Skip to content

Commit

Permalink
feat: Update lambda module and bump Terraform/AWS provider versions (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
bryantbiggs authored Dec 9, 2021
1 parent 6b7db5d commit 0a1fae8
Show file tree
Hide file tree
Showing 16 changed files with 103 additions and 58 deletions.
33 changes: 33 additions & 0 deletions .github/workflows/unit-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Unit Test

on:
pull_request:
branches:
- main
- master
paths:
- 'functions/**'
- '.github/workflows/unit-test.yml'

defaults:
run:
working-directory: functions

jobs:
test:
name: Execute unit tests
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8

- name: Install pipenv
run: |
python -m pip install --upgrade pip
python -m pip install pipenv
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,4 @@ terraform.rc
builds/
__pycache__/
functions/pytest.ini
*.zip
3 changes: 2 additions & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.58.0
rev: v1.60.0
hooks:
- id: terraform_fmt
- id: terraform_validate
Expand All @@ -26,3 +26,4 @@ repos:
rev: v4.0.1
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,20 +80,20 @@ To run the tests:

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.35 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.61 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.35 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.61 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_lambda"></a> [lambda](#module\_lambda) | terraform-aws-modules/lambda/aws | 1.47.0 |
| <a name="module_lambda"></a> [lambda](#module\_lambda) | terraform-aws-modules/lambda/aws | 2.27.1 |

## Resources

Expand Down Expand Up @@ -153,7 +153,7 @@ To run the tests:
| <a name="output_notify_slack_lambda_function_last_modified"></a> [notify\_slack\_lambda\_function\_last\_modified](#output\_notify\_slack\_lambda\_function\_last\_modified) | The date Lambda function was last modified |
| <a name="output_notify_slack_lambda_function_name"></a> [notify\_slack\_lambda\_function\_name](#output\_notify\_slack\_lambda\_function\_name) | The name of the Lambda function |
| <a name="output_notify_slack_lambda_function_version"></a> [notify\_slack\_lambda\_function\_version](#output\_notify\_slack\_lambda\_function\_version) | Latest published version of your Lambda function |
| <a name="output_this_slack_topic_arn"></a> [this\_slack\_topic\_arn](#output\_this\_slack\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
| <a name="output_slack_topic_arn"></a> [slack\_topic\_arn](#output\_slack\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

## Authors
Expand Down
12 changes: 6 additions & 6 deletions examples/cloudwatch-alerts-to-slack/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,16 @@ Note that this example may create resources which can cost money. Run `terraform

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.35 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.61 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.35 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.61 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

## Modules

Expand Down Expand Up @@ -102,5 +102,5 @@ No inputs.
| <a name="output_notify_slack_lambda_function_last_modified"></a> [notify\_slack\_lambda\_function\_last\_modified](#output\_notify\_slack\_lambda\_function\_last\_modified) | The date Lambda function was last modified |
| <a name="output_notify_slack_lambda_function_name"></a> [notify\_slack\_lambda\_function\_name](#output\_notify\_slack\_lambda\_function\_name) | The name of the Lambda function |
| <a name="output_notify_slack_lambda_function_version"></a> [notify\_slack\_lambda\_function\_version](#output\_notify\_slack\_lambda\_function\_version) | Latest published version of your Lambda function |
| <a name="output_this_sns_topic_arn"></a> [this\_sns\_topic\_arn](#output\_this\_sns\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
| <a name="output_sns_topic_arn"></a> [sns\_topic\_arn](#output\_sns\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
2 changes: 1 addition & 1 deletion examples/cloudwatch-alerts-to-slack/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ resource "aws_cloudwatch_metric_alarm" "lambda_duration" {
threshold = "5000"
alarm_description = "Duration of notifying slack exceeds threshold"

alarm_actions = [module.notify_slack["develop"].this_slack_topic_arn]
alarm_actions = [module.notify_slack["develop"].slack_topic_arn]

