[argocd] Added github commit status notifications (cloudposse/terraform-aws-components#631)

goruha · cloudpossebot · web-flow · commit b2679722b475 · 2023-04-11T14:52:38.000+06:00
Co-authored-by: cloudpossebot &lt;cloudpossebot@users.noreply.github.com&gt;
diff --git a/src/README.md b/src/README.md
@@ -150,8 +150,8 @@ components:
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_notifications_default_triggers"></a> [notifications\_default\_triggers](#input\_notifications\_default\_triggers) | Default notification Triggers to configure.<br><br>See: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/790438efebf423c2d56cb4b93471f4adb3fcd448/charts/argo-cd/values.yaml#L2841) | `map(list(string))` | `{}` | no |
-| <a name="input_notifications_notifiers"></a> [notifications\_notifiers](#input\_notifications\_notifiers) | Notification Triggers to configure.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/triggers/<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/a0a74fb43d147073e41aadc3d88660b312d6d638/charts/argocd-notifications/values.yaml#L352) | <pre>object({<br>    ssm_path_prefix = optional(string, "/argocd/notifications/notifiers")<br>    service_github = optional(object({<br>      appID          = optional(number)<br>      installationID = optional(number)<br>      privateKey     = optional(string)<br>    }))<br>  })</pre> | `{}` | no |
-| <a name="input_notifications_templates"></a> [notifications\_templates](#input\_notifications\_templates) | Notification Templates to configure.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/templates/<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/a0a74fb43d147073e41aadc3d88660b312d6d638/charts/argocd-notifications/values.yaml#L158) | <pre>map(object({<br>    message = string<br>    alertmanager = optional(object({<br>      labels       = map(string)<br>      annotations  = map(string)<br>      generatorURL = string<br>    }))<br>    github = optional(object({<br>      status = object({<br>        state     = string<br>        label     = string<br>        targetURL = string<br>      })<br>    }))<br>  }))</pre> | `{}` | no |
+| <a name="input_notifications_notifiers"></a> [notifications\_notifiers](#input\_notifications\_notifiers) | Notification Triggers to configure.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/triggers/<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/a0a74fb43d147073e41aadc3d88660b312d6d638/charts/argocd-notifications/values.yaml#L352) | <pre>object({<br>    ssm_path_prefix = optional(string, "/argocd/notifications/notifiers")<br>    service_github = optional(object({<br>      appID          = number<br>      installationID = number<br>      privateKey     = optional(string)<br>    }))<br>    # service.webhook.<webhook-name>:<br>    service_webhook = optional(map(<br>      object({<br>        url = string<br>        headers = optional(list(<br>          object({<br>            name  = string<br>            value = string<br>          })<br>        ), [])<br>        basicAuth = optional(object({<br>          username = string<br>          password = string<br>        }))<br>        insecureSkipVerify = optional(bool, false)<br>      })<br>    ))<br>  })</pre> | `{}` | no |
+| <a name="input_notifications_templates"></a> [notifications\_templates](#input\_notifications\_templates) | Notification Templates to configure.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/templates/<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/a0a74fb43d147073e41aadc3d88660b312d6d638/charts/argocd-notifications/values.yaml#L158) | <pre>map(object({<br>    message = string<br>    alertmanager = optional(object({<br>      labels       = map(string)<br>      annotations  = map(string)<br>      generatorURL = string<br>    }))<br>    github = optional(object({<br>      status = object({<br>        state     = string<br>        label     = string<br>        targetURL = string<br>      })<br>    }))<br>    webhook = optional(map(<br>      object({<br>        method = optional(string)<br>        path   = optional(string)<br>        body   = optional(string)<br>      })<br>    ))<br>  }))</pre> | `{}` | no |
 | <a name="input_notifications_triggers"></a> [notifications\_triggers](#input\_notifications\_triggers) | Notification Triggers to configure.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/triggers/<br>See: [Example value in argocd-notifications Helm Chart](https://github.com/argoproj/argo-helm/blob/a0a74fb43d147073e41aadc3d88660b312d6d638/charts/argocd-notifications/values.yaml#L352) | <pre>map(list(<br>    object({<br>      oncePer = optional(string)<br>      send    = list(string)<br>      when    = string<br>    })<br>  ))</pre> | `{}` | no |
 | <a name="input_oidc_enabled"></a> [oidc\_enabled](#input\_oidc\_enabled) | Toggles OIDC integration in the deployed chart | `bool` | `false` | no |
 | <a name="input_oidc_issuer"></a> [oidc\_issuer](#input\_oidc\_issuer) | OIDC issuer URL | `string` | `""` | no |
diff --git a/src/main.tf b/src/main.tf
@@ -11,7 +11,7 @@ locals {
       github_deploy_key = data.aws_ssm_parameter.github_deploy_key[k].value
     }
   } : {}
-  credential_templates = flatten([
+  credential_templates = flatten(concat([
     for k, v in local.argocd_repositories : [
       {
         name  = "configs.credentialTemplates.${k}.url"
@@ -20,11 +20,22 @@ locals {
       },
       {
         name  = "configs.credentialTemplates.${k}.sshPrivateKey"
-        value = v.github_deploy_key
+        value = nonsensitive(v.github_deploy_key)
         type  = "string"
       },
     ]
-  ])
+    ],
+    [
+      for s, v in local.notifications_notifiers_ssm_configs : [
+        for k, i in v : [
+          {
+            name  = "notifications.secret.items.${s}_${k}"
+            value = i
+            type  = "string"
+          }
+        ]
+      ]
+  ]))
   regional_service_discovery_domain = "${module.this.environment}.${module.dns_gbl_delegated.outputs.default_domain_name}"
   host                              = var.host != "" ? var.host : format("%s.%s", coalesce(var.alb_name, var.name), local.regional_service_discovery_domain)
   enable_argo_workflows_auth        = local.saml_enabled && var.argo_enable_workflows_auth
@@ -94,26 +105,35 @@ data "aws_ssm_parameters_by_path" "argocd_notifications" {
 }
 
