From bf38d7b35781c8e65e3e0deec8fafb52aa86fe2c Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Thu, 17 Dec 2020 09:33:05 -0500
Subject: [PATCH] work out code for tags

---
 common/defaults.tf              |  7 +++++++
 common/resources.tf             | 13 +++++++++++++
 standard/README.md              |  4 +++-
 standard/defaults.tf            |  1 +
 standard/main.tf                |  7 ++++---
 standard/safeguard_variables.tf | 14 ++++++++++++++
 title26/README.md               |  5 ++++-
 title26/defaults.tf             |  1 +
 title26/main.tf                 | 10 +++++-----
 title26/safeguard_variables.tf  | 14 ++++++++++++++
 10 files changed, 66 insertions(+), 10 deletions(-)
 create mode 100644 common/defaults.tf
 create mode 120000 standard/defaults.tf
 create mode 100644 standard/safeguard_variables.tf
 create mode 120000 title26/defaults.tf
 create mode 100644 title26/safeguard_variables.tf

diff --git a/common/defaults.tf b/common/defaults.tf
new file mode 100644
index 0000000..c6f8029
--- /dev/null
+++ b/common/defaults.tf
@@ -0,0 +1,7 @@
+# local._defaults["data_safeguards"]
+
+locals {
+  _defaults = {
+    data_safeguards = ["title13", "title26", "title42", "pii", "title5"]
+  }
+}
diff --git a/common/resources.tf b/common/resources.tf
index 9939827..a972918 100644
--- a/common/resources.tf
+++ b/common/resources.tf
@@ -26,6 +26,19 @@ locals {
     "boc:tf_module_version" = var._module_version
     "boc:created_by"        = "terraform"
   }
+  # strip spaces, convert to lowercase, make distinct, sort. Remove those not in the _defaults
+  add_safeguard_tags      = local.enable_title26 ? ["title26"] : []
+  _default_safeguard_tags = { for d in local._defaults["data_safeguards"] : d => d }
+  safeguard_tags          = sort(compact(concat([for t in var.data_safeguards : lookup(local._default_safeguard_tags, lower(replace(t, " ", "")), "")], local.add_safeguard_tags)))
+  add_tags = {
+    safeguard = {
+      "exists"     = { "boc:safeguard" = join(",", local.safeguard_tags) }
+      "not_exists" = {}
+    }
+  }
+  enforced_tags = merge(
+    local.add_tags["safeguard"][length(local.safeguard_tags) > 0 ? "exists" : "not_exists"]
+  )
 }
 
 #---
diff --git a/standard/README.md b/standard/README.md
index 3e23dd2..07d8dd1 100644
--- a/standard/README.md
+++ b/standard/README.md
@@ -4,7 +4,7 @@
 
 ```hcl
 module "mybucket" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-s3//standard"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard"
 
   bucket_name = "mynormalbucket"
 }
@@ -32,6 +32,8 @@ No requirements.
 | allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
 | bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
 | bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | `[]` | no |
+| enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `false` | no |
 | force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
 | kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
 | tags | AWS Tags | `map(string)` | `{}` | no |
diff --git a/standard/defaults.tf b/standard/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/standard/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/standard/main.tf b/standard/main.tf
index f460239..9139664 100644
--- a/standard/main.tf
+++ b/standard/main.tf
@@ -5,14 +5,15 @@
 *
 * ```hcl
 * module "mybucket" {
-*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3//standard"
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard"
 *
 *   bucket_name = "mynormalbucket"
 * }
 * ```
 * 
 */
+
 locals {
-  enforced_tags = {}
-  versioning    = false
+  enable_title26 = var.enable_title26 ? true : false
+  versioning     = false
 }
diff --git a/standard/safeguard_variables.tf b/standard/safeguard_variables.tf
new file mode 100644
index 0000000..a934cfc
--- /dev/null
+++ b/standard/safeguard_variables.tf
@@ -0,0 +1,14 @@
+/* 
+* Valid values include: title13, title26, title42, pii, title5
+*/
+variable "data_safeguards" {
+  description = "Selected available safeguards which apply to the data in the bucket"
+  type        = list(string)
+  default     = []
+}
+
+variable "enable_title26" {
+  description = "Flag to enable bucket with Title 26 (FTI) settings"
+  type        = bool
+  default     = false
+}
diff --git a/title26/README.md b/title26/README.md
index c529a1d..fec3ac3 100644
--- a/title26/README.md
+++ b/title26/README.md
@@ -4,9 +4,10 @@
 
 ```hcl
 module "mybucket" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-s3//title26"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26"
 
   bucket_name = "myt26bucket"
+  # enable_title26 = true
 }
 ```
 
@@ -32,6 +33,8 @@ No requirements.
 | allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
 | bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
 | bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | <pre>[<br>  "title26"<br>]</pre> | no |
+| enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `true` | no |
 | force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
 | kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
 | tags | AWS Tags | `map(string)` | `{}` | no |
diff --git a/title26/defaults.tf b/title26/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/title26/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/title26/main.tf b/title26/main.tf
index c380fd7..f2e9f25 100644
--- a/title26/main.tf
+++ b/title26/main.tf
@@ -5,16 +5,16 @@
 *
 * ```hcl
 * module "mybucket" {
-*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3//title26"
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26"
 *
 *   bucket_name = "myt26bucket"
+*   # enable_title26 = true
 * }
 * ```
 * 
 */
+
 locals {
-  enforced_tags = {
-    "boc:safeguard" = "title26"
-  }
-  versioning = true
+  enable_title26 = true
+  versioning     = true
 }
diff --git a/title26/safeguard_variables.tf b/title26/safeguard_variables.tf
new file mode 100644
index 0000000..718b222
--- /dev/null
+++ b/title26/safeguard_variables.tf
@@ -0,0 +1,14 @@
+/* 
+* Valid values include: title13, title26, title42, pii, title5
+*/
+variable "data_safeguards" {
+  description = "Selected available safeguards which apply to the data in the bucket"
+  type        = list(string)
+  default     = ["title26"]
+}
+
+variable "enable_title26" {
+  description = "Flag to enable bucket with Title 26 (FTI) settings"
+  type        = bool
+  default     = true
+}