Skip to content

Commit 9bd8d84

Browse files
authored
Add SSM data sources and resources (#6)
1 parent 938dd26 commit 9bd8d84

File tree

7 files changed

+140
-8
lines changed

7 files changed

+140
-8
lines changed

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,11 +205,16 @@ Available targets:
205205
| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no |
206206
| attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
207207
| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no |
208+
| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no |
208209
| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no |
210+
| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no |
209211
| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no |
212+
| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no |
210213
| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no |
211214
| authentication_oidc_client_id | OIDC Client ID | string | `` | no |
215+
| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no |
212216
| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no |
217+
| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no |
213218
| authentication_oidc_issuer | OIDC Issuer | string | `` | no |
214219
| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no |
215220
| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no |

docs/terraform.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,16 @@
3131
| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no |
3232
| attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
3333
| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no |
34+
| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no |
3435
| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no |
36+
| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no |
3537
| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no |
38+
| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no |
3639
| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no |
3740
| authentication_oidc_client_id | OIDC Client ID | string | `` | no |
41+
| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no |
3842
| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no |
43+
| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no |
3944
| authentication_oidc_issuer | OIDC Issuer | string | `` | no |
4045
| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no |
4146
| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no |

examples/with_cognito_authentication/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ locals {
1717
}
1818

1919
module "subnets" {
20-
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.6"
20+
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.8.0"
2121
availability_zones = "${local.availability_zones}"
2222
namespace = "${var.namespace}"
2323
stage = "${var.stage}"

examples/with_google_oidc_authentication/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ locals {
1717
}
1818

1919
module "subnets" {
20-
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.6"
20+
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.8.0"
2121
availability_zones = "${local.availability_zones}"
2222
namespace = "${var.namespace}"
2323
stage = "${var.stage}"

examples/without_authentication/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ locals {
1717
}
1818

1919
module "subnets" {
20-
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.6"
20+
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.8.0"
2121
availability_zones = "${local.availability_zones}"
2222
namespace = "${var.namespace}"
2323
stage = "${var.stage}"

main.tf

Lines changed: 97 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -144,11 +144,11 @@ module "web_app" {
144144
alb_ingress_authenticated_listener_arns_count = "${var.alb_ingress_authenticated_listener_arns_count}"
145145

