Merge pull request #1 from binbashar/BBL-140-tf-0.12-support

// BBL-140 - Terraform 0.12 support //

.circleci/config.yml

@@ -0,0 +1,161 @@
+version: 2.1
+
+jobs:
+  #
+  # Test 1 & Test 2
+  #
+  test-static-code-and-linting:
+    machine:
+      image: ubuntu-1604:201903-01
+      # This job has been blocked because Docker Layer Caching is not available on your plan.
+      # Please upgrade to continue building.
+      # Note: you will need to push a new commit or call the API to rerun the pipeline.
+      docker_layer_caching: false
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: test1-terraform-format
+          command: |
+            if [[ $(make format| tail -n +2) ]]; then
+              echo "==================================================================================================="
+              echo " NOT PASSED - There are Terraform conf files that needs a canonical format and styleto be formated "
+              echo "==================================================================================================="
+              exit 1
+            else
+              echo "==================================================================================================="
+              echo " PASSED - All Terraform conf files already have canonical format and are correcyly styled          "
+              echo "==================================================================================================="
+            fi
+
+      - run:
+          name: test2-terraform-linting
+          command: |
+            if make lint | grep 'Awesome! Your code is following the best practices'; then
+              echo "==============================================================================================="
+              echo " PASSED - Awesome! Your code is following the best practices                                   "
+              echo "==============================================================================================="
+            else
+              echo "==============================================================================================="
+              echo " NOT PASSED - Terraform lint needed                                                            "
+              echo "==============================================================================================="
+            fi
+  #
+  # Test 3
+  #
+  test-e2e-terratests:
+    machine:
+      image: ubuntu-1604:201903-01
+      docker_layer_caching: false
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: Install awscli
+          command: sudo pip install awscli
+
+      - run:
+          name: Configure awscli
+          command: |
+            echo "AWS_ACCESS_KEY_ID - $AWS_ACCESS_KEY_ID"
+            echo "AWS_PROFILE_NAME - $AWS_PROFILE_NAME"
+
+            # AWS defautl awscli profile
+            aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+            aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
+            aws configure set region us-east-1
+            aws configure set output json
+
+            # AWS dev awscli profile
+            aws configure set role_arn arn:aws:iam::$AWS_ACCOUNT_ID_DEV:role/DeployMaster --profile $AWS_PROFILE_NAME
+            aws configure set source_profile default --profile $AWS_PROFILE_NAME
+
+#      - run: cat ~/.aws/credentials
+#      - run: cat ~/.aws/config
+
+      - run:
+          name: Test AWS permissions
+          command: aws budgets describe-budgets --account-id $AWS_ACCOUNT_ID_DEV --profile $AWS_PROFILE_NAME
+
+      - run:
+          name: test3-terratests-dep-init
+          command: cd modules/waf-global && make terratest-dep-init
+
+      - run:
+          name: test3-terratests-go-test
+          command: cd modules/waf-global && make terratest-go-test
+
+      - run:
+          name: test4-terratests-dep-init
+          command: cd modules/waf-regional && make terratest-dep-init
+
+      - run:
+          name: test4-terratests-go-test
+          command: cd modules/waf-regional && make terratest-go-test
+  #
+  # Release
+  #
+  release-patch-with-changelog:
+    machine:
+      image: ubuntu-1604:201903-01
+      docker_layer_caching: false
+
+    steps:
+      - checkout
+
+      - run: pwd
+      - run: ls -ltra
+      - run: git branch
+
+      - run:
+          name: release-patch-with-changelog-circleci
+          command: |
+            if git status | grep 'nothing to commit, working tree clean'; then
+              echo "==============================================================================================="
+              echo "release-patch-with-changelog-circleci"
+              echo "==============================================================================================="
+              git config --global user.email "$GIT_USER_EMAIL"
+              git config --global user.name "$GIT_USER_NAME"
+              make release-patch-with-changelog-circleci
+            else
+              echo "==============================================================================================="
+              echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below "
+              echo "==============================================================================================="
+              echo "$(git status)"
+              echo "==============================================================================================="
+            fi
+#
+# Jobs workflow
+#
+workflows:
+  version: 2
+  changelog_and_release:
+    jobs:
+      - test-static-code-and-linting:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             ignore: # only branches matching the below regex filters will run
+               - master
+      - test-e2e-terratests:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             ignore: # only branches matching the below regex filters will run
+               - master
+      - release-patch-with-changelog:
+          context: binbashar-org-global-context
+          filters:
+            branches:
+             only: # only branches matching the below regex filters will run
+               - master

.gitignore

@@ -5,6 +5,7 @@
 # Except
 #
 !*.env.example
+!*.circleci
 !*.dockeringnore
 !*.hosts
 !/.gitignore
@@ -65,6 +66,8 @@ Thumbs.db
 *.iml
 *.ipr
 .vscode
+/src
+/venv
 
 # Custom Project tools files #
 ########################
@@ -88,4 +91,5 @@ Thumbs.db
 #
 # Terratest
 #
-tests/vendor/
+modules/waf-global/tests/vendor/
+modules/waf-regional/tests/vendor/

Makefile

@@ -6,7 +6,7 @@ LOCAL_OS_GIT_CONF_DIR := ~/.gitconfig
 LOCAL_OS_AWS_CONF_DIR := ~/.aws
 
 TF_PWD_DIR := $(shell pwd)
-TF_VER := 0.11.14
+TF_VER := 0.12.12
 TF_PWD_CONT_DIR := "/go/src/project/"
 TF_DOCKER_ENTRYPOINT := /usr/local/go/bin/terraform
 TF_DOCKER_IMAGE := binbash/terraform-resources
@@ -36,7 +36,7 @@ endef
 
