Merge pull request #97 from eemperor/refactor

Removes create variable from module
plus3it · Jan 5, 2021 · 776aedd · 776aedd
2 parents e214a06 + 5da6fce
commit 776aedd
Show file tree

Hide file tree

Showing 13 changed files with 25 additions and 75 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 4.1.1
+current_version = 5.0.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/README.md b/README.md
@@ -25,7 +25,6 @@ Creates an AWS Cloudtrail
 | cloud\_watch\_logs\_role\_arn | (Optional) Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. | `string` | `null` | no |
 | cloudtrail\_bucket | Name of S3 bucket to send CloudTrail logs; bucket must already exist | `string` | `null` | no |
 | cloudtrail\_name | Name of the trail to create | `string` | `null` | no |
-| create\_cloudtrail | Controls whether to create the CloudTrail | `bool` | `true` | no |
 | create\_kms\_key | Controls whether to create a kms key that Cloudtrail will use to encrypt the logs | `bool` | `true` | no |
 | enable\_log\_file\_validation | Specifies whether log file integrity validation is enabled | `bool` | `true` | no |
 | event\_selectors | List of maps specifying `read_write_type`, `include_management_events`, `type`, and `values`. See https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for more information regarding the map vales | `list(any)` | `[]` | no |

diff --git a/main.tf b/main.tf
@@ -25,23 +25,23 @@ locals {
 ### RESOURCES ###
 # Create CloudWatch Log Group
 resource "aws_cloudwatch_log_group" "this" {
-  count = var.create_cloudtrail && local.create_log_group ? 1 : 0
+  count = local.create_log_group ? 1 : 0
 
   name              = local.cloud_watch_logs_group_name
   retention_in_days = var.retention_in_days
 }
 
 # Create IAM Policy
 resource "aws_iam_policy" "this" {
-  count = var.create_cloudtrail && local.create_log_group_role ? 1 : 0
+  count = local.create_log_group_role ? 1 : 0
 
   name   = var.cloudtrail_name
   policy = data.aws_iam_policy_document.write_logs[0].json
 }
 
 # Create IAM Role
 resource "aws_iam_role" "this" {
-  count = var.create_cloudtrail && local.create_log_group_role ? 1 : 0
+  count = local.create_log_group_role ? 1 : 0
 
   name               = var.cloudtrail_name
   assume_role_policy = data.aws_iam_policy_document.assume_role[0].json
@@ -50,7 +50,7 @@ resource "aws_iam_role" "this" {
 
 # Attach Policy to IAM Role
 resource "aws_iam_policy_attachment" "this" {
-  count = var.create_cloudtrail && local.create_log_group_role ? 1 : 0
+  count = local.create_log_group_role ? 1 : 0
 
   name       = var.cloudtrail_name
   roles      = [aws_iam_role.this[0].name]
@@ -69,7 +69,6 @@ module "kms" {
 }
 
 resource "aws_cloudtrail" "this" {
-  count = var.create_cloudtrail ? 1 : 0
 
   name                          = var.cloudtrail_name
   s3_bucket_name                = var.cloudtrail_bucket
@@ -102,26 +101,20 @@ resource "aws_cloudtrail" "this" {
 }
 
 ### DATA SOURCES ###
-data "aws_partition" "current" {
-  count = var.create_cloudtrail ? 1 : 0
-}
+data "aws_partition" "current" {}
 
-data "aws_region" "current" {
-  count = var.create_cloudtrail ? 1 : 0
-}
+data "aws_region" "current" {}
 
-data "aws_caller_identity" "current" {
-  count = var.create_cloudtrail ? 1 : 0
-}
+data "aws_caller_identity" "current" {}
 
 data "aws_cloudwatch_log_group" "this" {
-  count = var.create_cloudtrail && !local.create_log_group ? 1 : 0
+  count = !local.create_log_group ? 1 : 0
 
   name = var.cloud_watch_logs_group_name
 }
 
 data "aws_iam_policy_document" "assume_role" {
-  count = var.create_cloudtrail && local.create_log_group_role ? 1 : 0
+  count = local.create_log_group_role ? 1 : 0
 
   statement {
     actions = ["sts:AssumeRole"]
@@ -134,7 +127,7 @@ data "aws_iam_policy_document" "assume_role" {
 }
 
 data "aws_iam_policy_document" "write_logs" {
-  count = var.create_cloudtrail && local.create_log_group_role ? 1 : 0
+  count = local.create_log_group_role ? 1 : 0
 
   statement {
     sid = "WriteCloudWatchLogs"
@@ -145,7 +138,7 @@ data "aws_iam_policy_document" "write_logs" {
     ]
 