146146
authentication_type = "${var.authentication_type}"
147-
authentication_cognito_user_pool_arn = "${var.authentication_cognito_user_pool_arn}"
148-
authentication_cognito_user_pool_client_id = "${var.authentication_cognito_user_pool_client_id}"
149-
authentication_cognito_user_pool_domain = "${var.authentication_cognito_user_pool_domain}"
150-
authentication_oidc_client_id = "${var.authentication_oidc_client_id}"
151-
authentication_oidc_client_secret = "${var.authentication_oidc_client_secret}"
147+
authentication_cognito_user_pool_arn = "${local.authentication_cognito_user_pool_arn}"
148+
authentication_cognito_user_pool_client_id = "${local.authentication_cognito_user_pool_client_id}"
149+
authentication_cognito_user_pool_domain = "${local.authentication_cognito_user_pool_domain}"
150+
authentication_oidc_client_id = "${local.authentication_oidc_client_id}"
151+
authentication_oidc_client_secret = "${local.authentication_oidc_client_secret}"
152152
authentication_oidc_issuer = "${var.authentication_oidc_issuer}"
153153
authentication_oidc_authorization_endpoint = "${var.authentication_oidc_authorization_endpoint}"
154154
authentication_oidc_token_endpoint = "${var.authentication_oidc_token_endpoint}"
@@ -336,3 +336,95 @@ resource "aws_iam_role_policy_attachment" "default" {
336336
create_before_destroy = true
337337
}
338338
}
339+
340+
locals {
341+
authentication_cognito_user_pool_arn = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_arn.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_arn.*.value) : var.authentication_cognito_user_pool_arn}"
342+
authentication_cognito_user_pool_arn_ssm_name = "${length(var.authentication_cognito_user_pool_arn_ssm_name) > 0 ? var.authentication_cognito_user_pool_arn_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_arn")}"
343+
344+
authentication_cognito_user_pool_client_id = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_client_id.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_client_id.*.value) : var.authentication_cognito_user_pool_client_id}"
345+
authentication_cognito_user_pool_client_id_ssm_name = "${length(var.authentication_cognito_user_pool_client_id_ssm_name) > 0 ? var.authentication_cognito_user_pool_client_id_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_client_id")}"
346+
347+
authentication_cognito_user_pool_domain = "${length(join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_domain.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_cognito_user_pool_domain.*.value) : var.authentication_cognito_user_pool_domain}"
348+
authentication_cognito_user_pool_domain_ssm_name = "${length(var.authentication_cognito_user_pool_domain_ssm_name) > 0 ? var.authentication_cognito_user_pool_domain_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_cognito_user_pool_domain")}"
349+
350+
authentication_oidc_client_id = "${length(join("", data.aws_ssm_parameter.atlantis_oidc_client_id.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_oidc_client_id.*.value) : var.authentication_oidc_client_id}"
351+
authentication_oidc_client_id_ssm_name = "${length(var.authentication_oidc_client_id_ssm_name) > 0 ? var.authentication_oidc_client_id_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_oidc_client_id")}"
352+
353+
authentication_oidc_client_secret = "${length(join("", data.aws_ssm_parameter.atlantis_oidc_client_secret.*.value)) > 0 ? join("", data.aws_ssm_parameter.atlantis_oidc_client_secret.*.value) : var.authentication_oidc_client_secret}"
354+
authentication_oidc_client_secret_ssm_name = "${length(var.authentication_oidc_client_secret_ssm_name) > 0 ? var.authentication_oidc_client_secret_ssm_name : format(var.chamber_format, var.chamber_service, "atlantis_oidc_client_secret")}"
355+
}
356+
357+
data "aws_ssm_parameter" "atlantis_cognito_user_pool_arn" {
358+
count = "${local.enabled && var.authentication_type == "COGNITO" && length(var.authentication_cognito_user_pool_arn) == 0 ? 1 : 0}"
359+
name = "${local.authentication_cognito_user_pool_arn_ssm_name}"
360+
}
361+
362+
data "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
363+
count = "${local.enabled && var.authentication_type == "COGNITO" && length(var.authentication_cognito_user_pool_client_id) == 0 ? 1 : 0}"
364+
name = "${local.authentication_cognito_user_pool_client_id_ssm_name}"
365+
}
366+
367+
data "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
368+
count = "${local.enabled && var.authentication_type == "COGNITO" && length(var.authentication_cognito_user_pool_domain) == 0 ? 1 : 0}"
369+
name = "${local.authentication_cognito_user_pool_domain_ssm_name}"
370+
}
371+
372+
data "aws_ssm_parameter" "atlantis_oidc_client_id" {
373+
count = "${local.enabled && var.authentication_type == "OIDC" && length(var.authentication_oidc_client_id) == 0 ? 1 : 0}"
374+
name = "${local.authentication_oidc_client_id_ssm_name}"
375+
}
376+
377+
data "aws_ssm_parameter" "atlantis_oidc_client_secret" {
378+
count = "${local.enabled && var.authentication_type == "OIDC" && length(var.authentication_oidc_client_secret) == 0 ? 1 : 0}"
379+
name = "${local.authentication_oidc_client_secret_ssm_name}"
380+
}
381+
382+
resource "aws_ssm_parameter" "atlantis_cognito_user_pool_arn" {
383+
count = "${local.enabled && var.authentication_type == "COGNITO" ? 1 : 0}"
384+
overwrite = "${var.overwrite_ssm_parameter}"
385+
type = "SecureString"
386+
description = "Atlantis Cognito User Pool ARN"
387+
key_id = "${local.kms_key_id}"
388+
name = "${local.authentication_cognito_user_pool_arn_ssm_name}"
389+
value = "${local.authentication_cognito_user_pool_arn}"
390+
}
391+
392+
resource "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
393+
count = "${local.enabled && var.authentication_type == "COGNITO" ? 1 : 0}"
394+
overwrite = "${var.overwrite_ssm_parameter}"
395+
type = "SecureString"
396+
description = "Atlantis Cognito User Pool Client ID"
397+
key_id = "${local.kms_key_id}"
398+
name = "${local.authentication_cognito_user_pool_client_id_ssm_name}"
399+
value = "${local.authentication_cognito_user_pool_client_id}"
400+
}
401+
402+
resource "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
403+
count = "${local.enabled && var.authentication_type == "COGNITO" ? 1 : 0}"
404+
overwrite = "${var.overwrite_ssm_parameter}"
405+
type = "SecureString"
406+
description = "Atlantis Cognito User Pool Domain"
407+
key_id = "${local.kms_key_id}"
408+
name = "${local.authentication_cognito_user_pool_domain_ssm_name}"
409+
value = "${local.authentication_cognito_user_pool_domain}"
410+
}
411+
412+
resource "aws_ssm_parameter" "atlantis_oidc_client_id" {
413+
count = "${local.enabled && var.authentication_type == "OIDC" ? 1 : 0}"
414+
overwrite = "${var.overwrite_ssm_parameter}"
415+
type = "SecureString"
416+
description = "Atlantis OIDC Client ID"
417+
key_id = "${local.kms_key_id}"
418+
name = "${local.authentication_oidc_client_id_ssm_name}"
419+
value = "${local.authentication_oidc_client_id}"
420+
}
421+
422+
resource "aws_ssm_parameter" "atlantis_oidc_client_secret" {
423+
count = "${local.enabled && var.authentication_type == "OIDC" ? 1 : 0}"
424+
overwrite = "${var.overwrite_ssm_parameter}"
425+
type = "SecureString"
426+
description = "Atlantis OIDC Client Secret"
427+
key_id = "${local.kms_key_id}"
428+
name = "${local.authentication_oidc_client_secret_ssm_name}"
429+
value = "${local.authentication_oidc_client_secret}"
430+
}

variables.tf

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -437,3 +437,33 @@ variable "authentication_oidc_user_info_endpoint" {
437437
description = "OIDC User Info Endpoint"
438438
default = ""
439439
}
440+
441+
variable "authentication_cognito_user_pool_arn_ssm_name" {
442+
type = "string"
443+
description = "SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided"
444+
default = ""
445+
}
446+
447+
variable "authentication_cognito_user_pool_client_id_ssm_name" {
448+
type = "string"
449+
description = "SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided"
450+
default = ""
451+
}
452+
453+
variable "authentication_cognito_user_pool_domain_ssm_name" {
454+
type = "string"
455+
description = "SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided"
456+
default = ""
457+
}
458+
459+
variable "authentication_oidc_client_id_ssm_name" {
460+
type = "string"
461+
description = "SSM param name to lookup `authentication_oidc_client_id` if not provided"
462+
default = ""
463+
}
464+
465+
variable "authentication_oidc_client_secret_ssm_name" {
466+
type = "string"
467+
description = "SSM param name to lookup `authentication_oidc_client_secret` if not provided"
468+
default = ""
469+
}

0 commit comments

Comments
 (0)