3.0.0 release - configuration supports n of each ancillary ALB resource (#49)

Author: brandonjbjelland

.kitchen.yml

@@ -1,12 +1,10 @@
 ---
 driver:
   name: "terraform"
-  root_module_directory: "examples/test_fixtures"
+  root_module_directory: "examples/alb_test_fixture"
 
 provisioner:
   name: "terraform"
-  variable_files:
-    - "examples/test_fixtures/terraform.tfvars"
 
 platforms:
   - name: "aws"

.travis.yml

@@ -21,8 +21,8 @@ before_script:
   - export AWS_REGION=$(docker run --env AWS_DEFAULT_REGION=us-east-2 --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} garland/aws-cli-docker aws ec2 describe-regions --query 'Regions[].{Name:RegionName}' --output text | shuf | head -n1)
   - export TF_VAR_region=${AWS_REGION}
   - echo "using AWS_REGION=${AWS_REGION}"
-  - curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.2/terraform_0.11.2_linux_amd64.zip
-  - sha256sum terraform.zip  | grep "f728fa73ff2a4c4235a28de4019802531758c7c090b6ca4c024d48063ab8537b" -q
+  - curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.3/terraform_0.11.3_linux_amd64.zip
+  - sha256sum terraform.zip  | grep "6b8a7b83954597d36bbed23913dd51bc253906c612a070a21db373eab71b277b" -q
   - unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform
   - mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/
   - terraform -v
@@ -31,9 +31,9 @@ script:
   - echo 'script'
   - terraform init
   - terraform fmt -check=true
-  - terraform validate -var "region=${AWS_REGION}" -var "certificate_arn=arn:aws:iam::123456789012:server-certificate/test_cert-123456789012" -var "health_check_path=/" -var "subnets=[]" -var "vpc_id=vpc-abcde012" -var "alb_name=my-alb" -var "alb_security_groups=[]"
+  - terraform validate -var "region=${AWS_REGION}" -var "subnets=[]" -var "vpc_id=vpc-abcde012" -var "load_balancer_name=my-lb" -var "log_bucket_name=my-log-bucket" -var "load_balancer_security_groups=[]"
   - docker run --rm -v $(pwd):/app/ --workdir=/app/ -t wata727/tflint --error-with-issues
-  - cd examples/test_fixtures
+  - cd examples/alb_test_fixture
   - terraform init
   - terraform fmt -check=true
   - terraform validate

CHANGELOG.md

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
 project adheres to [Semantic Versioning](http://semver.org/).
 
+## [v3.0.0] - 2018-03-
+
+### Added
+
+* default values added for most target group and listener attributes.
+* new application load balancer attributes added as variables with defaults.
+* tests now covering listeners.
+
+### Changed
+
+* listeners and target groups now defined by lists of maps allowing many-to-many relationships of those resources.
+* listeners and target groups creation is now data driven through variables giving greater flexibility.
+* `name_prefix` used where possible to avoid naming conflicts in resource testing.
+* logging to S3 now made manditory and done outside the module as this is better practice.
+* terraform 0.11.3 now used in CI. 0.11.4 seems to have warnings on plan that become errors in CI.
+
 ## [v2.5.0] - 2018-03-07
 
 ### Added

README.md

@@ -9,11 +9,10 @@ Balancer (ALB) running over HTTP/HTTPS. Available through the [terraform registr
 
 ## Assumptions
 
-* You want to create a set of resources for the ALB: namely an associated target group and listener.
-* You've created a Virtual Private Cloud (VPC) + subnets where you intend to put this ALB.
+* You want to create a set of resources around an application load balancer: namely associated target groups and listeners.
+* You've created a Virtual Private Cloud (VPC) and subnets where you intend to put this ALB.
 * You have one or more security groups to attach to the ALB.
-* You want to configure a listener for HTTPS/HTTP.
-* You've uploaded an SSL certificate to AWS IAM if using HTTPS.
+* Additionally, if you plan to use an HTTPS listener, the ARN of an SSL certificate is required.
 
 The module supports both (mutually exclusive):
 
@@ -27,49 +26,51 @@ It's recommended you use this module with [terraform-aws-vpc](https://registry.t
 ## Why ALB instead of ELB
 
 The use-case presented here appears almost identical to how one would use an ELB
-but we inherit a few bonuses by moving to ALB. Those are best outlined in [AWS's
-documentation](https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/).
-For an example of using ALB with ECS look no further than the [hashicorp example](https://github.com/terraform-providers/terraform-provider-aws/blob/master/examples/ecs-alb).
+but we inherit a few bonuses by moving to ALB like the ability to leverage WAF.
+[AWS's documentation](https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/) has a more
+exhastive set of reasons. Alternatively, if using ALB with ECS look no further than
+the [hashicorp example](https://github.com/terraform-providers/terraform-provider-aws/blob/master/examples/ecs-alb).
 
