Merge pull request #14 from fvazquez-caylent/CA-10-Tag-based-authorization

fvazquez-caylent · web-flow · commit 1f5af40d8047 · 2021-07-14T14:51:19.000-03:00
Ca 10 tag based authorization
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Tamr Terraform AWS Elasticsearch Repo
 
+## v2.1.0 - July 12nd 2021
+* Adds new variable `tags` to set tags for all resources
+* Deprecates `es_tags` in favor of `tags`
+
 ## v2.0.0 - October 13th 2020
 * New input variables for the main module:
     * `security_group_ids`
diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ No provider.
 | enable\_http | If set to true, enables SSH | `bool` | `true` | no |
 | enable\_https | If set to true, enables SSH | `bool` | `true` | no |
 | enforce\_https | Whether or not to require HTTPS on the domain endpoint | `bool` | `true` | no |
-| es\_tags | Additional tags to be attached to the ES domain | `map(string)` | `{}` | no |
+| es\_tags | [DEPRECATED: Use `tags` instead] Additional tags to be attached to the ES domain and associated resources. | `map(string)` | `{}` | no |
 | es\_version | Version of ES to deploy | `string` | `"6.8"` | no |
 | ingress\_cidr\_blocks | CIDR blocks to attach to security groups for ingress | `list(string)` | `[]` | no |
 | ingress\_security\_groups | Existing security groups to attch to new security groups for ingress | `list(string)` | `[]` | no |
@@ -54,6 +54,7 @@ No provider.
 | sg\_name | Security Group to create | `string` | `"es-security-group"` | no |
 | sg\_tags | Additional tags to be attached to the security group | `map(string)` | `{}` | no |
 | snapshot\_start\_hour | Hour when an automated daily snapshot of the indices is taken | `number` | `0` | no |
+| tags | A map of tags to add to all resources. Replaces `es_tags`. | `map(string)` | `{}` | no |
 | tls\_security\_policy | The name of the TLS security policy that needs to be applied to the HTTPS endpoint.<br>  Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. | `string` | `"Policy-Min-TLS-1-2-2019-07"` | no |
 
 ## Outputs
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.0.0
+2.1.0
diff --git a/examples/minimal/README.md b/examples/minimal/README.md
@@ -14,6 +14,7 @@ No requirements.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | name-prefix | A string to prepend to names of resources created by this example | `any` | n/a | yes |
+| tags | A map of tags to add to all resources created by this example. | `map(string)` | <pre>{<br>  "Author": "Tamr",<br>  "Environment": "Example"<br>}</pre> | no |
 
 ## Outputs
 
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
@@ -1,10 +1,12 @@
 resource "aws_vpc" "es_vpc" {
   cidr_block = "1.2.3.0/24"
+  tags = var.tags
 }
 
 resource "aws_subnet" "es_subnet" {
   vpc_id     = aws_vpc.es_vpc.id
   cidr_block = "1.2.3.0/24"
+  tags = var.tags
 }
 
 module "sg-ports" {
@@ -23,6 +25,7 @@ module "aws-sg" {
   ]
   ingress_ports  = module.sg-ports.ingress_ports
   sg_name_prefix = var.name-prefix
+  tags = var.tags
 }
 
 module "tamr-es-cluster" {
@@ -33,4 +36,5 @@ module "tamr-es-cluster" {
   # Only needed once per account, so may need to set this to false
   create_new_service_role = true
   security_group_ids      = module.aws-sg.security_group_ids
+  tags = var.tags
 }
diff --git a/examples/minimal/variables.tf b/examples/minimal/variables.tf
@@ -1,3 +1,12 @@
 variable "name-prefix" {
   description = "A string to prepend to names of resources created by this example"
 }
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to add to all resources created by this example."
+  default = {
+    Author      = "Tamr"
+    Environment = "Example"
+  }
+}
+
diff --git a/main.tf b/main.tf
@@ -1,3 +1,7 @@
+locals {
+  effective_tags = length(var.tags) > 0 ? var.tags : var.es_tags
+}
+
 module "tamr-es-cluster" {
   source                          = "./modules/aws-es"
   domain_name                     = var.domain_name
@@ -11,7 +15,7 @@ module "tamr-es-cluster" {
   ebs_iops                        = var.ebs_iops
   ebs_volume_size                 = var.ebs_volume_size
   ebs_volume_type                 = var.ebs_volume_type
-  additional_tags                 = var.es_tags
+  tags                            = local.effective_tags
   aws_region                      = var.aws_region
   create_new_service_role         = var.create_new_service_role
   kms_key_id                      = var.kms_key_id
diff --git a/modules/aws-es/README.md b/modules/aws-es/README.md
@@ -36,7 +36,6 @@ This modules creates:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | subnet\_ids | List of subnet IDs for the ES domain to be created in | `list(string)` | n/a | yes |
-| additional\_tags | Additional tags to be attached to the ES domain | `map(string)` | `{}` | no |
 | arn\_partition | The partition in which the resource is located. A partition is a group of AWS Regions.<br>  Each AWS account is scoped to one partition.<br>  The following are the supported partitions:<br>    aws -AWS Regions<br>    aws-cn - China Regions<br>    aws-us-gov - AWS GovCloud (US) Regions | `string` | `"aws"` | no |
 | aws\_region | AWS region to launch in | `string` | `"us-east-1"` | no |
 | create\_new\_service\_role | Whether to create a new IAM service linked role for ES. This only needs to happen once per account. If false, linked\_service\_role is required | `bool` | `"true"` | no |
@@ -54,6 +53,7 @@ This modules creates:
 | node\_to\_node\_encryption\_enabled | Whether to enable node-to-node encryption | `bool` | `true` | no |
 | security\_group\_ids | List of security group IDs to be applied to the ES domain | `list(string)` | `[]` | no |
 | snapshot\_start\_hour | Hour when an automated daily snapshot of the indices is taken | `number` | `0` | no |
+| tags | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 | tls\_security\_policy | The name of the TLS security policy that needs to be applied to the HTTPS endpoint.<br>  Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. | `string` | `"Policy-Min-TLS-1-2-2019-07"` | no |
 
