diff --git a/README.md b/README.md index 1c738ef..3dede3a 100644 --- a/README.md +++ b/README.md @@ -192,64 +192,81 @@ Available targets: lint Lint terraform code ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authenticated_hosts | Authenticated hosts to match in Hosts header | list(string) | `` | no | -| authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| authenticated_listener_arns_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `300` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| default_target_group_enabled | Enable/disable creation of the default target group | bool | `true` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| deregistration_delay | The amount of time to wait in seconds while deregistering target | number | `15` | no | -| health_check_enabled | Indicates whether health checks are enabled. Defaults to `true` | bool | `true` | no | -| health_check_healthy_threshold | The number of consecutive health checks successes required before healthy | number | `2` | no | -| health_check_interval | The duration in seconds in between health checks | number | `15` | no | -| health_check_matcher | The HTTP response codes to indicate a healthy check | string | `200-399` | no | -| health_check_path | The destination for the health check request | string | `/` | no | -| health_check_port | The port to use to connect with the target. Valid values are either ports 1-65536, or `traffic-port`. Defaults to `traffic-port` | string | `traffic-port` | no | -| health_check_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | string | `HTTP` | no | -| health_check_timeout | The amount of time to wait in seconds before failing a health check request | number | `10` | no | -| health_check_unhealthy_threshold | The number of consecutive health check failures required before unhealthy | number | `2` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| port | The port for the created ALB target group (if `target_group_arn` is not set) | number | `80` | no | -| protocol | The protocol for the created ALB target group (if `target_group_arn` is not set) | string | `HTTP` | no | -| slow_start | The amount of time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is `0` seconds | number | `0` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| stickiness_cookie_duration | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | number | `86400` | no | -| stickiness_enabled | Boolean to enable / disable `stickiness`. Default is `true` | bool | `true` | no | -| stickiness_type | The type of sticky sessions. The only current possible value is `lb_cookie` | string | `lb_cookie` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| target_group_arn | Existing ALB target group ARN. If provided, set `default_target_group_enabled` to `false` to disable creation of the default target group | string | `` | no | -| target_type | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | string | `ip` | no | -| unauthenticated_hosts | Unauthenticated hosts to match in Hosts header | list(string) | `` | no | -| unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| vpc_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | string | - | yes | +|------|-------------|------|---------|:--------:| +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| authenticated\_listener\_arns\_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| default\_target\_group\_enabled | Enable/disable creation of the default target group | `bool` | `true` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| deregistration\_delay | The amount of time to wait in seconds while deregistering target | `number` | `15` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| health\_check\_enabled | Indicates whether health checks are enabled. Defaults to `true` | `bool` | `true` | no | +| health\_check\_healthy\_threshold | The number of consecutive health checks successes required before healthy | `number` | `2` | no | +| health\_check\_interval | The duration in seconds in between health checks | `number` | `15` | no | +| health\_check\_matcher | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no | +| health\_check\_path | The destination for the health check request | `string` | `"/"` | no | +| health\_check\_port | The port to use to connect with the target. Valid values are either ports 1-65536, or `traffic-port`. Defaults to `traffic-port` | `string` | `"traffic-port"` | no | +| health\_check\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | +| health\_check\_timeout | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | +| health\_check\_unhealthy\_threshold | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| port | The port for the created ALB target group (if `target_group_arn` is not set) | `number` | `80` | no | +| protocol | The protocol for the created ALB target group (if `target_group_arn` is not set) | `string` | `"HTTP"` | no | +| slow\_start | The amount of time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is `0` seconds | `number` | `0` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| stickiness\_cookie\_duration | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no | +| stickiness\_enabled | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no | +| stickiness\_type | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| target\_group\_arn | Existing ALB target group ARN. If provided, set `default_target_group_enabled` to `false` to disable creation of the default target group | `string` | `""` | no | +| target\_type | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | `string` | `"ip"` | no | +| unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| vpc\_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| target_group_arn | ALB Target Group ARN | -| target_group_arn_suffix | ALB Target Group ARN suffix | -| target_group_name | ALB Target Group name | +| target\_group\_arn | ALB Target Group ARN | +| target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| target\_group\_name | ALB Target Group name | diff --git a/docs/terraform.md b/docs/terraform.md index bfa919b..b08d2e8 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,59 +1,76 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authenticated_hosts | Authenticated hosts to match in Hosts header | list(string) | `` | no | -| authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| authenticated_listener_arns_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `300` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| default_target_group_enabled | Enable/disable creation of the default target group | bool | `true` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| deregistration_delay | The amount of time to wait in seconds while deregistering target | number | `15` | no | -| health_check_enabled | Indicates whether health checks are enabled. Defaults to `true` | bool | `true` | no | -| health_check_healthy_threshold | The number of consecutive health checks successes required before healthy | number | `2` | no | -| health_check_interval | The duration in seconds in between health checks | number | `15` | no | -| health_check_matcher | The HTTP response codes to indicate a healthy check | string | `200-399` | no | -| health_check_path | The destination for the health check request | string | `/` | no | -| health_check_port | The port to use to connect with the target. Valid values are either ports 1-65536, or `traffic-port`. Defaults to `traffic-port` | string | `traffic-port` | no | -| health_check_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | string | `HTTP` | no | -| health_check_timeout | The amount of time to wait in seconds before failing a health check request | number | `10` | no | -| health_check_unhealthy_threshold | The number of consecutive health check failures required before unhealthy | number | `2` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| port | The port for the created ALB target group (if `target_group_arn` is not set) | number | `80` | no | -| protocol | The protocol for the created ALB target group (if `target_group_arn` is not set) | string | `HTTP` | no | -| slow_start | The amount of time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is `0` seconds | number | `0` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| stickiness_cookie_duration | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | number | `86400` | no | -| stickiness_enabled | Boolean to enable / disable `stickiness`. Default is `true` | bool | `true` | no | -| stickiness_type | The type of sticky sessions. The only current possible value is `lb_cookie` | string | `lb_cookie` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| target_group_arn | Existing ALB target group ARN. If provided, set `default_target_group_enabled` to `false` to disable creation of the default target group | string | `` | no | -| target_type | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | string | `ip` | no | -| unauthenticated_hosts | Unauthenticated hosts to match in Hosts header | list(string) | `` | no | -| unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| vpc_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | string | - | yes | +|------|-------------|------|---------|:--------:| +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| authenticated\_listener\_arns\_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| default\_target\_group\_enabled | Enable/disable creation of the default target group | `bool` | `true` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| deregistration\_delay | The amount of time to wait in seconds while deregistering target | `number` | `15` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| health\_check\_enabled | Indicates whether health checks are enabled. Defaults to `true` | `bool` | `true` | no | +| health\_check\_healthy\_threshold | The number of consecutive health checks successes required before healthy | `number` | `2` | no | +| health\_check\_interval | The duration in seconds in between health checks | `number` | `15` | no | +| health\_check\_matcher | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no | +| health\_check\_path | The destination for the health check request | `string` | `"/"` | no | +| health\_check\_port | The port to use to connect with the target. Valid values are either ports 1-65536, or `traffic-port`. Defaults to `traffic-port` | `string` | `"traffic-port"` | no | +| health\_check\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | +| health\_check\_timeout | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | +| health\_check\_unhealthy\_threshold | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| port | The port for the created ALB target group (if `target_group_arn` is not set) | `number` | `80` | no | +| protocol | The protocol for the created ALB target group (if `target_group_arn` is not set) | `string` | `"HTTP"` | no | +| slow\_start | The amount of time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is `0` seconds | `number` | `0` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| stickiness\_cookie\_duration | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no | +| stickiness\_enabled | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no | +| stickiness\_type | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| target\_group\_arn | Existing ALB target group ARN. If provided, set `default_target_group_enabled` to `false` to disable creation of the default target group | `string` | `""` | no | +| target\_type | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | `string` | `"ip"` | no | +| unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| vpc\_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| target_group_arn | ALB Target Group ARN | -| target_group_arn_suffix | ALB Target Group ARN suffix | -| target_group_name | ALB Target Group name | +| target\_group\_arn | ALB Target Group ARN | +| target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| target\_group\_name | ALB Target Group name | diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index ef8e7e2..42a7884 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -6,7 +6,7 @@ namespace = "eg" stage = "test" -name = "alb-ingress" +name = "lb" vpc_cidr_block = "172.16.0.0/16" diff --git a/main.tf b/main.tf index dc6a3e5..12f7ac0 100644 --- a/main.tf +++ b/main.tf @@ -3,11 +3,14 @@ locals { } data "aws_lb_target_group" "default" { + count = var.enabled ? 1 : 0 + arn = local.target_group_arn } module "default_label" { - enabled = var.default_target_group_enabled + enabled = var.enabled && var.default_target_group_enabled + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" attributes = var.attributes delimiter = var.delimiter @@ -18,7 +21,8 @@ module "default_label" { } resource "aws_lb_target_group" "default" { - count = var.default_target_group_enabled ? 1 : 0 + count = var.enabled && var.default_target_group_enabled ? 1 : 0 + name = module.default_label.id port = var.port protocol = var.protocol @@ -49,7 +53,8 @@ resource "aws_lb_target_group" "default" { } resource "aws_lb_listener_rule" "unauthenticated_paths" { - count = length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) == 0 ? var.unauthenticated_listener_arns_count : 0 + count = var.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) == 0 ? var.unauthenticated_listener_arns_count : 0 + listener_arn = var.unauthenticated_listener_arns[count.index] priority = var.unauthenticated_priority + count.index @@ -65,7 +70,8 @@ resource "aws_lb_listener_rule" "unauthenticated_paths" { } resource "aws_lb_listener_rule" "authenticated_paths_oidc" { - count = var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index @@ -94,7 +100,8 @@ resource "aws_lb_listener_rule" "authenticated_paths_oidc" { } resource "aws_lb_listener_rule" "authenticated_paths_cognito" { - count = var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index @@ -120,7 +127,8 @@ resource "aws_lb_listener_rule" "authenticated_paths_cognito" { } resource "aws_lb_listener_rule" "unauthenticated_hosts" { - count = length(var.unauthenticated_hosts) > 0 && length(var.unauthenticated_paths) == 0 ? var.unauthenticated_listener_arns_count : 0 + count = var.enabled && length(var.unauthenticated_hosts) > 0 && length(var.unauthenticated_paths) == 0 ? var.unauthenticated_listener_arns_count : 0 + listener_arn = var.unauthenticated_listener_arns[count.index] priority = var.unauthenticated_priority + count.index @@ -136,7 +144,8 @@ resource "aws_lb_listener_rule" "unauthenticated_hosts" { } resource "aws_lb_listener_rule" "authenticated_hosts_oidc" { - count = var.authentication_type == "OIDC" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index @@ -165,7 +174,8 @@ resource "aws_lb_listener_rule" "authenticated_hosts_oidc" { } resource "aws_lb_listener_rule" "authenticated_hosts_cognito" { - count = var.authentication_type == "COGNITO" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index @@ -191,7 +201,8 @@ resource "aws_lb_listener_rule" "authenticated_hosts_cognito" { } resource "aws_lb_listener_rule" "unauthenticated_hosts_paths" { - count = length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) > 0 ? var.unauthenticated_listener_arns_count : 0 + count = var.