     resources = [
-      "arn:${data.aws_partition.current[0].partition}:logs:${data.aws_region.current[0].name}:${data.aws_caller_identity.current[0].account_id}:log-group:${local.cloud_watch_logs_group_name}:log-stream:*"
+      "arn:${data.aws_partition.current.partition}:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloud_watch_logs_group_name}:log-stream:*"
     ]
   }
 }
@@ -179,7 +172,7 @@ data "aws_iam_policy_document" "kms_key_policy" {
       variable = "kms:EncryptionContext:aws:cloudtrail:arn"
 
       values = [
-        "arn:${data.aws_partition.current[0].partition}:cloudtrail:*:${data.aws_caller_identity.current[0].account_id}:trail/*"
+        "arn:${data.aws_partition.current.partition}:cloudtrail:*:${data.aws_caller_identity.current.account_id}:trail/*"
       ]
     }
 
@@ -215,7 +208,7 @@ data "aws_iam_policy_document" "kms_key_policy" {
       variable = "kms:EncryptionContext:aws:cloudtrail:arn"
 
       values = [
-        "arn:${data.aws_partition.current[0].partition}:cloudtrail:*:${data.aws_caller_identity.current[0].account_id}:trail/*"
+        "arn:${data.aws_partition.current.partition}:cloudtrail:*:${data.aws_caller_identity.current.account_id}:trail/*"
       ]
     }
 
@@ -224,7 +217,7 @@ data "aws_iam_policy_document" "kms_key_policy" {
       variable = "kms:CallerAccount"
 
       values = [
-        data.aws_caller_identity.current[0].account_id
+        data.aws_caller_identity.current.account_id
       ]
     }
 

diff --git a/outputs.tf b/outputs.tf
@@ -1,25 +1,25 @@
 # CloudTrail
 output "cloudtrail_id" {
   description = "The name of the trail"
-  value       = join("", aws_cloudtrail.this.*.id)
+  value       = aws_cloudtrail.this.id
 }
 
 output "cloudtrail_home_region" {
   description = "The region in which the trail was created"
-  value       = join("", aws_cloudtrail.this.*.home_region)
+  value       = aws_cloudtrail.this.home_region
 }
 
 output "cloudtrail_arn" {
   description = "The Amazon Resource Name of the trail"
-  value       = join("", aws_cloudtrail.this.*.arn)
+  value       = aws_cloudtrail.this.arn
 }
 
 output "log_group" {
   description = "The CloudWatch log group object created when no previous log group is declared"
-  value       = length(aws_cloudwatch_log_group.this) > 0 ? aws_cloudwatch_log_group.this[0] : null
+  value       = local.create_log_group ? aws_cloudwatch_log_group.this[0] : null
 }
 
 output "kms_key_id" {
   description = "The KMS Key ARN used to encrypt the logs"
-  value       = length(aws_cloudtrail.this) > 0 ? aws_cloudtrail.this[0].kms_key_id : null
+  value       = aws_cloudtrail.this.kms_key_id
 }
diff --git a/tests/baseline/main.tf b/tests/baseline/main.tf
@@ -3,8 +3,7 @@ provider "aws" {
 }
 
 locals {
-  create_cloudtrail = true
-  partition         = "aws"
+  partition = "aws"
 }
 
 resource "random_id" "name" {
@@ -19,8 +18,6 @@ resource "aws_s3_bucket" "this" {
 }
 
 data "template_file" "this" {
-  count = local.create_cloudtrail ? 1 : 0
-
   template = file("${path.module}/../templates/cloudtrail-bucket-policy.json")
 
   vars = {
@@ -36,7 +33,6 @@ module "baseline" {
     aws = aws
   }
 
-  create_cloudtrail = local.create_cloudtrail
   create_kms_key    = false
   cloudtrail_name   = random_id.name.hex
   cloudtrail_bucket = aws_s3_bucket.this.id

diff --git a/tests/cocreate_kms_key/main.tf b/tests/cocreate_kms_key/main.tf
@@ -30,7 +30,6 @@ module "cocreate_kms_key" {
     aws = aws
   }
 
