Merge pull request #7 from RohitSquareops/Release-bug-fixes

Updated references and examples
squareops · Nov 2, 2023 · 53e6d8f · 53e6d8f
2 parents 537921a + 972fa3d
commit 53e6d8f
Show file tree

Hide file tree

Showing 12 changed files with 159 additions and 145 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,16 +1,29 @@
 repos:
-  - repo: https://github.com/squareops/pre-commit
-    rev: v0.1.12
-    hooks:
-      - id: terraform-fmt
-      - id: terraform-validate
-      - id: tflint
-  - repo: https://github.com/squareops/pre-commit-terraform
-    rev: v1.47.0
-    hooks:
-      - id: terraform_docs
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.1.0
     hooks:
+      - id: trailing-whitespace
+        args: ['--markdown-linebreak-ext=md']
+      - id: end-of-file-fixer
       - id: check-merge-conflict
-      # - id: end-of-file-fixer
+      - id: detect-private-key
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+          - --hook-config=--add-to-existing-file=true
+          - --hook-config=--create-file-if-not-exist=true
+
+      - id: terraform_tflint
+        args:
+          - --args=--config=.tflint.hcl
+      - id: terraform_tfsec
+        files: ^examples/ # only scan `examples/*` which are the implementation
+        args:
+          - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
+          - --args=--concise-output
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -41,4 +41,4 @@ rule "terraform_naming_convention" {
   locals {
     format = "none"
   }
-}
+}
diff --git a/IAM.md b/IAM.md
@@ -28,4 +28,4 @@ The Policy required to deploy this module:
         },
     ]
 }
-```
+```
diff --git a/README.md b/README.md
@@ -72,9 +72,9 @@ The required IAM permissions to create resources from this module can be found [
 
 | Name | Version |
 |------|---------|
-| <a name="provider_archive"></a> [archive](#provider\_archive) | 2.4.0 |
+| <a name="provider_archive"></a> [archive](#provider\_archive) | n/a |
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.13.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
@@ -152,6 +152,7 @@ The required IAM permissions to create resources from this module can be found [
 | <a name="input_replicate_source_db"></a> [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a replicate database, and uses the specified value as the source database identifier | `string` | `null` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If set to true, no DB snapshot is created. If set to false, a DB snapshot is created before the DB instance is deleted, using the value from final\_snapshot\_identifier | `bool` | `true` | no |
 | <a name="input_slack_channel"></a> [slack\_channel](#input\_slack\_channel) | The Slack channel where notifications will be posted. | `string` | `""` | no |
+| <a name="input_slack_notification_enabled"></a> [slack\_notification\_enabled](#input\_slack\_notification\_enabled) | Whether to enable/disable slack notification. | `bool` | `false` | no |
 | <a name="input_slack_username"></a> [slack\_username](#input\_slack\_username) | The username to use when sending notifications to Slack. | `string` | `""` | no |
 | <a name="input_slack_webhook_url"></a> [slack\_webhook\_url](#input\_slack\_webhook\_url) | The Slack Webhook URL where notifications will be sent. | `string` | `""` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether to create the database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05 | `string` | `null` | no |
@@ -213,4 +214,4 @@ We believe that the key to success in the digital age is the ability to deliver
 
 We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
 
-To find more information about our company, visit [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
+To find more information about our company, visit [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf
@@ -1,15 +1,15 @@
 locals {
-  region      = "us-east-2"
-  name        = "postgresql"
-  family      = "postgres15"
-  vpc_cidr    = "10.20.0.0/16"
-  environment = "prod"
-  storage_type  = "gp3"
-  engine_version = "15.2"
-  instance_class = "db.m5d.large"
-  replica_enable = true
-  replica_count = 1
-  current_identity = data.aws_caller_identity.current.arn
+  region                  = "us-east-2"
+  name                    = "postgresql"
+  family                  = "postgres15"
+  vpc_cidr                = "10.20.0.0/16"
+  environment             = "prod"
+  storage_type            = "gp3"
+  engine_version          = "15.2"
+  instance_class          = "db.m5d.large"
+  replica_enable          = true
+  replica_count           = 1
+  current_identity        = data.aws_caller_identity.current.arn
   allowed_security_groups = ["sg-0a680afd35"]
   additional_tags = {
     Owner      = "Organization_Name"
@@ -32,11 +32,11 @@ module "kms" {
   multi_region            = true
 
   # Policy
-  enable_default_policy                  = true
-  key_owners                             = [local.current_identity]
-  key_administrators                     = [local.current_identity]
-  key_users                              = [local.current_identity]
-  key_service_users                      = [local.current_identity]
+  enable_default_policy = true
+  key_owners            = [local.current_identity]
+  key_administrators    = [local.current_identity]
+  key_users             = [local.current_identity]
+  key_service_users     = [local.current_identity]
   key_statements = [
     {
       sid = "CloudWatchLogs"
@@ -66,17 +66,17 @@ module "kms" {
 
 
 module "vpc" {
-  source                = "squareops/vpc/aws"
-  name                  = local.name
-  vpc_cidr              = local.vpc_cidr
-  environment           = local.environment
-  availability_zones    = ["us-east-2a", "us-east-2b"]
-  public_subnet_enabled = true
-  auto_assign_public_ip = true
-  intra_subnet_enabled                            = false
-  private_subnet_enabled                          = true
-  one_nat_gateway_per_az                          = false
-  database_subnet_enabled                         = true
+  source                  = "squareops/vpc/aws"
+  name                    = local.name
+  vpc_cidr                = local.vpc_cidr
+  environment             = local.environment
+  availability_zones      = ["us-east-2a", "us-east-2b"]
+  public_subnet_enabled   = true
+  auto_assign_public_ip   = true
+  intra_subnet_enabled    = false
+  private_subnet_enabled  = true
+  one_nat_gateway_per_az  = false
+  database_subnet_enabled = true
 }
 
 module "rds-pg" {

diff --git a/examples/complete-psql-replica/output.tf b/examples/complete-psql-replica/output.tf
@@ -25,7 +25,7 @@ output "instance_username" {
 output "instance_password" {
   description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)."
   value       = module.rds-pg.db_instance_password
-  sensitive = false
+  sensitive   = false
 }
 
 output "security_group" {
@@ -45,4 +45,4 @@ output "subnet_group_id" {
 
 output "master_user_secret_arn" {
   value = module.rds-pg.master_credential_secret_arn
-}
+}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -1,13 +1,13 @@
 locals {
-  region         = "us-east-2"
-  name           = "postgresql"
-  family         = "postgres15"
-  vpc_cidr       = "10.20.0.0/16"
-  environment    = "prod"
-  engine_version = "15.2"
-  instance_class = "db.m5d.large"
-  storage_type   = "gp3"
-  current_identity = data.aws_caller_identity.current.arn
+  region                  = "us-east-2"
+  name                    = "postgresql"
+  family                  = "postgres15"
+  vpc_cidr                = "10.20.0.0/16"
+  environment             = "prod"
+  engine_version          = "15.2"
+  instance_class          = "db.m5d.large"
+  storage_type            = "gp3"
+  current_identity        = data.aws_caller_identity.current.arn
   allowed_security_groups = ["sg-0a680afd35"]
   additional_tags = {
     Owner      = "Organization_Name"
@@ -30,11 +30,11 @@ module "kms" {
   multi_region            = true
 
   # Policy
-  enable_default_policy                  = true
-  key_owners                             = [local.current_identity]
-  key_administrators                     = [local.current_identity]
-  key_users                              = [local.current_identity]
-  key_service_users                      = [local.current_identity]
+  enable_default_policy = true
+  key_owners            = [local.current_identity]
+  key_administrators    = [local.current_identity]
+  key_users             = [local.current_identity]
+  key_service_users     = [local.current_identity]
   key_statements = [
     {
       sid = "Allow use of the key"
@@ -49,22 +49,22 @@ module "kms" {
 
       principals = [
         {
-          type        = "Service"
+          type = "Service"
           identifiers = [
             "monitoring.rds.amazonaws.com",
             "rds.amazonaws.com",
           ]
         }
       ]
     },
-        {
-      sid = "Enable IAM User Permissions"
-      actions = ["kms:*"]
+    {
+      sid       = "Enable IAM User Permissions"
+      actions   = ["kms:*"]
       resources = ["*"]
 
       principals = [
         {
-          type        = "AWS"
+          type = "AWS"
           identifiers = [
             "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
             data.aws_caller_identity.current.arn,
@@ -82,17 +82,17 @@ module "kms" {
 
 
 module "vpc" {
-  source                = "squareops/vpc/aws"
-  name                  = local.name
-  vpc_cidr              = local.vpc_cidr
-  environment           = local.environment
-  availability_zones    = ["us-east-2a", "us-east-2b"]
-  public_subnet_enabled = true
-  auto_assign_public_ip = true
-  intra_subnet_enabled                            = false
-  private_subnet_enabled                          = true
-  one_nat_gateway_per_az                          = false
-  database_subnet_enabled                         = true
+  source                  = "squareops/vpc/aws"
+  name                    = local.name
+  vpc_cidr                = local.vpc_cidr
+  environment             = local.environment
+  availability_zones      = ["us-east-2a", "us-east-2b"]
+  public_subnet_enabled   = true
+  auto_assign_public_ip   = true
+  intra_subnet_enabled    = false
+  private_subnet_enabled  = true
+  one_nat_gateway_per_az  = false
+  database_subnet_enabled = true
 }
 
 module "rds-pg" {

diff --git a/examples/complete/output.tf b/examples/complete/output.tf
@@ -25,7 +25,7 @@ output "instance_username" {
 output "instance_password" {
   description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)."
   value       = module.rds-pg.db_instance_password
-  sensitive = false
+  sensitive   = false
 }
 
 output "security_group" {
@@ -45,4 +45,4 @@ output "subnet_group_id" {
 
 output "master_user_secret_arn" {
   value = module.rds-pg.master_credential_secret_arn
-}
+}
diff --git a/lambda/README.md b/lambda/README.md
@@ -16,7 +16,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.17.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 
@@ -56,4 +56,4 @@ No modules.
 | <a name="output_exec_role_id"></a> [exec\_role\_id](#output\_exec\_role\_id) | The ID of the Function's IAM Role. |
 | <a name="output_invoke_arn"></a> [invoke\_arn](#output\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the Lambda Function. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/lambda/sns_slack.py b/lambda/sns_slack.py
@@ -33,7 +33,7 @@ def format_cloudwatch_alarm_message(event):
     return message
 
 def lambda_handler(event, context):
-    url = slack_url  
+    url = slack_url
     msg = {
         "channel": slack_channel,
         "username": slack_user,
@@ -43,9 +43,9 @@ def lambda_handler(event, context):
 
     encoded_msg = json.dumps(msg).encode('utf-8')
     resp = http.request('POST', url, body=encoded_msg)
-    
+
     print({
         "message": msg,
         "status_code": resp.status,
         "response": resp.data
-    })
+    })
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,4 +41,4 @@ rule "terraform_naming_convention" { @@
       locals {
         format = "none"
       }
-    }
+    }