Added an S3 cache, so that the buildspec.yml can use cache and dynamic environment vars. (#16)

* Added s3 caching option, with autodelete cache

* Added s3 caching option, with autodelete cache

* Added s3 caching option, with autodelete cache

* fixed error on conditional cache usage

* Updated the cache_enabled option for clarity
Added the ability to dynamically add environment variables.
Set the s3 bucket to only create if the cache is enabled
Added a null provider verion to remove the warning.
Added a random provider with version to remove warning.
Added a random string generator to append to bucket names to add uniqueness, lowering the chance of bucket name conflicts

* removed build harness file

* updated the environment_variables to use a default list containing a map. When it was empty, it caused an error

* Fixed formatting for lint

* updated variable description

* fixed format

* fixed source of label module

* fixed source of label module

* fixed source of label module

* set label to use terraform-null-label

* Switched to a tagged release of terraform-terraform-label

* added git:: to source

* moved provider section out of module, and added a section to README to make users aware of the providers used, nd how to squash the warning

Author: Jamie-BitFlight

README.md

@@ -1,3 +1,4 @@
+
 # terraform-aws-codebuild [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-codebuild.svg)](https://travis-ci.org/cloudposse/terraform-aws-codebuild)
 
 Terraform module to create AWS CodeBuild project for AWS CodePipeline
@@ -13,7 +14,7 @@ module "build" {
     name                = "ci"
     stage               = "staging"
     
-    # http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html
+    # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     build_image         = "aws/codebuild/docker:1.12.1"
     build_compute_type  = "BUILD_GENERAL1_SMALL"
     
