Merge pull request #2 from blackbird-cloud/feature/cloudwatch_configu…

…ration_fix fix: if operation
blackbird-cloud · Apr 18, 2023 · 907518c · 907518c
2 parents 34bc313 + 6f80fc3
commit 907518c
Show file tree

Hide file tree

Showing 8 changed files with 138 additions and 15 deletions.
diff --git a/.config/.terraform-docs.yml b/.config/.terraform-docs.yml
@@ -0,0 +1,4 @@
+formatter: "markdown"
+
+header-from: ./.config/header.md
+footer-from: ./.config/footer.md
diff --git a/.config/footer.md b/.config/footer.md
@@ -0,0 +1,9 @@
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
diff --git a/.config/header.md b/.config/header.md
@@ -0,0 +1 @@
+[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)
diff --git a/.config/logo_simple.png b/.config/logo_simple.png
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
@@ -1,31 +1,33 @@
-name: Format
+name: Validate and Format
+# on: push
 on:
   pull_request_target:
     types: [opened, synchronize]
 
 jobs:
   format:
+    if: github.event.pull_request.state == 'open'
     runs-on: ubuntu-latest
-    container: blackbird-cloud/terraform-toolkit:latest
+    container: blackbirdcloud/terraform-toolkit:latest
     steps:
-      - uses: actions/checkout@v2
-        if: github.event.pull_request.state == 'open'
-        name: Privileged Checkout
+      - name: Checkout
+        uses: actions/checkout@v3
         with:
-          token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
 
+      - name: Configure git
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
       - name: Validate and Format
-        if: github.event.pull_request.state == 'open'
-        shell: sh
         env:
-          GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
-        run:
-          - terraform init -backend=false
-          - terraform validate
-          - terraform fmt
+          TFENV_TERRAFORM_VERSION: latest-allowed
+        run: |
+          terraform init -backend=false
+          terraform validate
+          terraform fmt
 
-      - uses: EndBug/add-and-commit@v9
+      - name: Commit and push
+        uses: EndBug/add-and-commit@v9
         with:
           default_author: github_actions
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -0,0 +1,19 @@
+name: Generate terraform docs
+on:
+  - pull_request
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Render terraform docs and push changes back to PR
+      uses: terraform-docs/gh-actions@main
+      with:
+        working-dir: .
+        output-file: README.md
+        output-method: inject
+        git-push: "true"
diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)
+
 ## Requirements
 
 | Name | Version |
@@ -59,3 +61,89 @@
 | <a name="output_resolver_security_group"></a> [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |
 | <a name="output_security_group"></a> [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |
 | <a name="output_vpn"></a> [vpn](#output\_vpn) | The Client VPN endpoint. |
+
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
+
+<!-- BEGIN_TF_DOCS -->
+[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resolver_sg"></a> [resolver\_sg](#module\_resolver\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |
+| <a name="module_sg"></a> [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ec2_client_vpn_authorization_rule.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |
+| [aws_ec2_client_vpn_authorization_rule.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |
+| [aws_ec2_client_vpn_endpoint.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint) | resource |
+| [aws_ec2_client_vpn_network_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_network_association) | resource |
+| [aws_ec2_client_vpn_route.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |
+| [aws_ec2_client_vpn_route.routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |
+| [aws_iam_saml_provider.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
+| [aws_iam_saml_provider.vpn_portal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
+| [aws_route53_resolver_endpoint.vpn_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
+| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_auth_rules"></a> [auth\_rules](#input\_auth\_rules) | List of CIDR blocks, and IDP groups to authorize access for. | <pre>list(object({<br>    cidr        = string<br>    groups      = list(string)<br>    description = string<br>  }))</pre> | n/a | yes |
+| <a name="input_client_cidr_block"></a> [client\_cidr\_block](#input\_client\_cidr\_block) | CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. | `string` | n/a | yes |
+| <a name="input_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | (Optional) CloudWatch log group name for VPN connection logging. | `string` | `""` | no |
+| <a name="input_cloudwatch_log_stream_name"></a> [cloudwatch\_log\_stream\_name](#input\_cloudwatch\_log\_stream\_name) | (Optional) CloudWatch log stream name for VPN connection logging. | `string` | `""` | no |
+| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. | `list(string)` | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the VPN | `string` | n/a | yes |
+| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | List of private subnets | `list(string)` | n/a | yes |
+| <a name="input_server_certificate_arn"></a> [server\_certificate\_arn](#input\_server\_certificate\_arn) | ARN of the ACM certificate the server will use. | `string` | n/a | yes |
+| <a name="input_split_tunnel"></a> [split\_tunnel](#input\_split\_tunnel) | To split the VPN tunnel, or not, defaults to false | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of resource tags for all AWS resources. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID For the VPN SG | `string` | n/a | yes |
+| <a name="input_vpn_portal_saml_metadata"></a> [vpn\_portal\_saml\_metadata](#input\_vpn\_portal\_saml\_metadata) | VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
+| <a name="input_vpn_saml_metadata"></a> [vpn\_saml\_metadata](#input\_vpn\_saml\_metadata) | VPN XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_aws_route53_resolver_endpoint"></a> [aws\_route53\_resolver\_endpoint](#output\_aws\_route53\_resolver\_endpoint) | The Route53 DNS resolver endpoint. |
+| <a name="output_resolver_security_group"></a> [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |
+| <a name="output_security_group"></a> [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |
+| <a name="output_vpn"></a> [vpn](#output\_vpn) | The Client VPN endpoint. |
+
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
+<!-- END_TF_DOCS -->
diff --git a/main.tf b/main.tf
@@ -90,7 +90,7 @@ resource "aws_ec2_client_vpn_endpoint" "vpn" {
   }
 
   connection_log_options {
-    enabled               = var.cloudwatch_log_group_name != "" && var.cloudwatch_log_stream_name != ""
+    enabled               = var.cloudwatch_log_group_name != "" || var.cloudwatch_log_stream_name != ""
     cloudwatch_log_group  = var.cloudwatch_log_group_name
     cloudwatch_log_stream = var.cloudwatch_log_stream_name
   }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)