Browse Source

feat: (BREAKING) Rename overwrite and add overwrites variables

This is because the way the `overwrite` argument on the resources works
was badly explained and interpreted. The overwrite parameter on the ssm
parameter resource was meant to be used only during initial creation of
the terraform resource. The attirbute is set that if the parameter
already exists when terraform tries to create it, it shouldn't be
overwritten. It's now also clearly stipulated in the documentation that
if you want to manage the update mechanism of the value within terraform
a life cycle rule should be used.

Therefore, I'm renaming the overwrite variable of the module to
ignore_changes_on_value and am adding the overwrites variable as a list
of bolleans that can be set individually on each ssm parameter resource.

This will make the module less confusing for users and will use the
resource as the provider intended the argument to be used.
tags/3.0.0
parent
commit
8020a60c19
Signed by: christophe.vkerchove <christophe.vkerchove@fxinnovation.com> GPG Key ID: 0A0AD982455B0314
13 changed files with 50 additions and 33 deletions
  1. +4
    -0
      CHANGELOG.md
  2. +4
    -3
      README.md
  3. +2
    -3
      examples/disable/main.tf
  4. +11
    -8
      examples/external_kms_no_policy/main.tf
  5. +0
    -0
      examples/ignore_changes_on_value/README.md
  6. +2
    -1
      examples/ignore_changes_on_value/main.tf
  7. +0
    -0
      examples/ignore_changes_on_value/outputs.tf
  8. +0
    -0
      examples/ignore_changes_on_value/variables.tf
  9. +0
    -0
      examples/ignore_changes_on_value/versions.tf
  10. +1
    -0
      examples/no_kms/main.tf
  11. +8
    -7
      main.tf
  12. +8
    -8
      outputs.tf
  13. +10
    -3
      variables.tf

+ 4
- 0
CHANGELOG.md View File

@@ -1,5 +1,9 @@
# CHANGELOG

## 3.0.0 / 2020-05-26

* feat: (BREAKING) Rename overwrite and add overwrites variables

## 2.0.1

* fix: Prevent null resource on IAM policy without KMS key


+ 4
- 3
README.md View File

@@ -21,21 +21,22 @@ Generic module to creates SSM Parameters for AWS.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| allowed\_patterns | List of regular expression used to validate the parameter value. | `list` | `[]` | no |
| descriptions | List of descriptions for parameters. | `list` | `[]` | no |
| descriptions | List of descriptions for parameters. | `list(string)` | `[]` | no |
| enabled | Enable this module | `bool` | `true` | no |
| iam\_policy\_create | Create read only and read write policy to get an access to SSM paramters | `bool` | `false` | no |
| iam\_policy\_name\_prefix\_read\_only | Name of the IAM read only access to SSM parameter policy | `string` | `""` | no |
| iam\_policy\_name\_prefix\_read\_write | Name of the IAM read write access to SSM parameter policy | `string` | `""` | no |
| iam\_policy\_path | Path in which to create the policies. | `string` | `"/"` | no |
| ignore\_changes\_on\_value | Whether or not to ignore changes made manually on the value. Applies to all specified parameters. If set to `true`, terraform will never update the value. | `bool` | `false` | no |
| kms\_key\_alias\_name | Alias of the kms key if toggle kms\_key\_create is set | `string` | `""` | no |
| kms\_key\_arn | ARN of the kms key if toggle kms\_key\_create is disable. | `string` | `""` | no |
| kms\_key\_create | Create a kms key for secure string parameters. | `bool` | `false` | no |
| kms\_key\_name | Name of the kms key if toggle kms\_key\_create is set | `string` | `""` | no |
| kms\_tags | Tags that will be merged with variable tags for the kms key | `map` | `{}` | no |
| names | List of names for parameters. | `list(string)` | n/a | yes |
| overwrite | Overwrite an existing parameter | `bool` | `false` | no |
| overwrites | Ordered list of boolean to say whether if terraform should overwrite an existing parameter not managed by terraform.( `ignore_changes_on_value` should then be used to manage the update behavior). | `list(bool)` | `[]` | no |
| parameters\_count | Number of parameters. This value cannot be automaticly computed in terraform 0.12.x. | `number` | `0` | no |
| prefix | The prefix to be used for every SSM Parameters. The prefix must match [A-Za-z0-9/] | `string` | n/a | yes |
| prefix | The prefix to be used for every SSM Parameters. The prefix must match [A-Za-z0-9/] | `string` | `""` | no |
| tags | Global tags for resources | `map` | `{}` | no |
| types | List of types for parameters. | `list(string)` | n/a | yes |
| use\_default\_kms\_key | Use default kms\_key | `bool` | `false` | no |


