diff --git a/main.tf b/main.tf index 2d1dfda..f4ff012 100644 --- a/main.tf +++ b/main.tf @@ -1,16 +1,16 @@ locals { - logical_dns_service_name = "${var.override_dns_name != "" ? var.override_dns_name : replace(var.component_name, "/-service$/", "")}" - env_prefix = "${var.env == "live" ? "" : "${var.env}-"}" + logical_dns_service_name = var.override_dns_name != "" ? var.override_dns_name : replace(var.component_name, "/-service$/", "") + env_prefix = var.env == "live" ? "" : "${var.env}-" target_host_name = "${local.env_prefix}${local.logical_dns_service_name}.${var.dns_domain}" } resource "aws_alb_listener_rule" "rule" { - listener_arn = "${var.alb_listener_arn}" - priority = "${var.priority}" + listener_arn = var.alb_listener_arn + priority = var.priority action { type = "forward" - target_group_arn = "${aws_alb_target_group.target_group.arn}" + target_group_arn = aws_alb_target_group.target_group.arn } condition { @@ -28,7 +28,7 @@ resource "aws_alb_listener_rule" "rule" { } locals { - old_target_group_name = "${replace(replace("${var.env}-${var.component_name}", "/(.{0,32}).*/", "$1"), "/^-+|-+$/", "")}" + old_target_group_name = "${replace(replace("${var.env}-${var.component_name}", "/(.{0,32}).*/", "$1"), "/^-+|-+$/", "")}" target_group_name_hash = "${base64encode(base64sha256("${var.env}-${var.component_name}"))}" target_group_name_postfix = "${replace(replace("${local.target_group_name_hash}", "/(.{0,12}).*/", "$1"), "/^-+|-+$/", "")}" @@ -37,31 +37,31 @@ locals { } resource "aws_alb_target_group" "target_group" { - name = "${var.hash_target_group_name ? local.target_group_name : local.old_target_group_name}" + name = var.hash_target_group_name ? local.target_group_name : local.old_target_group_name # port will be set dynamically, but for some reason AWS requires a value port = "31337" protocol = "HTTP" - vpc_id = "${var.vpc_id}" - deregistration_delay = "${var.deregistration_delay}" - target_type = "${var.target_type}" + vpc_id = var.vpc_id + deregistration_delay = var.deregistration_delay + target_type = var.target_type health_check { - interval = "${var.health_check_interval}" - path = "${var.health_check_path}" - timeout = "${var.health_check_timeout}" - healthy_threshold = "${var.health_check_healthy_threshold}" - unhealthy_threshold = "${var.health_check_unhealthy_threshold}" - matcher = "${var.health_check_matcher}" + interval = var.health_check_interval + path = var.health_check_path + timeout = var.health_check_timeout + healthy_threshold = var.health_check_healthy_threshold + unhealthy_threshold = var.health_check_unhealthy_threshold + matcher = var.health_check_matcher } lifecycle { create_before_destroy = true } - tags { - component = "${var.component_name}" - env = "${var.env}" + tags = { + component = var.component_name + env = var.env service = "${var.env}-${var.component_name}" } } @@ -74,17 +74,17 @@ locals { } data "aws_route53_zone" "dns_domain" { - name = "${local.backend_dns_domain}" + name = local.backend_dns_domain } resource "aws_route53_record" "dns_record" { - zone_id = "${data.aws_route53_zone.dns_domain.zone_id}" - name = "${local.backend_dns_record}" + zone_id = data.aws_route53_zone.dns_domain.zone_id + name = local.backend_dns_record type = "CNAME" - records = ["${var.alb_dns_name}"] - ttl = "${var.ttl}" - allow_overwrite = "${var.allow_overwrite}" + records = [var.alb_dns_name] + ttl = var.ttl + allow_overwrite = var.allow_overwrite - depends_on = ["aws_alb_listener_rule.rule"] + depends_on = [aws_alb_listener_rule.rule] } diff --git a/test/Dockerfile b/test/Dockerfile index 09db86a..3648974 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,9 +1,9 @@ FROM python:3-alpine COPY requirements.txt . -ENV TERRAFORM_VERSION=0.11.15 +ENV TERRAFORM_VERSION=0.13.2 ENV TERRAFORM_ZIP=terraform_${TERRAFORM_VERSION}_linux_amd64.zip -ENV TERRAFORM_SUM=e6c8c884de6c353cf98252c5e11faf972d4b30b5d070ab5ff70eaf92660a5aac +ENV TERRAFORM_SUM=6c1c6440c5cb199e85926aea65773450564f501fddcd7876f453ba95b45ba746 RUN apk add -U ca-certificates curl git && \ cd /tmp && \ diff --git a/test/infra/main.tf b/test/infra/main.tf index 5ce18a8..7be2e5b 100644 --- a/test/infra/main.tf +++ b/test/infra/main.tf @@ -2,15 +2,15 @@ module "backend_service_routing" { source = "../.." - env = "${var.env}" - component_name = "cognito-service" - dns_domain = "domain.com" - priority = "10" - alb_listener_arn = "alb:listener" - alb_dns_name = "alb.dns.name.com" - vpc_id = "${var.platform_config["vpc"]}" # optional - aws_account_alias = "${var.aws_account_alias}" - backend_dns = "${var.backend_dns}" + env = var.env + component_name = "cognito-service" + dns_domain = "domain.com" + priority = "10" + alb_listener_arn = "arn:aws:alb:eu-west-1:123456789123:alb:listener" + alb_dns_name = "alb.dns.name.com" + vpc_id = var.platform_config["vpc"] + aws_account_alias = var.aws_account_alias + backend_dns = var.backend_dns } # configure provider to not try too hard talking to AWS API @@ -30,7 +30,7 @@ provider "aws" { variable "env" {} variable "platform_config" { - type = "map" + type = map(string) } variable "aws_account_alias" {} diff --git a/test/test_tf_backend_service_routing.py b/test/test_tf_backend_service_routing.py index 2217e29..0160f08 100644 --- a/test/test_tf_backend_service_routing.py +++ b/test/test_tf_backend_service_routing.py @@ -13,7 +13,6 @@ def test_create_alb_listener_rule_number_of_resources_to_add(self): 'terraform', 'plan', '-var', 'env=dev', - '-var', 'aws_region=eu-west-1', '-var', 'aws_account_alias=awsaccount', '-var', 'backend_dns=testbackend.com', '-var-file=test/platform-config/eu-west-1.json', @@ -33,7 +32,6 @@ def test_create_alb_listener_rule(self): 'terraform', 'plan', '-var', 'env=dev', - '-var', 'aws_region=eu-west-1', '-var', 'aws_account_alias=awsaccount', '-var', 'backend_dns=testbackend.com', '-var-file=test/platform-config/eu-west-1.json', @@ -44,37 +42,36 @@ def test_create_alb_listener_rule(self): # Then assert """ -+ module.backend_service_routing.aws_alb_listener_rule.rule - id: - action.#: "1" - action.0.order: - action.0.target_group_arn: "${aws_alb_target_group.target_group.arn}" - action.0.type: "forward" - arn: - condition.#: "2" - condition.1322904213.field: - condition.1322904213.host_header.#: - condition.1322904213.http_header.#: "0" - condition.1322904213.http_request_method.#: "0" - condition.1322904213.path_pattern.#: "1" - condition.1322904213.path_pattern.0.values.#: "1" - condition.1322904213.path_pattern.0.values.163128923: "*" - condition.1322904213.query_string.#: "0" - condition.1322904213.source_ip.#: "0" - condition.1322904213.values.#: - condition.3843014500.field: - condition.3843014500.host_header.#: "1" - condition.3843014500.host_header.0.values.#: "1" - condition.3843014500.host_header.0.values.3895622771: "dev-cognito.domain.com" - condition.3843014500.http_header.#: "0" - condition.3843014500.http_request_method.#: "0" - condition.3843014500.path_pattern.#: - condition.3843014500.query_string.#: "0" - condition.3843014500.source_ip.#: "0" - condition.3843014500.values.#: - listener_arn: "alb:listener" - priority: "10" - """.strip() in output + # module.backend_service_routing.aws_alb_listener_rule.rule will be created + + resource "aws_alb_listener_rule" "rule" { + + arn = (known after apply) + + id = (known after apply) + + listener_arn = "arn:aws:alb:eu-west-1:123456789123:alb:listener" + + priority = 10 + + tags_all = (known after apply) + + + action { + + order = (known after apply) + + target_group_arn = (known after apply) + + type = "forward" + } + + + condition { + + host_header { + + values = [ + + "dev-cognito.domain.com", + ] + } + } + + condition { + + + path_pattern { + + values = [ + + "*", + ] + } + } + } """.strip() in output def test_create_alb_listener_rule_live(self): # When @@ -82,7 +79,6 @@ def test_create_alb_listener_rule_live(self): 'terraform', 'plan', '-var', 'env=live', - '-var', 'aws_region=eu-west-1', '-var', 'aws_account_alias=awsaccount', '-var', 'backend_dns=testbackend.com', '-var-file=test/platform-config/eu-west-1.json', @@ -93,37 +89,36 @@ def test_create_alb_listener_rule_live(self): # Then assert """ -+ module.backend_service_routing.aws_alb_listener_rule.rule - id: - action.