@@ -27,36 +28,68 @@ module "build" {
     aws_account_id      = "xxxxxxxxxx"
     image_repo_name     = "ecr-repo-name"
     image_tag           = "latest"
+
+    # Optional extra environment variables
+    environment_variables = [{
+        name  = "JENKINS_URL"
+        value = "https://jenkins.example.com"
+      },
+      {
+        name  = "COMPANY_NAME"
+        value = "Amazon"
+      },
+      {
+        name = "TIME_ZONE"
+        value = "Pacific/Auckland"
+
+      }]
 }
 ```
 
+## To hide warnings about unset versions in providers
+Add this in your .tf files
 
-## Input
+```
+provider "random" {
+  version = "~> 1.0"
+}
 
-| Name                | Default                      | Description                                                                                                                                          |
-|:--------------------|:----------------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| namespace           | global                       | Namespace                                                                                                                                            |
-| stage               | default                      | Stage                                                                                                                                                |
-| name                | codebuild                    | Name                                                                                                                                                 |
-| build_image         | aws/codebuild/docker:1.12.1  | Docker image for build environment, _e.g._ `aws/codebuild/docker:1.12.1` or `aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0`                    |
-| build_compute_type  | BUILD_GENERAL1_SMALL         | `CodeBuild` instance size.  Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE```                   |
-| buildspec           | ""                           | (Optional) `buildspec` declaration to use for building the project                                                                                   |
-| privileged_mode     | ""                           | (Optional) If set to true, enables running the Docker daemon inside a Docker container on the `CodeBuild` instance. Used when building Docker images |
-| aws_region          | ""                           | (Optional) AWS Region, _e.g._ `us-east-1`. Used as `CodeBuild` ENV variable when building Docker images                                              |
-| aws_account_id      | ""                           | (Optional) AWS Account ID. Used as `CodeBuild` ENV variable when building Docker images                                                              |
-| image_repo_name     | "UNSET"                      | (Optional) ECR repository name to store the Docker image built by this module. Used as `CodeBuild` ENV variable when building Docker images          |
-| image_tag           | "latest"                     | (Optional) Docker image tag in the ECR repository, _e.g._ `latest`. Used as `CodeBuild` ENV variable when building Docker images                     |
-| github_token        | ""                           | (Optional) GitHub auth token environment variable (`GITHUB_TOKEN`)                                                                                     |
+provider "null" {
+  version = "~> 1.0"
+}
+```
 
+## Input
+
+| Name                  | Default                      | Description                                                                                                                                          |
+|:----------------------|:----------------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| namespace             | global                       | Namespace                                                                                                                                            |
+| stage                 | default                      | Stage                                                                                                                                                |
+| name                  | codebuild                    | Name                                                                                                                                                 |
+| build_image           | aws/codebuild/docker:1.12.1  | Docker image for build environment, _e.g._ `aws/codebuild/docker:1.12.1` or `aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0` (use `aws codebuild list-curated-environment-images` to get full list)                   |
+| build_compute_type    | BUILD_GENERAL1_SMALL         | `CodeBuild` instance size.  Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE```                   |
+| buildspec             | ""                           | (Optional) `buildspec` declaration to use for building the project                                                                                   |
+| privileged_mode       | ""                           | (Optional) If set to true, enables running the Docker daemon inside a Docker container on the `CodeBuild` instance. Used when building Docker images |
+| aws_region            | ""                           | (Optional) AWS Region, _e.g._ `us-east-1`. Used as `CodeBuild` ENV variable when building Docker images                                              |
+| aws_account_id        | ""                           | (Optional) AWS Account ID. Used as `CodeBuild` ENV variable when building Docker images                                                              |
+| image_repo_name       | "UNSET"                      | (Optional) ECR repository name to store the Docker image built by this module. Used as `CodeBuild` ENV variable when building Docker images          |
+| image_tag             | "latest"                     | (Optional) Docker image tag in the ECR repository, _e.g._ `latest`. Used as `CodeBuild` ENV variable when building Docker images                     |
+| github_token          | ""                           | (Optional) GitHub auth token environment variable (`GITHUB_TOKEN`)                                                                                     |
+| cache_enabled         | "true"                       | (Optional) Creates an S3 bucket, with permissions which allow [CodeBuild to store cache objects](https://aws.amazon.com/blogs/devops/how-to-enable-caching-for-aws-codebuild/) |
+| cache_expiration_days | "7"                          | (Optional) Sets S3 policy to expire objects after X days.                                   |
+| cache_bucket_suffix_enabled | "true" | (Optional) Generates an optional 13 character bucket suffix, to help ensure that the bucket will be globally unique |
+| environment_variables | [] | (Optional) A list of maps that contain both "name" and "value" keys for adding additional environment variables at build time |
 
 
 ## Output
 
-| Name         | Decription             |
-|:-------------|:-----------------------|
-| project_name | CodeBuild project name |
-| project_id   | CodeBuild project ARN  |
-| role_arn     | IAM Role ARN           |