+ 2
- 3
examples/disable/main.tf View File

@@ -9,8 +9,7 @@ module "disable" {
source = "../../"

enabled = false
prefix = ""
names = []
types = []
values = []
types = []
names = []
}

+ 11
- 8
examples/external_kms_no_policy/main.tf View File

@@ -27,14 +27,17 @@ resource "aws_kms_alias" "this" {
module "external_kms_no_policy" {
source = "../../"

prefix = "tftestSsmParam${random_string.this.result}"
parameters_count = 3
names = ["/foo", "/bar", "/baz"]
types = ["String", "SecureString", "StringList"]
values = ["foo was here", "bar was here", "baz was here"]
kms_key_create = false
kms_key_arn = aws_kms_key.this.arn
iam_policy_create = true
prefix = "tftestSsmParam${random_string.this.result}"
parameters_count = 3
names = ["/foo", "/bar", "/baz"]
types = ["String", "SecureString", "StringList"]
values = ["foo was here", "bar was here", "baz was here"]
overwrites = [false, true, false]
kms_key_create = false
kms_key_arn = aws_kms_key.this.arn
iam_policy_create = true
iam_policy_name_prefix_read_only = "tftest"
iam_policy_name_prefix_read_write = "tftest"

tags = {
Name = "tftest"


examples/overwrite/README.md → examples/ignore_changes_on_value/README.md View File


examples/overwrite/main.tf → examples/ignore_changes_on_value/main.tf View File

@@ -19,7 +19,8 @@ module "overwrite" {
names = ["/foo", "/bar", "/baz"]
types = ["String", "SecureString", "StringList"]
values = ["foo was here", "bar war here", "baz was here"]
overwrite = true
overwrites = [true, false, true]
ignore_changes_on_value = true
kms_key_create = true
kms_key_name = "tftestSsmKmsKey${random_string.this.result}"
kms_key_alias_name = "tftestKmsKeySsm${random_string.this.result}"

examples/overwrite/outputs.tf → examples/ignore_changes_on_value/outputs.tf View File


examples/overwrite/variables.tf → examples/ignore_changes_on_value/variables.tf View File


examples/overwrite/versions.tf → examples/ignore_changes_on_value/versions.tf View File


+ 1
- 0
examples/no_kms/main.tf View File

@@ -20,6 +20,7 @@ module "no_kms" {
types = ["String", "SecureString"]
values = ["foo was here", "bar was here"]
descriptions = ["Know if foo was there", "Know if bar was there"]
overwrites = [true]
kms_key_create = false
use_default_kms_key = true
iam_policy_create = true


+ 8
- 7
main.tf View File

@@ -2,16 +2,16 @@
# SSM Parameters
####

resource "aws_ssm_parameter" "overwrite" {
count = var.enabled && var.overwrite ? var.parameters_count : 0
resource "aws_ssm_parameter" "do_not_ignore_changes_on_value" {
count = var.enabled && false == var.ignore_changes_on_value ? var.parameters_count : 0

name = "/${var.prefix}${element(var.names, count.index)}"
description = element(concat(var.descriptions, [""]), count.index)
description = element(concat(var.descriptions, [null]), count.index)
type = element(var.types, count.index)
value = element(var.values, count.index)
overwrite = element(concat(var.overwrites, [null]), count.index)

