Merge pull request #1 from rhythmictech/demo

cdaniluk · web-flow · commit 3cdb0420ddae · 2020-05-27T12:32:51.000-04:00
initial commit
diff --git a/.github/workflows/pre-commit-check.yaml b/.github/workflows/pre-commit-check.yaml
@@ -0,0 +1,22 @@
+---
+name: pre-commit-check
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  build:
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Install prerequisites
+      run: |
+        brew install tfenv tflint terraform-docs pre-commit
+        pre-commit install
+        tfenv install
+    - name: pre-commit run all
+      run: |
+        pre-commit run -a
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,9 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,12 @@
+repos:
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.24.0
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.4.0
+  hooks:
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+    - id: no-commit-to-branch
diff --git a/.terraform-version b/.terraform-version
@@ -0,0 +1 @@
+0.12.25
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Rhythmic Technologies, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/bin/install-macos.sh b/bin/install-macos.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo 'installing brew packages'
+brew install tfenv tflint terraform-docs pre-commit
+
+echo 'installing pre-commit hooks'
+pre-commit install
+
+echo 'installing terraform with tfenv'
+tfenv install
diff --git a/create_jira.py b/create_jira.py
@@ -0,0 +1,66 @@
+import boto3
+import json
+from botocore.vendored import requests
+
+def add_priority(issue, priority):
+    fields = issue["fields"]
+    fields["priority"] = {"name": priority}
+
+def add_assignee(issue, assignee):
+	fields = issue["fields"]
+	fields["assignee"] = {"name": assignee}
+
+def add_due_date(issue, due_date):
+	fields = issue["fields"]
+	fields["duedate"] = due_date
+
+def handler(event, context):
+
+	client = boto3.client("ssm")
+
+	ssm_parameter_name = event["SSMParameterName"].strip()
+	secret = client.get_parameter(Name=ssm_parameter_name, WithDecryption=True)['Parameter']['Value']
+
+	username = event["JiraUsername"].strip()
+	url = event["JiraURL"].strip()
+
+	issue = {
+		"fields": {
+			"summary": event["IssueSummary"].strip(),
+			"project": {
+				"key": event["ProjectKey"].strip()
+			},
+			"description": event["IssueDescription"].strip(),
+			"issuetype": {
+				"name": event["IssueTypeName"].strip()
+			}
+		}
+    }
+
+	priority = event["PriorityName"].strip()
+	if priority:
+		add_priority(issue, priority)
+
+	assignee = event["AssigneeName"].strip()
+
+	if assignee:
+		add_assignee(issue, assignee)
+
+	due_date = event["DueDate"].strip()
+	if due_date:
+		add_due_date(issue, due_date)
+
+	data = json.dumps(issue)
+
+	headers = {'Content-Type':'application/json'}
+
+	response = requests.post('{0}/rest/api/2/issue/'.format(url),
+            headers=headers,
+            data=data,
+            auth=(username, secret))
+
+	if not response.ok:
+		raise Exception("Received error with status code " + str(response.status_code) + " from Jira")
+	else:
+		issue_key = (response.json()["key"])
+		return {"IssueKey" : issue_key}
diff --git a/jira.tf b/jira.tf
@@ -0,0 +1,80 @@
+locals {
+  jira_name = "${var.name}-create-jira"
+}
+
+resource "aws_sns_topic_subscription" "jira" {
+  count                  = var.enable_jira_integration ? 1 : 0
+  endpoint               = aws_lambda_function.jira[0].arn
+  endpoint_auto_confirms = true
+  protocol               = "https"
+  topic_arn              = aws_sns_topic.ticket.arn
+}
+
+data "archive_file" "jira" {
+  type        = "zip"
+  source_file = "${path.module}/create_jira.py"
+  output_path = "${path.module}/tmp/create_jira.zip"
+}
+
+data "aws_iam_policy_document" "jira_assume" {
+  statement {
+    actions = [
+      "sts:AssumeRole",
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "jira" {
+  count              = var.enable_jira_integration ? 1 : 0
+  name_prefix        = local.jira_name
+  assume_role_policy = data.aws_iam_policy_document.jira_assume.json
+}
+
