Merge pull request #23 from terraform-modules/add-sg-custom

v2.2.0: add custom (generic) submodule

CHANGELOG.md

@@ -8,6 +8,12 @@
   - sas
     - add sas submodule, which can be used for a general module or a specific application module
 
+* v2.2.0 -- 20211022
+  - custom
+    - create custom submodule, requires port list passed
+
+# OLDER
+
 ## web
 
 * v1.0.0 -- 20210604

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.1.0"
+  _module_version = "2.2.0"
 }

custom/README.md

@@ -0,0 +1,116 @@
+# About custom
+
+This describes how to use the aws-common-security-groups submodule for  custom. This applies the framework
+for the common security groups to a set of ports of your own doing.
+
+You will need to provide a `ingress_port_list` list of the details, or a `ingress_port_map` which allows for a cleaner structure.
+This creates an egress rule permitting all outbound access.
+
+# Usage
+## Port list
+
+```hcl
+module "mysg" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom"
+
+  vpc_id      = var.vpc_id
+  name        = "mysg"
+  description = "Security group for my"
+  short       = "MY"
+  ingress_port_list = [
+    [8080, 8080, "tcp", "http", ["0.0.0.0/0"]],
+    [8443, 8443, "tcp", "https", ["0.0.0.0/0"]],
+  ]
+  tags = merge(
+    local.common_tags,
+    tomap({ "Name" = "mysg" }),
+  )
+}
+```
+
+## Port Map
+
+```hcl
+module "mysg" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom"
+
+  vpc_id      = var.vpc_id
+  name        = "mysg"
+  description = "Security group for my"
+  short       = "MY"
+  ingress_port_map = [
+    {
+      from        = 8080
+      to          = 8080
+      proto       = "tcp"
+      description = "http"
+      cidr        = ["0.0.0.0/0"]
+    },
+    {
+      from        = 8443
+      to          = 8443
+      proto       = "tcp"
+      description = "http"
+      cidr        = ["0.0.0.0/0"]
+    },
+  ]
+  tags = merge(
+    local.common_tags,
+    tomap({ "Name" = "mysg" }),
+  )
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_security_group.egress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
+| [aws_security_group.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
+| [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_description"></a> [description](#input\_description) | Security Group Description | `string` | `""` | no |
+| <a name="input_egress_networks"></a> [egress\_networks](#input\_egress\_networks) | List of egress networks (with all pre-defined egress ports) | `list(string)` | `[]` | no |
+| <a name="input_egress_security_groups"></a> [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no |
+| <a name="input_enable_self"></a> [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no |
+| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no |
+| <a name="input_ingress_port_list"></a> [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | `[]` | no |
+| <a name="input_ingress_port_map"></a> [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | <pre>list(object({<br>    from        = number<br>    to          = number<br>    proto       = any<br>    description = string<br>    cidr        = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes |
+| <a name="input_short_description"></a> [short\_description](#input\_short\_description) | Security Group Short Description | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Extra security group tags | `map` | `{}` | no |
+| <a name="input_use_vpc_cidr"></a> [use\_vpc\_cidr](#input\_use\_vpc\_cidr) | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC Name | `string` | `""` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID Number | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_this_security_group_arn"></a> [this\_security\_group\_arn](#output\_this\_security\_group\_arn) | Created security group ARN |
+| <a name="output_this_security_group_id"></a> [this\_security\_group\_id](#output\_this\_security\_group\_id) | Created security group ID |

custom/data.tf

@@ -0,0 +1 @@
+../common/data.tf

custom/data.vpc.tf

@@ -0,0 +1 @@
+../common/data.vpc.tf

custom/defaults.tf

@@ -0,0 +1,7 @@
+locals {
+  _defaults = {
+    name              = "{{ name }}"
+    description       = "Security group for application"
+    short_description = "SG"
+  }
+}

custom/logs/fmt.20211022.1634928634.log

@@ -0,0 +1,38 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634928634.log stamp 20211022.1634928634 time 1634928634
+
+
+Error: Argument or block definition required
+
+  on main.tf line 38:
+  (source code not available)
+
+An argument or block definition is required here.
+
+
+Error: Invalid character
+
+  on main.tf line 40:
+  (source code not available)
+
+The "`" character is not valid. To create a multi-line string, use the
+"heredoc" syntax, like "<<EOT".
+
+
+Error: Invalid character
+
+  on main.tf line 40:
+  (source code not available)
+
+The "`" character is not valid. To create a multi-line string, use the
+"heredoc" syntax, like "<<EOT".
+
+
+Error: Invalid expression
+
+  on x.tf line 15:
+  (source code not available)
+
+Expected the start of an expression, but found an invalid expression token.
+
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634928634.log stamp 20211022.1634928634 start 1634928634 end 1634928634 elapsed 0
+

custom/logs/fmt.20211022.1634928647.log

@@ -0,0 +1,31 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634928647.log stamp 20211022.1634928647 time 1634928647
+
+x.tf
+
+Error: Argument or block definition required
+
+  on main.tf line 38:
+  (source code not available)
+
+An argument or block definition is required here.
+
+
+Error: Invalid character
+
+  on main.tf line 40:
+  (source code not available)
+
+The "`" character is not valid. To create a multi-line string, use the
+"heredoc" syntax, like "<<EOT".
+
+
+Error: Invalid character
+
+  on main.tf line 40:
+  (source code not available)
+
+The "`" character is not valid. To create a multi-line string, use the
+"heredoc" syntax, like "<<EOT".
+
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634928647.log stamp 20211022.1634928647 start 1634928647 end 1634928647 elapsed 0
+

