From 575b662facc4fd24fafa7d192356a8d12248b336 Mon Sep 17 00:00:00 2001
From: marcincuber <marcincuber@hotmail.com>
Date: Mon, 4 May 2020 14:29:38 +0100
Subject: [PATCH] Add initial module configuration

---
 .chglog/CHANGELOG.tpl.md | 111 +++++++++++++++++++++++++++++++++++++++
 .chglog/config.yml       |  10 ++++
 .pre-commit-config.yaml  |  25 +++++++++
 LICENSE                  |  11 ++++
 Makefile                 |  19 +++++++
 README.md                | 105 +++++++++++++++++++++++++++++++++++-
 examples/core/README.md  |   9 ++++
 examples/core/main.tf    |  37 +++++++++++++
 main.tf                  |  26 +++++++++
 outputs.tf               |  11 ++++
 variables.tf             |  38 ++++++++++++++
 11 files changed, 401 insertions(+), 1 deletion(-)
 create mode 100644 .chglog/CHANGELOG.tpl.md
 create mode 100644 .chglog/config.yml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 LICENSE
 create mode 100644 Makefile
 create mode 100644 examples/core/README.md
 create mode 100644 examples/core/main.tf
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 variables.tf

diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md
new file mode 100644
index 0000000..9c56fa4
--- /dev/null
+++ b/.chglog/CHANGELOG.tpl.md
@@ -0,0 +1,111 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Unreleased.Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ if .CommitGroups -}}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
\ No newline at end of file
diff --git a/.chglog/config.yml b/.chglog/config.yml
new file mode 100644
index 0000000..cc8216d
--- /dev/null
+++ b/.chglog/config.yml
@@ -0,0 +1,10 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/marcincuber/terraform-aws-ssm-parameters
+options:
+  header:
+    pattern: "^(.*)$"
+    pattern_maps:
+      - Subject
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..ca22696
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,25 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.5.0
+  hooks:
+  - id: check-added-large-files
+    args: ['--maxkb=500']
+  - id: check-executables-have-shebangs
+  - id: pretty-format-json
+    args: ['--autofix', '--no-sort-keys', '--indent=2']
+  - id: check-byte-order-marker
+  - id: check-case-conflict
+  - id: check-executables-have-shebangs
+  - id: check-merge-conflict
+  - id: check-symlinks
+  - id: detect-private-key
+  - id: check-merge-conflict
+  - id: detect-aws-credentials
+    args: ['--allow-missing-credentials']
+  - id: trailing-whitespace
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.30.0
+  hooks:
+  - id: terraform_fmt
+  - id: terraform_docs
+  - id: terraform_tflint
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..d955a86
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..fdd8a32
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,19 @@
+ifneq (,)
+.error This Makefile requires GNU Make.
+endif
+
+.PHONY: hooks validate changelog
+
+help:
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+hooks: ## Commit hooks setup
+	@pre-commit install
+	@pre-commit gc
+	@pre-commit autoupdate
+
+validate: ## Validate files with pre-commit hooks
+	@pre-commit run --all-files
+
+changelog:
+	git-chglog -o CHANGELOG.md
\ No newline at end of file
diff --git a/README.md b/README.md
index 29e73c3..17ca97a 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,105 @@
 # terraform-aws-ssm-parameters
-Terraform module creating encrypted and non-encrypted AWS SSM parameters 
+Terraform module creating encrypted and non-encrypted AWS SSM parameters
+
+## Terraform versions
+
+Terraform 0.12. Pin module version to `~> v1.0`. Submit pull-requests to `master` branch.
+
+## Usage
+
+```hcl
+module "ssm-parameters" {
+  source = "umotif-public/ssm-parameters/aws"
+  version = "~> 1.0.0"
+
+  name_prefix = "test/example-path"
+
+  parameters = {
+    "audit" = "cloudwatch"
+  }
+
+  secure_parameters = {
+    "secure-audit" = "cloudwatch"
+  }
+
+  advanced_tier = [
+    "secure-audit"
+  ]
+
+  prevent_overwrite = [
+    "audit"
+  ]
+
+  kms_key_id = module.kms.key_id
+
+  tags = {
+    "Environment" = "test"
+  }
+}
+```
+
+## Assumptions
+
+Module is to be used with Terraform > 0.12.
