Merge pull request #27 from comtravo/chore/move-ssm-to-mono-repo

Move SSM Parameter store to mono repo
comtravo · Jan 26, 2022 · 6b2254c · 6b2254c
2 parents fc53e69 + 5f70493
commit 6b2254c
Show file tree

Hide file tree

Showing 9 changed files with 309 additions and 0 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -34,6 +34,10 @@ jobs:
             testArgs: -run=TestLegacyVPC -timeout=120m
             testFile: test/aws_vpc_legacy_test.go
 
+          - module: parameter-store
+            testArgs: -run=TestSSMParameterStore
+            testFile: test/aws_ssm_parameter_store_test.go
+
     steps:
       - id: skip_check
         uses: fkirc/skip-duplicate-actions@master

diff --git a/parameter-store/README.md b/parameter-store/README.md
@@ -0,0 +1,43 @@
+# Terraform AWS module for AWS SSM parameter
+
+## Introduction
+
+This module fetches the arn of the secret in AWS SSM parameter store.
+
+## Usage  
+Checkout [examples](./examples) for how to use this module
+
+## Authors
+
+Module managed by [Comtravo](https://github.com/comtravo).
+
+## License
+
+MIT Licensed. See [LICENSE](LICENSE) for full details.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.13 |
+| aws | ~> 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | ~> 3.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| enable | Enable this module | `bool` | `true` | no |
+| parameter | SSM parameter for which the ARN needs to be fetched | `string` | n/a | yes |
+| prefix | SSM parameter prefix | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| arn | SSM parameter ARN |
diff --git a/parameter-store/examples/basic/main.tf b/parameter-store/examples/basic/main.tf
@@ -0,0 +1,17 @@
+variable "secret_name" {
+  type        = string
+  description = "Secret's ARN to fetch"
+}
+
+provider "aws" {
+}
+
+module "fetch_secret_arn" {
+  source = "../../"
+
+  parameter = var.secret_name
+}
+
+output "arn" {
+  value = module.fetch_secret_arn.arn
+}
diff --git a/parameter-store/examples/custom_prefix/main.tf b/parameter-store/examples/custom_prefix/main.tf
@@ -0,0 +1,22 @@
+variable "secret_name" {
+  type        = string
+  description = "Secret's ARN to fetch"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Custom secretprefix"
+}
+
+provider "aws" {
+}
+
+module "fetch_secret_arn" {
+  source    = "../../"
+  prefix    = var.prefix
+  parameter = var.secret_name
+}
+
+output "arn" {
+  value = module.fetch_secret_arn.arn
+}
diff --git a/parameter-store/examples/disable/main.tf b/parameter-store/examples/disable/main.tf
@@ -0,0 +1,24 @@
+variable "secret_name" {
+  type        = string
+  description = "Secret's ARN to fetch"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Custom secretprefix"
+}
+
+provider "aws" {
+}
+
+module "fetch_secret_arn" {
+  source = "../../"
+
+  enable    = false
+  prefix    = var.prefix
+  parameter = var.secret_name
+}
+
+output "arn" {
+  value = module.fetch_secret_arn.arn
+}
diff --git a/parameter-store/main.tf b/parameter-store/main.tf
@@ -0,0 +1,50 @@
+/**
+* # Terraform AWS module for AWS SSM parameter
+*
+* ## Introduction
+*
+* This module fetches the arn of the secret in AWS SSM parameter store.
+*
+* ## Usage
+* Checkout [examples](./examples) for how to use this module
+*
+* ## Authors
+*
+* Module managed by [Comtravo](https://github.com/comtravo).
+*
+* ## License
+*
+* MIT Licensed. See [LICENSE](LICENSE) for full details.
+*/
+
+variable "parameter" {
+  type        = string
+  description = "SSM parameter for which the ARN needs to be fetched"
+}
+
+variable "prefix" {
+  type        = string
+  description = "SSM parameter prefix"
+  default     = null
+}
+
+variable "enable" {
+  type        = bool
+  description = "Enable this module"
+  default     = true
+}
+
+locals {
+  prefix = var.prefix != null ? var.prefix : "${upper(terraform.workspace)}_"
+}
+
+data "aws_ssm_parameter" "parameter" {
+  count           = var.enable ? 1 : 0
+  name            = "${local.prefix}${var.parameter}"
+  with_decryption = false
+}
+
+output "arn" {
+  description = "SSM parameter ARN"
+  value       = var.enable ? data.aws_ssm_parameter.parameter[0].arn : ""
+}
diff --git a/parameter-store/versions.tf b/parameter-store/versions.tf
@@ -0,0 +1,10 @@
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