+resource "aws_iam_role_policy_attachment" "jira" {
+  count      = var.enable_jira_integration ? 1 : 0
+  role       = aws_iam_role.jira[0].name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+resource "aws_lambda_function" "jira" {
+  count            = var.enable_jira_integration ? 1 : 0
+  function_name    = local.jira_name
+  filename         = data.archive_file.jira.output_path
+  handler          = "create_jira.handler"
+  role             = aws_iam_role.jira[0].arn
+  runtime          = "python3.7"
+  source_code_hash = data.archive_file.jira.output_base64sha256
+  tags             = var.tags
+  timeout          = 180
+
+  environment {
+    variables = {
+
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      filename,
+      last_modified,
+    ]
+  }
+}
+
+resource "aws_lambda_permission" "jira" {
+  count               = var.enable_jira_integration ? 1 : 0
+  statement_id_prefix = "AllowExecutionFromCloudWatch-"
+  action              = "lambda:InvokeFunction"
+  function_name       = aws_lambda_function.jira[0].function_name
+  principal           = "sns.amazonaws.com"
+  source_arn          = aws_sns_topic.ticket.arn
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,97 @@
+data "aws_caller_identity" "current" {
+}
+
+locals {
+  account_id        = data.aws_caller_identity.current.account_id
+  alert_topic_name  = "${var.name}-Alert-Topic"
+  ticket_topic_name = "${var.name}-Ticket-Topic"
+  notify_topic_name = "${var.name}-Notify-Topic"
+}
+
+resource "aws_sns_topic" "alert" {
+  name = local.alert_topic_name
+  tags = var.tags
+}
+
+resource "aws_sns_topic_subscription" "alert" {
+  endpoint               = var.alert_webhook
+  endpoint_auto_confirms = true
+  protocol               = "https"
+  topic_arn              = aws_sns_topic.alert.arn
+}
+
+resource "aws_sns_topic_policy" "alert" {
+  arn    = aws_sns_topic.notify.arn
+  policy = data.aws_iam_policy_document.policy.json
+}
+
+resource "aws_sns_topic" "ticket" {
+  name = local.ticket_topic_name
+  tags = var.tags
+}
+
+resource "aws_sns_topic_policy" "ticket" {
+  arn    = aws_sns_topic.notify.arn
+  policy = data.aws_iam_policy_document.policy.json
+}
+
+resource "aws_sns_topic" "notify" {
+  name = local.notify_topic_name
+  tags = var.tags
+}
+
+resource "aws_sns_topic_policy" "notify" {
+  arn    = aws_sns_topic.notify.arn
+  policy = data.aws_iam_policy_document.policy.json
+}
+
+data "aws_iam_policy_document" "policy" {
+
+  statement {
+    effect = "Allow"
+    sid    = "AllowAWSToPublish"
+
+    actions = [
+      "SNS:AddPermission",
+      "SNS:GetTopicAttributes",
+      "SNS:ListSubscriptionsByTopic",
+      "SNS:Publish",
+      "SNS:RemovePermission"
+    ]
+
+    condition {
+      test     = "StringEquals"
+      variable = "AWS:SourceOwner"
+
+      values = [
+        local.account_id
+      ]
+    }
+
+    resources = ["*"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+  }
+
+  statement {
+    effect = "Allow"
+    sid    = "CloudWatchEvents"
+
+    actions = [
+      "sns:Publish"
+    ]
+
+    resources = ["*"]
+
+    principals {
+      type = "Service"
+
+      identifiers = [
+        "events.amazonaws.com"
+      ]
+    }
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,14 @@
+output "sns_topic_alert_arn" {
+  description = "Alert Topic ARN"
+  value       = aws_sns_topic.alert.arn
+}
+
+output "sns_topic_notify_arn" {
+  description = "Notification Topic ARN"
+  value       = aws_sns_topic.notify.arn
+}
+
+output "sns_topic_ticket_arn" {
+  description = "Ticketing Topic ARN"
+  value       = aws_sns_topic.ticket.arn
+}
diff --git a/slack.tf b/slack.tf
@@ -0,0 +1,13 @@
+locals {
+  slack_username = coalesce(var.slack_username, local.account_id)
+}
+
+module "notify-slack" {
+  source            = "terraform-aws-modules/notify-slack/aws"
+  create_sns_topic  = false
+  sns_topic_name    = aws_sns_topic.notify.name
+  slack_webhook_url = var.notify_webhook
+  slack_channel     = var.slack_channel
+  slack_username    = local.slack_username
+  tags              = var.tags
+}
diff --git a/variables.tf b/variables.tf