+
+## Examples
+
+* [SSM Parameters](https://github.com/umotif-public/terraform-aws-ssm-parameters/tree/master/examples/core)
+
+## Authors
+
+Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](https://www.linkedin.com/in/marcincuber/).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| advanced\_tier | List of parameter names that should have tier set to Advanced | `list(string)` | `[]` | no |
+| kms\_key\_id | The KMS key to use for encryption | `string` | `""` | no |
+| name\_prefix | Path used for each SSM parameter created by the module | `any` | n/a | yes |
+| parameters | Non-encrypted parameters | `map(any)` | `{}` | no |
+| prevent\_overwrite | List of parameter names to prevent overwrite for | `list(string)` | `[]` | no |
+| secure\_parameters | Secure parameters | `map(any)` | `{}` | no |
+| tags | n/a | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| parameter\_path | n/a |
+| parameters | n/a |
+| secure\_parameters | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## License
+
+See LICENSE for full details.
+
+## Pre-commit hooks
+
+### Install dependencies
+
+* [`pre-commit`](https://pre-commit.com/#install)
+* [`terraform-docs`](https://github.com/segmentio/terraform-docs) required for `terraform_docs` hooks.
+* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
+
+#### MacOS
+
+```bash
+brew install pre-commit terraform-docs tflint
+
+brew tap git-chglog/git-chglog
+brew install git-chglog
+```
\ No newline at end of file
diff --git a/examples/core/README.md b/examples/core/README.md
new file mode 100644
index 0000000..c2e598a
--- /dev/null
+++ b/examples/core/README.md
@@ -0,0 +1,9 @@
+
+## Example deployment flow
+
+```bash
+terraform init
+terraform validate
+terraform plan
+terraform apply --auto-approve
+```
\ No newline at end of file
diff --git a/examples/core/main.tf b/examples/core/main.tf
new file mode 100644
index 0000000..ad46d7b
--- /dev/null
+++ b/examples/core/main.tf
@@ -0,0 +1,37 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+module "kms" {
+  source  = "umotif-public/kms/aws"
+  version = "1.0.0"
+
+  alias_name = "test-key"
+}
+
+module "parameters" {
+  source = "../.."
+
+  name_prefix = "test/example-path"
+  parameters = {
+    "audit" = "cloudwatch"
+  }
+
+  secure_parameters = {
+    "secure-audit" = "cloudwatch"
+  }
+
+  advanced_tier = [
+    "secure-audit"
+  ]
+
+  prevent_overwrite = [
+    "audit"
+  ]
+
+  kms_key_id = module.kms.key_id
+
+  tags = {
+    "Environment" = "test"
+  }
+}
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..8772eb1
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,26 @@
+resource "aws_ssm_parameter" "parameters" {
+  for_each = var.parameters
+
+  name  = "/${var.name_prefix}/${each.key}"
+  type  = "String"
+  value = each.value
+
+  tier      = contains(var.advanced_tier, each.key) ? "Advanced" : "Standard"
+  overwrite = contains(var.prevent_overwrite, each.key) ? false : true
+
+  tags = var.tags
+}
+
+resource "aws_ssm_parameter" "secure_parameters" {
+  for_each = var.secure_parameters
+
+  name   = "/${var.name_prefix}/${each.key}"
+  type   = "SecureString"
+  value  = each.value
+  key_id = var.kms_key_id != "" ? var.kms_key_id : null
+
+  tier      = contains(var.advanced_tier, each.key) ? "Advanced" : "Standard"
+  overwrite = contains(var.prevent_overwrite, each.key) ? false : true
+
+  tags = var.tags
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..42b0c2e
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,11 @@
+output "parameter_path" {
+  value = var.name_prefix
+}
+
+output "parameters" {
+  value = aws_ssm_parameter.parameters
+}
+
+output "secure_parameters" {
+  value = aws_ssm_parameter.secure_parameters
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..a60c506
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,38 @@
+variable "name_prefix" {
+  description = "Path used for each SSM parameter created by the module"
+}
+
+variable "tags" {
+  type    = map(any)
+  default = {}
+}
+
+variable "parameters" {
+  description = "Non-encrypted parameters"
+  type        = map(any)
+  default     = {}
+}
+
+variable "secure_parameters" {
+  description = "Secure parameters"
+  type        = map(any)
+  default     = {}
+}
+
+variable "prevent_overwrite" {
+  description = "List of parameter names to prevent overwrite for"
+  type        = list(string)
+  default     = []
+}
+
+variable "kms_key_id" {
+  type        = string
+  description = "The KMS key to use for encryption"
+  default     = ""
+}
+
+variable "advanced_tier" {
+  description = "List of parameter names that should have tier set to Advanced"
+  type        = list(string)
+  default     = []
+}