Merge branch 'main' into account-map-component-brownfield

cloudposse · Feb 5, 2024 · 3bfb92f · 3bfb92f
2 parents 7e96938 + 942548e
commit 3bfb92f
Show file tree

Hide file tree

Showing 225 changed files with 7,321 additions and 384 deletions.
diff --git a/.github/banner.png b/.github/banner.png
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
@@ -11,16 +11,8 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      # Get PR from merged commit to master
-      - uses: actions-ecosystem/action-get-merged-pull-request@v1
-        id: get-merged-pull-request
+      - uses: cloudposse/github-action-auto-release@v1
         with:
-          github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
-      # Drafts your next Release notes as Pull Requests are merged into "main"
-      - uses: release-drafter/release-drafter@v5
-        with:
-          publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
           prerelease: false
+          publish: true
           config-name: auto-release.yml
-        env:
-          GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml
@@ -16,7 +16,7 @@ jobs:
       BATS_SUBMODULE_TESTS: input-descriptions lint output-descriptions
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -32,7 +32,7 @@ jobs:
         HEAD_REF: ${{ github.head_ref }}
       run: |
         # when running in test-harness, need to mark the directory safe for git operations
-        make safe-directory
+        make git-safe-directory
         MODIFIED_MODULES=($(git diff --name-only origin/${BASE_REF} origin/${HEAD_REF} | xargs -n 1 dirname | sort | uniq | grep ^modules/ || true))
         if [ -z "$MODIFIED_MODULES" ]; then
             echo "No modules changed in this PR. Skipping tests."

diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2018-2023 Cloud Posse, LLC
+   Copyright 2018-2024 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
@@ -1,11 +1,9 @@
 
 <!-- markdownlint-disable -->
-# terraform-aws-components [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-components.svg)](https://github.com/cloudposse/terraform-aws-components/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
+[![Project Banner](.github/banner.png?raw=true)](https://cpco.io/homepage)
+ [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-components.svg)](https://github.com/cloudposse/terraform-aws-components/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
 <!-- markdownlint-restore -->
 
-[![README Header][readme_header_img]][readme_header_link]
-
-[![Cloud Posse][logo]](https://cpco.io/homepage)
 
 <!--
 
@@ -30,22 +28,15 @@
 
 This is a collection of reusable Terraform components for provisioning infrastructure used by the Cloud Posse [reference architectures](https://cloudposse.com).
 
----
-
-This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
-
-
-It's 100% Open Source and licensed under the [APACHE2](LICENSE).
-
-
-
-
-
-
-
-
 
+---
+> [!NOTE]
+> This project is part of Cloud Posse's comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
+>
+> It's 100% Open Source and licensed under the [APACHE2](LICENSE).
+>
 
+[![README Header][readme_header_img]][readme_header_link]
 
 
 ## Introduction
@@ -143,7 +134,7 @@ Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-compo
 
 ### 💻 Developing
 
-If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email].
+If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with Cloud Posse's other projects, we would love to hear from you! Shoot us an [email][email].
 
 In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
@@ -221,7 +212,7 @@ under the License.
 
 All other trademarks referenced herein are the property of their respective owners.
 ---
-Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2024 [Cloud Posse, LLC](https://cpco.io/copyright)
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
 <!-- markdownlint-disable -->

diff --git a/modules/account-map/README.md b/modules/account-map/README.md
@@ -152,6 +152,6 @@ components:
 
 ## References
 
-- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/account-map) - Cloud Posse's upstream component
+- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/account-map) - Cloud Posse's upstream component
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/account-settings/README.md b/modules/account-settings/README.md
@@ -140,6 +140,6 @@ components:
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/account-settings) - Cloud Posse's upstream component
+* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/account-settings) - Cloud Posse's upstream component
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/account/README.md b/modules/account/README.md
@@ -424,6 +424,6 @@ atmos terraform apply account --stack gbl-root
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/account) - Cloud Posse's upstream component
+* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/account) - Cloud Posse's upstream component
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/acm/README.md b/modules/acm/README.md
@@ -132,6 +132,6 @@ components:
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/acm) - Cloud Posse's upstream component
+* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/acm) - Cloud Posse's upstream component
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/alb/README.md b/modules/alb/README.md
@@ -128,7 +128,7 @@ No resources.
 