dimensions = {
FunctionName = module.notify_slack["develop"].notify_slack_lambda_function_name
Expand Down
4 changes: 2 additions & 2 deletions examples/cloudwatch-alerts-to-slack/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
output "this_sns_topic_arn" {
output "sns_topic_arn" {
description = "The ARN of the SNS topic from which messages will be sent to Slack"
value = module.notify_slack["develop"].this_slack_topic_arn
value = module.notify_slack["develop"].slack_topic_arn
}

output "lambda_iam_role_arn" {
Expand Down
12 changes: 9 additions & 3 deletions examples/cloudwatch-alerts-to-slack/versions.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
terraform {
required_version = ">= 0.13.0"
required_version = ">= 0.13.1"

required_providers {
aws = ">= 2.35"
random = ">= 2"
aws = {
source = "hashicorp/aws"
version = ">= 3.61"
}
random = {
source = "hashicorp/random"
version = ">= 2.0"
}
}
}
8 changes: 4 additions & 4 deletions examples/notify-slack-simple/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.35 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.61 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.35 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.61 |

## Modules

Expand Down Expand Up @@ -60,5 +60,5 @@ No inputs.
| <a name="output_notify_slack_lambda_function_last_modified"></a> [notify\_slack\_lambda\_function\_last\_modified](#output\_notify\_slack\_lambda\_function\_last\_modified) | The date Lambda function was last modified |
| <a name="output_notify_slack_lambda_function_name"></a> [notify\_slack\_lambda\_function\_name](#output\_notify\_slack\_lambda\_function\_name) | The name of the Lambda function |
| <a name="output_notify_slack_lambda_function_version"></a> [notify\_slack\_lambda\_function\_version](#output\_notify\_slack\_lambda\_function\_version) | Latest published version of your Lambda function |
| <a name="output_this_sns_topic_arn"></a> [this\_sns\_topic\_arn](#output\_this\_sns\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
| <a name="output_sns_topic_arn"></a> [sns\_topic\_arn](#output\_sns\_topic\_arn) | The ARN of the SNS topic from which messages will be sent to Slack |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
4 changes: 2 additions & 2 deletions examples/notify-slack-simple/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
output "this_sns_topic_arn" {
output "sns_topic_arn" {
description = "The ARN of the SNS topic from which messages will be sent to Slack"
value = module.notify_slack.this_slack_topic_arn
value = module.notify_slack.slack_topic_arn
}

output "lambda_iam_role_arn" {
Expand Down
7 changes: 5 additions & 2 deletions examples/notify-slack-simple/versions.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
terraform {
required_version = ">= 0.13.0"
required_version = ">= 0.13.1"

required_providers {
aws = ">= 2.35"
aws = {
source = "hashicorp/aws"
version = ">= 3.61"
}
}
}
Binary file removed functions/notify_slack.zip
Binary file not shown.
1 change: 0 additions & 1 deletion functions/pytest.ini.sample
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,3 @@ env =
SLACK_EMOJI=:aws:
SLACK_USERNAME=notify_slack_test
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBOOK/URL

43 changes: 21 additions & 22 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,18 @@ data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}
data "aws_region" "current" {}

resource "aws_sns_topic" "this" {
count = var.create_sns_topic && var.create ? 1 : 0

name = var.sns_topic_name

kms_master_key_id = var.sns_topic_kms_key_id

tags = merge(var.tags, var.sns_topic_tags)
}

locals {
sns_topic_arn = element(
concat(
aws_sns_topic.this.*.arn,
["arn:${data.aws_partition.current.id}:sns:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.sns_topic_name}"],
[""]
),
0,
sns_topic_arn = try(
aws_sns_topic.this[0].arn,
"arn:${data.aws_partition.current.id}:sns:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.sns_topic_name}",
""
)