 locals {
-  notifications_notifiers_ssm_path = { for key, value in var.notifications_notifiers :
+  notifications_notifiers_ssm_path = { for key, value in local.notifications_notifiers_variables :
     key => format("%s/%s/", var.notifications_notifiers.ssm_path_prefix, key)
   }
 
   notifications_notifiers_ssm_configs = { for key, value in data.aws_ssm_parameters_by_path.argocd_notifications :
-    key => nonsensitive(zipmap(
+    key => zipmap(
       [for name in value.names : trimprefix(name, local.notifications_notifiers_ssm_path[key])],
       value.values
-    ))
+    )
   }
 
-  notifications_notifiers_variables = {
-    for key, value in var.notifications_notifiers :
-    key => { for param_name, param_value in value : param_name => param_value if param_value != null }
-    if key != "ssm_path_prefix"
+  notifications_notifiers_ssm_configs_keys = { for key, value in data.aws_ssm_parameters_by_path.argocd_notifications :
+    key => zipmap(
+      [for name in value.names : trimprefix(name, local.notifications_notifiers_ssm_path[key])],
+      [for name in value.names : format("$%s_%s", key, trimprefix(name, local.notifications_notifiers_ssm_path[key]))]
+    )
   }
 
+  notifications_notifiers_variables = merge({ for key, value in var.notifications_notifiers :
+    key => { for param_name, param_value in value : param_name => param_value if param_value != null }
+    if key != "ssm_path_prefix" && key != "service_webhook"
+    },
+    { for key, value in coalesce(var.notifications_notifiers.service_webhook, {}) :
+      format("service_webhook_%s", key) => { for param_name, param_value in value : param_name => param_value if param_value != null }
+  })
+
   notifications_notifiers = {
     for key, value in local.notifications_notifiers_variables :
-    replace(key, "_", ".") => yamlencode(merge(local.notifications_notifiers_ssm_configs[key], value))
+    replace(key, "_", ".") => yamlencode(merge(local.notifications_notifiers_ssm_configs_keys[key], value))
   }
 }
 
@@ -139,7 +159,7 @@ module "argocd" {
   service_account_name      = module.this.name
   service_account_namespace = var.kubernetes_namespace
 
-  set_sensitive = local.credential_templates
+  set_sensitive = nonsensitive(local.credential_templates)
 
   values = compact([
     # standard k8s object settings
diff --git a/src/variables-argocd-notifications.tf b/src/variables-argocd-notifications.tf
@@ -13,6 +13,13 @@ variable "notifications_templates" {
         targetURL = string
       })
     }))
+    webhook = optional(map(
+      object({
+        method = optional(string)
+        path   = optional(string)
+        body   = optional(string)
+      })
+    ))
   }))
   default     = {}
   description = <<-EOT
@@ -44,10 +51,27 @@ variable "notifications_notifiers" {
   type = object({
     ssm_path_prefix = optional(string, "/argocd/notifications/notifiers")
     service_github = optional(object({
-      appID          = optional(number)
-      installationID = optional(number)
+      appID          = number
+      installationID = number
       privateKey     = optional(string)
     }))
+    # service.webhook.<webhook-name>:
+    service_webhook = optional(map(
+      object({
+        url = string
+        headers = optional(list(
+          object({
+            name  = string
+            value = string
+          })
+        ), [])
+        basicAuth = optional(object({
+          username = string
+          password = string
+        }))
+        insecureSkipVerify = optional(bool, false)
+      })
+    ))
   })
   default     = {}
   description = <<-EOT
