From 0abf6989940e20ef47ce0bfa29fa92b364de6745 Mon Sep 17 00:00:00 2001 From: Warren Uniewski Date: Mon, 13 Feb 2023 16:37:18 -0800 Subject: [PATCH 1/2] add gha workflows --- .github/workflows/terraform-docs.yaml | 18 ++++++++++++++++++ .github/workflows/terraform-fmt.yaml | 12 ++++++++++++ .github/workflows/terraform-validate.yaml | 15 +++++++++++++++ README.md | 7 +++++-- 4 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/terraform-docs.yaml create mode 100644 .github/workflows/terraform-fmt.yaml create mode 100644 .github/workflows/terraform-validate.yaml diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml new file mode 100644 index 0000000..2ec2082 --- /dev/null +++ b/.github/workflows/terraform-docs.yaml @@ -0,0 +1,18 @@ +name: Generate terraform docs +on: + - pull_request +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.0.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" \ No newline at end of file diff --git a/.github/workflows/terraform-fmt.yaml b/.github/workflows/terraform-fmt.yaml new file mode 100644 index 0000000..7ee1259 --- /dev/null +++ b/.github/workflows/terraform-fmt.yaml @@ -0,0 +1,12 @@ +name: terraform format check +on: + - pull_request +jobs: + format: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + + - name: terraform fmt + run: terraform fmt -check -recursive -diff \ No newline at end of file diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..887e11c --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,15 @@ +name: terraform validate +on: + - pull_request +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + + - name: terraform init + run: terraform init -input=false -backend=false + + - name: terraform validate + run: terraform validate \ No newline at end of file diff --git a/README.md b/README.md index 9626450..4671f8a 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,14 @@ This repo provides a starting point for users who want to create valid Terraform ## Project Status + - [x] Development - [ ] Production/Maintenance -## Documentation - +# Documentation + + + ## References From fe53d19457e0bd95adec6158d62ea29272789952 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 14 Feb 2023 00:37:48 +0000 Subject: [PATCH 2/2] terraform-docs: automated action --- README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/README.md b/README.md index 4671f8a..70b5712 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,56 @@ This repo provides a starting point for users who want to create valid Terraform # Documentation +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 4.0 | +| [keycloak](#requirement\_keycloak) | >= 2.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 4.0 | +| [external](#provider\_external) | n/a | +| [keycloak](#provider\_keycloak) | >= 2.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cloud\_roles](#module\_cloud\_roles) | github.com/BCDevOps/terraform-keycloak-role-group-simplification | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.bcgov_perm_boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.admin_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.role-policy-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_saml_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource | +| [aws_caller_identity.aws_context](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [external_external.saml_idp_descriptor](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [keycloak_realm.kc-lz-sso-realm](https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/data-sources/realm) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [account\_name](#input\_account\_name) | Name to identify the account. | `string` | n/a | yes | +| [account\_roles](#input\_account\_roles) | Roles and associated policies for an account. | `map(string)` | n/a | yes | +| [aws\_saml\_idp\_name](#input\_aws\_saml\_idp\_name) | Name for Keycloak IDP that will be created in AWS | `string` | `"BCGovKeyCloak"` | no | +| [kc\_base\_url](#input\_kc\_base\_url) | Base URL of KeyCloak instance to interact with. | `string` | n/a | yes | +| [kc\_iam\_auth\_client\_id](#input\_kc\_iam\_auth\_client\_id) | Client ID of client where KC roles corresponding to AWS roles will be created. | `string` | n/a | yes | +| [kc\_realm](#input\_kc\_realm) | KeyCloak realm where terraform client has been created and where users/groups to be created/manipulated exist. | `string` | n/a | yes | +| [trusted\_login\_sources](#input\_trusted\_login\_sources) | A list of one or more URLs from which login is expected and permitted. | `list(string)` | 
[
  "https://signin.aws.amazon.com/saml"
]
| no | + +## Outputs + +| Name | Description | +|------|-------------| +| [roles](#output\_roles) | module outputs should be defined and documented here. | ## References