Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@kfc-manager
kfc-manager committed Apr 3, 2024
0 parents commit f1adb12
Show file tree
Hide file tree
Showing 12 changed files with 408 additions and 0 deletions.
113 changes: 113 additions & 0 deletions .github/.secrets.baseline
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
{
"version": "1.2.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.gibberish.should_exclude_secret",
"limit": 3.7
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {},
"generated_at": "2024-02-17T17:33:52Z"
}
11 changes: 11 additions & 0 deletions .github/hooks/pre-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/sh

# Run terraform fmt on all .tf files in the repository
terraform_files=$(git diff --cached --name-only --diff-filter=ACMRTUXB | grep -E '\.tf$|\.tftest.hcl$')
if [ -n "$terraform_files" ]; then
echo "Formatting Terraform files..."
terraform fmt -write=true $terraform_files
git add $terraform_files
fi

exit 0
29 changes: 29 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Lint

on:
push:
branches: ["**"]

jobs:
lint:
runs-on: ubuntu-latest

steps:
- name: Checkout source code
uses: actions/checkout@v4

- name: Setup TFLint
uses: terraform-linters/setup-tflint@v3
with:
tflint_version: v0.44.1

- name: Show TFLint version
run: tflint --version

- name: Init TFLint
run: tflint --init
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Run TFLint
run: tflint -f compact
24 changes: 24 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Release

on:
workflow_run:
workflows: ["Test"]
types: [completed]
branches: ["main"]

permissions:
contents: write
pull-requests: read

jobs:
release:
runs-on: "ubuntu-latest"
if: ${{ github.event.workflow_run.conclusion == 'success' }}

steps:
- uses: rymndhng/release-on-push-action@master
with:
bump_version_scheme: minor
tag_prefix: v
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
19 changes: 19 additions & 0 deletions .github/workflows/secrets-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Secrets Scan

on:
push:
branches: ["**"]

jobs:
scan:
runs-on: ubuntu-latest

steps:
- name: Checkout source code
uses: actions/checkout@v4

- name: Move .secrets.baseline file
run: mv .github/.secrets.baseline .

- name: Scan for secrets
uses: secret-scanner/action@0.0.2
27 changes: 27 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Test

on:
push:
branches: ["**"]

jobs:
test:
runs-on: ubuntu-latest

steps:
- name: Checkout source code
uses: actions/checkout@v4

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: latest

- name: Init Terraform
run: terraform init

- name: Run Terraform Test
run: terraform test
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
27 changes: 27 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?

# Terraform files
**/.terraform/*
*.tfstate
*.tfstate.*
crash.log
crash.*.log
.terraform.lock.hcl
*.tfvars
*.tfvars.json
override.tf
override.tf.json
*_override.tf
*_override.tf.json
*tfplan*
.terraformrc
terraform.rc
33 changes: 33 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
################################
# SQS Queue #
################################

resource "aws_sqs_queue" "deadletter" {
count = var.max_receive_count > 0 ? 1 : 0
name = "${var.identifier}-deadletter"

tags = var.tags
}

resource "aws_sqs_queue" "main" {
name = var.identifier
message_retention_seconds = var.message_retention_seconds
visibility_timeout_seconds = var.visibility_timeout_seconds

redrive_policy = var.max_receive_count > 0 ? jsonencode({
deadLetterTargetArn = aws_sqs_queue.deadletter[0].arn
maxReceiveCount = var.max_receive_count
}) : null

tags = var.tags
}

resource "aws_sqs_queue_redrive_allow_policy" "main" {
count = var.max_receive_count > 0 ? 1 : 0
queue_url = aws_sqs_queue.deadletter[0].id

redrive_allow_policy = jsonencode({
redrivePermission = "byQueue",
sourceQueueArns = [aws_sqs_queue.main.arn]
})
}
19 changes: 19 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
output "arn" {
description = "The ARN of the SQS queue."
value = try(aws_sqs_queue.main.arn, null)
}

output "url" {
description = "The URL of the SQS queue."
value = try(aws_sqs_queue.main.url, null)
}

output "deadletter_arn" {
description = "The ARN of the deadletter SQS queue of the main queue."
value = try(aws_sqs_queue.deadletter[0].url, null)
}

output "deadletter_url" {
description = "The URL of the deadletter SQS queue of the main queue."
value = try(aws_sqs_queue.deadletter[0].url, null)
}
64 changes: 64 additions & 0 deletions tests/queue.tftest.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
provider "aws" {
region = "eu-central-1"
default_tags {
tags = {
Environment = "Test"
}
}
}

run "invalid_identifier" {
command = plan

variables {
identifier = "ab"
}

expect_failures = [var.identifier]
}

run "valid_identifier" {
command = plan

variables {
identifier = "abc"
}
}

run "with_deadletter" {
command = plan

variables {
identifier = "abc"
max_receive_count = 4
}

assert {
condition = length(aws_sqs_queue.deadletter) == 1
error_message = "Deadletter queue was not created"
}

assert {
condition = length(aws_sqs_queue_redrive_allow_policy.main) == 1
error_message = "Redrive allow policy was not created"
}
}

run "without_deadletter" {
command = plan

variables {
identifier = "abc"
max_receive_count = 0
}

assert {
condition = length(aws_sqs_queue.deadletter) == 0
error_message = "Deadletter queue was created unexpectedly"
}

assert {
condition = length(aws_sqs_queue_redrive_allow_policy.main) == 0
error_message = "Redrive allow policy was created unexpectedly"
}
}
Loading

0 comments on commit f1adb12

Please sign in to comment.