Adding TF module files

Dominic Dumrauf (MacBook Pro 2017) · Dominic Dumrauf (MacBook Pro 2017) · commit b86ea9bafefc · 2018-12-27T23:20:13.000Z
diff --git a/main.tf b/main.tf
@@ -0,0 +1,59 @@
+locals {
+  full_bucket_name = "${var.repository_name}-${var.bucket_name}"
+}
+
+resource "aws_s3_bucket" "helm-chart-repository" {
+  bucket = "${local.full_bucket_name}"
+
+  # Allows read access to objects not uploaded by the bucket owner; see <https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html> for details
+  acl = "public-read"
+
+  force_destroy = "${var.is_forcing_destroy}"
+
+  logging {
+    target_bucket = "${var.log_bucket_id}"
+    target_prefix = "${var.repository_name}/${local.full_bucket_name}/"
+  }
+
+  versioning {
+    enabled = "${var.is_versioning_enabled}"
+  }
+
+  website {
+    index_document = "index.html"
+  }
+
+  tags {
+    Terraform             = true
+    Helm-Chart-Repository = true
+  }
+}
+
+data "aws_iam_policy_document" "helm-chart-repository-policy-document" {
+  # Minimum permission required for website access; see <https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html> for details
+  statement {
+    sid    = "PublicReadGetObject"
+    effect = "Allow"
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.helm-chart-repository.arn}/*"]
+  }
+}
+
+resource "aws_s3_bucket_policy" "helm-chart-repository-bucket-policy" {
+  bucket = "${aws_s3_bucket.helm-chart-repository.id}"
+  policy = "${data.aws_iam_policy_document.helm-chart-repository-policy-document.json}"
+}
+
+resource "aws_s3_bucket_object" "helm-chart-repository-index-html" {
+  bucket       = "${local.full_bucket_name}"
+  key          = "index.html"
+  content      = "${data.template_file.helm-chart-repository-index-html.rendered}"
+  etag         = "${md5("${data.template_file.helm-chart-repository-index-html.rendered}")}"
+  content_type = "text/html"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,45 @@
+locals {
+  index_md_file_name   = "${local.full_bucket_name}.index.md"
+  index_md_path        = "${path.module}/${local.index_md_file_name}"
+  index_html_file_name = "${local.full_bucket_name}.index.html"
+  index_html_path      = "${path.module}/${local.index_html_file_name}"
+}
+
+data "template_file" "helm-chart-repository-index-md" {
+  template = "${file("${path.module}/templates/index.md.tpl")}"
+
+  vars {
+    helm_repo_bucket_domain_name = "${aws_s3_bucket.helm-chart-repository.bucket_domain_name}"
+    helm_repo_website_endpoint   = "${aws_s3_bucket.helm-chart-repository.website_endpoint}"
+    full_bucket_name             = "${local.full_bucket_name}"
+    repository_name              = "${var.repository_name}"
+    index_html_file_name         = "${local.index_html_file_name}"
+  }
+}
+
+data "template_file" "helm-chart-repository-index-html" {
+  template = "${file("${path.module}/templates/index.html.tpl")}"
+
+  vars {
+    rendered_markdown = "${data.template_file.helm-chart-repository-index-md.rendered}"
+    repository_name   = "${var.repository_name}"
+  }
+}
+
+resource "local_file" "helm-chart-repository-index-md" {
+  content  = "${data.template_file.helm-chart-repository-index-md.rendered}"
+  filename = "${local.index_md_path}"
+}
+
+resource "local_file" "helm-chart-repository-index-html" {
+  content  = "${data.template_file.helm-chart-repository-index-html.rendered}"
+  filename = "${local.index_html_path}"
+}
+
+output "helm_chart_repository_bucket_domain_name" {
+  value = "${aws_s3_bucket.helm-chart-repository.bucket_domain_name}"
+}
+
+output "helm_chart_repository_website_endpoint" {
+  value = "${aws_s3_bucket.helm-chart-repository.website_endpoint}"
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,5 @@
+provider "aws" {
+  region                  = "${var.region}"
+  shared_credentials_file = "${var.shared_credentials_file}"
+  profile                 = "${var.profile}"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,36 @@
+variable "region" {
+  description = "The AWS region to use"
+}
+
+variable "shared_credentials_file" {
+  description = "The location of the AWS shared credentials file (e.g. ~dominic/.aws/credentials)"
+}
+
+variable "profile" {
+  description = "The AWS profile to use"
+}
+
+variable "bucket_name" {
+  description = "The name of the S3 bucket to create that will eventually host the Helm chart repository"
+}
+
+variable "repository_name" {
+  description = "The name of the Helm chart repository"
+}
+
+variable "log_bucket_id" {
+  description = "The ID of the S3 bucket to use for storing S3 access logs"
+}
+
+variable "is_versioning_enabled" {
+  description = "Enable versioning?"
+  default     = true
+}
+
+variable "is_forcing_destroy" {
+  description = "Force the bucket to be emptied before deletion when running 'terraform destroy'?"
+
+  # Warning: USE AT YOUR OWN RISK!
+  # Set to 'true' if you want the bucket to be emptied before deletion when running 'terraform destroy'
+  default = false
+}
