BBL-140 WAF Global module aux files: makefile, readme.md, and bash sc…

…ripts for terraform-docs tf-0.12 support
binbashar · Oct 31, 2019 · fad3797 · fad3797
1 parent daf803d
commit fad3797
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 86 deletions.
diff --git a/modules/waf-global/Makefile b/modules/waf-global/Makefile
@@ -6,7 +6,7 @@ LOCAL_OS_GIT_CONF_DIR := ~/.gitconfig
 LOCAL_OS_AWS_CONF_DIR := ~/.aws
 
 TF_PWD_DIR := $(shell pwd)
-TF_VER := 0.11.14
+TF_VER := 0.12.12
 TF_PWD_CONT_DIR := "/go/src/project/"
 TF_DOCKER_ENTRYPOINT := /usr/local/go/bin/terraform
 TF_DOCKER_IMAGE := binbash/terraform-resources
@@ -46,22 +46,6 @@ docker run --rm \
 -it ${TF_DOCKER_IMAGE}:${TF_VER}
 endef
 
-#
-# GIT-RELEASE
-#
-# pre-req -> https://github.com/pnikosis/semtag
-define GIT_SEMTAG_CMD_PREFIX
-docker run --rm \
--v ${TF_PWD_DIR}:/data:rw \
--v ${LOCAL_OS_SSH_DIR}:/root/.ssh \
--v ${LOCAL_OS_GIT_CONF_DIR}:/etc/gitconfig \
---entrypoint=/opt/semtag/semtag/semtag \
--it binbash/git-release
-endef
-
-GIT_SEMTAG_VER_PATCH := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s patch -o)
-GIT_SEMTAG_VER_MINOR := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s minor -o)
-GIT_SEMTAG_VER_MINOR := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s major -o)
 
 help:
 	@echo 'Available Commands:'
@@ -79,12 +63,14 @@ version: ## Show terraform version
 format: ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.
 	${TF_CMD_PREFIX} fmt ${TF_PWD_CONT_DIR}
 
-doc: ## A utility to generate documentation from Terraform modules in various output formats.
+doc-tf-eleven: ## A utility to generate documentation from Terraform 0.11 modules in various output formats.
 	docker run --rm -v ${TF_PWD_DIR}:/data -t binbash/terraform-docs markdown table /data
 
-lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan.
-	docker run --rm -v ${TF_PWD_DIR}:/data -t wata727/tflint --deep
+doc-tf-twelve: ## A utility to generate documentation from Terraform 0.12 modules in various output formats.
+	bash terraform-docs.sh markdown ${TF_PWD_DIR}
 
+lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.11 --> < 0.9.2.
+	docker run --rm -v ${TF_PWD_DIR}:/data -t wata727/tflint:0.9.2 --deep
 
 #==============================================================#
 # TERRATEST 												   #
@@ -98,55 +84,4 @@ terratest-dep-init: ## dep is a dependency management tool for Go. (https://gith
 
 terratest-go-test: ## lint: TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan.
 	${TERRATEST_GO_CMD_PREFIX} test
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} .
-
-#==============================================================#
-# GIT RELEASE 												   #
-#==============================================================#
-release-patch: ## releasing patch (eg: 0.0.1 -> 0.0.2) based on semantic tagging script for Git
-	# pre-req -> https://github.com/pnikosis/semtag
-	${GIT_SEMTAG_CMD_PREFIX} get
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	${GIT_SEMTAG_CMD_PREFIX} final -s patch
-
-release-minor: ## releasing minor (eg: 0.0.2 -> 0.1.0) based on semantic tagging script for Git
-	# pre-req -> https://github.com/pnikosis/semtag
-	${GIT_SEMTAG_CMD_PREFIX} get
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	${GIT_SEMTAG_CMD_PREFIX} final -s minor
-
-release-major: ## releasing major (eg: 0.1.0 -> 1.0.0) based on semantic tagging script for Git
-	# pre-req -> https://github.com/pnikosis/semtag
-	${GIT_SEMTAG_CMD_PREFIX} get
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	${GIT_SEMTAG_CMD_PREFIX} final -s major
-
-changelog-init: ## git-chglog (https://github.com/git-chglog/git-chglog) config initialization -> ./.chglog
-	@if [ ! -d ./.chglog ]; then\
-		docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release --init;\
-		sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog;\
-	else\
-		  echo "==============================";\
-    	echo "git-chglog already initialized";\
-    	echo "==============================";\
-    	echo "$$(ls ./.chglog)";\
-    	echo "==============================";\
-	fi
-
-changelog-patch: ## git-chglog generation for path release
-	docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release -o CHANGELOG.md --next-tag ${GIT_SEMTAG_VER_PATCH}
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./CHANGELOG.md
-
-changelog-minor: ## git-chglog generation for minor release
-	docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release -o CHANGELOG.md --next-tag ${GIT_SEMTAG_VER_MINOR}
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./CHANGELOG.md
-
-changelog-major: ## git-chglog generation for major release
-	docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release -o CHANGELOG.md --next-tag ${GIT_SEMTAG_VER_MAJOR}
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
-	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./CHANGELOG.md
+	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} .
diff --git a/modules/waf-global/README.md b/modules/waf-global/README.md
@@ -43,26 +43,29 @@ References
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin\_remote\_ipset | List of IPs allowed to access admin pages | list | n/a | yes |
-| blacklisted\_ips | List of IPs to blacklist | list | n/a | yes |
-| cloudfront\_arn | List of CloudFront Distributions ARNs | list | n/a | yes |
-| rule\_admin\_access\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_auth\_tokens\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_blacklisted\_ips\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_csrf\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_lfi\_rfi\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_php\_insecurities\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_size\_restriction\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_sqli\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_ssi\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
-| rule\_xss\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"BLOCK"` | no |
+| admin\_remote\_ipset | List of IPs allowed to access admin pages, ['1.1.1.1/32', '2.2.2.2/32', '3.3.3.3/32'] | list(string) | `<list>` | no |
+| blacklisted\_ips | List of IPs to blacklist, eg ['1.1.1.1/32', '2.2.2.2/32', '3.3.3.3/32'] | list(string) | `<list>` | no |
+| cloudfront\_arn | List of CloudFront Distributions ARNs | list(string) | `<list>` | no |
+| rule\_admin\_access\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_auth\_tokens\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_blacklisted\_ips\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_csrf\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_lfi\_rfi\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_php\_insecurities\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_size\_restriction\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_sqli\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_ssi\_action\_type | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| rule\_xss\_action | Rule action type. Either BLOCK, ALLOW, or COUNT (useful for testing) | string | `"COUNT"` | no |
+| tags | A mapping of tags to assign to all resources | map | `<map>` | no |
 | waf\_prefix | Prefix to use when naming resources | string | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| web\_acl\_id |  |
+| web\_acl\_id | AWS WAF web acl id. |
+| web\_acl\_metric\_name | The name or description for the Amazon CloudWatch metric of this web ACL. |
+| web\_acl\_name | The name or description of the web ACL. |
 
