Merge pull request #9 from sbp-akamai/new_features

new features
sbp-akamai · Mar 22, 2024 · 523f6d0 · 523f6d0
2 parents 898826f + 47e1fe9
commit 523f6d0
Show file tree

Hide file tree

Showing 11 changed files with 212 additions and 98 deletions.
diff --git a/.github/workflows/ci-checks-tf.yml b/.github/workflows/ci-checks-tf.yml
@@ -0,0 +1,66 @@
+name: ci-checks-tf
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, labeled, unlabeled]
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    container: ghcr.io/antonbabenko/pre-commit-terraform:v1.79.1
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: 'pre-commit::add-github-repo-safe'
+        run: |
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+
+      - name: 'pre-commit::run-all-checks'
+        run: |
+          pre-commit run -a --show-diff-on-failure -v
+
+  module-required-files:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: 'tf-module::check-required-files'
+        id: check_files
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "variables.tf, main.tf, README.md, versions.tf"
+          fail: true
+
+  label-required-semver:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'pr::check-required-semver'
+        uses: docker://agilepathway/pull-request-label-checker:latest
+        with:
+          prefix_mode: true
+          one_of: "release/" # patch , minor , major
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+
+  label-required-pr-type:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'pr::check-required-pr-type'
+        uses: docker://agilepathway/pull-request-label-checker:latest
+        with:
+          any_of: bug,enhancement,documentation,security
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+
+  label-do-not-merge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'pr::check-required-semver'
+        uses: docker://agilepathway/pull-request-label-checker:latest
+        with:
+          none_of: do-not-merge
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -46,4 +46,4 @@ jobs:
       - name: Check out code
         uses: actions/checkout@master
       - name: Terraform security scan
-        uses: triat/terraform-security-scan@v3.0.3
+        uses: triat/terraform-security-scan@v3.1.0
diff --git a/.github/workflows/v1-func-create-tag-and-release.yml b/.github/workflows/v1-func-create-tag-and-release.yml
@@ -0,0 +1,37 @@
+name: v1-func-create-tag-and-release
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  create-new-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-ecosystem/action-release-label@v1
+        id: release-label
+        if: ${{ github.event.pull_request.merged == true }}
+
+      - uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+        if: ${{ steps.release-label.outputs.level != null }}
+
+      - uses: actions-ecosystem/action-bump-semver@v1
+        id: bump-semver
+        if: ${{ steps.release-label.outputs.level != null }}
+        with:
+          current_version: ${{ steps.get-latest-tag.outputs.tag }}
+          level: ${{ steps.release-label.outputs.level }}
+
+      - uses: actions-ecosystem/action-push-tag@v1
+        if: ${{ steps.release-label.outputs.level != null }}
+        with:
+          tag: ${{ steps.bump-semver.outputs.new_version }}
+          message: '${{ steps.bump-semver.outputs.new_version }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}'
+
+      - name: 'gh::release'
+        if: ${{ steps.release-label.outputs.level != null }}
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.bump-semver.outputs.new_version }}
diff --git a/.gitignore b/.gitignore
@@ -6,4 +6,7 @@
 *.tfstate.*
 
 # .tfvars files
-*.tfvars
+*.tfvars
+
+# .terraform.lock.hcl files
+.terraform.local.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_validate
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/example/.terraform.lock.hcl b/example/.terraform.lock.hcl
diff --git a/example/main.tf b/example/main.tf
@@ -1,17 +1,18 @@
 data "aws_region" "current" {}
 
 provider "elasticsearch" {
-  url         = "https://${var.cluster_name}.${var.cluster_domain_name}"
+  url         = "https://${var.cluster_name}.${var.cluster_domain}"
   aws_region  = data.aws_region.current.name
   healthcheck = false
 }
 
 module "opensearch" {
   source = "../"
 
+  enabled = true
+
   cluster_name    = var.cluster_name
-  cluster_domain  = var.cluster_domain_name
-  cluster_version = "OpenSearch_1.2"
+  cluster_version = "OpenSearch_2.7"
 
   subnet_ids         = var.subnet_ids
   security_group_ids = var.security_group_ids
@@ -21,5 +22,7 @@ module "opensearch" {
   ebs_enabled     = true
   ebs_volume_size = 50
 