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) > 0 ? var.unauthenticated_listener_arns_count : 0 + listener_arn = var.unauthenticated_listener_arns[count.index] priority = var.unauthenticated_priority + count.index @@ -212,7 +223,8 @@ resource "aws_lb_listener_rule" "unauthenticated_hosts_paths" { } resource "aws_lb_listener_rule" "authenticated_hosts_paths_oidc" { - count = var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index @@ -246,7 +258,8 @@ resource "aws_lb_listener_rule" "authenticated_hosts_paths_oidc" { } resource "aws_lb_listener_rule" "authenticated_hosts_paths_cognito" { - count = var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0 + count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0 + listener_arn = var.authenticated_listener_arns[count.index] priority = var.authenticated_priority + count.index diff --git a/outputs.tf b/outputs.tf index 79cae8d..0f25436 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,14 +1,14 @@ output "target_group_name" { description = "ALB Target Group name" - value = data.aws_lb_target_group.default.name + value = join("", data.aws_lb_target_group.default.*.name) } output "target_group_arn" { description = "ALB Target Group ARN" - value = data.aws_lb_target_group.default.arn + value = join("", data.aws_lb_target_group.default.*.arn) } output "target_group_arn_suffix" { description = "ALB Target Group ARN suffix" - value = data.aws_lb_target_group.default.arn_suffix + value = join("", data.aws_lb_target_group.default.*.arn_suffix) } diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 3f92160..8bf134c 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -5,11 +5,17 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" + "math/rand" + "strconv" + "time" ) // Test the Terraform module in examples/complete using Terratest. func TestExamplesComplete(t *testing.T) { t.Parallel() + rand.Seed(time.Now().UnixNano()) + + attributes := []string{strconv.Itoa(rand.Intn(100000))} terraformOptions := &terraform.Options{ // The path to where our Terraform code is located @@ -17,6 +23,9 @@ func TestExamplesComplete(t *testing.T) { Upgrade: true, // Variables to pass to our Terraform code using -var-file options VarFiles: []string{"fixtures.us-east-2.tfvars"}, + Vars: map[string]interface{}{ + "attributes": attributes, + }, } // At the end of the test, run `terraform destroy` to clean up any resources that were created @@ -42,21 +51,21 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable accessLogsBucketId := terraform.Output(t, terraformOptions, "access_logs_bucket_id") - // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-alb-ingress-alb-access-logs", accessLogsBucketId) + // Verify we're getting back the outputs we expect eg-test-lb-25346-alb-access-logs + assert.Equal(t, "eg-test-lb-"+attributes[0]+"-alb-access-logs", accessLogsBucketId) // Run `terraform output` to get the value of an output variable albName := terraform.Output(t, terraformOptions, "alb_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-alb-ingress", albName) + assert.Equal(t, "eg-test-lb-"+attributes[0], albName) // Run `terraform output` to get the value of an output variable - httpListenerArn := terraform.Output(t, terraformOptions, "http_listener_arn") - // Verify we're getting back the outputs we expect - assert.Contains(t, httpListenerArn, "arn:aws:elasticloadbalancing:us-east-2:126450723953:listener/app/eg-test-alb-ingress") + defaultTargetGroupArn := terraform.Output(t, terraformOptions, "default_target_group_arn") + // Verify we're getting back the outputs we expect something like "arn:aws:elasticloadbalancing:us-east-2:126450723953:targetgroup/eg-test-lb-11514-default/89e9fe401fc63cf7 + assert.Contains(t, defaultTargetGroupArn, "arn:aws:elasticloadbalancing:us-east-2:126450723953:targetgroup/eg-test-lb-"+attributes[0]+"-default") // Run `terraform output` to get the value of an output variable - targetGroupName := terraform.Output(t, terraformOptions, "target_group_name") + httpListenerArn := terraform.Output(t, terraformOptions, "http_listener_arn") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-alb-ingress-default", targetGroupName) + assert.Contains(t, httpListenerArn, "arn:aws:elasticloadbalancing:us-east-2:126450723953:listener/app/eg-test-lb-"+attributes[0]) } diff --git a/variables.tf b/variables.tf index 5b16010..f946477 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,9 @@ +variable "enabled" { + type = bool + description = "Set to false to prevent the module from creating any resources" + default = true +} + variable "namespace" { type = string description = "Namespace (e.g. `eg` or `cp`)"