 ## Resources, inputs, outputs
 
 [Resources](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=resources), [inputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=inputs), and [outputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=outputs) documented in the terraform registry.
 
 ## Usage example
 
-A full example leveraging other community modules is contained in the [examples/test_fixtures directory](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/test_fixtures). Here's the gist of using it via the Terraform registry:
+A full example leveraging other community modules is contained in the [examples/alb_test_fixture directory](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/alb_test_fixture). Here's the gist of using it via the Terraform registry:
 
 ```hcl
 module "alb" {
   source                        = "terraform-aws-modules/alb/aws"
-  alb_name                      = "my-alb"
-  alb_protocols                 = ["HTTPS"]
-  alb_security_groups           = ["sg-edcd9784", "sg-edcd9785"]
-  certificate_arn               = "arn:aws:iam::123456789012:server-certificate/test_cert-123456789012"
-  create_log_bucket             = true
-  enable_logging                = true
-  health_check_path             = "/"
+  load_balancer_name            = "my-alb"
+  load_balancer_security_groups = ["sg-edcd9784", "sg-edcd9785"]
   log_bucket_name               = "logs-us-east-2-123456789012"
   log_location_prefix           = "my-alb-logs"
-  subnets                       = ["subnet-abcde012", "subnet-bcde012a"]
+  subnets                       = ["subnet-abcde012", subnet-bcde012a"]
   tags                          = "${map("Environment", "test")}"
   vpc_id                        = "vpc-abcde012"
+  https_listeners               = "${list(map("certificate_arn", "arn:aws:iam::123456789012:server-certificate/test_cert-123456789012", "port", 443))}"
+  https_listeners_count         = "1"
+  target_groups                 = "${list(map("name", "foo", "backend_protocol", "HTTP", "backend_port", "80"))}"
+  http_tcp_listeners_count      = "1"
+  http_tcp_listeners            = "${list(map("port", "80", "protocol", "HTTP"))}"
+  target_groups_count           = "1"
 }
 ```
 
 ## Testing
 
-This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through test kitchen. To run them:
+This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through [kitchen](https://kitchen.ci/) and [kitchen-terraform](https://newcontext-oss.github.io/kitchen-terraform/). To run them:
 
 1. Install [rvm](https://rvm.io/rvm/install) and the ruby version specified in the [Gemfile](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/Gemfile).
-1. Install bundler and the gems from our Gemfile:
+2. Install bundler and the gems from our Gemfile:
 
-```bash
-gem install bundler && bundle install
-```
+    ```bash
+    gem install bundler && bundle install
+    ```
 
-1. Ensure your AWS environment is configured (i.e. credentials and region) for test and set TF_VAR_region to a valid AWS region (e.g. `export TF_VAR_region=${AWS_REGION}`).
-1. Test using `kitchen test` from the root of the repo.
+3. Ensure your AWS environment is configured (i.e. credentials and region) for test and set TF_VAR_region to a valid AWS region (e.g. `export TF_VAR_region=${AWS_REGION}`).
+4. Test using `bundle exec kitchen test` from the root of the repo.
 
 ## Contributing
 
@@ -79,15 +80,15 @@ Pull requests are welcome! Ideally create a feature branch and issue for every
 individual change made. These are the steps:
 
 1. Fork the repo to a personal space or org.
-1. Create your feature branch from master (`git checkout -b my-new-feature`).
-1. Commit your awesome changes (`git commit -am 'Added some feature'`).
-1. Push to the branch (`git push origin my-new-feature`).
-1. Create a new Pull Request and tell us about your changes.
+2. Create your feature branch from master (`git checkout -b my-new-feature`).
+3. Commit your awesome changes (`git commit -am 'Added some feature'`).
+4. Push to the branch (`git push origin my-new-feature`).
+5. Create a new Pull Request and tell us about your changes.
 
 ## IAM Permissions
 
 Testing and using this repo requires a minimum set of IAM permissions. Test permissions
-are listed in the [test_fixtures README](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/test_fixtures/README.md).
+are listed in the [alb_test_fixture README](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/alb_test_fixture/README.md).
 
