Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First pass at updating for tf12 #9

Merged
merged 2 commits into from
Sep 19, 2019
Merged

First pass at updating for tf12 #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4b752c6
First pass at updating for tf12
cblkwell Sep 17, 2019
bcd7074
Updating circleci config to use tf12 image
cblkwell Sep 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ version: 2
jobs:
validate:
docker:
- image: trussworks/circleci-docker-primary:a18ba9987556eec2e48354848a3c9fb4d5b69ac8
- image: trussworks/circleci-docker-primary:tf12-0ccfce37a5c2feb87590f0161ec186354c25ac83
steps:
- checkout
- restore_cache:
Expand Down
3 changes: 1 addition & 2 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@ repos:
- id: markdownlint

- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.12.0
rev: v1.19.0
hooks:
- id: terraform_docs
- id: terraform_fmt
- id: terraform_validate_no_variables
8 changes: 5 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Creates a lambda function with associated role and policies, which
will log to Cloudwatch Logs.

Expand Down Expand Up @@ -27,17 +27,19 @@ module "my_lambda_function" {
source_types = ["events"]
source_arns = ["${aws_cloudwatch_event_rule.trigger.arn}"]

env_vars {
env_vars = {
VARNAME = "value"
}

tags {
tags = {
"Service" = "big_app"
}

}
```


<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
Expand Down
48 changes: 24 additions & 24 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@
* source_types = ["events"]
* source_arns = ["${aws_cloudwatch_event_rule.trigger.arn}"]
*
* env_vars {
* env_vars = {
* VARNAME = "value"
* }
*
* tags {
* tags = {
* "Service" = "big_app"
* }
*
Expand Down Expand Up @@ -78,15 +78,15 @@ data "aws_iam_policy_document" "logs_policy_doc" {
# Create the IAM role for the Lambda instance.
resource "aws_iam_role" "main" {
name = "lambda-${local.full_name}"
assume_role_policy = "${data.aws_iam_policy_document.assume_role.json}"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

# Attach the logging policy to the above IAM role.
resource "aws_iam_role_policy" "main" {
name = "lambda-${local.full_name}"
role = "${aws_iam_role.main.id}"
role = aws_iam_role.main.id

policy = "${data.aws_iam_policy_document.logs_policy_doc.json}"
policy = data.aws_iam_policy_document.logs_policy_doc.json
}

# This code verifies that the count of policy ARNs matches the actual
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need this workaround? I'm not sure I understand the particular limitation that Terraform has/had here and if that got fixt in TF12?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been thinking about potentially doing this in 2 phases

  1. to make our modules syntactically work with 0.12
  2. refactor the modules to more closely align with the 0.12 feature set.

That being said I'm open to other opinions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this was the Terraform issue that was forcing this workaround: hashicorp/terraform#14677. This is supposedly fixed in 0.12 from the sound of it. I tend to agree with @dynamike that a two-stage process works pretty well. I also wanted to try and get this sorted out ASAP under the assumption we can make it prettier later.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in which case, I'll approve.

Expand All @@ -105,50 +105,50 @@ SH
# Rerun this script if the input values change.
triggers = {
role_policy_arns_count_computed = "${length(var.role_policy_arns)}"
role_policy_arns_count_provided = "${var.role_policy_arns_count}"
role_policy_arns_count_provided = var.role_policy_arns_count
}
}

# Attach user-provided policies to role defined above.
resource "aws_iam_role_policy_attachment" "user_policy_attach" {
count = "${var.role_policy_arns_count}"
role = "${aws_iam_role.main.name}"
count = var.role_policy_arns_count
role = aws_iam_role.main.name
policy_arn = "${var.role_policy_arns[count.index]}"
}

# Cloudwatch Logs
resource "aws_cloudwatch_log_group" "main" {
name = "/aws/lambda/${local.full_name}"
retention_in_days = "${var.cloudwatch_logs_retention_days}"
retention_in_days = var.cloudwatch_logs_retention_days

tags = {
Name = "${local.full_name}"
Name = local.full_name
}
}

# Lambda function
resource "aws_lambda_function" "main" {
depends_on = ["aws_cloudwatch_log_group.main"]
depends_on = [aws_cloudwatch_log_group.main]

s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
s3_bucket = var.s3_bucket
s3_key = var.s3_key

function_name = "${local.full_name}"
role = "${aws_iam_role.main.arn}"
handler = "${var.name}"
runtime = "${var.runtime}"
memory_size = "${var.memory_size}"
timeout = "${var.timeout}"
function_name = local.full_name
role = aws_iam_role.main.arn
handler = var.name
runtime = var.runtime
memory_size = var.memory_size
timeout = var.timeout

environment {
variables = "${var.env_vars}"
variables = var.env_vars
}

tags = "${var.tags}"
tags = var.tags

vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
subnet_ids = var.subnet_ids
security_group_ids = var.security_group_ids
}
}

Expand All @@ -159,7 +159,7 @@ resource "aws_lambda_permission" "allow_source" {
statement_id = "AllowExecutionForLambda-${var.source_types[count.index]}"

action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.main.function_name}"
function_name = aws_lambda_function.main.function_name

principal = "${var.source_types[count.index]}.amazonaws.com"
source_arn = "${var.source_arns[count.index]}"
Expand Down