 
 ## References
-* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/alb) - Cloud Posse's upstream component
+* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/alb) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/api-gateway-account-settings/README.md b/modules/api-gateway-account-settings/README.md
@@ -79,7 +79,7 @@ No resources.
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/api-gateway-settings) - Cloud Posse's upstream component
+- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/api-gateway-settings) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/api-gateway-rest-api/README.md b/modules/api-gateway-rest-api/README.md
@@ -120,7 +120,7 @@ components:
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/TODO) - Cloud Posse's upstream component
+- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/TODO) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/argocd-repo/README.md b/modules/argocd-repo/README.md
@@ -140,6 +140,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 | <a name="input_github_base_url"></a> [github\_base\_url](#input\_github\_base\_url) | This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/` | `string` | `null` | no |
 | <a name="input_github_codeowner_teams"></a> [github\_codeowner\_teams](#input\_github\_codeowner\_teams) | List of teams to use when populating the CODEOWNERS file.<br><br>For example: `["@ACME/cloud-admins", "@ACME/cloud-developers"]`. | `list(string)` | n/a | yes |
 | <a name="input_github_default_notifications_enabled"></a> [github\_default\_notifications\_enabled](#input\_github\_default\_notifications\_enabled) | Enable default GitHub commit statuses notifications (required for CD sync mode) | `string` | `true` | no |
+| <a name="input_github_notifications"></a> [github\_notifications](#input\_github\_notifications) | ArgoCD notification annotations for subscribing to GitHub.<br><br>    The default value given uses the same notification template names as defined in the `eks/argocd` component. If want to add additional notifications, include any existing notifications from this list that you want to keep in addition. | `list(string)` | <pre>[<br>  "notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: \"\"",<br>  "notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: \"\"",<br>  "notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: \"\"",<br>  "notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: \"\"",<br>  "notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: \"\"",<br>  "notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: \"\""<br>]</pre> | no |
 | <a name="input_github_organization"></a> [github\_organization](#input\_github\_organization) | GitHub Organization | `string` | n/a | yes |
 | <a name="input_github_token_override"></a> [github\_token\_override](#input\_github\_token\_override) | Use the value of this variable as the GitHub token instead of reading it from SSM | `string` | `null` | no |
 | <a name="input_github_user"></a> [github\_user](#input\_github\_user) | Github user | `string` | n/a | yes |
@@ -150,6 +151,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
+| <a name="input_manifest_kubernetes_namespace"></a> [manifest\_kubernetes\_namespace](#input\_manifest\_kubernetes\_namespace) | The namespace used for the ArgoCD application | `string` | `"argocd"` | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_permissions"></a> [permissions](#input\_permissions) | A list of Repository Permission objects used to configure the team permissions of the repository<br><br>`team_slug` should be the name of the team without the `@{org}` e.g. `@cloudposse/team` => `team`<br>`permission` is just one of the available values listed below | <pre>list(object({<br>    team_slug  = string,<br>    permission = string<br>  }))</pre> | `[]` | no |
@@ -170,6 +172,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 |------|-------------|
 | <a name="output_deploy_keys_ssm_path_format"></a> [deploy\_keys\_ssm\_path\_format](#output\_deploy\_keys\_ssm\_path\_format) | SSM Parameter Store path format for the repository's deploy keys |
 | <a name="output_deploy_keys_ssm_paths"></a> [deploy\_keys\_ssm\_paths](#output\_deploy\_keys\_ssm\_paths) | SSM Parameter Store paths for the repository's deploy keys |
+| <a name="output_repository"></a> [repository](#output\_repository) | Repository name |
 | <a name="output_repository_default_branch"></a> [repository\_default\_branch](#output\_repository\_default\_branch) | Repository default branch |
 | <a name="output_repository_description"></a> [repository\_description](#output\_repository\_description) | Repository description |
 | <a name="output_repository_git_clone_url"></a> [repository\_git\_clone\_url](#output\_repository\_git\_clone\_url) | Repository git clone URL |
@@ -179,7 +182,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 
 
