feat!: Added support for origin_access_control_id, bumped AWS provider version (#79)

rysi3k · Tomasz Rychlewicz · antonbabenko · web-flow · commit 403ca2446e27 · 2022-09-12T15:53:02.000+02:00
Co-authored-by: Tomasz Rychlewicz &lt;tomasz.rychlewicz@explaineverything.com&gt;
Co-authored-by: Anton Babenko &lt;anton@antonbabenko.com&gt;
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -43,15 +43,15 @@ jobs:
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
@@ -72,7 +72,9 @@ jobs:
         uses: clowdhaus/terraform-min-max@v1.0.3
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          install-hcledit: true
+          hcledit-version: 0.2.6
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,8 +1,9 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.3
+    rev: v1.75.0
     hooks:
       - id: terraform_fmt
+      - id: terraform_wrapper_module_for_each
       - id: terraform_validate
       - id: terraform_docs
         args:
@@ -23,7 +24,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.3.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/README.md b/README.md
@@ -87,13 +87,13 @@ module "cdn" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.64 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.29 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.64 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.29 |
 
 ## Modules
 
@@ -159,7 +159,13 @@ No modules.
 
 ## Authors
 
-Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/graphs/contributors).
+Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors:
+
+<!-- markdownlint-disable no-inline-html -->
+<a href="https://github.com/terraform-aws-modules/terraform-aws-cloudfront/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=terraform-aws-modules/terraform-aws-cloudfront" />
+</a>
+<!-- markdownlint-enable no-inline-html -->
 
 ## License
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -27,28 +27,30 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.64 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.29 |
+| <a name="requirement_external"></a> [external](#requirement\_external) | >= 1.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.64 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.29 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 3.0 |
+| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 4.0 |
 | <a name="module_cloudfront"></a> [cloudfront](#module\_cloudfront) | ../../ | n/a |
-| <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 2.0 |
-| <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
-| <a name="module_records"></a> [records](#module\_records) | terraform-aws-modules/route53/aws//modules/records | 2.0.0 |
-| <a name="module_s3_one"></a> [s3\_one](#module\_s3\_one) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
+| <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 4.0 |
+| <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
+| <a name="module_records"></a> [records](#module\_records) | terraform-aws-modules/route53/aws//modules/records | ~> 2.0 |
+| <a name="module_s3_one"></a> [s3\_one](#module\_s3\_one) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 
 ## Resources
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -157,7 +157,7 @@ data "aws_route53_zone" "this" {
 
 module "acm" {
   source  = "terraform-aws-modules/acm/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
   domain_name               = local.domain_name
   zone_id                   = data.aws_route53_zone.this.id
@@ -172,15 +172,15 @@ data "aws_canonical_user_id" "current" {}
 
 module "s3_one" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 2.0"
+  version = "~> 3.0"
 
   bucket        = "s3-one-${random_pet.this.id}"
   force_destroy = true
 }
 
 module "log_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 2.0"
+  version = "~> 3.0"
 
   bucket = "logs-${random_pet.this.id}"
   acl    = null
@@ -219,7 +219,7 @@ resource "null_resource" "download_package" {
 
 module "lambda_function" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "~> 2.0"
+  version = "~> 4.0"
 
   function_name = "${random_pet.this.id}-lambda"
   description   = "My awesome lambda function"
@@ -248,7 +248,7 @@ module "lambda_function" {
 
 module "records" {
   source  = "terraform-aws-modules/route53/aws//modules/records"
-  version = "2.0.0" # @todo: revert to "~> 2.0" once 2.1.0 is fixed properly
+  version = "~> 2.0"
 
   zone_id = data.aws_route53_zone.this.zone_id
 
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.64"
+      version = ">= 4.29"
     }
     random = {
       source  = "hashicorp/random"
@@ -14,5 +14,13 @@ terraform {
       source  = "hashicorp/null"
       version = ">= 2.0"
     }
+    external = {
+      source  = "hashicorp/external"
+      version = ">= 1.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 1.0"
+    }
   }
 }
diff --git a/main.tf b/main.tf
@@ -41,11 +41,12 @@ resource "aws_cloudfront_distribution" "this" {
     for_each = var.origin
 
     content {
-      domain_name         = origin.value.domain_name
-      origin_id           = lookup(origin.value, "origin_id", origin.key)
-      origin_path         = lookup(origin.value, "origin_path", "")
-      connection_attempts = lookup(origin.value, "connection_attempts", null)
-      connection_timeout  = lookup(origin.value, "connection_timeout", null)
+      domain_name              = origin.value.domain_name
+      origin_id                = lookup(origin.value, "origin_id", origin.key)
+      origin_path              = lookup(origin.value, "origin_path", "")
+      connection_attempts      = lookup(origin.value, "connection_attempts", null)
+      connection_timeout       = lookup(origin.value, "connection_timeout", null)
+      origin_access_control_id = lookup(origin.value, "origin_access_control_id", null)
 
