From 5ea3df778ffa75daaaa1346d1279b756d2ce7f09 Mon Sep 17 00:00:00 2001 From: Zinovii Dmytriv Date: Sun, 12 Mar 2023 15:57:50 +0200 Subject: [PATCH] Ability to specify source directory for Lambda@Edge submodule (#260) * Source directory for Lambda@Edge submodule --- .github/ISSUE_TEMPLATE/bug_report.yml | 72 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 71 +++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 22 ++++--- .github/workflows/auto-context.yml | 4 +- .github/workflows/auto-format.yml | 10 +-- .github/workflows/auto-readme.yml | 4 +- .github/workflows/auto-release.yml | 4 +- .github/workflows/chatops.yml | 4 +- .github/workflows/validate-codeowners.yml | 2 +- README.md | 2 +- docs/terraform.md | 2 +- examples/complete/lambda-at-edge.tf | 8 +++ examples/complete/lib/index.js | 11 ++++ examples/complete/versions.tf | 2 +- main.tf | 6 +- modules/lambda@edge/outputs.tf | 13 +++- modules/lambda@edge/package.tf | 3 +- modules/lambda@edge/variables.tf | 17 ++++- modules/lambda@edge/versions.tf | 2 +- versions.tf | 2 +- 20 files changed, 228 insertions(+), 33 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 examples/complete/lib/index.js diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..94d32460 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,72 @@ +--- +name: Bug report +description: Create a report to help us improve +labels: ["bug"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Found a bug? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Bug + description: A clear and concise description of what the bug is. + placeholder: What is the bug about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: reproduction-steps + attributes: + label: Steps to Reproduce + description: Steps to reproduce the behavior. + placeholder: How do we reproduce it? + validations: + required: true + + - type: textarea + id: screenshots + attributes: + label: Screenshots + description: If applicable, add screenshots or logs to help explain. + validations: + required: false + + - type: textarea + id: environment + attributes: + label: Environment + description: Anything that will help us triage the bug. + placeholder: | + - OS: [e.g. Linux, OSX, WSL, etc] + - Version [e.g. 10.15] + - Module version + - Terraform version + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 00000000..7b866727 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,71 @@ +--- +name: Feature Request +description: Suggest an idea for this project +labels: ["feature request"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Have a question? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Feature + description: A clear and concise description of what the feature is. + placeholder: What is the feature about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: use-case + attributes: + label: Use Case + description: | + Is your feature request related to a problem/challenge you are trying + to solve? + + Please provide some additional context of why this feature or + capability will be valuable. + validations: + required: true + + - type: textarea + id: ideal-solution + attributes: + label: Describe Ideal Solution + description: A clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives-considered + attributes: + label: Alternatives Considered + description: Explain alternative solutions or features considered. + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 4b8f32df..8944933e 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,13 +1,21 @@ ## what -* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) -* Use bullet points to be concise and to the point. + + ## why -* Provide the justifications for the changes (e.g. business case). -* Describe why these changes were made (e.g. why do these commits fix the problem?) -* Use bullet points to be concise and to the point. + + ## references -* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). -* Use `closes #123`, if this PR closes a GitHub issue `#123` + diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 665833af..831e7faa 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,7 +27,7 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request::true" + echo "create_pull_request=true" >> "$GITHUB_OUTPUT" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." @@ -37,7 +37,7 @@ jobs: if: steps.update.outputs.create_pull_request == 'true' uses: cloudposse/actions/github/create-pull-request@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' commit-message: Update context.tf from origin source diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index c600d602..b8c20641 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -19,7 +19,7 @@ jobs: if: github.event.pull_request.state == 'open' name: Privileged Checkout with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: ${{ github.event.pull_request.head.repo.full_name }} # Check out the PR commit, not the merge commit # Use `ref` instead of `sha` to enable pushing back to `ref` @@ -30,7 +30,7 @@ jobs: if: github.event.pull_request.state == 'open' shell: bash env: - GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}" run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host # Commit changes (if any) to the PR branch @@ -54,10 +54,10 @@ jobs: [[ $SENDER == "cloudpossebot" ]] || git push # Set status to fail, because the push should trigger another status check, # and we use success to indicate the checks are finished. - printf "::set-output name=%s::%s\n" "changed" "true" + echo "changed=true" >> "$GITHUB_OUTPUT" exit 1 else - printf "::set-output name=%s::%s\n" "changed" "false" + echo "changed=false" >> "$GITHUB_OUTPUT" echo "No changes detected" fi @@ -75,7 +75,7 @@ jobs: contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: cloudposse/actions event-type: test-command client-payload: |- diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml index 6f25b8dd..b2db520b 100644 --- a/.github/workflows/auto-readme.yml +++ b/.github/workflows/auto-readme.yml @@ -29,7 +29,7 @@ jobs: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) - printf "::set-output name=defaultBranch::%s\n" "${default_branch}" + echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT" printf "defaultBranchRef.name=%s\n" "${default_branch}" - name: Update readme @@ -52,7 +52,7 @@ jobs: # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. uses: cloudposse/actions/github/create-pull-request@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} commit-message: Update README.md and docs title: Update README.md and docs body: |- diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3a38fae0..17d6cabb 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -15,7 +15,7 @@ jobs: - uses: actions-ecosystem/action-get-merged-pull-request@v1 id: get-merged-pull-request with: - github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} # Drafts your next Release notes as Pull Requests are merged into "main" - uses: release-drafter/release-drafter@v5 with: @@ -23,4 +23,4 @@ jobs: prerelease: false config-name: auto-release.yml env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index 23f96d82..0f645747 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -11,7 +11,7 @@ jobs: - name: "Handle common commands" uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: rebuild-readme, terraform-fmt @@ -26,7 +26,7 @@ jobs: - name: "Run tests" uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: test diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 4b4a2264..b3f7c327 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -21,7 +21,7 @@ jobs: checks: "syntax,owners,duppatterns" owner_checker_allow_unowned_patterns: "false" # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}" - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name != github.repository name: "Syntax check of CODEOWNERS" diff --git a/README.md b/README.md index ff208b03..a7902d1f 100644 --- a/README.md +++ b/README.md @@ -435,7 +435,7 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 3.64.0, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 | | [random](#requirement\_random) | >= 2.2 | | [time](#requirement\_time) | >= 0.7 | diff --git a/docs/terraform.md b/docs/terraform.md index 3b47c9a3..08e7fa52 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 3.64.0, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 | | [random](#requirement\_random) | >= 2.2 | | [time](#requirement\_time) | >= 0.7 | diff --git a/examples/complete/lambda-at-edge.tf b/examples/complete/lambda-at-edge.tf index e002ac7f..5c344c1c 100644 --- a/examples/complete/lambda-at-edge.tf +++ b/examples/complete/lambda-at-edge.tf @@ -35,6 +35,14 @@ module "lambda_at_edge" { event_type = "viewer-request" include_body = false }, + # Add custom header to the response + viewer_response = { + source_dir = "lib" + runtime = "nodejs12.x" + handler = "index.handler" + event_type = "viewer-response" + include_body = false + }, # Add security headers to the request from CF to the origin origin_request = { source = [{ diff --git a/examples/complete/lib/index.js b/examples/complete/lib/index.js new file mode 100644 index 00000000..2313a0d9 --- /dev/null +++ b/examples/complete/lib/index.js @@ -0,0 +1,11 @@ +'use strict'; + +exports.handler = (event, context, callback) => { + const response = event.Records[0].cf.response; + const headers = response.headers; + + // Add a custom header to the response + headers['x-custom-header'] = [{ key: 