 ## References
-  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/argocd-repo) - Cloud Posse's upstream component
+  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/argocd-repo) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/argocd-repo/applicationset.tf b/modules/argocd-repo/applicationset.tf
@@ -1,3 +1,8 @@
+locals {
+  github_default_notifications_enabled = local.enabled && var.github_default_notifications_enabled
+  github_notifications                 = local.github_default_notifications_enabled ? var.github_notifications : []
+}
+
 resource "github_repository_file" "application_set" {
   for_each = local.environments
 
@@ -11,7 +16,7 @@ resource "github_repository_file" "application_set" {
     name                        = module.this.namespace
     namespace                   = local.manifest_kubernetes_namespace
     ssh_url                     = local.github_repository.ssh_clone_url
-    notifications               = var.github_default_notifications_enabled
+    notifications               = local.github_notifications
     slack_notifications_channel = var.slack_notifications_channel
   })
   commit_message      = "Initialize environment: `${each.key}`."

diff --git a/modules/argocd-repo/main.tf b/modules/argocd-repo/main.tf
@@ -12,7 +12,7 @@ locals {
     )) => env
   } : {}
 
-  manifest_kubernetes_namespace = "argocd"
+  manifest_kubernetes_namespace = var.manifest_kubernetes_namespace
 
   team_slugs = toset(compact([
     for permission in var.permissions : lookup(permission, "team_slug", null)
@@ -115,7 +115,7 @@ resource "github_repository_deploy_key" "default" {
   for_each = local.environments
 
   title      = "Deploy key for ArgoCD environment: ${each.key} (${local.github_repository.default_branch} branch)"
-  repository = join("", github_repository.default[*].name)
+  repository = local.github_repository.name
   key        = tls_private_key.default[each.key].public_key_openssh
   read_only  = true
 }
diff --git a/modules/argocd-repo/outputs.tf b/modules/argocd-repo/outputs.tf
@@ -8,6 +8,11 @@ output "deploy_keys_ssm_path_format" {
   value       = local.enabled ? var.ssm_github_deploy_key_format : null
 }
 
+output "repository" {
+  description = "Repository name"
+  value       = local.enabled && var.create_repo ? module.this.name : var.name
+}
+
 output "repository_description" {
   description = "Repository description"
   value       = local.github_repository.description

diff --git a/modules/argocd-repo/templates/applicationset.yaml.tpl b/modules/argocd-repo/templates/applicationset.yaml.tpl
@@ -48,14 +48,9 @@ spec:
         app_repository: '{{app_repository}}'
         app_commit: '{{app_commit}}'
         app_hostname: 'https://{{app_hostname}}'
-%{if notifications ~}
-        notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: ""
-        notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: ""
-        notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: ""
-        notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: ""
-        notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: ""
-        notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: ""
-%{ endif ~}
+%{for noti in notifications ~}
+        ${noti}
+%{ endfor ~}
 %{if length(slack_notifications_channel) > 0 ~}
         notifications.argoproj.io/subscribe.on-created.slack: ${slack_notifications_channel}
         notifications.argoproj.io/subscribe.on-deleted.slack: ${slack_notifications_channel}

diff --git a/modules/argocd-repo/variables.tf b/modules/argocd-repo/variables.tf
@@ -156,3 +156,26 @@ variable "slack_notifications_channel" {
   default     = ""
   description = "If given, the Slack channel to for deployment notifications."
 }
+
+variable "manifest_kubernetes_namespace" {
+  type        = string
+  default     = "argocd"
+  description = "The namespace used for the ArgoCD application"
+}
+
+variable "github_notifications" {
+  type = list(string)
+  default = [
+    "notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: \"\"",
+    "notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: \"\"",
+    "notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: \"\"",
+    "notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: \"\"",
+    "notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: \"\"",
+    "notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: \"\"",
+  ]
+  description = <<EOT
+    ArgoCD notification annotations for subscribing to GitHub.
+
+    The default value given uses the same notification template names as defined in the `eks/argocd` component. If want to add additional notifications, include any existing notifications from this list that you want to keep in addition.
+  EOT
+}
diff --git a/modules/athena/README.md b/modules/athena/README.md
@@ -197,7 +197,7 @@ component
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## References
-* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/athena) - Cloud Posse's upstream component
+* [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/athena) - Cloud Posse's upstream component
 * [Querying AWS CloudTrail logs with AWS Athena](https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html)
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)