Merge pull request #42 from mineiros-io/mariux/tf-13

Add support for terraform 0.13
mineiros-io · Sep 14, 2020 · 736cefe · 736cefe
2 parents 49f3a11 + 00bc47e
commit 736cefe
Show file tree

Hide file tree

Showing 11 changed files with 86 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0]
+### Changed
+- Add support for Terraform 0.13.x.
+- Add support for `module_tags`.
+
 ## [0.3.0] - 2020-08-03
 ### Changed
 - Add support for 3.x terraform AWS provider
@@ -79,10 +84,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   Cross-Origin Resource Sharing (CORS), Acceleration Status, Bucket Policy and Tags.
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.4.0...HEAD
+[0.4.0]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.3.0...v0.4.0
+<!-- markdown-link-check-enable -->
 [0.3.0]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.2.2...v0.3.0
 [0.2.2]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.2.1...v0.2.2
-<!-- markdown-link-check-enable -->
 [0.2.1]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.1.4...v0.2.0
 [0.1.4]: https://github.com/mineiros-io/terraform-aws-s3-bucket/compare/v0.1.3...v0.1.4

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 # Set default shell to bash
 SHELL := /bin/bash -o pipefail
 
-BUILD_TOOLS_VERSION      ?= v0.5.4
+BUILD_TOOLS_VERSION      ?= v0.6.1
 BUILD_TOOLS_DOCKER_REPO  ?= mineiros/build-tools
 BUILD_TOOLS_DOCKER_IMAGE ?= ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION}
 

diff --git a/README.md b/README.md
@@ -2,13 +2,16 @@
 
 [![Build Status][badge-build]][build-status]
 [![GitHub tag (latest SemVer)][badge-semver]][releases-github]
-[![license][badge-license]][apache20]
 [![Terraform Version][badge-terraform]][releases-terraform]
+[![AWS Provider Version][badge-tf-aws]][releases-aws-provider]
 [![Join Slack][badge-slack]][slack]
 
 # terraform-aws-s3-bucket
 
-A [Terraform] 0.12 base module for creating a secure [AWS S3-Bucket][AWS Se-Bucket].
+A [Terraform] base module for creating a secure [AWS S3-Bucket].
+
+***This module supports Terraform v0.13 as well as v0.12.20 and above
+and is compatible with the terraform AWS provider v3 as well as v2.0 and above.***
 
 - [Module Features](#module-features)
 - [Getting Started](#getting-started)
@@ -96,7 +99,7 @@ Most basic usage creating a random named secure AWS bucket.
 ```hcl
 module "bucket" {
   source  = "mineiros-io/s3-bucket/aws"
-  version = "~> 0.3.0"
+  version = "~> 0.4.0"
 }
 ```
 
@@ -115,6 +118,12 @@ See [variables.tf] and [examples/] for details and use-cases.
   Specifies whether resources in the module will be created.
   Default is `true`.
 
+- **`module_tags`**: *(Optional `map(string)`)*
+
+  A map of tags that will be applied to all created resources that accept tags. Tags defined with 'module_tags' can be
+  overwritten by resource-specific tags.
+  Default is `{}`.
+
 - **`module_depends_on`**: *(Optional `list(any)`)*
 
   A list of dependencies. Any object can be _assigned_ to this list to define a hidden external dependency.
@@ -583,6 +592,8 @@ Run `make help` to see details on each available target.
 
 ## License
 
+[![license][badge-license]][apache20]
+
 This module is licensed under the Apache License Version 2.0, January 2004.
 Please see [LICENSE] for full details.
 
