work out code for tags

terraform-modules · Dec 17, 2020 · bf38d7b · bf38d7b
1 parent b802737
commit bf38d7b
Show file tree

Hide file tree

Showing 10 changed files with 66 additions and 10 deletions.
diff --git a/common/defaults.tf b/common/defaults.tf
@@ -0,0 +1,7 @@
+# local._defaults["data_safeguards"]
+
+locals {
+  _defaults = {
+    data_safeguards = ["title13", "title26", "title42", "pii", "title5"]
+  }
+}
diff --git a/common/resources.tf b/common/resources.tf
@@ -26,6 +26,19 @@ locals {
     "boc:tf_module_version" = var._module_version
     "boc:created_by"        = "terraform"
   }
+  # strip spaces, convert to lowercase, make distinct, sort. Remove those not in the _defaults
+  add_safeguard_tags      = local.enable_title26 ? ["title26"] : []
+  _default_safeguard_tags = { for d in local._defaults["data_safeguards"] : d => d }
+  safeguard_tags          = sort(compact(concat([for t in var.data_safeguards : lookup(local._default_safeguard_tags, lower(replace(t, " ", "")), "")], local.add_safeguard_tags)))
+  add_tags = {
+    safeguard = {
+      "exists"     = { "boc:safeguard" = join(",", local.safeguard_tags) }
+      "not_exists" = {}
+    }
+  }
+  enforced_tags = merge(
+    local.add_tags["safeguard"][length(local.safeguard_tags) > 0 ? "exists" : "not_exists"]
+  )
 }
 
 #---

diff --git a/standard/README.md b/standard/README.md
@@ -4,7 +4,7 @@
 
 ```hcl
 module "mybucket" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-s3//standard"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard"
 
   bucket_name = "mynormalbucket"
 }
@@ -32,6 +32,8 @@ No requirements.
 | allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
 | bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
 | bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | `[]` | no |
+| enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `false` | no |
 | force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
 | kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
 | tags | AWS Tags | `map(string)` | `{}` | no |

diff --git a/standard/defaults.tf b/standard/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
diff --git a/standard/main.tf b/standard/main.tf
@@ -5,14 +5,15 @@
 *
 * ```hcl
 * module "mybucket" {
-*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3//standard"
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard"
 *
 *   bucket_name = "mynormalbucket"
 * }
 * ```
 * 
 */
+
 locals {
-  enforced_tags = {}
-  versioning    = false
+  enable_title26 = var.enable_title26 ? true : false
+  versioning     = false
 }
diff --git a/standard/safeguard_variables.tf b/standard/safeguard_variables.tf
@@ -0,0 +1,14 @@
+/* 
+* Valid values include: title13, title26, title42, pii, title5
+*/
+variable "data_safeguards" {
+  description = "Selected available safeguards which apply to the data in the bucket"
+  type        = list(string)
+  default     = []
+}
+
+variable "enable_title26" {
+  description = "Flag to enable bucket with Title 26 (FTI) settings"
+  type        = bool
+  default     = false
+}
diff --git a/title26/README.md b/title26/README.md
@@ -4,9 +4,10 @@
 
 ```hcl
 module "mybucket" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-s3//title26"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26"
 
   bucket_name = "myt26bucket"
+  # enable_title26 = true
 }
 ```
 
@@ -32,6 +33,8 @@ No requirements.
 | allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
 | bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
 | bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | <pre>[<br>  "title26"<br>]</pre> | no |
+| enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `true` | no |
 | force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
 | kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
 | tags | AWS Tags | `map(string)` | `{}` | no |

diff --git a/title26/defaults.tf b/title26/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
diff --git a/title26/main.tf b/title26/main.tf
@@ -5,16 +5,16 @@
 *
 * ```hcl
 * module "mybucket" {
-*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3//title26"
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26"
 *
 *   bucket_name = "myt26bucket"
+*   # enable_title26 = true
 * }
 * ```
 * 
 */
+
 locals {
-  enforced_tags = {
-    "boc:safeguard" = "title26"
-  }
-  versioning = true
+  enable_title26 = true
+  versioning     = true
 }
diff --git a/title26/safeguard_variables.tf b/title26/safeguard_variables.tf
@@ -0,0 +1,14 @@
+/* 
+* Valid values include: title13, title26, title42, pii, title5
+*/
+variable "data_safeguards" {
+  description = "Selected available safeguards which apply to the data in the bucket"
+  type        = list(string)
+  default     = ["title26"]
+}
+
+variable "enable_title26" {
+  description = "Flag to enable bucket with Title 26 (FTI) settings"
+  type        = bool
+  default     = true
+}