-  create_cloudtrail = true
   create_kms_key    = true
   cloudtrail_name   = data.terraform_remote_state.prereq.outputs.random_name
   cloudtrail_bucket = data.terraform_remote_state.prereq.outputs.bucket_id

diff --git a/tests/event_selector/main.tf b/tests/event_selector/main.tf
@@ -6,8 +6,7 @@ data "aws_partition" "current" {
 }
 
 locals {
-  create_cloudtrail = true
-  partition         = "aws"
+  partition = "aws"
 }
 
 resource "random_id" "name" {
@@ -22,8 +21,6 @@ resource "aws_s3_bucket" "this" {
 }
 
 data "template_file" "this" {
-  count = local.create_cloudtrail ? 1 : 0
-
   template = file("${path.module}/../templates/cloudtrail-bucket-policy.json")
 
   vars = {
@@ -39,7 +36,6 @@ module "event_selector" {
     aws = aws
   }
 
-  create_cloudtrail = local.create_cloudtrail
   cloudtrail_name   = random_id.name.hex
   cloudtrail_bucket = aws_s3_bucket.this.id
 

diff --git a/tests/multiple_event_selectors/main.tf b/tests/multiple_event_selectors/main.tf
@@ -6,8 +6,7 @@ data "aws_partition" "current" {
 }
 
 locals {
-  create_cloudtrail = true
-  partition         = "aws"
+  partition = "aws"
 }
 
 resource "random_id" "name" {
@@ -22,8 +21,6 @@ resource "aws_s3_bucket" "this" {
 }
 
 data "template_file" "this" {
-  count = local.create_cloudtrail ? 1 : 0
-
   template = file("${path.module}/../templates/cloudtrail-bucket-policy.json")
 
   vars = {
@@ -39,7 +36,6 @@ module "multiple_event_selectors" {
     aws = aws
   }
 
-  create_cloudtrail = local.create_cloudtrail
   cloudtrail_name   = random_id.name.hex
   cloudtrail_bucket = aws_s3_bucket.this.id
 

diff --git a/tests/no_cloudtrail/main.tf b/tests/no_cloudtrail/main.tf
diff --git a/tests/premade_cwl_group/main.tf b/tests/premade_cwl_group/main.tf
@@ -10,8 +10,7 @@ data "terraform_remote_state" "prereq" {
 }
 
 locals {
-  create_cloudtrail = true
-  partition         = "aws"
+  partition = "aws"
 }
 
 resource "random_id" "name" {
@@ -26,8 +25,6 @@ resource "aws_s3_bucket" "this" {
 }
 
 data "template_file" "this" {
-  count = local.create_cloudtrail ? 1 : 0
-
   template = file("${path.module}/../templates/cloudtrail-bucket-policy.json")
 
   vars = {
@@ -43,7 +40,6 @@ module "premade_cwl_group" {
     aws = aws
   }
 
-  create_cloudtrail           = local.create_cloudtrail
   cloudtrail_name             = random_id.name.hex
   cloudtrail_bucket           = aws_s3_bucket.this.id
   cloud_watch_logs_group_name = data.terraform_remote_state.prereq.outputs.cwl_group_name

diff --git a/tests/premade_cwl_role/main.tf b/tests/premade_cwl_role/main.tf
@@ -10,8 +10,7 @@ data "terraform_remote_state" "prereq" {
 }
 
 locals {
-  create_cloudtrail = true
-  partition         = "aws"
+  partition = "aws"
 }
 
 resource "random_id" "name" {
@@ -26,8 +25,6 @@ resource "aws_s3_bucket" "this" {
 }
 
 data "template_file" "this" {
-  count = local.create_cloudtrail ? 1 : 0
-
   template = file("${path.module}/../templates/cloudtrail-bucket-policy.json")
 
   vars = {
@@ -43,7 +40,6 @@ module "premade_cwl_role" {
     aws = aws
   }
 
-  create_cloudtrail           = local.create_cloudtrail
   cloudtrail_name             = random_id.name.hex
   cloudtrail_bucket           = aws_s3_bucket.this.id
   cloud_watch_logs_group_name = data.terraform_remote_state.prereq.outputs.cwl_group_name

diff --git a/tests/premade_kms_key/main.tf b/tests/premade_kms_key/main.tf
@@ -16,7 +16,6 @@ module "premade_kms_key" {
     aws = aws
   }
 
-  create_cloudtrail = true
   cloudtrail_name   = data.terraform_remote_state.prereq.outputs.random_name
   cloudtrail_bucket = data.terraform_remote_state.prereq.outputs.bucket_id
   kms_key_id        = data.terraform_remote_state.prereq.outputs.kms_key_id

diff --git a/variables.tf b/variables.tf
@@ -1,9 +1,3 @@
-variable "create_cloudtrail" {
-  description = "Controls whether to create the CloudTrail"
-  type        = bool
-  default     = true
-}
-
 variable "cloudtrail_name" {
   description = "Name of the trail to create"
   type        = string