       dynamic "s3_origin_config" {
         for_each = length(keys(lookup(origin.value, "s3_origin_config", {}))) == 0 ? [] : [lookup(origin.value, "s3_origin_config", {})]
diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.64"
+      version = ">= 4.29"
     }
   }
 }
diff --git a/wrappers/README.md b/wrappers/README.md
@@ -0,0 +1,100 @@
+# Wrapper for the root module
+
+The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
+
+You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
+
+This wrapper does not implement any extra functionality.
+
+## Usage with Terragrunt
+
+`terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/cloudfront/aws//wrappers"
+  # Alternative source:
+  # source = "git::git@github.com:terraform-aws-modules/terraform-aws-cloudfront.git//wrappers?ref=master"
+}
+
+inputs = {
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Usage with Terraform
+
+```hcl
+module "wrapper" {
+  source = "terraform-aws-modules/cloudfront/aws//wrappers"
+
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Example: Manage multiple S3 buckets in one Terragrunt layer
+
+`eu-west-1/s3-buckets/terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers"
+  # Alternative source:
+  # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master"
+}
+
+inputs = {
+  defaults = {
+    force_destroy = true
+
+    attach_elb_log_delivery_policy        = true
+    attach_lb_log_delivery_policy         = true
+    attach_deny_insecure_transport_policy = true
+    attach_require_latest_tls_policy      = true
+  }
+
+  items = {
+    bucket1 = {
+      bucket = "my-random-bucket-1"
+    }
+    bucket2 = {
+      bucket = "my-random-bucket-2"
+      tags = {
+        Secure = "probably"
+      }
+    }
+  }
+}
+```
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -0,0 +1,33 @@
+module "wrapper" {
+  source = "../"
+
+  for_each = var.items
+
+  create_distribution           = try(each.value.create_distribution, var.defaults.create_distribution, true)
+  create_origin_access_identity = try(each.value.create_origin_access_identity, var.defaults.create_origin_access_identity, false)
+  origin_access_identities      = try(each.value.origin_access_identities, var.defaults.origin_access_identities, {})
+  aliases                       = try(each.value.aliases, var.defaults.aliases, null)
+  comment                       = try(each.value.comment, var.defaults.comment, null)
+  default_root_object           = try(each.value.default_root_object, var.defaults.default_root_object, null)
+  enabled                       = try(each.value.enabled, var.defaults.enabled, true)
+  http_version                  = try(each.value.http_version, var.defaults.http_version, "http2")
+  is_ipv6_enabled               = try(each.value.is_ipv6_enabled, var.defaults.is_ipv6_enabled, null)
+  price_class                   = try(each.value.price_class, var.defaults.price_class, null)
+  retain_on_delete              = try(each.value.retain_on_delete, var.defaults.retain_on_delete, false)
+  wait_for_deployment           = try(each.value.wait_for_deployment, var.defaults.wait_for_deployment, true)
+  web_acl_id                    = try(each.value.web_acl_id, var.defaults.web_acl_id, null)
+  tags                          = try(each.value.tags, var.defaults.tags, null)
+  origin                        = try(each.value.origin, var.defaults.origin, null)
+  origin_group                  = try(each.value.origin_group, var.defaults.origin_group, {})
+  viewer_certificate = try(each.value.viewer_certificate, var.defaults.viewer_certificate, {
+    cloudfront_default_certificate = true
+    minimum_protocol_version       = "TLSv1"
+  })
+  geo_restriction                      = try(each.value.geo_restriction, var.defaults.geo_restriction, {})
+  logging_config                       = try(each.value.logging_config, var.defaults.logging_config, {})
+  custom_error_response                = try(each.value.custom_error_response, var.defaults.custom_error_response, {})
+  default_cache_behavior               = try(each.value.default_cache_behavior, var.defaults.default_cache_behavior, null)
+  ordered_cache_behavior               = try(each.value.ordered_cache_behavior, var.defaults.ordered_cache_behavior, [])
+  create_monitoring_subscription       = try(each.value.create_monitoring_subscription, var.defaults.create_monitoring_subscription, false)
+  realtime_metrics_subscription_status = try(each.value.realtime_metrics_subscription_status, var.defaults.realtime_metrics_subscription_status, "Enabled")
+}
diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf
@@ -0,0 +1,5 @@
+output "wrapper" {
+  description = "Map of outputs of a wrapper."
+  value       = module.wrapper
+  # sensitive = false  # No sensitive module output found
+}
diff --git a/wrappers/variables.tf b/wrappers/variables.tf
@@ -0,0 +1,11 @@
+variable "defaults" {
+  description = "Map of default values which will be used for each item."
+  type        = any
+  default     = {}
+}
+
+variable "items" {
+  description = "Maps of items to create a wrapper from. Values are passed through to the module."
+  type        = any
+  default     = {}
+}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.13.1"
+}

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 3.64"`
	`7`	`+ version = ">= 4.29"`
`8`	`8`	`}`
`9`	`9`	`random = {`
`10`	`10`	`source = "hashicorp/random"`
`@@ -14,5 +14,13 @@ terraform {`
`14`	`14`	`source = "hashicorp/null"`
`15`	`15`	`version = ">= 2.0"`
`16`	`16`	`}`
	`17`	`+ external = {`
	`18`	`+ source = "hashicorp/external"`
	`19`	`+ version = ">= 1.0"`
	`20`	`+ }`
	`21`	`+ local = {`
	`22`	`+ source = "hashicorp/local"`
	`23`	`+ version = ">= 1.0"`
	`24`	`+ }`
`17`	`25`	`}`
`18`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+terraform {`
	`2`	`+ required_version = ">= 0.13.1"`
	`3`	`+}`