Support multiple lambda integration (Gitlab) (#11)

* Support multiple lambda integration (Gitlab)

* renames

* update source code & add flexibility

* CR fixes

* fix syntax

* changed to correct arn output

* fix lambda execution resoucse arn

Author: ChengaDev

locals.tf

@@ -0,0 +1,6 @@
+locals {
+  resource_name_pattern       = "spectral-${var.integration_type}-integration-${var.environment}"
+  single_lambda_integration   = contains(["jira", "terraform"], var.integration_type) ? true : false
+  multiple_lambda_integration = contains(["gitlab"], var.integration_type) ? true : false
+  api_triggered_function_arn  = local.single_lambda_integration ? module.lambda_function[0].lambda_function_arn : module.frontend_lambda_function[0].lambda_function_arn
+}

modules/lambda/lambda.tf

@@ -1,15 +1,14 @@
 locals {
   runtime                     = "nodejs14.x"
-  lambda_handler              = "handler.app"
-  lambda_source_code_zip_path = "${path.module}/source_code/${var.integration_type}/app.zip"
+  lambda_source_code_zip_path = "${path.module}/source_code/${var.integration_type}/${var.lambda_source_code_filename}"
 }
 
 resource "aws_lambda_function" "spectral_scanner_lambda" {
   runtime       = local.runtime
-  role          = aws_iam_role.lambda_execution_role.arn
-  function_name = var.resource_name_pattern
   filename      = local.lambda_source_code_zip_path
-  handler       = local.lambda_handler
+  handler       = var.lambda_handler
+  function_name = var.resource_name_pattern
+  role          = var.role_arn
   timeout       = var.timeout
   memory_size   = var.memory_size
   publish       = var.publish
@@ -26,65 +25,11 @@ resource "aws_lambda_function" "spectral_scanner_lambda" {
 
 resource "aws_cloudwatch_log_group" "lambda_log_group" {
   count             = var.should_write_logs ? 1 : 0
-  name              = var.resource_name_pattern
+  name              = "/aws/lambda/${var.resource_name_pattern}"
   retention_in_days = var.logs_retention_in_days
 
   tags = merge(
     var.global_tags,
     lookup(var.tags, "lambda", {}),
   )
-}
-
-data "aws_iam_policy_document" "assume_role_policy" {
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["lambda.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "lambda_execution_role" {
-  name               = var.resource_name_pattern
-  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
-
-  tags = merge(
-    var.global_tags,
-    lookup(var.tags, "iam", {}),
-  )
-}
-
-data "aws_iam_policy_document" "secrets_policy_document" {
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    actions   = ["secretsmanager:GetSecretValue"]
-    resources = var.secrets_arns
-  }
-}
-
-resource "aws_iam_policy" "secrets_iam_policy" {
-  count  = var.store_secret_in_secrets_manager ? 1 : 0
-  policy = data.aws_iam_policy_document.secrets_policy_document.json
-
-  tags = merge(
-    var.global_tags,
-    lookup(var.tags, "iam", {}),
-  )
-}
-
-resource "aws_iam_role_policy_attachment" "lambda_execution_role" {
-  role       = aws_iam_role.lambda_execution_role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-}
-
-resource "aws_iam_role_policy_attachment" "lambda_secrets_role_attachment" {
-  count      = var.store_secret_in_secrets_manager ? 1 : 0
-  role       = aws_iam_role.lambda_execution_role.name
-  policy_arn = aws_iam_policy.secrets_iam_policy[count.index].arn
 }

modules/lambda/outputs.tf

@@ -1,15 +1,11 @@
+output "lambda_arn" {
+  value = aws_lambda_function.spectral_scanner_lambda.arn
+}
+
 output "lambda_function_arn" {
   value = aws_lambda_function.spectral_scanner_lambda.invoke_arn
 }
 
 output "lambda_function_name" {
   value = aws_lambda_function.spectral_scanner_lambda.function_name
-}
-
-output "lambda_iam_role_arn" {
-  value = aws_iam_role.lambda_execution_role.arn
-}
-
-output "lambda_iam_role_name" {
-  value = aws_iam_role.lambda_execution_role.name
 }

modules/lambda/source_code/gitlab/app.zip

@@ -74,4 +74,20 @@ variable "secrets_arns" {
 variable "store_secret_in_secrets_manager" {
   description = "Whether to store your secrets in secrets manager, default is false"
   type        = bool
+}
+
+variable "lambda_source_code_filename" {
+  type        = string
+  description = "The lambda source code filename"
+}
+
+variable "role_arn" {
+  type        = string
+  description = "The lambda source code filename"
+}
+
+variable "lambda_handler" {
+  type        = string
+  description = "The handler of the handler"
+  default     = "handler.app"
 }

modules/lambda/source_code/gitlab/backend.zip

@@ -0,0 +1,7 @@
+output "lambda_role_name" {
+  value = aws_iam_role.lambda_execution_role.name
+}
+
+output "lambda_role_arn" {
+  value = aws_iam_role.lambda_execution_role.arn
+}

modules/lambda/source_code/gitlab/frontend.zip

@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "assume_role_policy" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "lambda_execution_role" {
+  name               = var.resource_name_pattern
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
+
+  tags = merge(
+    var.global_tags,
+    lookup(var.tags, "iam", {}),
+  )
+}
+
+data "aws_iam_policy_document" "secrets_policy_document" {
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    actions   = ["secretsmanager:GetSecretValue"]
+    resources = var.secrets_arns
+  }
+}
+
+resource "aws_iam_policy" "secrets_iam_policy" {
+  count  = var.store_secret_in_secrets_manager ? 1 : 0
+  policy = data.aws_iam_policy_document.secrets_policy_document.json
+
+  tags = merge(
+    var.global_tags,
+    lookup(var.tags, "iam", {}),
+  )
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_execution_role" {
+  role       = aws_iam_role.lambda_execution_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_secrets_policy_attachment" {
+  count      = var.store_secret_in_secrets_manager ? 1 : 0
+  role       = aws_iam_role.lambda_execution_role.name
+  policy_arn = aws_iam_policy.secrets_iam_policy[count.index].arn
+}

modules/lambda/variables.tf

@@ -0,0 +1,38 @@
+variable "store_secret_in_secrets_manager" {
+  description = "Whether to store your secrets in secrets manager, default is false"
+  type        = bool
+}
+
+variable "secrets_arns" {
+  description = "List of secrets associated with the lambda"
+  type        = list(string)
+  default     = []
+}
+
+variable "global_tags" {
+  type        = map(string)
+  description = "A list of tags to apply on all newly created resources."
+  default = {
+    BusinessUnit = "Spectral"
+  }
+}
+
+variable "tags" {
+  type        = map(map(string))
+  description = "A collection of tags grouped by key representing it's target resource."
+  default = {
+    iam         = {}
+    lambda      = {}
+    api_gateway = {}
+  }
+}
+
+variable "resource_name_pattern" {
+  type        = string
+  description = "A common resource name created by pattern."
+}
+
+variable "multiple_lambda_integration" {
+  type        = bool
+  description = "Is current integration structure contains two lambdas"
+}