Merge pull request #17 from fvazquez-caylent/CA-10-Tag-based-authorization

fvazquez-caylent · web-flow · commit 15d3de7ffab0 · 2021-07-21T16:14:45.000-03:00
CA-10 Tag based authorization
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Tamr Terraform Template Repo
 
+## v2.1.0 - July 12nd 2021
+* Adds tags for RDS Subnet Group.
+* Adds new variable `tags` to set tags for all resources
+* Deprecates `additional_tags` in favor of `tags`
+
 ## v2.0.0 - June 30th 2021
 * Accepts a list of security groups
 * Returns a list of ports used by RDS
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ This terraform module will create:
 | subnet\_group\_name | The name of the subnet group to add the RDS instance to | `string` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
-| additional\_tags | Additional tags to set on the RDS instance | `map(string)` | `{}` | no |
+| additional\_tags | [DEPRECATED: Use `tags` instead] Additional tags to set on the RDS instance. | `map(string)` | `{}` | no |
 | allocated\_storage | Allocate storage | `number` | `20` | no |
 | apply\_immediately | Apply immediately, do not set this to true for production | `bool` | `false` | no |
 | backup\_retention\_period | Backup retention period in days | `number` | `14` | no |
@@ -72,6 +72,7 @@ This terraform module will create:
 | security\_group\_name | Name for the security group for the rds instance | `string` | `"tamr_rds_sg"` | no |
 | skip\_final\_snapshot | Skip final snapshot | `bool` | `true` | no |
 | storage\_type | Storage type (e.g. gp2, io1) | `string` | `"gp2"` | no |
+| tags | A map of tags to add to all resources. Replaces `additional_tags`. | `map(string)` | `{}` | no |
 | username | The username for the master DB user. | `string` | `"tamr"` | no |
 
 ## Outputs
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.0.0
+2.1.0
diff --git a/examples/minimal/README.md b/examples/minimal/README.md
@@ -17,6 +17,7 @@ No provider.
 | subnet\_ids | List of at least 2 subnets in different AZs for DB subnet group | `list(string)` | n/a | yes |
 | vpc\_id | VPC ID of network. | `string` | n/a | yes |
 | egress\_cidr\_blocks | CIDR blocks to attach to security groups for egress | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| tags | A map of tags to add to all resources created by this example. | `map(string)` | <pre>{<br>  "Author": "Tamr",<br>  "Environment": "Example"<br>}</pre> | no |
 
 ## Outputs
 
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
@@ -8,11 +8,12 @@ module "rds_postgres" {
   username             = "exampleUsername"
   password             = "examplePassword" #tfsec:ignore:GEN003
 
-  vpc_id            = var.vpc_id
-  subnet_group_name = "example_subnet_group"
+  vpc_id             = var.vpc_id
+  subnet_group_name  = "example_subnet_group"
   # Network requirement: DB subnet group needs a subnet in at least two Availability Zones
   rds_subnet_ids = var.subnet_ids
   security_group_ids = module.rds-postgres-sg.security_group_ids
+  tags               = var.tags
 }
 
 module "sg-ports" {
@@ -29,4 +30,5 @@ module "rds-postgres-sg" {
   sg_name_prefix = var.name_prefix
   egress_protocol = "all"
   ingress_protocol = "tcp"
+  tags = var.tags
 }
diff --git a/examples/minimal/variables.tf b/examples/minimal/variables.tf
@@ -27,3 +27,13 @@ variable "egress_cidr_blocks" {
   type = list(string)
   default = ["0.0.0.0/0"]
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to add to all resources created by this example."
+  default     = { 
+    Author = "Tamr"
+    Environment = "Example"
+  }
+}
+
diff --git a/main.tf b/main.tf
@@ -1,13 +1,18 @@
+locals {
+  effective_tags = length(var.tags) > 0 ? var.tags : var.additional_tags
+}
+
 resource "aws_db_parameter_group" "rds_postgres_pg" {
   name        = var.parameter_group_name
   family      = var.parameter_group_family
   description = "TAMR RDS parameter group"
-  tags        = var.additional_tags
+  tags        = local.effective_tags
 }
 
 resource "aws_db_subnet_group" "rds_postgres_subnet_group" {
   name       = var.subnet_group_name
   subnet_ids = var.rds_subnet_ids
+  tags       = local.effective_tags
 }
 
 resource "aws_db_instance" "rds_postgres" {
@@ -41,7 +46,7 @@ resource "aws_db_instance" "rds_postgres" {
   apply_immediately = var.apply_immediately
 
   copy_tags_to_snapshot = var.copy_tags_to_snapshot
-  tags                  = var.additional_tags
+  tags                  = local.effective_tags
 
   lifecycle {
     ignore_changes = [password]
diff --git a/variables.tf b/variables.tf
@@ -104,8 +104,14 @@ variable "copy_tags_to_snapshot" {
 }
 
 variable "additional_tags" {
-  description = "Additional tags to set on the RDS instance"
   type        = map(string)
+  description = "[DEPRECATED: Use `tags` instead] Additional tags to set on the RDS instance."
+  default     = {}
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to add to all resources. Replaces `additional_tags`."
   default     = {}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -104,8 +104,14 @@ variable "copy_tags_to_snapshot" {`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`variable "additional_tags" {`
`107`		`- description = "Additional tags to set on the RDS instance"`
`108`	`107`	`type = map(string)`
	`108`	+ description = "[DEPRECATED: Use `tags` instead] Additional tags to set on the RDS instance."
	`109`	`+ default = {}`
	`110`	`+}`
	`111`	`+`
	`112`	`+variable "tags" {`
	`113`	`+ type = map(string)`
	`114`	+ description = "A map of tags to add to all resources. Replaces `additional_tags`."
`109`	`115`	`default = {}`
`110`	`116`	`}`
`111`	`117`