fix: Changed some of the var names

BorisLabs · Mar 21, 2023 · c6c1560 · c6c1560
1 parent 6e0234e
commit c6c1560
Show file tree

Hide file tree

Showing 9 changed files with 74 additions and 38 deletions.
diff --git a/README.md b/README.md
@@ -38,9 +38,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_lambda_sigv4_name"></a> [lambda\_sigv4\_name](#input\_lambda\_sigv4\_name) | Name of the lambda function that will return the Sigv4 headers | `string` | `"aws-lambda-signer"` | no |
-| <a name="input_sigv4_config"></a> [sigv4\_config](#input\_sigv4\_config) | Map of request configuration, must contain create & destroy maps | `map(any)` | <pre>{<br>  "request_1": {<br>    "create": {},<br>    "destroy": {}<br>  }<br>}</pre> | no |
-| <a name="input_sigv4_modify_config"></a> [sigv4\_modify\_config](#input\_sigv4\_modify\_config) | Map of request configuration for to modify resources | `map(any)` | <pre>{<br>  "request_1": {<br>    "modify": {}<br>  }<br>}</pre> | no |
+| <a name="input_aws_request_config"></a> [aws\_request\_config](#input\_aws\_request\_config) | Map of request configuration, needs to contain create & destroy keys | `map(any)` | <pre>{<br>  "request_1": {<br>    "create": {},<br>    "destroy": {}<br>  }<br>}</pre> | no |
+| <a name="input_lambda_function_name"></a> [lambda\_function\_name](#input\_lambda\_function\_name) | Name of the lambda function that will return the Sigv4 headers | `string` | `"aws-lambda-signer"` | no |
+| <a name="input_sigv4_modify_config"></a> [sigv4\_modify\_config](#input\_sigv4\_modify\_config) | Map of request configuration to modify resources | `map(any)` | <pre>{<br>  "request_1": {<br>    "modify": {}<br>  }<br>}</pre> | no |
 
 ## Outputs
 

diff --git a/examples/aws-ecs/main.tf b/examples/aws-ecs/main.tf
@@ -16,7 +16,7 @@ terraform {
 module "ecs_cluster" {
   source = "../../"
 
-  sigv4_config = {
+  aws_request_config = {
     ecs_cluster = {
       create = {
         mode    = "create"

diff --git a/examples/aws-iam/main.tf b/examples/aws-iam/main.tf
@@ -5,18 +5,10 @@ provider "aws" {
 provider "terracurl" {
 }
 
-terraform {
-  required_providers {
-    terracurl = {
-      source = "devops-rob/terracurl"
-    }
-  }
-}
-
 module "iam_group" {
   source = "../../"
 
-  sigv4_config = {
+  awsaws_request_config = {
     terraform_group = {
       create = {
         mode    = "create"

diff --git a/main.tf b/main.tf
@@ -1,10 +1,10 @@
 locals {
-  sigv4_config = var.sigv4_config
+  config = var.aws_request_config
 }
 
 locals {
   request_helper = flatten([
-    for req, config in local.sigv4_config : [
+    for req, config in local.config : [
       for rt, d in config : {
         name   = "${req}_${d.mode}"
         config = d
@@ -17,16 +17,16 @@ locals {
 data "aws_lambda_invocation" "sigv4" {
   for_each = { for d in local.request_helper : d.name => d.config }
 
-  function_name = var.lambda_sigv4_name
+  function_name = var.lambda_function_name
   input         = jsonencode(each.value)
 }
 
 resource "terracurl_request" "create_and_destroy" {
-  for_each = toset(keys(local.sigv4_config))
+  for_each = toset(keys(local.config))
 
   name   = each.key
-  url    = local.sigv4_config[each.key]["create"]["url"]
-  method = local.sigv4_config[each.key]["create"]["method"]
+  url    = local.config[each.key]["create"]["url"]
+  method = local.config[each.key]["create"]["method"]
 
   response_codes = [200, 400, 403]
 
@@ -35,8 +35,8 @@ resource "terracurl_request" "create_and_destroy" {
   request_parameters = jsondecode(data.aws_lambda_invocation.sigv4["${each.key}_create"].result)["request_params"]
 