@@ -599,6 +610,9 @@ Copyright &copy; 2020 [Mineiros GmbH][homepage]
 [badge-terraform]: https://img.shields.io/badge/terraform-0.13%20and%200.12.20+-623CE4.svg?logo=terraform
 [badge-slack]: https://img.shields.io/badge/slack-@mineiros--community-f32752.svg?logo=slack
 
+[badge-tf-aws]: https://img.shields.io/badge/AWS-3%20and%202.0+-F8991D.svg?logo=terraform
+[releases-aws-provider]: https://github.com/terraform-providers/terraform-provider-aws/releases
+
 [build-status]: https://github.com/mineiros-io/terraform-aws-s3-bucket/actions
 [releases-github]: https://github.com/mineiros-io/terraform-aws-s3-bucket/releases
 [releases-terraform]: https://github.com/hashicorp/terraform/releases

diff --git a/examples/secure-s3-bucket/README.md b/examples/secure-s3-bucket/README.md
@@ -20,7 +20,7 @@ The code in [main.tf] defines...
 ```hcl
 module "example-app-bucket" {
   source  = "mineiros-io/s3-bucket/aws"
-  version = "~> 0.3.0"
+  version = "~> 0.4.0"
 
   bucket_prefix = "app"
 
@@ -40,7 +40,7 @@ module "example-app-bucket" {
 
 module "example-log-bucket" {
   source  = "mineiros-io/s3-bucket/aws"
-  version = "~> 0.3.0"
+  version = "~> 0.4.0"
 
   bucket_prefix = "log"
 

diff --git a/examples/secure-s3-bucket/main.tf b/examples/secure-s3-bucket/main.tf
@@ -14,7 +14,7 @@ provider "aws" {
 
 module "example-app-bucket" {
   source  = "mineiros-io/s3-bucket/aws"
-  version = "~> 0.3.0"
+  version = "~> 0.4.0"
 
   bucket_prefix = "app"
 
@@ -38,7 +38,7 @@ module "example-app-bucket" {
 
 module "example-log-bucket" {
   source  = "mineiros-io/s3-bucket/aws"
-  version = "~> 0.3.0"
+  version = "~> 0.4.0"
 
   bucket_prefix = "log"
 

diff --git a/go.mod b/go.mod
@@ -2,4 +2,7 @@ module github.com/mineiros-io/terraform-aws-s3-bucket/v2
 
 go 1.14
 
-require github.com/gruntwork-io/terratest v0.28.5
+require (
+	github.com/gruntwork-io/terratest v0.28.5
+	github.com/stretchr/testify v1.4.0
+)
diff --git a/main.tf b/main.tf
@@ -28,13 +28,18 @@ locals {
 # Create the S3 Bucket
 # ---------------------------------------------------------------------------------------------------------------------
 
+locals {
+  tags        = merge(var.module_tags, var.tags)
+  bucket_tags = length(local.tags) > 0 ? local.tags : null
+}
+
 resource "aws_s3_bucket" "bucket" {
   count = var.module_enabled ? 1 : 0
 
   bucket              = var.bucket
   bucket_prefix       = var.bucket_prefix
   acl                 = var.acl
-  tags                = var.tags
+  tags                = local.bucket_tags
   force_destroy       = var.force_destroy
   acceleration_status = var.acceleration_status
   request_payer       = var.request_payer
@@ -192,7 +197,9 @@ resource "aws_s3_bucket_policy" "bucket" {
   count = local.policy_enabled ? 1 : 0
 
   bucket = local.bucket_id
-  policy = join("", data.aws_iam_policy_document.bucket.*.json)
+
+  # remove whitespaces by decoding and encoding again to suppress terrform output whitespace cahnges
+  policy = try(jsonencode(jsondecode(data.aws_iam_policy_document.bucket[0].json)), null)
 
   depends_on = [
     var.module_depends_on,
@@ -286,7 +293,7 @@ data "aws_iam_policy_document" "bucket" {
 
       principals {
         type        = "AWS"
-        identifiers = local.elb_accounts
+        identifiers = sort(local.elb_accounts)
       }
     }
   }

diff --git a/outputs.tf b/outputs.tf
@@ -34,24 +34,44 @@ output "region" {
 # ------------------------------------------------------------------------------
 # OUTPUT ALL RESOURCES AS FULL OBJECTS
 # ------------------------------------------------------------------------------
+
+locals {
+
+  # fix tf13 / aws3 output change detection issues (no github issue)
+  # terraform detects whitespace only changes in jsonencode() and claims
+  # changes
+  o_bucket_policy_policy = try(aws_s3_bucket_policy.bucket[0].policy, "{}")
