Initial commit

Author: kfc-manager

.github/.secrets.baseline

@@ -0,0 +1,113 @@
+{
+  "version": "1.2.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.gibberish.should_exclude_secret",
+      "limit": 3.7
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2024-02-17T17:33:52Z"
+}

.github/hooks/pre-commit

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Run terraform fmt on all .tf files in the repository
+terraform_files=$(git diff --cached --name-only --diff-filter=ACMRTUXB | grep -E '\.tf$|\.tftest.hcl$')
+if [ -n "$terraform_files" ]; then
+    echo "Formatting Terraform files..."
+    terraform fmt -write=true $terraform_files
+    git add $terraform_files
+fi
+
+exit 0

.github/workflows/lint.yml

@@ -0,0 +1,29 @@
+name: Lint
+
+on:
+  push:
+    branches: ["**"]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v3
+        with:
+          tflint_version: v0.44.1
+
+      - name: Show TFLint version
+        run: tflint --version
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Run TFLint
+        run: tflint -f compact

.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  workflow_run:
+    workflows: ["Test"]
+    types: [completed]
+    branches: ["main"]
+
+permissions:
+  contents: write
+  pull-requests: read
+
+jobs:
+  release:
+    runs-on: "ubuntu-latest"
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    steps:
+      - uses: rymndhng/release-on-push-action@master
+        with:
+          bump_version_scheme: minor
+          tag_prefix: v
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/secrets-scan.yml

@@ -0,0 +1,19 @@
+name: Secrets Scan
+
+on:
+  push:
+    branches: ["**"]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Move .secrets.baseline file
+        run: mv .github/.secrets.baseline .
+
+      - name: Scan for secrets
+        uses: secret-scanner/action@0.0.2

.github/workflows/test.yml

@@ -0,0 +1,27 @@
+name: Test
+
+on:
+  push:
+    branches: ["**"]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: latest
+
+      - name: Init Terraform
+        run: terraform init
+
+      - name: Run Terraform Test
+        run: terraform test
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.gitignore

@@ -0,0 +1,27 @@
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+# Terraform files
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+crash.log
+crash.*.log
+.terraform.lock.hcl
+*.tfvars
+*.tfvars.json
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+*tfplan*
+.terraformrc
+terraform.rc

main.tf

@@ -0,0 +1,33 @@
+################################
+# SQS Queue                    #
+################################
+
+resource "aws_sqs_queue" "deadletter" {
+  count = var.max_receive_count > 0 ? 1 : 0
+  name  = "${var.identifier}-deadletter"
+
+  tags = var.tags
+}
+
+resource "aws_sqs_queue" "main" {
+  name                       = var.identifier
+  message_retention_seconds  = var.message_retention_seconds
+  visibility_timeout_seconds = var.visibility_timeout_seconds
+
+  redrive_policy = var.max_receive_count > 0 ? jsonencode({
+    deadLetterTargetArn = aws_sqs_queue.deadletter[0].arn
+    maxReceiveCount     = var.max_receive_count
+  }) : null
+
+  tags = var.tags
+}
+
+resource "aws_sqs_queue_redrive_allow_policy" "main" {
+  count     = var.max_receive_count > 0 ? 1 : 0
+  queue_url = aws_sqs_queue.deadletter[0].id
+
+  redrive_allow_policy = jsonencode({
+    redrivePermission = "byQueue",
+    sourceQueueArns   = [aws_sqs_queue.main.arn]
+  })
+}

outputs.tf

@@ -0,0 +1,19 @@
+output "arn" {
+  description = "The ARN of the SQS queue."
+  value       = try(aws_sqs_queue.main.arn, null)
+}
+
+output "url" {
+  description = "The URL of the SQS queue."
+  value       = try(aws_sqs_queue.main.url, null)
+}
+
+output "deadletter_arn" {
+  description = "The ARN of the deadletter SQS queue of the main queue."
+  value       = try(aws_sqs_queue.deadletter[0].url, null)
+}
+
+output "deadletter_url" {
+  description = "The URL of the deadletter SQS queue of the main queue."
+  value       = try(aws_sqs_queue.deadletter[0].url, null)
+}

tests/queue.tftest.hcl

@@ -0,0 +1,64 @@
+provider "aws" {
+  region = "eu-central-1"
+  default_tags {
+    tags = {
+      Environment = "Test"
+    }
+  }
+}
+
+run "invalid_identifier" {
+  command = plan
+
+  variables {
+    identifier = "ab"
+  }
+
+  expect_failures = [var.identifier]
+}
+
+run "valid_identifier" {
+  command = plan
+
+  variables {
+    identifier = "abc"
+  }
+}
+
+run "with_deadletter" {
+  command = plan
+
+  variables {
+    identifier        = "abc"
+    max_receive_count = 4
+  }
+
+  assert {
+    condition     = length(aws_sqs_queue.deadletter) == 1
+    error_message = "Deadletter queue was not created"
+  }
+
+  assert {
+    condition     = length(aws_sqs_queue_redrive_allow_policy.main) == 1
+    error_message = "Redrive allow policy was not created"
+  }
+}
+
+run "without_deadletter" {
+  command = plan
+
+  variables {
+    identifier        = "abc"
+    max_receive_count = 0
+  }
+
+  assert {
+    condition     = length(aws_sqs_queue.deadletter) == 0
+    error_message = "Deadletter queue was created unexpectedly"
+  }
+
+  assert {
+    condition     = length(aws_sqs_queue_redrive_allow_policy.main) == 0
+    error_message = "Redrive allow policy was created unexpectedly"
+  }
+}