 ## Outputs
diff --git a/modules/aws-es/main.tf b/modules/aws-es/main.tf
@@ -39,7 +39,7 @@ resource "aws_elasticsearch_domain" "tamr-es-cluster" {
   }
 
 
-  tags = var.additional_tags
+  tags = var.tags
 
   depends_on = [
     var.linked_service_role,
diff --git a/modules/aws-es/variables.tf b/modules/aws-es/variables.tf
@@ -66,10 +66,10 @@ variable "ebs_volume_type" {
   description = "The type of EBS volumes attached to data nodes"
 }
 
-variable "additional_tags" {
+variable "tags" {
   default     = {}
   type        = map(string)
-  description = "Additional tags to be attached to the ES domain"
+  description = "A map of tags to add to all resources."
 }
 
 variable "aws_region" {
diff --git a/variables.tf b/variables.tf
@@ -67,9 +67,15 @@ variable "ebs_volume_type" {
 }
 
 variable "es_tags" {
+  type        = map(string)
+  description = "[DEPRECATED: Use `tags` instead] Additional tags to be attached to the ES domain and associated resources."
   default     = {}
+}
+
+variable "tags" {
   type        = map(string)
-  description = "Additional tags to be attached to the ES domain"
+  description = "A map of tags to add to all resources. Replaces `es_tags`."
+  default     = {}
 }
 
 variable "aws_region" {

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,12 @@`
`1`	`1`	`resource "aws_vpc" "es_vpc" {`
`2`	`2`	`cidr_block = "1.2.3.0/24"`
	`3`	`+ tags = var.tags`
`3`	`4`	`}`
`4`	`5`
`5`	`6`	`resource "aws_subnet" "es_subnet" {`
`6`	`7`	`vpc_id = aws_vpc.es_vpc.id`
`7`	`8`	`cidr_block = "1.2.3.0/24"`
	`9`	`+ tags = var.tags`
`8`	`10`	`}`
`9`	`11`
`10`	`12`	`module "sg-ports" {`
`@@ -23,6 +25,7 @@ module "aws-sg" {`
`23`	`25`	`]`
`24`	`26`	`ingress_ports = module.sg-ports.ingress_ports`
`25`	`27`	`sg_name_prefix = var.name-prefix`
	`28`	`+ tags = var.tags`
`26`	`29`	`}`
`27`	`30`
`28`	`31`	`module "tamr-es-cluster" {`
`@@ -33,4 +36,5 @@ module "tamr-es-cluster" {`
`33`	`36`	`# Only needed once per account, so may need to set this to false`
`34`	`37`	`create_new_service_role = true`
`35`	`38`	`security_group_ids = module.aws-sg.security_group_ids`
	`39`	`+ tags = var.tags`
`36`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ resource "aws_elasticsearch_domain" "tamr-es-cluster" {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`
`42`		`- tags = var.additional_tags`
	`42`	`+ tags = var.tags`
`43`	`43`
`44`	`44`	`depends_on = [`
`45`	`45`	`var.linked_service_role,`
Original file line number	Diff line number	Diff line change
`@@ -66,10 +66,10 @@ variable "ebs_volume_type" {`
`66`	`66`	`description = "The type of EBS volumes attached to data nodes"`
`67`	`67`	`}`
`68`	`68`
`69`		`-variable "additional_tags" {`
	`69`	`+variable "tags" {`
`70`	`70`	`default = {}`
`71`	`71`	`type = map(string)`
`72`		`- description = "Additional tags to be attached to the ES domain"`
	`72`	`+ description = "A map of tags to add to all resources."`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`variable "aws_region" {`