+  o_bucket_policy = try(merge(aws_s3_bucket_policy.bucket[0], {
+    policy = jsonencode(jsondecode(local.o_bucket_policy_policy))
+  }), null)
+  # o_bucket_policy = try(aws_s3_bucket_policy.bucket[0], null)
+
+  # fix tf13 / aws3 output change detection issues (no github issue)
+  # bucket always detects change in tags out put from null => {}
+  o_bucket_tags = try(aws_s3_bucket.bucket[0].tags, "{}")
+  o_bucket = try(merge(aws_s3_bucket.bucket[0], {
+    tags = local.o_bucket_tags != null ? local.o_bucket_tags : {}
+  }), null)
+}
+
 output "bucket" {
   description = "The full bucket object."
-  value       = try(aws_s3_bucket.bucket[0], null)
+  value       = local.o_bucket
 }
 
 output "bucket_policy" {
   description = "The full bucket object."
-  value       = try(aws_s3_bucket_policy.bucket[0], null)
+  value       = local.o_bucket_policy
 }
 
 output "origin_access_identity" {
   description = "The AWS Cloudfront Origin Access Identity object."
-  value       = try(aws_cloudfront_origin_access_identity.oai[0], null)
+  value       = try(aws_cloudfront_origin_access_identity.oai[0], {})
 }
 
 output "access_point" {
   description = "A map of acccess points keyed by name."
-  value       = try(aws_s3_access_point.ap, null)
+  value       = aws_s3_access_point.ap
 }
 
 # ------------------------------------------------------------------------------
@@ -61,6 +81,7 @@ output "access_point" {
 # ------------------------------------------------------------------------------
 # OUTPUT MODULE CONFIGURATION
 # ------------------------------------------------------------------------------
+
 output "module_enabled" {
   description = "Whether the module is enabled"
   value       = var.module_enabled

diff --git a/test/terraform_aws_s3_bucket_test.go b/test/terraform_aws_s3_bucket_test.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestSecureS3Bucket(t *testing.T) {
@@ -25,5 +26,12 @@ func TestSecureS3Bucket(t *testing.T) {
 	defer terraform.Destroy(t, terraformOptions)
 
 	// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
-	terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+
+	stdout := terraform.Plan(t, terraformOptions)
+
+	resourceCount := terraform.GetResourceCount(t, stdout)
+	assert.Equal(t, 0, resourceCount.Add, "No resources should have been created. Found %d instead.", resourceCount.Add)
+	assert.Equal(t, 0, resourceCount.Change, "No resources should have been changed. Found %d instead.", resourceCount.Change)
+	assert.Equal(t, 0, resourceCount.Destroy, "No resources should have been destroyed. Found %d instead.", resourceCount.Destroy)
 }
diff --git a/variables.tf b/variables.tf
@@ -256,12 +256,19 @@ variable "access_points" {
 # These variables are used to configure the module.
 # See https://medium.com/mineiros/the-ultimate-guide-on-how-to-write-terraform-modules-part-1-81f86d31f024
 # ------------------------------------------------------------------------------
+
 variable "module_enabled" {
   type        = bool
   description = "(optional) Whether to create resources within the module or not. Default is true."
   default     = true
 }
 
+variable "module_tags" {
+  type        = map(string)
+  description = "(Optional) A map of tags that will be applied to all created resources that accept tags. Tags defined with 'module_tags' can be overwritten by resource-specific tags."
+  default     = {}
+}
+
 variable "module_depends_on" {
   type        = any
   description = "(optional) A list of external resources the module depends_on. Default is []."

diff --git a/versions.tf b/versions.tf
@@ -3,7 +3,7 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 terraform {
-  required_version = "~> 0.12.20"
+  required_version = ">= 0.12.20, < 0.14"
 
   required_providers {
     aws = ">= 2.51, < 4.0"