Sgproj 1415 (#5)

* Added Readme and gitignore.

* Renames acm_domain_name to acm_certificate_name to reflect the actual function of the variable.

* Updates the documentation.

* Updates the documentation.

* Formats the file.

* Corrected variable names to be used effectively.

* Applies the new template to the repo.

* Renames files to match requirement of the new template.

* New Readme generated.

* Updates acm_domain_name description.

* Update the example to show the complete steps to take to instantiate the module.

* Updates ReadMe.

Author: DJKaswa

.config/.terraform-docs.yml

@@ -0,0 +1,47 @@
+version: ""
+
+formatter: markdown table
+
+name: terraform-aws-acm-certificate-creation
+
+content: |-
+  # terraform-aws-acm-certificate-creation
+
+  GitHub: [StratusGrid/terraform-aws-terraform-aws-acm-certificate-creation](https://github.com/StratusGrid/terraform-aws-acm-certificate-creation)
+
+  This module is used to create a certificate using Route53 DNS validation. It requires a hosted zone to which the IAM
+  principal creating the resource has access.
+
+  ## Examples
+
+  ```hcl
+  {{ include "examples/example1.tfnot" }}
+  ```
+  ---
+
+  {{ .Requirements }}
+
+  {{ .Resources }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}
+
+  ---
+
+  Note, manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run `terraform-docs -c .config/.terraform-docs.yml`
+
+sections:
+  show:
+    - requirements
+    - resources
+    - inputs
+    - outputs
+
+sort:
+  enabled: true
+  by: name
+
+output:
+  file: README.md
+  mode: replace

.config/terrascan.yaml

@@ -0,0 +1,10 @@
+#See docs here: https://runterrascan.io/docs/_print/#command-to-specify-config-file, most of the links are broken sadly :(
+severity:
+  level: high
+rules:
+  skip-rules: # To bypass submodules you need to skip rules here, otherwise it will fail the build
+  # - AC_AWS_021
+  # - AC_AWS_0214
+  # - AC_AWS_0215
+  # - AC_AWS_0207
+  # - AC_AWS_0483

.github/sync-repo-settings.yaml

@@ -3,8 +3,8 @@ squashMergeAllowed: true
 mergeCommitAllowed: false
 deleteBranchOnMerge: true
 branchProtectionRules:
-- pattern: main
-  dismissesStaleReviews: true
-  requiredApprovingReviewCount: 1
-  requiresCodeOwnerReviews: true
-  requiresStrictStatusChecks: true
+  - pattern: main
+    dismissesStaleReviews: true
+    requiredApprovingReviewCount: 1
+    requiresCodeOwnerReviews: true
+    requiresStrictStatusChecks: true

.github/workflows/pre-commit.yml

@@ -0,0 +1,54 @@
+name: Pre-Commit
+
+on:
+  pull_request:
+
+jobs:
+  getBaseVersion:
+    name: Module max TF version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
+
+  preCommitMinVersion:
+    name: Min TF pre-commit
+    runs-on: ubuntu-latest
+    needs: getBaseVersion
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.getBaseVersion.outputs.minVersion }}
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16.6"
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Python
+        uses: actions/setup-python@v2
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ matrix.version }}
+      - name: Install pre-commit dependencies
+        run: |
+          pip install pre-commit
+          brew install tflint
+          brew install terrascan
+          brew install tfsec
+          brew install terraform-docs
+      - name: Inits
+        run: |
+          tflint --init
+      - name: Execute pre-commit
+        # Run all pre-commit checks on min version supported
+        if: ${{ matrix.version ==  needs.getBaseVersion.outputs.minVersion }}
+        run: pre-commit run --color=always --show-diff-on-failure --all-files

.gitignore

@@ -5,14 +5,41 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
- *.tfvars
+# Lock File
+.terraform.lock.**
 
-# TF Plans
-**/plans
+#TF Hash Lock File - Module Specific
+.terraform.lock.hcl
 
-# Certs
-*.pem
+# Mac Stuff
+.DS_Store
 
-.idea
-.DS_Store
+# InfraCost
+**/.infracost/*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# IntelliJ
+.idea/workspace.xml
+.idea