#: "1" - action.0.order: - action.0.target_group_arn: "${aws_alb_target_group.target_group.arn}" - action.0.type: "forward" - arn: - condition.#: "2" - condition.1322904213.field: - condition.1322904213.host_header.#: - condition.1322904213.http_header.#: "0" - condition.1322904213.http_request_method.#: "0" - condition.1322904213.path_pattern.#: "1" - condition.1322904213.path_pattern.0.values.#: "1" - condition.1322904213.path_pattern.0.values.163128923: "*" - condition.1322904213.query_string.#: "0" - condition.1322904213.source_ip.#: "0" - condition.1322904213.values.#: - condition.4207679377.field: - condition.4207679377.host_header.#: "1" - condition.4207679377.host_header.0.values.#: "1" - condition.4207679377.host_header.0.values.2369056528: "cognito.domain.com" - condition.4207679377.http_header.#: "0" - condition.4207679377.http_request_method.#: "0" - condition.4207679377.path_pattern.#: - condition.4207679377.query_string.#: "0" - condition.4207679377.source_ip.#: "0" - condition.4207679377.values.#: - listener_arn: "alb:listener" - priority: "10" - """.strip() in output + # module.backend_service_routing.aws_alb_listener_rule.rule will be created + + resource "aws_alb_listener_rule" "rule" { + + arn = (known after apply) + + id = (known after apply) + + listener_arn = "arn:aws:alb:eu-west-1:123456789123:alb:listener" + + priority = 10 + + tags_all = (known after apply) + + + action { + + order = (known after apply) + + target_group_arn = (known after apply) + + type = "forward" + } + + + condition { + + host_header { + + values = [ + + "cognito.domain.com", + ] + } + } + + condition { + + + path_pattern { + + values = [ + + "*", + ] + } + } + } """.strip() in output def test_create_aws_alb_target_group(self): # When @@ -131,7 +126,6 @@ def test_create_aws_alb_target_group(self): 'terraform', 'plan', '-var', 'env=dev', - '-var', 'aws_region=eu-west-1', '-var', 'aws_account_alias=awsaccount', '-var', 'backend_dns=testbackend.com', '-var-file=test/platform-config/eu-west-1.json', @@ -141,35 +135,50 @@ def test_create_aws_alb_target_group(self): ]).decode('utf-8') # Then - assert """ - + module.backend_service_routing.aws_alb_target_group.target_group - id: - arn: - arn_suffix: - deregistration_delay: "10" - health_check.#: "1" - health_check.0.enabled: "true" - health_check.0.healthy_threshold: "2" - health_check.0.interval: "5" - health_check.0.matcher: "200-299" - health_check.0.path: "/internal/healthcheck" - health_check.0.port: "traffic-port" - health_check.0.protocol: "HTTP" - health_check.0.timeout: "4" - health_check.0.unhealthy_threshold: "2" - lambda_multi_value_headers_enabled: "false" - load_balancing_algorithm_type: - name: "dev-cognito-service" - port: "31337" - protocol: "HTTP" - proxy_protocol_v2: "false" - slow_start: "0" - stickiness.#: - tags.%: "3" - tags.component: "cognito-service" - tags.env: "dev" - tags.service: "dev-cognito-service" - target_type: "instance" - vpc_id: "vpc-12345678" - """.strip() in output + assert """# module.backend_service_routing.aws_alb_target_group.target_group will be created + + resource "aws_alb_target_group" "target_group" { + + arn = (known after apply) + + arn_suffix = (known after apply) + + deregistration_delay = 10 + + id = (known after apply) + + lambda_multi_value_headers_enabled = false + + load_balancing_algorithm_type = (known after apply) + + name = "dev-cognito-service" + + port = 31337 + + preserve_client_ip = (known after apply) + + protocol = "HTTP" + + protocol_version = (known after apply) + + proxy_protocol_v2 = false + + slow_start = 0 + + tags = { + + "component" = "cognito-service" + + "env" = "dev" + + "service" = "dev-cognito-service" + } + + tags_all = { + + "component" = "cognito-service" + + "env" = "dev" + + "service" = "dev-cognito-service" + } + + target_type = "instance" + + vpc_id = "vpc-12345678" + + + health_check { + + enabled = true + + healthy_threshold = 2 + + interval = 5 + + matcher = "200-299" + + path = "/internal/healthcheck" + + port = "traffic-port" + + protocol = "HTTP" + + timeout = 4 + + unhealthy_threshold = 2 + } + + stickiness { + + cookie_duration = (known after apply) + + cookie_name = (known after apply) + + enabled = (known after apply) + + type = (known after apply) + } + } """.strip() in output diff --git a/variables.tf b/variables.tf index 4fbde49..81b043f 100644 --- a/variables.tf +++ b/variables.tf @@ -10,12 +10,12 @@ variable "alb_listener_arn" { variable "aws_account_alias" { description = "The AWS account alias where the router is deployed" - type = "string" + type = string } variable "backend_dns" { description = "The domain and top level domain used as the address for the ALB" - type = "string" + type = string } variable "env" { @@ -28,26 +28,26 @@ variable "priority" { variable "vpc_id" { description = "The identifier of the VPC in which to create the target group." - type = "string" + type = string } // Optional Variables variable "allow_overwrite" { description = "Allow creation of this record in Terraform to overwrite an existing record, if any." - type = "string" + type = string default = "false" } variable "component_name" { - type = "string" + type = string description = "The name of the component - used by default for the DNS entry (with the -service suffix removed), as well as to give the target group a meaningful name" default = "" } variable "deregistration_delay" { description = "The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds." - type = "string" + type = string default = "10" } @@ -58,48 +58,48 @@ variable "dns_domain" { variable "hash_target_group_name" { description = "Include a hash of the target group name when naming it to avoid collisions" - type = "string" + type = string default = "false" } variable "health_check_interval" { description = "The approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds." - type = "string" + type = string default = "5" } variable "health_check_healthy_threshold" { description = "The number of consecutive health checks successes required before considering an unhealthy target healthy." - type = "string" + type = string default = "2" } variable "health_check_matcher" { description = "The HTTP codes to use when checking for a successful response from a target. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\")." - type = "string" + type = string default = "200-299" } variable "health_check_path" { description = "The destination for the health check request." - type = "string" + type = string default = "/internal/healthcheck" } variable "health_check_timeout" { description = "The amount of time, in seconds, during which no response means a failed health check." - type = "string" + type = string default = "4" } variable "health_check_unhealthy_threshold" { description = "The number of consecutive health check failures required before considering the target unhealthy." - type = "string" + type = string default = "2" } variable "override_dns_name" { - type = "string" + type = string description = "The first part of the DNS name without the environment (defaults to component_name with -service suffix removed)" default = "" } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..1d23dfe --- /dev/null +++ b/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 0.13" +}