 GIT_SEMTAG_VER_PATCH := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s patch -o)
 GIT_SEMTAG_VER_MINOR := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s minor -o)
-GIT_SEMTAG_VER_MINOR := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s major -o)
+GIT_SEMTAG_VER_MAJOR := $(shell ${GIT_SEMTAG_CMD_PREFIX} final -s major -o)
 
 help:
 	@echo 'Available Commands:'
@@ -54,8 +54,20 @@ version: ## Show terraform version
 format: ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.
 	${TF_CMD_PREFIX} fmt ${TF_PWD_CONT_DIR}
 
-lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan.
-	docker run --rm -v ${TF_PWD_DIR}:/data -t wata727/tflint --deep
+doc-tf-eleven: ## A utility to generate documentation from Terraform 0.11 modules in various output formats.
+	docker run --rm -v ${TF_PWD_DIR}:/data -t binbash/terraform-docs markdown table /data
+
+doc-tf-twelve: ## A utility to generate documentation from Terraform 0.12 modules in various output formats.
+	bash terraform-docs.sh markdown ${TF_PWD_DIR}
+
+lint: ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.11 --> < 0.9.2.
+	docker run --rm -v ${TF_PWD_DIR}:/data -t wata727/tflint:0.9.2 --deep
+
+#==============================================================#
+# CIRCLECI 													   #
+#==============================================================#
+circleci-validate-config: ## Validate A CircleCI Config (https://circleci.com/docs/2.0/local-cli/)
+	circleci config validate .circleci/config.yml
 
 #==============================================================#
 # GIT RELEASE 												   #
@@ -66,24 +78,80 @@ release-patch: ## releasing patch (eg: 0.0.1 -> 0.0.2) based on semantic tagging
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s patch
 
+release-patch-with-changelog: ## make changelog-patch && git add && git commit && make release-patch
+	@if git status | grep 'nothing to commit, working directory clean'; then\
+		make changelog-patch;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-patch for ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-patch;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
+release-patch-with-changelog-circleci: ## make changelog-patch && git add && git commit && make release-patch
+	make changelog-patch
+	git status
+	git add CHANGELOG.md
+	git commit -m "Updating CHANGELOG.md via make changelog-patch for ${GIT_SEMTAG_VER_PATCH} [ci skip]"
+	git push origin master
+	make release-patch
+
 release-minor: ## releasing minor (eg: 0.0.2 -> 0.1.0) based on semantic tagging script for Git
 	# pre-req -> https://github.com/pnikosis/semtag
 	${GIT_SEMTAG_CMD_PREFIX} get
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s minor
 
+release-minor-with-changelog: ## make changelog-minor && git add && git commit && make release-minor
+	@if git status |grep 'nothing to commit, working directory clean'; then\
+		make changelog-minor;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-minorfor ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-minor;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
 release-major: ## releasing major (eg: 0.1.0 -> 1.0.0) based on semantic tagging script for Git
 	# pre-req -> https://github.com/pnikosis/semtag
 	${GIT_SEMTAG_CMD_PREFIX} get
 	sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.git
 	${GIT_SEMTAG_CMD_PREFIX} final -s major
 
+release-major-with-changelog: ## make changelog-major && git add && git commit && make release-major
+	@if git status |grep 'nothing to commit, working directory clean'; then\
+		make changelog-major;\
+		git status;\
+		git add CHANGELOG.md;\
+		git commit -m "Updating CHANGELOG.md via make changelog-major for ${GIT_SEMTAG_VER_PATCH} [ci skip]";\
+		git push origin master;\
+		make release-major;\
+	else\
+		echo "===============================================================================================";\
+    	echo "Changes in working directory pending to be pushed - please check 'git status' cmd output below ";\
+		echo "===============================================================================================";\
+    	echo "$$(git status)";\
+		echo "===============================================================================================";\
+	fi
+
 changelog-init: ## git-chglog (https://github.com/git-chglog/git-chglog) config initialization -> ./.chglog
 	@if [ ! -d ./.chglog ]; then\
 		docker run --rm -v ${TF_PWD_DIR}:/data -it binbash/git-release --init;\
 		sudo chown -R ${LOCAL_OS_USER}:${LOCAL_OS_USER} ./.chglog;\
 	else\
-		  echo "==============================";\
+		echo "==============================";\
     	echo "git-chglog already initialized";\
     	echo "==============================";\
     	echo "$$(ls ./.chglog)";\

README.md

@@ -154,4 +154,29 @@ module "waf_regional_test" {
     rule_csrf_action_type               = "COUNT"
     rule_blacklisted_ips_action_type    = "COUNT"
 }
-```
+```
+
+# Release Management
+
+## Docker based makefile commands
+- https://cloud.docker.com/u/binbash/repository/docker/binbash/git-release
+- https://github.com/binbashar/terraform-aws-waf-owasp/blob/master/Makefile
+
+Root directory `Makefile` has the automated steps (to be integrated with **CircleCI jobs** []() )
+
+### CircleCi PR auto-release job
+<div align="left">
+  <img src="https://raw.githubusercontent.com/binbashar/terraform-aws-waf-owasp/master/figures/circleci.png" alt="leverage-circleci" width="230"/>
+</div>
+
+- https://circleci.com/gh/binbashar/terraform-aws-waf-owasp
+- **NOTE:** Will only run after merged PR.
+
+### Manual execution from workstation
+```
+$ make
+Available Commands:
+ - release-major-with-changelog make changelog-major && git add && git commit && make release-major
+ - release-minor-with-changelog make changelog-minor && git add && git commit && make release-minor
+ - release-patch-with-changelog make changelog-patch && git add && git commit && make release-patch
+ ```