refactor: rework value mapping for for_each and update dependencies (#11

)
cloudposse · May 14, 2021 · 1344493 · 1344493
1 parent bb57af4
commit 1344493
Show file tree

Hide file tree

Showing 8 changed files with 195 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -172,7 +172,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
 
 ## Providers

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
 
 ## Providers

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -17,7 +17,35 @@ module "new_security_group" {
   source = "../.."
 
   vpc_id = module.vpc.vpc_id
-  rules  = var.rules
+  rules = [
+    {
+      type                     = "ingress"
+      from_port                = 22
+      to_port                  = 22
+      protocol                 = "tcp"
+      cidr_blocks              = []
+      source_security_group_id = aws_security_group.external.id
+      description              = "Allow SSH access form the external SG"
+    },
+    {
+      type                     = "ingress"
+      from_port                = 443
+      to_port                  = 443
+      protocol                 = "all"
+      cidr_blocks              = ["0.0.0.0/0"]
+      source_security_group_id = null
+      description              = null
+    },
+    {
+      type                     = "egress"
+      from_port                = 0
+      to_port                  = 65535
+      protocol                 = "all"
+      cidr_blocks              = ["0.0.0.0/0"]
+      source_security_group_id = null
+      description              = "Allow all outbound traffic"
+    }
+  ]
 
   context = module.this.context
 }

diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 0.14.0"
 
   required_providers {
     aws = {

diff --git a/main.tf b/main.tf
@@ -7,19 +7,71 @@ locals {
   arn                    = local.is_external ? join("", data.aws_security_group.external.*.arn) : join("", aws_security_group.default.*.arn)
   name                   = local.is_external ? join("", data.aws_security_group.external.*.name) : join("", aws_security_group.default.*.name)
   rules = module.this.enabled && var.rules != null ? {
-    for rule in flatten(distinct(var.rules)) :
-    format("%s-%s-%s-%s-%s-%s-%s-%s-%s-%s",
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
       rule.type,
       rule.protocol,
       rule.from_port,
       rule.to_port,
-      lookup(rule, "cidr_blocks", null) == null ? "no_ipv4" : "ipv4",
-      lookup(rule, "ipv6_cidr_blocks", null) == null ? "no_ipv6" : "ipv6",
-      lookup(rule, "security_group_id", null) == null ? "no_ssg" : "ssg",
-      lookup(rule, "prefix_list_ids", null) == null ? "no_pli" : "pli",
-      lookup(rule, "self", null) == null ? "no_self" : "self",
-      lookup(rule, "description", null) == null ? "no_desc" : md5(rule.description)
-    ) => rule
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+      ) => {
+      type        = rule.type
+      protocol    = rule.protocol
+      from_port   = rule.from_port
+      to_port     = rule.to_port
+      description = try(rule.description, format("Managed by Terraform #%d", indx))
+    }
+  } : {}
+  source_security_group_id = module.this.enabled && var.rules != null ? {
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
+      rule.type,
+      rule.protocol,
+      rule.from_port,
+      rule.to_port,
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+    ) => try(rule.source_security_group_id, null)
+  } : {}
+
+  cidr_blocks = module.this.enabled && var.rules != null ? {
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
+      rule.type,
+      rule.protocol,
+      rule.from_port,
+      rule.to_port,
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+    ) => try(rule.cidr_blocks, null) != null ? (length(rule.cidr_blocks) > 0 ? rule.cidr_blocks : null) : null
+  } : {}
+  ipv6_cidr_blocks = module.this.enabled && var.rules != null ? {
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
+      rule.type,
+      rule.protocol,
+      rule.from_port,
+      rule.to_port,
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+    ) => try(rule.ipv6_cidr_blocks, null) != null ? (length(rule.ipv6_cidr_blocks) > 0 ? rule.ipv6_cidr_blocks : null) : null
+  } : {}
+  prefix_list_ids = module.this.enabled && var.rules != null ? {
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
+      rule.type,
+      rule.protocol,
+      rule.from_port,
+      rule.to_port,
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+    ) => try(rule.prefix_list_ids, null) != null ? (length(rule.prefix_list_ids) > 0 ? rule.prefix_list_ids : null) : null
+  } : {}
+  self = module.this.enabled && var.rules != null ? {
+    for indx, rule in flatten(var.rules) :
+    format("%s-%s-%s-%s-%s",
+      rule.type,
+      rule.protocol,
+      rule.from_port,
+      rule.to_port,
+      lookup(rule, "description", null) == null ? md5(format("Managed by Terraform #%d", indx)) : md5(rule.description)
+    ) => try(rule.self, null)
   } : {}
 }
 
@@ -51,10 +103,10 @@ resource "aws_security_group_rule" "default" {
   from_port                = each.value.from_port
   to_port                  = each.value.to_port
   protocol                 = each.value.protocol
-  cidr_blocks              = lookup(each.value, "cidr_blocks", null)
-  ipv6_cidr_blocks         = lookup(each.value, "ipv6_cidr_blocks", null)
-  prefix_list_ids          = lookup(each.value, "prefix_list_ids", null)
-  source_security_group_id = lookup(each.value, "source_security_group_id", null)
-  self                     = lookup(each.value, "self", null)
-  description              = lookup(each.value, "description", null) == null ? "Managed by Terraform" : each.value.description
+  description              = each.value.description
+  cidr_blocks              = lookup(local.cidr_blocks, each.key, null)
+  ipv6_cidr_blocks         = lookup(local.ipv6_cidr_blocks, each.key, null)
+  prefix_list_ids          = lookup(local.prefix_list_ids, each.key, null)
+  source_security_group_id = lookup(local.source_security_group_id, each.key, null)
+  self                     = lookup(local.self, each.key, null)
 }
diff --git a/test/src/go.mod b/test/src/go.mod
@@ -3,10 +3,11 @@ module github.com/cloudposse/terraform-example-module
 go 1.13
 
 require (
-	github.com/gruntwork-io/terratest v0.28.15
+	github.com/gruntwork-io/terratest v0.32.8
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a // indirect
 	golang.org/x/net v0.0.0-20200822124328-c89045814202 // indirect
 	golang.org/x/sys v0.0.0-20200828194041-157a740278f4 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+	sigs.k8s.io/structured-merge-diff/v3 v3.0.0 // indirect
 )