Merge pull request #1 from avlcloudtechnologies/initial

aurimasmick · web-flow · commit 2ea37bd4cf79 · 2023-01-07T12:19:04.000Z
Initial commit
diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml
@@ -0,0 +1,3 @@
+enhancement: ['feature/*', 'feat/*', 'enhancement/*']
+bug: ['fix/*', 'hotfix/*', 'bugfix/*', 'patch/*', 'bug/*']
+chore: ['chore/*', 'docs/*']
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+## Description
+* List the changes you are making. 
+* Reference Github issue if appropriate, i.e. `closes #123`
+
+## Breaking Changes
+* Any breaking changes?
+
+## Testing
+* How was this tested?
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,34 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '❗ Breaking'
+    labels: 
+      - 'breaking'
+  - title: 'Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: 'Bug Fixes'
+    labels:
+      - 'bug'
+  - title: 'Maintenance'
+    label: 'chore'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&'
+version-resolver:
+  major:
+    labels:
+      - 'breaking'
+  minor:
+    labels:
+      - 'enhancement'
+  patch:
+    labels:
+      - 'patch'
+      - 'bug'
+      - 'chore'
+  default: minor
+template: |
+  # What's Changed
+
+  $CHANGES
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
@@ -0,0 +1,12 @@
+name: PR Labeler
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  pr-labeler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: TimonVS/pr-labeler-action@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,14 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,32 @@
+# OSX
+.DS_Store
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+repos:
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.45.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs 
diff --git a/README.md b/README.md
@@ -0,0 +1,96 @@
+# terraform-aws-opensearch
+This module handles creation of AWS Opensearch and SAML auth
+
+## Usage
+
+```hcl
+provider "aws" {
+  region = var.region
+}
+
+provider "elasticsearch" {
+  url         = "https://${module.opensearch.fqdn}"
+  aws_region  = var.aws_region
+  healthcheck = false
+}
+
+module "opensearch" {
+  source =  "./terraform-aws-opensearch"
+
+  create_opensearch   = var.create_opensearch
+  region              = var.region
+  name_prefix         = var.name_prefix
+  environment         = var.environment
+  root_domain_name    = var.root_domain_name
+
+  enable_saml         = false
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
+| <a name="requirement_elasticsearch"></a> [elasticsearch](#requirement\_elasticsearch) | ~> 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
+| <a name="provider_elasticsearch"></a> [elasticsearch](#provider\_elasticsearch) | ~> 2.0 |
+| <a name="provider_http"></a> [http](#provider\_http) | n/a |
+| <a name="provider_time"></a> [time](#provider\_time) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 4.1.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_service_linked_role.opensearch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_linked_role) | resource |
+| [aws_opensearch_domain.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearch_domain) | resource |
+| [aws_opensearch_domain_saml_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearch_domain_saml_options) | resource |
+| [aws_route53_record.opensearch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [elasticsearch_opensearch_roles_mapping.this](https://registry.terraform.io/providers/phillbaker/elasticsearch/latest/docs/resources/opensearch_roles_mapping) | resource |
+| [time_sleep.wait_300_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.access_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.env](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [http_http.saml_metadata](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_create_opensearch"></a> [create\_opensearch](#input\_create\_opensearch) | Whether to create OpenSearch cluster | `bool` | `false` | no |
+| <a name="input_enable_advanced_security_options"></a> [enable\_advanced\_security\_options](#input\_enable\_advanced\_security\_options) | Whether advanced security is enabled | `bool` | `true` | no |
+| <a name="input_enable_internal_user_database"></a> [enable\_internal\_user\_database](#input\_enable\_internal\_user\_database) | Whether the internal user database is enabled | `bool` | `false` | no |