'X-Custom-Header', value: 'My custom value' }]; + + callback(null, response); +}; \ No newline at end of file diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 85d1d006..2973d0e7 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/main.tf b/main.tf index a946fc0b..189e96de 100644 --- a/main.tf +++ b/main.tf @@ -4,7 +4,7 @@ locals { # Encapsulate logic here so that it is not lost/scattered among the configuration website_enabled = local.enabled && var.website_enabled website_password_enabled = local.website_enabled && var.s3_website_password_enabled - s3_origin_enabled = local.enabled && ! var.website_enabled + s3_origin_enabled = local.enabled && !var.website_enabled create_s3_origin_bucket = local.enabled && var.origin_bucket == null s3_access_logging_enabled = local.enabled && (var.s3_access_logging_enabled == null ? length(var.s3_access_log_bucket_name) > 0 : var.s3_access_logging_enabled) create_cf_log_bucket = local.cloudfront_access_logging_enabled && local.cloudfront_access_log_create_bucket @@ -52,7 +52,7 @@ locals { override_origin_bucket_policy = local.enabled && var.override_origin_bucket_policy - lookup_cf_log_bucket = local.cloudfront_access_logging_enabled && ! local.cloudfront_access_log_create_bucket + lookup_cf_log_bucket = local.cloudfront_access_logging_enabled && !local.cloudfront_access_log_create_bucket cf_log_bucket_domain = local.cloudfront_access_logging_enabled ? ( local.lookup_cf_log_bucket ? data.aws_s3_bucket.cf_logs[0].bucket_domain_name : module.logs.bucket_domain_name ) : "" @@ -418,7 +418,7 @@ resource "aws_cloudfront_distribution" "default" { origin_path = var.origin_path dynamic "s3_origin_config" { - for_each = ! var.website_enabled ? [1] : [] + for_each = !var.website_enabled ? [1] : [] content { origin_access_identity = local.cf_access.path } diff --git a/modules/lambda@edge/outputs.tf b/modules/lambda@edge/outputs.tf index 98eed4f3..ed37e10d 100644 --- a/modules/lambda@edge/outputs.tf +++ b/modules/lambda@edge/outputs.tf @@ -7,4 +7,15 @@ output "lambda_function_association" { lambda_arn = aws_lambda_function.default[k].qualified_arn } ] -} \ No newline at end of file +} + +output "lambda_functions" { + description = "The Lambda@Edge functions" + value = { + for key, value in local.functions : key => { + arn = aws_lambda_function.default[key].arn, + qualified_arn = aws_lambda_function.default[key].qualified_arn, + role_arn = aws_lambda_function.default[key].role + } + } +} diff --git a/modules/lambda@edge/package.tf b/modules/lambda@edge/package.tf index 021ae7a4..5515f0f7 100644 --- a/modules/lambda@edge/package.tf +++ b/modules/lambda@edge/package.tf @@ -2,7 +2,7 @@ data "archive_file" "lambda_zip" { for_each = local.functions dynamic "source" { - for_each = each.value.source + for_each = coalesce(each.value.source, []) content { content = source.value.content @@ -10,6 +10,7 @@ data "archive_file" "lambda_zip" { } } + source_dir = each.value.source_dir type = "zip" output_file_mode = "0666" output_path = "${path.module}/archives/${each.key}.zip" diff --git a/modules/lambda@edge/variables.tf b/modules/lambda@edge/variables.tf index be39cf63..0aa41ebc 100644 --- a/modules/lambda@edge/variables.tf +++ b/modules/lambda@edge/variables.tf @@ -4,9 +4,13 @@ variable "functions" { The key of this map is the name label of the Lambda@Edge function. + Either `source` or `source_dir` must be specified. These variables are mutually exclusive. + `source.filename` and `source.content` dictate the name and content of the files that will make up the Lambda function source, respectively. + `source_dir` contains path to whole directory that has to be archived. + `runtime` and `handler` correspond to the attributes of the same name in the [lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) resource. @@ -15,15 +19,24 @@ variable "functions" { resource. EOT type = map(object({ - source = list(object({ + source = optional(list(object({ filename = string content = string - })) + }))) + source_dir = optional(string) runtime = string handler = string event_type = string include_body = bool })) + + validation { + condition = alltrue([ + for f in var.functions : + ((f.source != null && f.source_dir == null) || (f.source == null && f.source_dir != null)) + ]) + error_message = "Either 'source' or 'source_dir' field must be specified, but not both." + } } variable "destruction_delay" { diff --git a/modules/lambda@edge/versions.tf b/modules/lambda@edge/versions.tf index 5bb54cff..982ccd87 100644 --- a/modules/lambda@edge/versions.tf +++ b/modules/lambda@edge/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/versions.tf b/versions.tf index 9e9b3291..77fb4054 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = {