Revert "Use terraform-core-helpers child module (#134)"

This reverts commit e248ad8.
osinfra-io · Nov 1, 2024 · f2547a1 · f2547a1
1 parent 4994625
commit f2547a1
Show file tree

Hide file tree

Showing 14 changed files with 53 additions and 139 deletions.
diff --git a/.gitignore b/.gitignore
@@ -27,9 +27,6 @@ override.tf.json
 # Ignore plan output files
 plan.out
 
-# Ignore checkov directories and files
-.external_modules
-
 # Ignore Infracost directories and files
 .infracost
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -29,12 +29,9 @@ repos:
       - id: terraform_docs
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.269
+    rev: 3.2.256
     hooks:
       - id: checkov
         verbose: true
         args:
-          - --download-external-modules=true
-          - --skip-check
-          - "CKV_TF_1"
           - --quiet
diff --git a/README.md b/README.md
@@ -84,15 +84,9 @@ terraform test
 
 | Name | Version |
 |------|---------|
-| google | 6.8.0 |
+| google | 6.9.0 |
 | random | 3.6.3 |
 
-### Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| helpers | github.com/osinfra-io/terraform-core-helpers | v0.1.0 |
-
 ### Resources
 
 | Name | Type |
@@ -124,16 +118,12 @@ terraform test
 | cis\_2\_2\_logging\_sink\_project\_id | The CIS 2.2 logging sink project ID | `string` | `""` | no |
 | deletion\_policy | The deletion policy for the project | `string` | `"PREVENT"` | no |
 | description | A short description representing the system, or service you're building in the project for example: `tools` (for a tooling project), `logging` (for a logging project), `services` (for a services project) | `string` | n/a | yes |
-| folder\_id | The numeric ID of the folder this project should be created under | `string` | n/a | yes |
-| helpers\_cost\_center | The cost center the resources will be billed to, must start with 'x' followed by three or four digits | `string` | n/a | yes |
-| helpers\_data\_classification | The data classification of the resources can be public, internal, or confidential | `string` | n/a | yes |
-| helpers\_email | The email address of the team responsible for the resources | `string` | n/a | yes |
-| helpers\_repository | The repository name (should be in the format 'owner/repo' containing only lowercase alphanumeric characters or hyphens) | `string` | n/a | yes |
-| helpers\_team | The team name (should contain only lowercase alphanumeric characters and hyphens) | `string` | n/a | yes |
+| environment | The environment suffix for example: `sb` (Sandbox), `nonprod` (Non-Production), `prod` (Production) | `string` | `"sb"` | no |
+| folder\_id | The numeric ID of the folder this project should be created under. Only one of `org_id` or `folder_id` may be specified | `string` | n/a | yes |
 | key\_ring\_location | The location of the key ring to create | `string` | `"us"` | no |
 | labels | A map of key/value pairs to assign to the resources being created | `map(string)` | `{}` | no |
 | monthly\_budget\_amount | The monthly budget amount in USD to set for the project | `number` | `5` | no |
-| prefix | The team prefix. Examples: - ct (Customer Trust) - plt (Platform) - sec (Security) | `string` | n/a | yes |
+| prefix | The team prefix for example: `ops` (Operations), `sec` (Security) | `string` | `"test"` | no |
 | random\_project\_id | If true, a random hex value with a prefix of tf will be added to the `project_id` | `bool` | `true` | no |
 | security\_notification\_email | The email address to send security notifications to | `string` | `"security@osinfra.io"` | no |
 | services | A list of services to enable in the project | `list(string)` | `[]` | no |
@@ -144,7 +134,7 @@ terraform test
 |------|-------------|
 | cis\_2\_2\_logging\_sink\_project\_id | The CIS 2.2 logging sink benchmark project ID |
 | cis\_2\_2\_logging\_sink\_service\_account | The CIS 2.2 logging sink benchmark service account |
-| cis\_logging\_metrics\_alert\_policy\_names | The CIS logging metrics alert policy names |
+| cis\_logging\_metrics\_alert\_policy\_names | The CIS logging metrics alert policy names, we need these to test the resources with inspec |
 | id | The project ID |
 | number | The project number |
 | unique\_writer\_identity | The unique identity associated with this sink |

diff --git a/locals.tf b/locals.tf
@@ -2,7 +2,7 @@
 # https://www.terraform.io/language/values/locals
 
 locals {
-  base_project_id = "${var.prefix}-${var.description}-${module.helpers.env}"
+  base_project_id = "${var.prefix}-${var.description}-${var.environment}"
 
   # This map is used to create the GCP-CIS v1.3.0 logging metrics and alarms (2.4 - 2.11). It is recommended that metric filters and alarms be established for
   # the following resources.
@@ -75,7 +75,6 @@ locals {
 
   cis_2_2_logging_sink_project_id     = var.cis_2_2_logging_sink_project_id == "" ? google_project.this.project_id : var.cis_2_2_logging_sink_project_id
   cis_2_2_logging_sink_storage_bucket = var.cis_2_2_logging_sink_project_id == "" ? "logging.googleapis.com/${google_logging_project_bucket_config.cis_2_2_logging_sink[0].name}" : "logging.googleapis.com/projects/${var.cis_2_2_logging_sink_project_id}/locations/${var.key_ring_location}/buckets/cis-2-2-logging-sink"
-  labels                              = merge(module.helpers.labels, var.labels)
 
   monitoring_notification_channels = {
     "budget" = {
@@ -90,7 +89,6 @@ locals {
       email_address = var.security_notification_email
     }
   }
-
   # Format Function
   # https://www.terraform.io/language/functions/format
 
@@ -99,7 +97,7 @@ locals {
     var.prefix,
     var.description,
     random_id.this[0].hex,
-    module.helpers.env,
+    var.environment,
   ) : local.base_project_id
 
   # Concat Function

diff --git a/main.tf b/main.tf
@@ -1,16 +1,3 @@
-# Terraform Core Helpers Module (osinfra.io)
-# https://github.com/osinfra-io/terraform-core-helpers
-
-module "helpers" {
-  source = "github.com/osinfra-io/terraform-core-helpers?ref=v0.1.0"
-
-  cost_center         = var.helpers_cost_center
-  data_classification = var.helpers_data_classification
-  email               = var.helpers_email
-  repository          = var.helpers_repository
-  team                = var.helpers_team
-}
-
 # Logging Project CMEK Settings Data Source
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/logging_project_cmek_settings
 
@@ -92,7 +79,7 @@ resource "google_kms_crypto_key" "cis_2_2_logging_sink" {
   count = var.cis_2_2_logging_sink_project_id != "" ? 0 : 1
 
   key_ring        = google_kms_key_ring.this.id
-  labels          = local.labels
+  labels          = var.labels
   name            = "cis-2-2-logging-sink"
   rotation_period = "7776000s"
 
@@ -226,7 +213,7 @@ resource "google_monitoring_alert_policy" "cis_logging_metrics" {
     {
       status = each.value.status
     },
-    local.labels
+    var.labels
   )
 }
 
@@ -246,7 +233,7 @@ resource "google_monitoring_notification_channel" "this" {
 
   project     = google_project.this.project_id
   type        = "email"
-  user_labels = local.labels
+  user_labels = var.labels
 }
 
 # Project Resource
@@ -261,7 +248,7 @@ resource "google_project" "this" {
   billing_account     = var.billing_account
   deletion_policy     = var.deletion_policy
   folder_id           = "folders/${var.folder_id}"
-  labels              = local.labels
+  labels              = var.labels
   name                = local.project_id
   project_id          = local.project_id
 }

diff --git a/outputs.tf b/outputs.tf
@@ -2,7 +2,7 @@
 # https://www.terraform.io/language/values/outputs
 
 output "cis_logging_metrics_alert_policy_names" {
-  description = "The CIS logging metrics alert policy names"
+  description = "The CIS logging metrics alert policy names, we need these to test the resources with inspec"
   value = [
     for k, v in local.cis_logging_metrics :
     {

diff --git a/tests/default.tftest.hcl b/tests/default.tftest.hcl
@@ -27,9 +27,5 @@ run "logging" {
 }
 
 variables {
-  helpers_cost_center         = "mock-cost-center"
-  helpers_data_classification = "mock-data-classification"
-  helpers_email               = "mock-team@osinfra.io"
-  helpers_repository          = "mock-owner/mock-repository"
-  helpers_team                = "mock-team"
+  environment = "mock"
 }
diff --git a/tests/fixtures/default/locals.tf b/tests/fixtures/default/locals.tf
@@ -0,0 +1,12 @@
+# Local Values
+# https://www.terraform.io/docs/language/values/locals.html
+
+locals {
+  labels = {
+    cost-center = "mock-x001"
+    env         = var.environment
+    repository  = "mock-repository"
+    platform    = "mock-platform"
+    team        = "mock-team"
+  }
+}
diff --git a/tests/fixtures/default/main.tf b/tests/fixtures/default/main.tf
@@ -11,18 +11,10 @@ module "test" {
 
