ENG-1058: init

Author: smiller171

README.md

@@ -1,52 +1,71 @@
-# terraform-terraform-template
+# terraform-aws-component-ansible-setup
 Template repository for terraform modules. Good for any cloud and any provider.
 
-[![tflint](https://github.com/rhythmictech/terraform-terraform-template/workflows/tflint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-terraform-template/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)
-[![tfsec](https://github.com/rhythmictech/terraform-terraform-template/workflows/tfsec/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-terraform-template/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)
-[![yamllint](https://github.com/rhythmictech/terraform-terraform-template/workflows/yamllint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-terraform-template/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)
-[![misspell](https://github.com/rhythmictech/terraform-terraform-template/workflows/misspell/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-terraform-template/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)
-[![pre-commit-check](https://github.com/rhythmictech/terraform-terraform-template/workflows/pre-commit-check/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-terraform-template/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)
+[![tflint](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/workflows/tflint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)
+[![tfsec](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/workflows/tfsec/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)
+[![yamllint](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/workflows/yamllint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)
+[![misspell](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/workflows/misspell/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)
+[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/workflows/pre-commit-check/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-component-ansible-setup/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)
 <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=twitter" alt="follow on Twitter"></a>
 
+Terraform module that creates an EC2 Image Builder component with CloudFormation which installs Ansible on Amazon Linux 2
+
 ## Example
-Here's what using the module will look like
 ```hcl
-module "example" {
-  source = "rhythmictech/terraform-mycloud-mymodule
+module "test_component" {
+  source  = "rhythmictech/imagebuilder-component-ansible-setup/aws"
+  version = "~> 1.0.0-rc1"
+
+  component_version = "1.0.0"
+  description       = "Testing component"
+  name              = "testing-component"
+  tags              = local.tags
 }
 ```
 
 ## About
-A bit about this module
+This module bridges the gap allowing Terraform to create an EC2 Image Builder component which installs Ansible on Amazon Linux 2 until native support for Image Builder is added to Terraform
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.14 |
+| terraform | >= 0.12.28 |
+| aws | >= 2.44, < 4.0.0 |
 
 ## Providers
 
-No provider.
+| Name | Version |
+|------|---------|
+| aws | >= 2.44, < 4.0.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| name | Moniker to apply to all resources in the module | `string` | n/a | yes |
-| tags | User-Defined tags | `map(string)` | `{}` | no |
+| component\_version | Version of the component | `string` | n/a | yes |
+| name | name to use for component | `string` | n/a | yes |
+| change\_description | description of changes since last version | `string` | `null` | no |
+| cloudformation\_timeout | How long to wait (in minutes) for CFN to apply before giving up | `number` | `10` | no |
+| data\_uri | Use this to override the component document with one at a particualar URL endpoint | `string` | `null` | no |
+| description | description of component | `string` | `null` | no |
+| kms\_key\_id | KMS key to use for encryption | `string` | `null` | no |
+| platform | platform of component (Linux or Windows) | `string` | `"Linux"` | no |
+| ssh\_key\_secret\_arn | ARN of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
+| ssh\_key\_secret\_name | Name of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
+| tags | map of tags to use for CFN stack and component | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| tags\_module | Tags Module in it's entirety |
+| component\_arn | ARN of the EC2 Image Builder Component |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
-## The Giants Underneath this Module
-- [pre-commit.com](pre-commit.com)
-- [terraform.io](terraform.io)
-- [github.com/tfutils/tfenv](github.com/tfutils/tfenv)
-- [github.com/segmentio/terraform-docs](github.com/segmentio/terraform-docs)
+## The Giants underneath this module
+- pre-commit.com/
+- terraform.io/
+- github.com/tfutils/tfenv
+- github.com/segmentio/terraform-docs

