Custom SAML attribute to use for user names. Default is an empty string. This will cause Elasticsearch to use the NameID element of the Subject, which is the default location for name identifiers in the SAML specification. | `string` | `null` | no |
| <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | List of VPC security group id's. | `list(string)` | `[]` | no |
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The subnet id where to deploy the OpenSearch cluster. | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the OpenSearch cluster. | `map(string)` | `{}` | no |
Expand All @@ -78,4 +94,3 @@ No modules.
| <a name="output_kibana_endpoint"></a> [kibana\_endpoint](#output\_kibana\_endpoint) | The endpoint URL of Kibana. |
| <a name="output_opensearch_domain_arn"></a> [opensearch\_domain\_arn](#output\_opensearch\_domain\_arn) | Return ARN of the OpenSearch cluster domain. |
| <a name="output_opensearch_domain_id"></a> [opensearch\_domain\_id](#output\_opensearch\_domain\_id) | The domain id of the OpenSearch cluster. |
<!-- END_TF_DOCS -->
36 changes: 2 additions & 34 deletions example/README.md
Original file line number Diff line number Diff line change
@@ -1,35 +1,3 @@
# Usage
<!--- BEGIN_TF_DOCS --->
## Requirements
# Example

| Name | Version |
|------|---------|
| terraform | >= 1.0 |
| aws | >= 4.0 |
| elasticsearch | >=2.0.0 |

## Providers

| Name | Version |
|------|---------|
| aws | >= 4.0 |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| cluster\_domain | The hosted zone name of the OpenSearch cluster. | `string` | `""` | no |
| cluster\_name | The name of the OpenSearch cluster. | `string` | `"opensearch"` | no |
| security\_group\_ids | The security group id's to add to the OpenSearch security group. | `list(string)` | `[]` | no |
| subnet\_ids | The subnet id's to use for the OpenSearch cluster. | `list(string)` | `[]` | no |
| tags | Tags | `map(string)` | `{}` | no |

## Outputs

| Name | Description |
|------|-------------|
| cluster\_endpoint | The endpoint URL of the OpenSearch cluster. |
| cluster\_name | The name of the OpenSearch cluster. |
| cluster\_version | The version of the OpenSearch cluster. |

<!--- END_TF_DOCS --->
Look at the README.md in the root folder of this project
3 changes: 2 additions & 1 deletion example/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ module "opensearch" {
cluster_name = var.cluster_name
cluster_version = "OpenSearch_2.7"

subnet_ids = var.subnet_ids
subnet_ids = var.subnet_ids
#checkov:skip=CKV_AWS_248:This example doesn't contain a security group
security_group_ids = var.security_group_ids

warm_enabled = false
Expand Down
2 changes: 1 addition & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ resource "aws_elasticsearch_domain" "opensearch" {
count = var.enabled ? 1 : 0

cluster_config {
dedicated_master_enabled = var.master_instance_count > 0
dedicated_master_enabled = true
dedicated_master_count = var.master_instance_count
dedicated_master_type = var.master_instance_type

Expand Down
2 changes: 1 addition & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ variable "custom_endpoint_certificate_arn" {
variable "internal_user_database_enabled" {
description = "Enable internal user database."
type = bool
default = false
default = true
}

variable "master_user_arn" {
Expand Down
2 changes: 1 addition & 1 deletion versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0.0"
version = "5.49.0"
}
elasticsearch = {
source = "phillbaker/elasticsearch"
Expand Down
Loading