 ## Examples
 ### waf-global

diff --git a/modules/waf-global/terraform-docs.awk b/modules/waf-global/terraform-docs.awk
@@ -0,0 +1,90 @@
+# This script converts Terraform 0.12 variables/outputs to something suitable for `terraform-docs`
+# As of terraform-docs v0.6.0, HCL2 is not supported. This script is a *dirty hack* to get around it.
+# https://github.com/segmentio/terraform-docs/
+# https://github.com/segmentio/terraform-docs/issues/62
+
+{
+  if ( $0 ~ /\{/ ) {
+    braceCnt++
+  }
+
+  if ( $0 ~ /\}/ ) {
+    braceCnt--
+  }
+
+  # [START] variable or output block started
+  if ($0 ~ /^[[:space:]]*(variable|output)[[:space:]][[:space:]]*"(.*?)"/) {
+    # Normalize the braceCnt (should be 1 now)
+    braceCnt = 1
+    # [CLOSE] "default" block
+    if (blockDefCnt > 0) {
+      blockDefCnt = 0
+    }
+    blockCnt++
+    print $0
+  }
+
+  # [START] multiline default statement started
+  if (blockCnt > 0) {
+    if ($0 ~ /^[[:space:]][[:space:]]*(default)[[:space:]][[:space:]]*=/) {
+      if ($3 ~ "null") {
+        print "  default = \"null\""
+      } else {
+        print $0
+        blockDefCnt++
+        blockDefStart=1
+      }
+    }
+  }
+
+  # [PRINT] single line "description"
+  if (blockCnt > 0) {
+    if (blockDefCnt == 0) {
+      if ($0 ~ /^[[:space:]][[:space:]]*description[[:space:]][[:space:]]*=/) {
+        # [CLOSE] "default" block
+        if (blockDefCnt > 0) {
+          blockDefCnt = 0
+        }
+        print $0
+      }
+    }
+  }
+
+  # [PRINT] single line "type"
+  if (blockCnt > 0) {
+    if ($0 ~ /^[[:space:]][[:space:]]*type[[:space:]][[:space:]]*=/ ) {
+      # [CLOSE] "default" block
+      if (blockDefCnt > 0) {
+        blockDefCnt = 0
+      }
+      type=$3
+      if (type ~ "object") {
+        print "  type = \"object\""
+      } else {
+          # legacy quoted types: "string", "list", and "map"
+          if ($3 ~ /^[[:space:]]*"(.*?)"[[:space:]]*$/) {
+            print "  type = " $3
+          } else {
+            print "  type = \"" $3 "\""
+          }
+      }
+    }
+  }
+
+  # [CLOSE] variable/output block
+  if (blockCnt > 0) {
+    if (braceCnt == 0 && blockCnt > 0) {
+      blockCnt--
+      print $0
+    }
+  }
+
+  # [PRINT] Multiline "default" statement
+  if (blockCnt > 0 && blockDefCnt > 0) {
+    if (blockDefStart == 1) {
+      blockDefStart = 0
+    } else {
+      print $0
+    }
+  }
+}
diff --git a/modules/waf-global/terraform-docs.sh b/modules/waf-global/terraform-docs.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+PWD=$(pwd)
+
+which awk 2>&1 >/dev/null || ( echo "awk not available"; exit 1)
+which terraform 2>&1 >/dev/null || ( echo "terraform not available"; exit 1)
+which terraform-docs 2>&1 >/dev/null || ( echo "terraform-docs not available"; exit 1)
+
+if [[ "`terraform version | head -1`" =~ 0\.12 ]]; then
+    TMP_FILE="$(mktemp /tmp/terraform-docs-XXXXXXXXXX)"
+    awk -f ${PWD}/terraform-docs.awk $2/*.tf > ${TMP_FILE}
+    terraform-docs $1 ${TMP_FILE}
+    rm -f ${TMP_FILE}
+else
+    terraform-docs $1 $2
+fi