diff --git a/test/aws_ssm_parameter_store_test.go b/test/aws_ssm_parameter_store_test.go
@@ -0,0 +1,138 @@
+package test
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSSMParameterStore_basic(t *testing.T) {
+	t.Parallel()
+
+	workspaceName := strings.ToUpper(fmt.Sprintf("WS_%s", random.UniqueId()))
+	secretName := fmt.Sprintf("FOO_%s", random.UniqueId())
+
+	expectedParameterName := fmt.Sprintf("%s_%s", workspaceName, secretName)
+	secretValue := random.UniqueId()
+
+	SSMPutParameter(t, expectedParameterName, secretValue)
+
+	exampleDir := "../parameter-store/examples/basic/"
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: exampleDir,
+		Vars: map[string]interface{}{
+			"secret_name": secretName,
+		},
+	}
+	defer terraform.Destroy(t, terraformOptions)
+
+	terraform.Init(t, terraformOptions)
+	terraform.WorkspaceSelectOrNew(t, terraformOptions, workspaceName)
+	SSMParameterStoreTerraformApplyAndValidateOutputs(t, terraformOptions, expectedParameterName)
+
+	t.Logf("Terraform module inputs: %+v", *terraformOptions)
+}
+
+func TestSSMParameterStore_customPrefix(t *testing.T) {
+	t.Parallel()
+
+	customPrefixName := strings.ToUpper(fmt.Sprintf("PF_%s", random.UniqueId()))
+	secretName := fmt.Sprintf("FOO_%s_", random.UniqueId())
+
+	expectedParameterName := fmt.Sprintf("%s%s", customPrefixName, secretName)
+	secretValue := random.UniqueId()
+
+	SSMPutParameter(t, expectedParameterName, secretValue)
+
+	exampleDir := "../parameter-store/examples/custom_prefix/"
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: exampleDir,
+		Vars: map[string]interface{}{
+			"secret_name": secretName,
+			"prefix":      customPrefixName,
+		},
+	}
+	defer terraform.Destroy(t, terraformOptions)
+
+	SSMParameterStoreTerraformApplyAndValidateOutputs(t, terraformOptions, expectedParameterName)
+
+	t.Logf("Terraform module inputs: %+v", *terraformOptions)
+}
+
+func TestSSMParameterStore_disable(t *testing.T) {
+	t.Parallel()
+
+	customPrefixName := strings.ToUpper(fmt.Sprintf("PF_%s", random.UniqueId()))
+	secretName := fmt.Sprintf("FOO_%s_", random.UniqueId())
+
+	expectedParameterName := fmt.Sprintf("%s%s", customPrefixName, secretName)
+	secretValue := random.UniqueId()
+
+	SSMPutParameter(t, expectedParameterName, secretValue)
+
+	exampleDir := "../parameter-store/examples/disable/"
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: exampleDir,
+		Vars: map[string]interface{}{
+			"secret_name": secretName,
+			"prefix":      customPrefixName,
+		},
+	}
+	defer terraform.Destroy(t, terraformOptions)
+
+	SSMParameterStoreTerraformApplyAndValidateOutputs(t, terraformOptions, "")
+
+	t.Logf("Terraform module inputs: %+v", *terraformOptions)
+}
+
+func SSMPutParameter(t *testing.T, secretName string, secretValue string) *ssm.PutParameterOutput {
+	sess := session.Must(session.NewSession(&aws.Config{
+		Region: aws.String("us-east-1"),
+	}))
+
+	ssmClient := ssm.New(sess, &aws.Config{})
+
+	params := ssm.PutParameterInput{
+		Name:  aws.String(secretName),
+		Value: aws.String(secretValue),
+		Type:  aws.String("SecureString"),
+	}
+
+	t.Logf("Creating secret with parameters: %+v", params)
+	res, err := ssmClient.PutParameter(&params)
+
+	if err != nil {
+		panic(err)
+	}
+
+	t.Logf("Creating secret response: %+v", res)
+	return res
+}
+
+func SSMParameterStoreTerraformApplyAndValidateOutputs(t *testing.T, terraformOptions *terraform.Options, expectedParameterName string) {
+	terraformApplyOutput := terraform.InitAndApply(t, terraformOptions)
+	resourceCount := terraform.GetResourceCount(t, terraformApplyOutput)
+
+	require.Equal(t, resourceCount.Add, 0)
+	require.Equal(t, resourceCount.Change, 0)
+	require.Equal(t, resourceCount.Destroy, 0)
+
+	if expectedParameterName == "" {
+		require.Equal(t, "", terraform.Output(t, terraformOptions, "arn"))
+	} else {
+		require.Regexp(t,
+			regexp.MustCompile(fmt.Sprintf("arn:aws:ssm:us-east-1:\\d{12}:parameter/%s", expectedParameterName)),
+			terraform.Output(t, terraformOptions, "arn"))
+	}
+}
diff --git a/test/go.mod b/test/go.mod
@@ -3,6 +3,7 @@ module github.com/comtravo/terraform-modules/test
 go 1.14
 
 require (
+	github.com/aws/aws-sdk-go v1.40.56
 	github.com/gruntwork-io/terratest v0.38.9
 	github.com/stretchr/testify v1.7.0
 )