custom/logs/fmt.20211022.1634928681.log

@@ -0,0 +1,4 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634928681.log stamp 20211022.1634928681 time 1634928681
+
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634928681.log stamp 20211022.1634928681 start 1634928681 end 1634928681 elapsed 0
+

custom/logs/fmt.20211022.1634929316.log

@@ -0,0 +1,20 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634929316.log stamp 20211022.1634929316 time 1634929316
+
+
+Error: Missing attribute separator
+
+  on ports.tf line 13:
+  (source code not available)
+
+Expected a newline or comma to mark the beginning of the next attribute.
+
+
+Error: Missing argument separator
+
+  on variables.tf line 34:
+  (source code not available)
+
+A comma is required to separate each function argument from the next.
+
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634929316.log stamp 20211022.1634929316 start 1634929316 end 1634929316 elapsed 0
+

custom/logs/fmt.20211022.1634929343.log

@@ -0,0 +1,13 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634929343.log stamp 20211022.1634929343 time 1634929343
+
+ports.tf
+
+Error: Missing argument separator
+
+  on variables.tf line 34:
+  (source code not available)
+
+A comma is required to separate each function argument from the next.
+
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634929343.log stamp 20211022.1634929343 start 1634929343 end 1634929343 elapsed 0
+

custom/logs/fmt.20211022.1634929359.log

@@ -0,0 +1,5 @@
+# starting v1.4.4 action fmt file logs/fmt.20211022.1634929359.log stamp 20211022.1634929359 time 1634929359
+
+variables.tf
+# ending v1.4.4 action fmt file logs/fmt.20211022.1634929359.log stamp 20211022.1634929359 start 1634929359 end 1634929359 elapsed 0
+

custom/main.tf

@@ -0,0 +1,66 @@
+/*
+* # About custom
+*
+* This describes how to use the aws-common-security-groups submodule for  custom. This applies the framework
+* for the common security groups to a set of ports of your own doing.
+*
+* You will need to provide a `ingress_port_list` list of the details, or a `ingress_port_map` which allows for a cleaner structure.
+* This creates an egress rule permitting all outbound access.
+*
+* # Usage
+* ## Port list
+*
+* ```hcl
+* module "mysg" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom"
+* 
+*   vpc_id      = var.vpc_id
+*   name        = "mysg"
+*   description = "Security group for my"
+*   short       = "MY"
+*   ingress_port_list = [
+*     [8080, 8080, "tcp", "http", ["0.0.0.0/0"]],
+*     [8443, 8443, "tcp", "https", ["0.0.0.0/0"]],
+*   ]
+*   tags = merge(
+*     local.common_tags,
+*     tomap({ "Name" = "mysg" }),
+*   )
+* }
+* ```
+* 
+* ## Port Map
+*
+* ```hcl
+* module "mysg" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom"
+* 
+*   vpc_id      = var.vpc_id
+*   name        = "mysg"
+*   description = "Security group for my"
+*   short       = "MY"
+*   ingress_port_map = [
+*     {
+*       from        = 8080
+*       to          = 8080
+*       proto       = "tcp"
+*       description = "http"
+*       cidr        = ["0.0.0.0/0"]
+*     },
+*     {
+*       from        = 8443
+*       to          = 8443
+*       proto       = "tcp"
+*       description = "http"
+*       cidr        = ["0.0.0.0/0"]
+*     },
+*   ]
+*   tags = merge(
+*     local.common_tags,
+*     tomap({ "Name" = "mysg" }),
+*   )
+* }
+* ```
+*/
+
+# all of the code is in resource.tf, this is here for documention

custom/output.tf

@@ -0,0 +1 @@
+../common/output.tf

custom/ports.tf

@@ -0,0 +1,14 @@
+locals {
+  ports = var.ingress_port_list
+
+  ingress_networks = var.ingress_networks
+  egress_networks  = var.egress_networks
+
+  # these are ignored
+  ingress_sg = var.ingress_security_groups
+  egress_sg  = var.egress_security_groups
+
+  p_fields = ["from", "to", "proto", "description", "cidr"]
+  p_map    = length(var.ingress_port_list) > 0 ? [for p in local.ports : zipmap(local.p_fields, p)] : var.ingress_port_map
+  port_map = { "external" = local.p_map }
+}

custom/resources.tf

@@ -0,0 +1 @@
+../common/resources.tf

custom/settings.tf

@@ -0,0 +1,7 @@
+locals {
+  name              = var.name != "" ? var.name : local._defaults["name"]
+  is_modular        = var.name == "" || length(regexall("^m-", var.name)) > 0
+  enable_self       = var.enable_self ? ! local.is_modular : false
+  description       = var.description != "" ? var.description : local._defaults["description"]
+  short_description = var.short_description != "" ? var.short_description : local._defaults["short_description"]
+}

custom/variables.common.tf

@@ -0,0 +1 @@
+../common/variables.common.tf