+| Name                  | Decription                |
+|:----------------------|:--------------------------|
+| project_name          | CodeBuild project name    |
+| project_id            | CodeBuild project ARN     |
+| role_arn              | IAM Role ARN              |
+| cache_bucket_name     | Name of s3 caching bucket |
+
 
 
 ## License

main.tf

@@ -4,7 +4,7 @@ data "aws_region" "default" {}
 
 # Define composite variables for resources
 module "label" {
-  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.1"
+  source     = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.1.0"
   namespace  = "${var.namespace}"
   name       = "${var.name}"
   stage      = "${var.stage}"
@@ -13,6 +13,57 @@ module "label" {
   tags       = "${var.tags}"
 }
 
+resource "aws_s3_bucket" "cache_bucket" {
+  count         = "${var.cache_enabled == "true" ? 1 : 0}"
+  bucket        = "${local.cache_bucket_name_normalised}"
+  acl           = "private"
+  force_destroy = true
+  tags          = "${module.label.tags}"
+
+  lifecycle_rule {
+    id      = "codebuildcache"
+    enabled = true
+
+    prefix = "/"
+    tags   = "${module.label.tags}"
+
+    expiration {
+      days = "${var.cache_expiration_days}"
+    }
+  }
+}
+
+resource "random_string" "bucket_prefix" {
+  length  = 12
+  number  = false
+  upper   = false
+  special = false
+  lower   = true
+}
+
+locals {
+  cache_bucket_name = "${module.label.id}${var.cache_bucket_suffix_enabled == "true" ? "-${random_string.bucket_prefix.result}" : "" }"
+
+  ## Clean up the bucket name to use only hyphens, and trim its length to 63 characters.
+  ## As per https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
+  cache_bucket_name_normalised = "${substr(join("-", split("_", lower(local.cache_bucket_name))), 0, min(length(local.cache_bucket_name),63))}"
+
+  ## This is the magic where a map of a list of maps is generated
+  ## and used to conditionally add the cache bucket option to the 
+  ## aws_codebuild_project
+  cache_def = {
+    "true" = [{
+      type     = "S3"
+      location = "${var.cache_enabled == "true" ? aws_s3_bucket.cache_bucket.0.bucket : "none" }"
+    }]
+
+    "false" = []
+  }
+
+  # Final Map Selected from above
+  cache = "${local.cache_def[var.cache_enabled]}"
+}
+
 resource "aws_iam_role" "default" {
   name               = "${module.label.id}"
   assume_role_policy = "${data.aws_iam_policy_document.role.json}"
@@ -41,6 +92,13 @@ resource "aws_iam_policy" "default" {
   policy = "${data.aws_iam_policy_document.permissions.json}"
 }
 
+resource "aws_iam_policy" "default_cache_bucket" {
+  count  = "${var.cache_enabled == "true" ? 1 : 0}"
+  name   = "${module.label.id}-cache-bucket"
+  path   = "/service-role/"
+  policy = "${data.aws_iam_policy_document.permissions_cache_bucket.json}"
+}
+
 data "aws_iam_policy_document" "permissions" {
   statement {
     sid = ""
@@ -65,11 +123,34 @@ data "aws_iam_policy_document" "permissions" {
   }
 }
 
+data "aws_iam_policy_document" "permissions_cache_bucket" {
+  statement {
+    sid = ""
+
+    actions = [
+      "s3:*",
+    ]
+
+    effect = "Allow"
+
+    resources = [
+      "${aws_s3_bucket.cache_bucket.arn}",
+      "${aws_s3_bucket.cache_bucket.arn}/*",
+    ]
+  }
+}
+
 resource "aws_iam_role_policy_attachment" "default" {
   policy_arn = "${aws_iam_policy.default.arn}"
   role       = "${aws_iam_role.default.id}"
 }
 
+resource "aws_iam_role_policy_attachment" "default_cache_bucket" {
+  count      = "${var.cache_enabled == "true" ? 1 : 0}"
+  policy_arn = "${element(aws_iam_policy.default_cache_bucket.*.arn, count.index)}"
+  role       = "${aws_iam_role.default.id}"
+}
+
 resource "aws_codebuild_project" "default" {
   name         = "${module.label.id}"
   service_role = "${aws_iam_role.default.arn}"
@@ -78,41 +159,41 @@ resource "aws_codebuild_project" "default" {
     type = "CODEPIPELINE"
   }
 
+  # The cache as a list with a map object inside.
+  cache = ["${local.cache}"]
+
   environment {
     compute_type    = "${var.build_compute_type}"
     image           = "${var.build_image}"
     type            = "LINUX_CONTAINER"
     privileged_mode = "${var.privileged_mode}"
 
-    environment_variable {
+    environment_variable = [{
       "name"  = "AWS_REGION"
       "value" = "${signum(length(var.aws_region)) == 1 ? var.aws_region : data.aws_region.default.name}"
-    }
-
-    environment_variable {
-      "name"  = "AWS_ACCOUNT_ID"
-      "value" = "${signum(length(var.aws_account_id)) == 1 ? var.aws_account_id : data.aws_caller_identity.default.account_id}"
-    }
-
-    environment_variable {
-      "name"  = "IMAGE_REPO_NAME"
-      "value" = "${signum(length(var.image_repo_name)) == 1 ? var.image_repo_name : "UNSET"}"
-    }
-
-    environment_variable {
-      "name"  = "IMAGE_TAG"
-      "value" = "${signum(length(var.image_tag)) == 1 ? var.image_tag : "latest"}"
-    }
-
-    environment_variable {
-      "name"  = "STAGE"
-      "value" = "${var.stage}"
-    }
-
-    environment_variable {
-      "name"  = "GITHUB_TOKEN"
-      "value" = "${var.github_token}"
-    }
+    },
+      {
+        "name"  = "AWS_ACCOUNT_ID"
+        "value" = "${signum(length(var.aws_account_id)) == 1 ? var.aws_account_id : data.aws_caller_identity.default.account_id}"
+      },
+      {
+        "name"  = "IMAGE_REPO_NAME"
+        "value" = "${signum(length(var.image_repo_name)) == 1 ? var.image_repo_name : "UNSET"}"
+      },
+      {
+        "name"  = "IMAGE_TAG"
+        "value" = "${signum(length(var.image_tag)) == 1 ? var.image_tag : "latest"}"
+      },
+      {
+        "name"  = "STAGE"
+        "value" = "${signum(length(var.stage)) == 1 ? var.stage : "UNSET"}"
+      },
+      {
+        "name"  = "GITHUB_TOKEN"
+        "value" = "${signum(length(var.github_token)) == 1 ? var.github_token : "UNSET"}"
+      },
+      "${var.environment_variables}",
+    ]
   }
 
   source {

outputs.tf

@@ -9,3 +9,7 @@ output "project_id" {
 output "role_arn" {
   value = "${aws_iam_role.default.id}"
 }
+
+output "cache_bucket_name" {
+  value = "${var.cache_enabled == "true" ? aws_s3_bucket.cache_bucket.0.bucket : "UNSET" }"
+}

variables.tf

@@ -10,6 +10,32 @@ variable "name" {
   default = "codebuild"
 }
 
+variable "environment_variables" {
+  type = "list"
+
+  default = [{
+    "name"  = "NO_ADDITIONAL_BUILD_VARS"
+    "value" = "TRUE"
+  }]
+
+  description = "A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build."
+}
+
+variable "cache_enabled" {
+  default     = "true"
+  description = "If cache_enabled is true, create an S3 bucket for storing codebuild cache inside"
+}
+
+variable "cache_expiration_days" {
+  default     = "7"
+  description = "How many days should the build cache be kept."
+}
+
+variable "cache_bucket_suffix_enabled" {
+  default     = "true"
+  description = "The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value"
+}
+
 variable "build_image" {
   default     = "aws/codebuild/docker:1.12.1"
   description = "Docker image for build environment, e.g. 'aws/codebuild/docker:1.12.1' or 'aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0'. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html"