diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..bed3c96 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,14 @@ +# Use this file to define individuals or teams that are responsible for code in a repository. +# Read more: +# +# Order is important: the last matching pattern takes the most precedence + +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..f3df96b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'bug' +assignees: '' + +--- + +Found a bug? Maybe our [Slack Community](https://slack.cloudposse.com) can help. + +[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +## Describe the Bug +A clear and concise description of what the bug is. + +## Expected Behavior +A clear and concise description of what you expected to happen. + +## Steps to Reproduce +Steps to reproduce the behavior: +1. Go to '...' +2. Run '....' +3. Enter '....' +4. See error + +## Screenshots +If applicable, add screenshots or logs to help explain your problem. + +## Environment (please complete the following information): + +Anything that will help us triage the bug will help. Here are some ideas: + - OS: [e.g. Linux, OSX, WSL, etc] + - Version [e.g. 10.15] + +## Additional Context +Add any other context about the problem here. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..76ae6d6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,18 @@ +blank_issues_enabled: false + +contact_links: + + - name: Community Slack Team + url: https://cloudposse.com/slack/ + about: |- + Please ask and answer questions here. + + - name: Office Hours + url: https://cloudposse.com/office-hours/ + about: |- + Join us every Wednesday for FREE Office Hours (lunch & learn). + + - name: DevOps Accelerator Program + url: https://cloudposse.com/accelerate/ + about: |- + Own your infrastructure in record time. We build it. You drive it. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..39a8686 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,36 @@ +--- +name: Feature Request +about: Suggest an idea for this project +title: '' +labels: 'feature request' +assignees: '' + +--- + +Have a question? Please checkout our [Slack Community](https://slack.cloudposse.com) or visit our [Slack Archive](https://archive.sweetops.com/). + +[![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +## Describe the Feature + +A clear and concise description of what the bug is. + +## Expected Behavior + +A clear and concise description of what you expected to happen. + +## Use Case + +Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable. + +## Describe Ideal Solution + +A clear and concise description of what you want to happen. If you don't know, that's okay. + +## Alternatives Considered + +Explain what alternative solutions or features you've considered. + +## Additional Context + +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..e69de29 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..4b8f32d --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,13 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a GitHub issue `#123` + diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml new file mode 100644 index 0000000..a6bb11b --- /dev/null +++ b/.github/workflows/chatops.yml @@ -0,0 +1,37 @@ +name: chatops +on: + issue_comment: + types: [created] + +jobs: + default: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "Handle common commands" + uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: cloudposse/actions + commands: rebuild-readme, terraform-fmt + permission: none + issue-type: pull-request + + test: + runs-on: ubuntu-latest + steps: + - name: "Checkout commit" + uses: actions/checkout@v2 + - name: "Run tests" + uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: cloudposse/actions + commands: test + permission: none + issue-type: pull-request + reactions: false + + diff --git a/README.md b/README.md index a7b40da..5b2b139 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ [![Cloud Posse][logo]](https://cpco.io/homepage) -# terraform-aws-kms-key [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-kms-key?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d163820e38a0455f412f79f) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-kms-key.svg)](https://github.com/cloudposse/terraform-aws-kms-key/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-kms-key [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-kms-key.svg)](https://github.com/cloudposse/terraform-aws-kms-key/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) Terraform module to provision a [KMS](https://aws.amazon.com/kms/) key with alias. @@ -119,32 +119,47 @@ Available targets: lint Lint terraform code ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.2 | +| null | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash | string | `` | no | -| attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | -| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number | `10` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | -| description | The description of the key as viewed in AWS console | string | `Parameter Store KMS master key` | no | -| enable_key_rotation | Specifies whether key rotation is enabled | bool | `true` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | -| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | +|------|-------------|------|---------|:--------:| +| alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash | `string` | `""` | no | +| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource | `number` | `10` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| description | The description of the key as viewed in AWS console | `string` | `"Parameter Store KMS master key"` | no | +| enable\_key\_rotation | Specifies whether key rotation is enabled | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| alias_arn | Alias ARN | -| alias_name | Alias name | -| key_arn | Key ARN | -| key_id | Key ID | +| alias\_arn | Alias ARN | +| alias\_name | Alias name | +| key\_arn | Key ARN | +| key\_id | Key ID | @@ -200,6 +215,10 @@ We deliver 10x the value for a fraction of the cost of a full-time engineer. Our Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. +## Discourse Forums + +Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. + ## Newsletter Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. @@ -313,6 +332,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=testimonial [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=office_hours [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=newsletter + [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=discourse [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=email [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=commercial_support [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-kms-key&utm_content=we_love_open_source diff --git a/README.yaml b/README.yaml index 6d47506..939d47a 100644 --- a/README.yaml +++ b/README.yaml @@ -1,4 +1,3 @@ ---- # # This is the canonical configuration for the `README.md` # Run `make readme` to rebuild the `README.md` @@ -6,28 +5,21 @@ # Name of this project name: terraform-aws-kms-key - # Logo for this project #logo: docs/logo.png # License of this project license: "APACHE2" - # Canonical GitHub repo github_repo: cloudposse/terraform-aws-kms-key - # Badges to display badges: - - name: "Codefresh Build Status" - image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-kms-key?type=cf-1" - url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d163820e38a0455f412f79f" - name: "Latest Release" image: "https://img.shields.io/github/release/cloudposse/terraform-aws-kms-key.svg" url: "https://github.com/cloudposse/terraform-aws-kms-key/releases/latest" - name: "Slack Community" image: "https://slack.cloudposse.com/badge.svg" url: "https://slack.cloudposse.com" - related: - name: "terraform-aws-iam-chamber-user" description: "Terraform module to provision a basic IAM chamber user with access to SSM parameters and KMS key to decrypt secrets, suitable for CI/CD systems (e.g. TravisCI, CircleCI, CodeFresh) or systems which are external to AWS that cannot leverage AWS IAM Instance Profiles" @@ -38,7 +30,6 @@ related: - name: "terraform-aws-ssm-iam-role" description: "Terraform module to provision an IAM role with configurable permissions to access SSM Parameter Store" url: "https://github.com/cloudposse/terraform-aws-ssm-iam-role" - # Short description of this project description: |- Terraform module to provision a [KMS](https://aws.amazon.com/kms/) key with alias. @@ -47,7 +38,6 @@ description: |- * https://aws.amazon.com/systems-manager/features * https://aws.amazon.com/blogs/mt/the-right-way-to-store-secrets-using-parameter-store - # How to use this project usage: |- ```hcl @@ -62,11 +52,9 @@ usage: |- alias = "alias/parameter_store_key" } ``` - include: - "docs/targets.md" - "docs/terraform.md" - # Contributors to this project contributors: - name: "Andriy Knysh" diff --git a/codefresh/test.yml b/codefresh/test.yml deleted file mode 100644 index ddd07f9..0000000 --- a/codefresh/test.yml +++ /dev/null @@ -1,74 +0,0 @@ -version: '1.0' - -stages: - - Prepare - - Test - -steps: - wait: - title: Wait - stage: Prepare - image: codefresh/cli:latest - commands: - - codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id' - retry: - maxAttempts: 10 - delay: 20 - exponentialFactor: 1.1 - - main_clone: - title: "Clone repository" - type: git-clone - stage: Prepare - description: "Initialize" - repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}} - git: CF-default - revision: ${{CF_REVISION}} - - clean_init: - title: Prepare build-harness and test-harness - image: ${{TEST_IMAGE}} - stage: Prepare - commands: - - cf_export PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - make init - - git -C build-harness checkout master - - make -C test/ clean init TEST_HARNESS_BRANCH=master - - make -C test/src clean init - - find . -type d -name '.terraform' | xargs rm -rf - - find . -type f -name 'terraform.tfstate*' -exec rm -f {} \; - - test: - type: "parallel" - title: "Run tests" - description: "Run all tests in parallel" - stage: Test - steps: - test_readme_lint: - title: "Test README.md updated" - stage: "Test" - image: ${{TEST_IMAGE}} - description: Test "readme/lint" - commands: - - make readme/lint - - test_module: - title: Test module with bats - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/ module - - test_examples_complete: - title: Test "examples/complete" with bats - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/ examples/complete - - test_examples_complete_terratest: - title: Test "examples/complete" with terratest - image: ${{TEST_IMAGE}} - stage: Test - commands: - - make -C test/src diff --git a/docs/terraform.md b/docs/terraform.md index 1860b2f..c9d18c9 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,27 +1,42 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.2 | +| null | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash | string | `` | no | -| attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | -| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number | `10` | no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | -| description | The description of the key as viewed in AWS console | string | `Parameter Store KMS master key` | no | -| enable_key_rotation | Specifies whether key rotation is enabled | bool | `true` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | string | `` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | `` | no | -| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `` | no | +|------|-------------|------|---------|:--------:| +| alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash | `string` | `""` | no | +| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource | `number` | `10` | no | +| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| description | The description of the key as viewed in AWS console | `string` | `"Parameter Store KMS master key"` | no | +| enable\_key\_rotation | Specifies whether key rotation is enabled | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no | +| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `""` | no | +| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no | +| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | `string` | `""` | no | +| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no | +| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| alias_arn | Alias ARN | -| alias_name | Alias name | -| key_arn | Key ARN | -| key_id | Key ID | +| alias\_arn | Alias ARN | +| alias\_name | Alias name | +| key\_arn | Key ARN | +| key\_id | Key ID |