Merge pull request #6 from rhythmictech/example

Examples and fancy tools

Author: sblack4

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @rhythmictech/engineering

.github/workflows/check.yml

@@ -0,0 +1,41 @@
+---
+name: pre-commit-check
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  build:
+    runs-on: macOS-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.head_ref }}
+      - name: Install prerequisites
+        run: ./bin/install-macos.sh
+      - name: initialize Terraform
+        run: terraform init --backend=false
+      - uses: actions/cache@v1
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit|${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            pre-commit
+      - name: pre-commit run all
+        run: |
+          pre-commit run -a
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          SKIP: terraform_tflint_deep,no-commit-to-branch
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        if: ${{ failure() }}
+        with:
+          commit_message: Apply automatic changes
+          commit_options: "--no-verify"
+          # Optional commit user and author settings
+          commit_user_name: Linter Bot
+          commit_user_email: noreply@rhythmictech.com
+          commit_author: Linter Bot <actions@github.com>

.github/workflows/pre-commit-check.yaml

@@ -1,13 +1,65 @@
----
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.24.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v2.4.0
-  hooks:
-    - id: end-of-file-fixer
-    - id: trailing-whitespace
-    - id: no-commit-to-branch
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.31.0
+    hooks:
+      - id: terraform_docs
+        always_run: true
+        args:
+          - --args=--sort-by-required
+      - id: terraform_fmt
+      - id: terraform_tflint
+        alias: terraform_tflint_deep
+        name: terraform_tflint_deep
+        args:
+          - --args=--deep
+      - id: terraform_tflint
+        alias: terraform_tflint_nocreds
+        name: terraform_tflint_nocreds
+      - id: terraform_tfsec
+  - repo: local
+    hooks:
+      - id: terraform_validate
+        name: terraform_validate
+        entry: |
+          bash -c '
+            AWS_DEFAULT_REGION=us-east-1
+            declare -a DIRS
+            for FILE in "$@"
+            do
+              DIRS+=($(dirname "$FILE"))
+            done
+            for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
+            do
+              cd $(dirname "$FILE")
+              terraform init --backend=false
+              terraform validate .
+            done
+          '
+        language: system
+        verbose: true
+        files: \.tf(vars)?$
+        exclude: examples
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.0.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-yaml
+        args:
+          - --unsafe
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args:
+          - --fix=lf
+      - id: no-commit-to-branch
+      - id: pretty-format-json
+        args:
+          - --autofix
+          - --top-keys=name,Name
+      - id: trailing-whitespace
+        args:
+          - --markdown-linebreak-ext=md
+        exclude: README.md

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+config {
+  module     = true
+  deep_check = false
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+  format  = "snake_case"
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}

.tflint.hcl

@@ -1,6 +1,5 @@
 # terraform-aws-backend
-
-[![](https://github.com/rhythmictech/terraform-aws-backend/workflows/check/badge.svg)](https://github.com/rhythmictech/terraform-aws-backend/actions)
+[![](https://github.com/rhythmictech/terraform-aws-backend/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-aws-backend/actions) <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=RhythmicTech" alt="follow on Twitter"></a>
 
 Creates a backend S3 bucket and DynamoDB table for managing Terraform state. Useful for bootstrapping a new
 environment. This module supports cross-account state management, using a centralized account that holds the S3 bucket and KMS key.
@@ -55,19 +54,31 @@ region               = "us-east-1"
 ```
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.19 |
+| aws | ~> 2.37 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | ~> 2.37 |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| allowed\_account\_ids | Account IDs that are allowed to access the bucket/KMS key | list(string) | `[]` | no |
-| bucket | Name of bucket to create \(do not provide if using `remote_bucket`\) | string | `""` | no |
-| kms\_key\_id | ARN for KMS key for all encryption operations. | string | `""` | no |
-| logging\_target\_bucket | The name of the bucket that will receive the log objects | string | `var.bucket` | no |
-| logging\_target\_prefix | A key prefix for log objects | string | `"TFStateLogs/"` | no |
-| region | Region bucket will be created in | string | n/a | yes |
-| remote\_bucket | If specified, the remote bucket will be used for the backend. A new bucket will not be created | string | `""` | no |
-| table | Name of Dynamo Table to create | string | `"tf-locktable"` | no |
-| tags | Mapping of any extra tags you want added to resources | map(string) | `{}` | no |
+|------|-------------|------|---------|:--------:|
+| allowed\_account\_ids | Account IDs that are allowed to access the bucket/KMS key | `list(string)` | `[]` | no |
+| bucket | Name of bucket to create (do not provide if using `remote_bucket`) | `string` | `""` | no |
+| kms\_key\_id | ARN for KMS key for all encryption operations. | `string` | `""` | no |
+| logging\_target\_bucket | The name of the bucket that will receive the log objects | `string` | `null` | no |
+| logging\_target\_prefix | A key prefix for log objects | `string` | `"TFStateLogs/"` | no |
+| remote\_bucket | If specified, the remote bucket will be used for the backend. A new bucket will not be created | `string` | `""` | no |
+| table | Name of Dynamo Table to create | `string` | `"tf-locktable"` | no |
+| tags | Mapping of any extra tags you want added to resources | `map(string)` | `{}` | no |
 
 ## Outputs
 

README.md

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+echo 'installing brew packages'
+brew update
+brew tap liamg/tfsec
+brew install tfenv tflint terraform-docs pre-commit liamg/tfsec/tfsec coreutils
+brew upgrade tfenv tflint terraform-docs pre-commit liamg/tfsec/tfsec coreutils
+
+echo 'installing pre-commit hooks'
+pre-commit install
+
+echo 'setting pre-commit hooks to auto-install on clone in the future'
+git config --global init.templateDir ~/.git-template
+pre-commit init-templatedir ~/.git-template
+
+echo 'installing terraform with tfenv'
+tfenv install min-required
+tfenv use min-required

bin/install-macos.sh

@@ -0,0 +1,23 @@
+# Basic Backend Example
+Creates resources for a secure backend in AWS
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/basic/README.md

@@ -0,0 +1,35 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+locals {
+  env       = "sandbox"
+  name      = "example"
+  namespace = "aws-rhythmic-sandbox"
+  owner     = "Rhythmictech Engineering"
+
+  extra_tags = {
+    delete_me = "please"
+    purpose   = "testing"
+  }
+}
+
+module "tags" {
+  source  = "rhythmictech/tags/terraform"
+  version = "1.0.0"
+
+  names = [local.name, local.env, local.namespace]
+
+  tags = merge({
+    "Env"       = local.env,
+    "Namespace" = local.namespace,
+    "Owner"     = local.owner
+  }, local.extra_tags)
+}
+
+module "backend" {
+  source = "../.."
+
+  bucket = "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}-${module.tags.name}"
+  region = data.aws_region.current.name
+  tags   = module.tags.tags
+}

examples/basic/main.tf

@@ -0,0 +1,22 @@
+# Backend Example with external Logging
+Creates resources for a secure backend in AWS
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No provider.
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->