.pre-commit-config.yaml

@@ -0,0 +1,54 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.68.1 # v.1.63.0 and above require bash 5 from brew
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs # Update our output, if updates it will force a failure which is good
+        args:
+          - "--args=-c .config/.terraform-docs.yml"
+      - id: terraform_docs # Verify out output is up to date, sometimes the update fails
+        always_run: true
+        args:
+          - "--args=--output-check=true"
+      - id: terrascan
+        args:
+          - "--args=-c .config/terrascan.yaml"
+          - "--args=--non-recursive"
+          - "--args=-i terraform" #If we don't specify this it came back with Docker failures and produces a non zero exit code
+      - id: terraform_tflint
+        args:
+          - "--args=--only=terraform_deprecated_interpolation"
+          - "--args=--only=terraform_deprecated_index"
+          - "--args=--only=terraform_unused_declarations"
+          - "--args=--only=terraform_comment_syntax"
+          - "--args=--only=terraform_documented_outputs"
+          - "--args=--only=terraform_documented_variables"
+          - "--args=--only=terraform_typed_variables"
+          - "--args=--only=terraform_module_pinned_source"
+          - "--args=--only=terraform_naming_convention"
+          #- '--args=--only=terraform_required_version' # This is bugged with the new Terraform provider syntax
+          - "--args=--only=terraform_required_providers"
+          - "--args=--only=terraform_workspace_remote"
+      - id: terraform_tfsec
+        args:
+          - "--args=--exclude-downloaded-modules"
+          - "--args=--concise-output"
+  # Native Git PreCommit Hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: no-commit-to-branch
+        args: [--branch, main, --branch, master]
+  #GitLeaks
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.2.0
+    hooks:
+      - id: gitleaks
+  #Prettier
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.6.2
+    hooks:
+      - id: prettier

.prettierignore

@@ -0,0 +1,3 @@
+README.md
+.terraform
+/.config

.tflint.hcl

@@ -0,0 +1,5 @@
+plugin "aws" {
+    enabled = true
+    version = "0.13.2"
+    source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

README.md

@@ -1,13 +1,15 @@
-# ACM Certificate Creation
-```
-This repo is used to create a certificate using Route53 DNS validation. It requires a hosted zone to which the IAM 
+<!-- BEGIN_TF_DOCS -->
+# terraform-aws-acm-certificate-creation
+
+GitHub: [StratusGrid/terraform-aws-terraform-aws-acm-certificate-creation](https://github.com/StratusGrid/terraform-aws-acm-certificate-creation)
+
+This module is used to create a certificate using Route53 DNS validation. It requires a hosted zone to which the IAM
 principal creating the resource has access.
-```
 
-### Example Usage:
-```
-# Variables definition
+## Examples
 
+```hcl
+# Variables definition
 variable "acm_certificate_name" {
   description = "Certificate name prefix which will be trailed by the hosted-zone name"
   type = list(string)
@@ -20,16 +22,14 @@ variable "hosted_zone_name" {
 
 acm_certificate_name  = ["engineering", "sales"]
 hosted_zone_name      = "example.com"
-```
-```
+
+# Data resource retrieving the provided hosted-zone's ID
 data "aws_route53_zone" "hosted_zone_id" {
   name = var.hosted_zone_name
   private_zone = false
 }
-```
-```
-# Module call
 
+# Module call
 module "new_record_and_certificate" {
   source = "github.com/StratusGrid/terraform-aws-acm-certificate-creation"
   
@@ -41,4 +41,39 @@ module "new_record_and_certificate" {
     "Name" = "${each.key}.${var.hosted_zone_name}"
     }
 }
-```
+```
+---
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.75 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_acm_certificate.acm_module_certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource |
+| [aws_acm_certificate_validation.acm_module_cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource |
+| [aws_route53_record.domain_validation_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_acm_domain_name"></a> [acm\_domain\_name](#input\_acm\_domain\_name) | Name of the certificate to be created in AWS ACM / FQDN | `string` | n/a | yes |
+| <a name="input_input_tags"></a> [input\_tags](#input\_input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | Route53 zone ID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_acm_certificate_arn"></a> [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | The ARN of the certificate created by this module |
+
+---
+
+Note, manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run `terraform-docs -c .config/.terraform-docs.yml`
+<!-- END_TF_DOCS -->

examples/example1.tfnot

@@ -0,0 +1,32 @@
+# Variables definition
+variable "acm_certificate_name" {
+  description = "Certificate name prefix which will be trailed by the hosted-zone name"
+  type = list(string)
+}
+
+variable "hosted_zone_name" {
+  description = "Route53 hosted zone name"
+  type        = string
+}
+
+acm_certificate_name  = ["engineering", "sales"]
+hosted_zone_name      = "example.com"
+
+# Data resource retrieving the provided hosted-zone's ID
+data "aws_route53_zone" "hosted_zone_id" {
+  name = var.hosted_zone_name
+  private_zone = false
+}
+
+# Module call
+module "new_record_and_certificate" {
+  source = "github.com/StratusGrid/terraform-aws-acm-certificate-creation"
+  
+  for_each        = toset(var.acm_certificate_name)
+  acm_domain_name = "${each.key}.${var.hosted_zone_name}"
+  zone_id         = data.aws_route53_zone.hosted_zone_id.zone_id
+  
+  input_tags      = {
+    "Name" = "${each.key}.${var.hosted_zone_name}"
+    }
+}

-outputs.tf outputs.tf

@@ -5,7 +5,7 @@ variable "input_tags" {
 }
 
 variable "acm_domain_name" {
-  description = "Name of the certificate to be used in AWS ACM"
+  description = "Name of the certificate to be created in AWS ACM / FQDN"
   type        = string
 }
 

-tags.tf tags.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.75"
+    }
+  }
+}