cloudformation.yml.tpl

@@ -0,0 +1,31 @@
+Resources:
+  ImageBuildComponent:
+    Type: AWS::ImageBuilder::Component
+    # Retaining each component when updated because the old component can't be removed until the recipe is updated
+    UpdateReplacePolicy: Retain
+    Properties:
+      Name: ${name}
+      Version: ${version}
+      %{~ if change_description != null ~}
+      ChangeDescription: ${change_description}
+      %{~ endif ~}
+      %{~ if description != null ~}
+      Description: ${description}
+      %{~ endif ~}
+      %{~ if kms_key_id != null ~}
+      KmsKeyId: ${kms_key_id}
+      %{~ endif ~}
+      Platform: ${platform}
+      Tags:
+        ${ indent(8, chomp(yamlencode(tags))) }
+      %{~ if uri != null ~}
+      Uri: ${uri}
+      %{~ endif ~}
+      %{~ if data != null ~}
+      Data: |
+        ${indent(8, data)}
+      %{~ endif ~}
+Outputs:
+  ComponentArn:
+    Description: ARN of the created component
+    Value: !Ref "ImageBuildComponent"

component.yml.tpl

@@ -0,0 +1,19 @@
+name: ${name}-document
+%{ if description != null ~}
+description: ${description}
+%{ endif ~}
+schemaVersion: 1.0
+phases:
+  - name: build
+    steps:
+      - name: ansible-install
+        action: ExecuteBash
+        inputs:
+          commands:
+            # Install Ansible dependencies
+            - sudo yum install -y python python3 python-pip python3-pip git
+            # Enable Ansible repository
+            - sudo amazon-linux-extras enable ansible2
+            # Install Ansible
+            # TODO: #1 Enable version selection
+            - sudo yum install -y ansible

examples/basic/README.md

@@ -2,7 +2,19 @@
 A basic example for this repository
 
 ## Code
-Look to [main.tf](./main.tf), or be helpful and copy/paste that code here.
+```hcl
+module "test_component" {
+  source  = "rhythmictech/imagebuilder-component-ansible/aws"
+  version = "~> 0.2.0"
+
+  component_version = "1.0.0"
+  description       = "Testing component"
+  name              = "testing-component"
+  playbook_dir      = "packer-generic-images/base"
+  playbook_repo     = "https://github.com/rhythmictech/packer-generic-images.git"
+  tags              = local.tags
+}
+```
 
 ## Applying
 ```
@@ -12,47 +24,5 @@ Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
 
 Outputs:
 
-example = {
-  "tags_module" = {
-    "name" = "TEST"
-    "name32" = "TEST"
-    "name6" = "TEST"
-    "namenosymbols" = "TEST"
-    "tags" = {
-      "Name" = "TEST"
-      "terraform_managed" = true
-      "terraform_module" = "terraform-terraform-tags-1.0.0"
-      "terraform_root_module" = "."
-      "terraform_workspace" = "default"
-    }
-    "tags_as_list_of_maps" = [
-      {
-        "key" = "Name"
-        "value" = "TEST"
-      },
-      {
-        "key" = "terraform_managed"
-        "value" = true
-      },
-      {
-        "key" = "terraform_module"
-        "value" = "terraform-terraform-tags-1.0.0"
-      },
-      {
-        "key" = "terraform_root_module"
-        "value" = "."
-      },
-      {
-        "key" = "terraform_workspace"
-        "value" = "default"
-      },
-    ]
-    "tags_no_name" = {
-      "terraform_managed" = true
-      "terraform_module" = "terraform-terraform-tags-1.0.0"
-      "terraform_root_module" = "."
-      "terraform_workspace" = "default"
-    }
-  }
-}
+component_arn = arn:aws:imagebuilder:us-east-1:000000000000:component/testing-component/1.0.0/1
 ```

examples/basic/main.tf

@@ -1,10 +1,62 @@
+data "aws_caller_identity" "current" {
+}
+
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+  tags       = module.tags.tags_no_name
+}
+
+module "tags" {
+  source = "git::https://github.com/rhythmictech/terraform-terraform-tags.git?ref=v1.0.0"
+
+  names = [
+    "smiller",
+    "imagebuilder-test"
+  ]
+
+  tags = merge({
+    "Env"       = "test"
+    "Namespace" = "smiller"
+    "notes"     = "Testing only - Can be safely deleted"
+    "Owner"     = var.owner
+  }, var.additional_tags)
+}
+
+module "test_component" {
+  source  = "rhythmictech/imagebuilder-component-ansible-setup/aws"
+  version = "~> 1.0.0-rc1"
+
+  component_version = "1.0.0"
+  description       = "Testing component"
+  name              = "testing-component"
+  tags              = local.tags
+}
+
+module "test_recipe" {
+  source  = "rhythmictech/imagebuilder-recipe/aws"
+  version = "~> 0.2.0"
 