 
-  destroy_url          = local.sigv4_config[each.key]["destroy"]["url"]
-  destroy_method       = local.sigv4_config[each.key]["destroy"]["method"]
+  destroy_url          = local.config[each.key]["destroy"]["url"]
+  destroy_method       = local.config[each.key]["destroy"]["method"]
   destroy_headers      = jsondecode(data.aws_lambda_invocation.sigv4["${each.key}_destroy"].result)["headers"]
   destroy_request_body = jsondecode(data.aws_lambda_invocation.sigv4["${each.key}_destroy"].result)["data"]
   destroy_parameters   = jsondecode(data.aws_lambda_invocation.sigv4["${each.key}_destroy"].result)["request_params"]

diff --git a/modules/sigv4-signer/main.tf b/modules/sigv4-signer/main.tf
@@ -2,6 +2,10 @@ provider "aws" {
   region = "eu-west-1"
 }
 
+locals {
+  iam_configuration = var.iam_config
+}
+
 module "build_sigv4_botocore_layer" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "4.10.1"
@@ -37,8 +41,13 @@ module "sigv4_lambda" {
   handler       = "lambda_handler.lambda_handler"
 
   create_role = true
-  role_name   = "layer-validator"
-  policy_name = "layer-policy"
+
+  role_name   = var.iam_role_name
+  policy_name = var.iam_policy_name
+
+  attach_policy_jsons    = var.json_attach_policies
+  policy_jsons           = var.json_policies
+  number_of_policy_jsons = var.json_policy_count
 
   compatible_runtimes = [var.layer_runtime]
   runtime             = var.layer_runtime # required to force layers to do pip install

diff --git a/modules/sigv4-signer/outputs.tf b/modules/sigv4-signer/outputs.tf
@@ -5,3 +5,7 @@ output "layer_arn" {
 output "layer_version" {
   value = module.build_sigv4_botocore_layer.lambda_layer_version
 }
+
+output "lambda_function_arn" {
+  value = module.sigv4_lambda.lambda_function_arn
+}
diff --git a/modules/sigv4-signer/variables.tf b/modules/sigv4-signer/variables.tf
@@ -47,3 +47,45 @@ variable "function_name" {
   type = string
 }
 
+variable "iam_role_name" {
+  description = "Name of the IAM role that's created"
+  default     = "aws-sigv4-lambda-role"
+
+
+  type = string
+}
+
+variable "iam_policy_name" {
+  description = "Name of the IAM Policy to create & attach to the role"
+  default     = "aws-sigv4-lambda-policy"
+
+  type = string
+}
+
+variable "iam_config" {
+  description = "Map of IAM Config to apply to lambda function"
+  default     = {}
+
+  type = map(string)
+}
+
+variable "json_attach_policies" {
+  description = "Attach JSON IAM Policies"
+  default     = false
+
+  type = bool
+}
+
+variable "json_policies" {
+  description = "List of JSON Policies to attach"
+  default     = []
+
+  type = list(string)
+}
+
+variable "json_policy_count" {
+  description = "Count of number of policies in json_policies"
+  default     = 0
+
+  type = number
+}
diff --git a/outputs.tf b/outputs.tf
@@ -1,5 +1,5 @@
 output "local_config" {
-  value = local.sigv4_config
+  value = local.config
 }
 
 output "sigv4_config" {

diff --git a/variables.tf b/variables.tf
@@ -1,12 +1,12 @@
-variable "lambda_sigv4_name" {
+variable "lambda_function_name" {
   description = "Name of the lambda function that will return the Sigv4 headers"
   default     = "aws-lambda-signer"
 
   type = string
 }
 
-variable "sigv4_config" {
-  description = "Map of request configuration, must contain create & destroy maps"
+variable "aws_request_config" {
+  description = "Map of request configuration, needs to contain create & destroy keys"
 
   type = map(any)
 
@@ -17,14 +17,3 @@ variable "sigv4_config" {
     }
   }
 }
-
-variable "sigv4_modify_config" {
-  description = "Map of request configuration for to modify resources"
-  type        = map(any)
-
-  default = {
-    request_1 = {
-      modify = {}
-    }
-  }
-}