   cis_2_2_logging_sink_project_id = var.cis_2_2_logging_sink_project_id
   description                     = "mock"
+  environment                     = var.environment
   folder_id                       = "0000000000000"
-  helpers_cost_center             = var.helpers_cost_center
-  helpers_data_classification     = var.helpers_data_classification
-  helpers_email                   = var.helpers_email
-  helpers_repository              = var.helpers_repository
-  helpers_team                    = var.helpers_team
-
-  labels = {
-    mock-key = "mock-value"
-  }
-
-  prefix = "mock"
+  labels                          = local.labels
+  prefix                          = "mock"
 
   services = [
     "mock.googleapis.com"

diff --git a/tests/fixtures/default/variables.tf b/tests/fixtures/default/variables.tf
@@ -5,22 +5,6 @@ variable "cis_2_2_logging_sink_project_id" {
   type = string
 }
 
-variable "helpers_cost_center" {
-  type = string
-}
-
-variable "helpers_data_classification" {
-  type = string
-}
-
-variable "helpers_email" {
-  type = string
-}
-
-variable "helpers_repository" {
-  type = string
-}
-
-variable "helpers_team" {
+variable "environment" {
   type = string
 }
diff --git a/tests/fixtures/logging/locals.tf b/tests/fixtures/logging/locals.tf
@@ -0,0 +1,12 @@
+# Local Values
+# https://www.terraform.io/docs/language/values/locals.html
+
+locals {
+  labels = {
+    cost-center = "mock-x001"
+    env         = var.environment
+    repository  = "mock-repository"
+    platform    = "mock-platform"
+    team        = "mock-team"
+  }
+}
diff --git a/tests/fixtures/logging/main.tf b/tests/fixtures/logging/main.tf
@@ -11,16 +11,8 @@ module "test" {
 
   cis_2_2_logging_bucket_locked = false
   description                   = "mock"
+  environment                   = var.environment
   folder_id                     = "0000000000000"
-  helpers_cost_center           = var.helpers_cost_center
-  helpers_data_classification   = var.helpers_data_classification
-  helpers_email                 = var.helpers_email
-  helpers_repository            = var.helpers_repository
-  helpers_team                  = var.helpers_team
-
-  labels = {
-    mock-key = "mock-value"
-  }
-
-  prefix = "mock"
+  labels                        = local.labels
+  prefix                        = "mock"
 }
diff --git a/tests/fixtures/logging/variables.tf b/tests/fixtures/logging/variables.tf
@@ -1,22 +1,6 @@
 # Terraform Input Variables
 # https://www.terraform.io/language/values/variables
 
-variable "helpers_cost_center" {
-  type = string
-}
-
-variable "helpers_data_classification" {
-  type = string
-}
-
-variable "helpers_email" {
-  type = string
-}
-
-variable "helpers_repository" {
-  type = string
-}
-
-variable "helpers_team" {
+variable "environment" {
   type = string
 }
diff --git a/variables.tf b/variables.tf
@@ -36,37 +36,14 @@ variable "description" {
   type        = string
 }
 
-variable "folder_id" {
-  description = "The numeric ID of the folder this project should be created under"
-  type        = string
-  validation {
-    condition     = can(regex("^[0-9]+$", var.folder_id))
-    error_message = "The folder_id value must be numeric."
-  }
-}
-
-variable "helpers_cost_center" {
-  description = "The cost center the resources will be billed to, must start with 'x' followed by three or four digits"
-  type        = string
-}
-
-variable "helpers_data_classification" {
-  description = "The data classification of the resources can be public, internal, or confidential"
+variable "environment" {
+  description = "The environment suffix for example: `sb` (Sandbox), `nonprod` (Non-Production), `prod` (Production)"
   type        = string
+  default     = "sb"
 }
 
-variable "helpers_email" {
-  description = "The email address of the team responsible for the resources"
-  type        = string
-}
-
-variable "helpers_repository" {
-  description = "The repository name (should be in the format 'owner/repo' containing only lowercase alphanumeric characters or hyphens)"
-  type        = string
-}
-
-variable "helpers_team" {
-  description = "The team name (should contain only lowercase alphanumeric characters and hyphens)"
+variable "folder_id" {
+  description = "The numeric ID of the folder this project should be created under. Only one of `org_id` or `folder_id` may be specified"
   type        = string
 }
 
@@ -89,13 +66,9 @@ variable "monthly_budget_amount" {
 }
 
 variable "prefix" {
-  description = <<-EOT
-    The team prefix. Examples:
-    - ct (Customer Trust)
-    - plt (Platform)
-    - sec (Security)
-    EOT
+  description = "The team prefix for example: `ops` (Operations), `sec` (Security)"
   type        = string
+  default     = "test"
 }
 
 variable "random_project_id" {