+| <a name="input_enable_saml"></a> [enable\_saml](#input\_enable\_saml) | Whether OpenSearch SAML options are enabled | `bool` | `true` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment name | `string` | n/a | yes |
+| <a name="input_master_user_arn"></a> [master\_user\_arn](#input\_master\_user\_arn) | User or role arn which is provisioning opensearch. This role is used to configure opensearch TF provider. | `string` | `null` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix to be used with resources | `string` | n/a | yes |
+| <a name="input_opensearch_engine_version"></a> [opensearch\_engine\_version](#input\_opensearch\_engine\_version) | Either Elasticsearch\_X.Y or OpenSearch\_X.Y to specify the engine version for the Amazon OpenSearch Service domain | `string` | `"OpenSearch_1.2"` | no |
+| <a name="input_opensearch_instance_count"></a> [opensearch\_instance\_count](#input\_opensearch\_instance\_count) | Number of instances in the cluster | `string` | `"1"` | no |
+| <a name="input_opensearch_instance_type"></a> [opensearch\_instance\_type](#input\_opensearch\_instance\_type) | Instance type of data nodes in the cluster | `string` | `"t3.small.search"` | no |
+| <a name="input_opensearch_subdomain"></a> [opensearch\_subdomain](#input\_opensearch\_subdomain) | Route53 OpenSearch subdomain | `string` | `"opensearch"` | no |
+| <a name="input_opensearch_volume_size"></a> [opensearch\_volume\_size](#input\_opensearch\_volume\_size) | Size of EBS volumes attached to data nodes (in GiB) | `number` | `40` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region name | `string` | n/a | yes |
+| <a name="input_roles_mappings"></a> [roles\_mappings](#input\_roles\_mappings) | OpenSearch roles mappings | <pre>map(object({<br>    description   = optional(string)<br>    backend_roles = list(string)<br>  }))</pre> | `{}` | no |
+| <a name="input_route_53_zone_name"></a> [route\_53\_zone\_name](#input\_route\_53\_zone\_name) | Route53 DNS zone | `string` | n/a | yes |
+| <a name="input_sso_admins_group_id"></a> [sso\_admins\_group\_id](#input\_sso\_admins\_group\_id) | AWS SSO admins group | `string` | `null` | no |
+| <a name="input_sso_entity_id"></a> [sso\_entity\_id](#input\_sso\_entity\_id) | AWS SSO entity ID | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_fqdn"></a> [fqdn](#output\_fqdn) | opensearch\_fqdn |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/complete.tf b/examples/complete.tf
@@ -0,0 +1,60 @@
+provider "aws" {
+  region = var.region
+}
+
+provider "elasticsearch" {
+  url                 = "https://${module.opensearch.fqdn}"
+  aws_region          = var.region
+  aws_assume_role_arn = module.opensearch_iam_role.iam_role_arn
+  healthcheck         = false
+}
+
+module "opensearch" {
+  source = "./terraform-aws-opensearch"
+
+  create_opensearch = true
+  region            = var.region
+  name_prefix       = var.name_prefix
+  environment       = var.environment
+  root_domain_name  = var.root_domain_name
+  master_user_arn   = module.opensearch_iam_role.iam_role_arn
+
+  sso_admins_group_id = var.sso_admins_group_id
+  sso_entity_id       = var.sso_entity_id
+  roles_mappings = {
+    readall = {
+      description = "Gives readall Opensearch permission"
+      backend_roles = [
+        "123456-abcd" // <AWS_SSO_READONLY_GROUP_ID>
+      ]
+    }
+    all_access = {
+      description = "Gives all_access Opensearch permission"
+      backend_roles = [
+        "123456-efgh", // <AWS_SSO_ADMINS_GROUP_ID>,
+        module.opensearch_iam_role.iam_role_arn
+      ]
+    }
+    opensearch_dashboards_user = {
+      description = "Gives opensearch_dashboards_user Opensearch permission"
+      backend_roles = [
+        "78912-abcd" // <AWS_SSO_DEVELOPERS_GROUP_ID>
+      ]
+    }
+  }
+}
+
+module "opensearch_iam_role" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
+  version = "5.10.0"
+
+  trusted_role_arns = [
+    "arn:aws:iam::${var.aws_account_id}:root",
+  ]
+  create_role       = true
+  role_name         = "${var.name_prefix}-opensearch-admin"
+  role_requires_mfa = false
+  custom_role_policy_arns = [
+    "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",
+  ]
+}
diff --git a/main.tf b/main.tf
diff --git a/outputs.tf b/outputs.tf
diff --git a/variables.tf b/variables.tf
diff --git a/versions.tf b/versions.tf

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+enhancement: ['feature/', 'feat/', 'enhancement/*']`
	`2`	`+bug: ['fix/', 'hotfix/', 'bugfix/', 'patch/', 'bug/*']`
	`3`	`+chore: ['chore/', 'docs/']`