key_id = element(var.types, count.index) == "SecureString" ? var.kms_key_create ? element(concat(aws_kms_key.this.*.arn, [""]), 0) : var.kms_key_arn != "" ? var.kms_key_arn : null : null
overwrite = true
allowed_pattern = element(concat(var.allowed_patterns, [""]), count.index)

tags = merge(
@@ -22,13 +22,14 @@ resource "aws_ssm_parameter" "overwrite" {
)
}

resource "aws_ssm_parameter" "no_overwrite" {
count = var.enabled && false == var.overwrite ? var.parameters_count : 0
resource "aws_ssm_parameter" "ignore_changes_on_value" {
count = var.enabled && var.ignore_changes_on_value ? var.parameters_count : 0

name = "/${var.prefix}${element(var.names, count.index)}"
description = element(concat(var.descriptions, [""]), count.index)
description = element(concat(var.descriptions, [null]), count.index)
type = element(var.types, count.index)
value = element(var.values, count.index)
overwrite = element(concat(var.overwrites, [null]), count.index)

key_id = element(var.types, count.index) == "SecureString" ? var.kms_key_create ? element(concat(aws_kms_key.this.*.arn, [""]), 0) : var.kms_key_arn != "" ? var.kms_key_arn : null : null
allowed_pattern = element(concat(var.allowed_patterns, [""]), count.index)


+ 8
- 8
outputs.tf View File

@@ -2,8 +2,8 @@ output "arns" {
description = "ARNs of SSM Parameters"
value = compact(
concat(
aws_ssm_parameter.overwrite.*.arn,
aws_ssm_parameter.no_overwrite.*.arn,
aws_ssm_parameter.do_not_ignore_changes_on_value.*.arn,
aws_ssm_parameter.ignore_changes_on_value.*.arn,
[""],
),
)
@@ -13,8 +13,8 @@ output "names" {
description = "Names of SSM Parameters"
value = compact(
concat(
aws_ssm_parameter.overwrite.*.name,
aws_ssm_parameter.no_overwrite.*.name,
aws_ssm_parameter.do_not_ignore_changes_on_value.*.name,
aws_ssm_parameter.ignore_changes_on_value.*.name,
[""],
),
)
@@ -24,8 +24,8 @@ output "types" {
description = "Types of SSM parameters"
value = compact(
concat(
aws_ssm_parameter.overwrite.*.type,
aws_ssm_parameter.no_overwrite.*.type,
aws_ssm_parameter.do_not_ignore_changes_on_value.*.type,
aws_ssm_parameter.ignore_changes_on_value.*.type,
[""],
)
)
@@ -35,8 +35,8 @@ output "versions" {
description = "Versions of SSM parameters"
value = compact(
concat(
aws_ssm_parameter.overwrite.*.version,
aws_ssm_parameter.no_overwrite.*.version,
aws_ssm_parameter.do_not_ignore_changes_on_value.*.version,
aws_ssm_parameter.ignore_changes_on_value.*.version,
[""],
)
)


+ 10
- 3
variables.tf View File

@@ -18,7 +18,7 @@ variable "tags" {

variable "prefix" {
description = "The prefix to be used for every SSM Parameters. The prefix must match [A-Za-z0-9/]"
type = string
default = ""
}

variable "parameters_count" {
@@ -34,6 +34,7 @@ variable "names" {

variable "descriptions" {
description = "List of descriptions for parameters."
type = list(string)
default = []
}

@@ -47,8 +48,14 @@ variable "values" {
type = list(string)
}

variable "overwrite" {
description = "Overwrite an existing parameter"
variable "overwrites" {
description = "Ordered list of boolean to say whether if terraform should overwrite an existing parameter not managed by terraform.( `ignore_changes_on_value` should then be used to manage the update behavior)."
type = list(bool)
default = []
}

variable "ignore_changes_on_value" {
description = "Whether or not to ignore changes made manually on the value. Applies to all specified parameters. If set to `true`, terraform will never update the value."
default = false
}



Loading…
Cancel
Save