+  saml_options_enabled = false
+
   cloudwatch_log_enabled = true
 }
diff --git a/main.tf b/main.tf
@@ -1,6 +1,7 @@
 resource "aws_elasticsearch_domain" "opensearch" {
   domain_name           = var.cluster_name
   elasticsearch_version = var.cluster_version
+  count                 = var.enabled ? 1 : 0
 
   cluster_config {
     dedicated_master_enabled = var.master_instance_count > 0
@@ -14,6 +15,10 @@ resource "aws_elasticsearch_domain" "opensearch" {
     warm_count   = var.warm_enabled ? var.warm_instance_count : null
     warm_type    = var.warm_enabled ? var.warm_instance_type : null
 
+    cold_storage_options {
+      enabled = var.cold_enabled
+    }
+
     zone_awareness_enabled = (var.availability_zones > 1) ? true : false
 
     zone_awareness_config {
@@ -49,7 +54,9 @@ resource "aws_elasticsearch_domain" "opensearch" {
     enabled                        = true
     internal_user_database_enabled = var.internal_user_database_enabled
     master_user_options {
-      master_user_arn = var.master_user_arn
+      master_user_arn      = var.internal_user_database_enabled ? var.master_user_arn : null
+      master_user_name     = var.internal_user_database_enabled ? var.master_user_name : null
+      master_user_password = var.internal_user_database_enabled ? var.master_user_password : null
     }
   }
 
@@ -89,11 +96,29 @@ resource "aws_elasticsearch_domain" "opensearch" {
     role_arn         = var.cognito_enabled ? var.cognito_role_arn : ""
   }
 
+  dynamic "auto_tune_options" {
+    for_each = var.autotune_enabled ? [1] : []
+    content {
+      desired_state       = var.autotune_options.desired_state
+      rollback_on_disable = var.autotune_options.rollback_on_disable
+
+      maintenance_schedule {
+        start_at = var.autotune_options.maintenance_schedule.start_at
+        duration {
+          value = var.autotune_options.maintenance_schedule.duration
+          unit  = "HOURS"
+        }
+        cron_expression_for_recurrence = var.autotune_options.maintenance_schedule.cron_expression
+      }
+    }
+  }
+
   tags = var.tags
 }
 
 resource "aws_elasticsearch_domain_saml_options" "opensearch_saml_options" {
   domain_name = var.cluster_name
+  count       = var.saml_options_enabled ? 1 : 0
   saml_options {
     enabled                 = var.saml_options_enabled
     master_backend_role     = var.saml_options_master_backend_role

diff --git a/outputs.tf b/outputs.tf
@@ -1,29 +1,29 @@
 output "opensearch_domain_arn" {
   description = "Return ARN of the OpenSearch cluster domain."
-  value       = aws_elasticsearch_domain.opensearch.arn
+  value       = aws_elasticsearch_domain.opensearch[*].arn
 }
 
 output "opensearch_domain_id" {
   description = "The domain id of the OpenSearch cluster."
-  value       = aws_elasticsearch_domain.opensearch.id
+  value       = aws_elasticsearch_domain.opensearch[*].id
 }
 
 output "cluster_name" {
   description = "The name of the OpenSearch cluster."
-  value       = aws_elasticsearch_domain.opensearch.domain_name
+  value       = aws_elasticsearch_domain.opensearch[*].domain_name
 }
 
 output "cluster_endpoint" {
   description = "The endpoint URL of the OpenSearch cluster."
-  value       = aws_elasticsearch_domain.opensearch.endpoint
+  value       = aws_elasticsearch_domain.opensearch[*].endpoint
 }
 
 output "cluster_version" {
   description = "The version of the OpenSearch cluster."
-  value       = replace(aws_elasticsearch_domain.opensearch.elasticsearch_version, "OpenSearch_", "")
+  value       = [for i in aws_elasticsearch_domain.opensearch[*] : replace(i.elasticsearch_version, "OpenSearch_", "")]
 }
 
 output "kibana_endpoint" {
   description = "The endpoint URL of Kibana."
-  value       = aws_elasticsearch_domain.opensearch.kibana_endpoint
+  value       = aws_elasticsearch_domain.opensearch[*].kibana_endpoint
 }