 ## Change log
 

examples/test_fixtures/README.md renamed to examples/alb_test_fixture/README.md

@@ -1,4 +1,4 @@
-# test_fixtures example
+# alb_test_fixture example
 
 This set of templates serves two purposes:
 

examples/test_fixtures/certs/example.crt.pem renamed to examples/alb_test_fixture/certs/example.crt.pem

@@ -1,12 +1,16 @@
 data "aws_caller_identity" "current" {}
 
+data "aws_availability_zones" "available" {}
+
+data "aws_region" "current" {}
+
 data "aws_elb_service_account" "main" {}
 
 data "aws_iam_policy_document" "bucket_policy" {
   statement {
     sid       = "AllowToPutLoadBalancerLogsToS3Bucket"
     actions   = ["s3:PutObject"]
-    resources = ["arn:aws:s3:::${var.log_bucket_name}/${var.log_location_prefix == "" ? "" : format("%s/", var.log_location_prefix)}AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
+    resources = ["arn:aws:s3:::${local.log_bucket_name}/${var.log_location_prefix}/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
 
     principals {
       type        = "AWS"

examples/test_fixtures/certs/example.key.pem renamed to examples/alb_test_fixture/certs/example.key.pem

@@ -0,0 +1,50 @@
+locals {
+  tags                  = "${map("Environment", "test", "GithubRepo", "tf-aws-alb", "GithubOrg", "terraform-aws-modules", "Workspace", "${terraform.workspace}")}"
+  log_bucket_name       = "${var.log_bucket_name}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
+  https_listeners_count = 2
+
+  https_listeners = "${list(
+                            map(
+                                "certificate_arn", aws_iam_server_certificate.fixture_cert.arn,
+                                "port", 443
+                            ),
+                            map(
+                                "certificate_arn", aws_iam_server_certificate.fixture_cert.arn,
+                                "port", 8443,
+                                "ssl_policy", "ELBSecurityPolicy-TLS-1-2-2017-01",
+                                "target_group_index", 1
+                            )
+  )}"
+
+  http_tcp_listeners_count = 3
+
+  http_tcp_listeners = "${list(
+                            map(
+                                "port", 80,
+                                "protocol", "HTTP"
+                            ),
+                            map(
+                                "port", 8080,
+                                "protocol", "HTTP",
+                                "target_group_index", 0
+                            ),
+                            map(
+                                "port", 8081,
+                                "protocol", "HTTP",
+                                "target_group_index", 1
+                            )
+    )}"
+
+  target_groups_count = 2
+
+  target_groups = "${list(
+                        map("name", "foo",
+                            "backend_protocol", "HTTP",
+                            "backend_port", 80
+                        ),
+                        map("name", "bar",
+                            "backend_protocol", "HTTP",
+                            "backend_port", 8080
+                        )
+  )}"
+}

data.tf renamed to examples/alb_test_fixture/data.tf

@@ -0,0 +1,72 @@
+terraform {
+  required_version = ">= 0.11.3"
+}
+
+provider "aws" {
+  version = ">= 1.10.0"
+  region  = "${var.region}"
+}
+
+resource "aws_iam_server_certificate" "fixture_cert" {
+  name             = "test_cert-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
+  certificate_body = "${file("${path.module}/../../examples/alb_test_fixture/certs/example.crt.pem")}"
+  private_key      = "${file("${path.module}/../../examples/alb_test_fixture/certs/example.key.pem")}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_s3_bucket" "log_bucket" {
+  bucket        = "${local.log_bucket_name}"
+  policy        = "${data.aws_iam_policy_document.bucket_policy.json}"
+  force_destroy = true
+  tags          = "${local.tags}"
+
+  lifecycle_rule {
+    id      = "log-expiration"
+    enabled = "true"
+
+    expiration {
+      days = "7"
+    }
+  }
+}
+
+module "vpc" {
+  source             = "terraform-aws-modules/vpc/aws"
+  version            = "1.14.0"
+  name               = "test-vpc"
+  cidr               = "10.0.0.0/16"
+  azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}"]
+  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24"]
+  public_subnets     = ["10.0.3.0/24", "10.0.4.0/24"]
+  enable_nat_gateway = true
+  single_nat_gateway = true
+  tags               = "${local.tags}"
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "1.12.0"
+  name    = "test-sg-https"
+  vpc_id  = "${module.vpc.vpc_id}"
+  tags    = "${local.tags}"
+}
+
+module "alb" {
+  source                        = "../.."
+  load_balancer_name            = "test-alb"
+  load_balancer_security_groups = ["${module.security_group.this_security_group_id}"]
+  log_bucket_name               = "${aws_s3_bucket.log_bucket.id}"
+  log_location_prefix           = "${var.log_location_prefix}"
+  subnets                       = "${module.vpc.public_subnets}"
+  tags                          = "${local.tags}"
+  vpc_id                        = "${module.vpc.vpc_id}"
+  https_listeners               = "${local.https_listeners}"
+  https_listeners_count         = "${local.https_listeners_count}"
+  http_tcp_listeners            = "${local.http_tcp_listeners}"
+  http_tcp_listeners_count      = "${local.http_tcp_listeners_count}"
+  target_groups                 = "${local.target_groups}"
+  target_groups_count           = "${local.target_groups_count}"
+}