-module "example" {
-  source = "../.."
+  description    = "Testing recipe"
+  name           = "test-recipe"
+  parent_image   = "arn:aws:imagebuilder:us-east-1:aws:image/amazon-linux-2-x86/x.x.x"
+  recipe_version = "1.0.0"
+  tags           = local.tags
+  update         = true
 
-  name = "test"
+  component_arns = [
+    module.test_component.component_arn,
+    "arn:aws:imagebuilder:us-east-1:aws:component/simple-boot-test-linux/1.0.0/1",
+    "arn:aws:imagebuilder:us-east-1:aws:component/reboot-test-linux/1.0.0/1"
+  ]
 }
 
-output "example" {
-  value = module.example
+module "test_pipeline" {
+  source  = "rhythmictech/imagebuilder-pipeline/aws"
+  version = "~> 0.3.0"
+
+  description = "Testing pipeline"
+  name        = "test-pipeline"
+  tags        = local.tags
+  recipe_arn  = module.test_recipe.recipe_arn
+  public      = false
 }

main.tf

@@ -1,16 +1,51 @@
+locals {
+  has_ssh_key = var.ssh_key_secret_arn != null || var.ssh_key_secret_name != null
+
+  data = templatefile("${path.module}/component.yml.tpl", {
+    description  = var.description
+    name         = var.name
+    ssh_key_name = try(data.aws_secretsmanager_secret.ssh_key[0].name, null)
+  })
+}
 
-module "tags" {
-  source  = "rhythmictech/tags/terraform"
-  version = "1.0.0"
+data "aws_secretsmanager_secret" "ssh_key" {
+  count = local.has_ssh_key ? 1 : 0
 
-  enforce_case = "UPPER"
-  names        = [var.name]
-  tags         = var.tags
+  arn  = var.ssh_key_secret_arn
+  name = var.ssh_key_secret_name
 }
 
-locals {
-  # tflint-ignore: terraform_unused_declarations
-  name = module.tags.name
-  # tflint-ignore: terraform_unused_declarations
-  tags = module.tags.tags_no_name
+resource "aws_cloudformation_stack" "this" {
+  name               = "${var.name}-${uuid()}"
+  on_failure         = "ROLLBACK"
+  timeout_in_minutes = var.cloudformation_timeout
+
+  tags = merge(
+    var.tags,
+    { Name : "${var.name}-stack" }
+  )
+
+  template_body = templatefile("${path.module}/cloudformation.yml.tpl", {
+    change_description = var.change_description
+    data               = local.data
+    description        = var.description
+    kms_key_id         = var.kms_key_id
+    name               = var.name
+    platform           = var.platform
+    uri                = var.data_uri
+    version            = var.component_version
+
+    tags = merge(
+      var.tags,
+      { Name : var.name }
+    )
+  })
+
+  lifecycle {
+    create_before_destroy = true
+
+    ignore_changes = [
+      name
+    ]
+  }
 }

outputs.tf

@@ -1,5 +1,16 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
 
-output "tags_module" {
-  description = "Tags Module in it's entirety"
-  value       = module.tags
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+  region     = data.aws_region.current.name
+}
+
+output "component_arn" {
+  description = "ARN of the EC2 Image Builder Component"
+  value       = "arn:aws:imagebuilder:${local.region}:${local.account_id}:component/${lower(var.name)}/${var.component_version}/1"
+
+  depends_on = [
+    aws_cloudformation_stack.this
+  ]
 }