lambda_policy_document = {
sid = "AllowWriteToCloudwatchLogs"
effect = "Allow"
actions = ["logs:CreateLogStream", "logs:PutLogEvents"]
resources = [replace("${element(concat(aws_cloudwatch_log_group.lambda[*].arn, [""]), 0)}:*", ":*:*", ":*")]
resources = [replace("${try(aws_cloudwatch_log_group.lambda[0].arn, "")}:*", ":*:*", ":*")]
}

lambda_policy_document_kms = {
Expand Down Expand Up @@ -61,18 +48,29 @@ resource "aws_cloudwatch_log_group" "lambda" {
tags = merge(var.tags, var.cloudwatch_log_group_tags)
}

resource "aws_sns_topic" "this" {
count = var.create_sns_topic && var.create ? 1 : 0

name = var.sns_topic_name

kms_master_key_id = var.sns_topic_kms_key_id

tags = merge(var.tags, var.sns_topic_tags)
}


resource "aws_sns_topic_subscription" "sns_notify_slack" {
count = var.create ? 1 : 0

topic_arn = local.sns_topic_arn
protocol = "lambda"
endpoint = module.lambda.this_lambda_function_arn
endpoint = module.lambda.lambda_function_arn
filter_policy = var.subscription_filter_policy
}

module "lambda" {
source = "terraform-aws-modules/lambda/aws"
version = "1.47.0"
version = "2.27.1"

create = var.create

Expand All @@ -86,7 +84,8 @@ module "lambda" {
kms_key_arn = var.kms_key_arn
reserved_concurrent_executions = var.reserved_concurrent_executions

# If publish is disabled, there will be "Error adding new Lambda Permission for notify_slack: InvalidParameterValueException: We currently do not support adding policies for $LATEST."
# If publish is disabled, there will be "Error adding new Lambda Permission for notify_slack:
# InvalidParameterValueException: We currently do not support adding policies for $LATEST."
publish = true

environment_variables = {
Expand All @@ -109,7 +108,7 @@ module "lambda" {
# the value of presense of KMS. Famous "computed values in count" bug...
attach_cloudwatch_logs_policy = false
attach_policy_json = true
policy_json = element(concat(data.aws_iam_policy_document.lambda[*].json, [""]), 0)
policy_json = try(data.aws_iam_policy_document.lambda[0].json, "")

use_existing_cloudwatch_log_group = true
attach_network_policy = var.lambda_function_vpc_subnet_ids != null
Expand Down
14 changes: 7 additions & 7 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "this_slack_topic_arn" {
output "slack_topic_arn" {

This comment has been minimized.

Copy link
@armyofevilrobots

armyofevilrobots Dec 9, 2021

What is the policy for breaking change on a point release?
We consume this output in our TF deploys for various monitoring/alarming solutions as a central point to send messages from. By renaming it, we had to scramble to pin the version to a minor release. We had assumed (incorrectly) that point releases wouldn't have breaking changes to their interface.
Don't get me wrong, I appreciate the work everybody is doing, and agree that the output was previously named oddly, but this output caused an unexpected failure when it was changed on a minor release.

This comment has been minimized.

Copy link
@antonbabenko

antonbabenko Dec 9, 2021

Member

This has happened unintentionally. We normally pay close attention to breaking changes like this but this time we did it wrong. My apologies!

description = "The ARN of the SNS topic from which messages will be sent to Slack"
value = local.sns_topic_arn
}
Expand All @@ -15,30 +15,30 @@ output "lambda_iam_role_name" {

output "notify_slack_lambda_function_arn" {
description = "The ARN of the Lambda function"
value = module.lambda.this_lambda_function_arn
value = module.lambda.lambda_function_arn
}

output "notify_slack_lambda_function_name" {
description = "The name of the Lambda function"
value = module.lambda.this_lambda_function_name
value = module.lambda.lambda_function_name
}

output "notify_slack_lambda_function_invoke_arn" {
description = "The ARN to be used for invoking Lambda function from API Gateway"
value = module.lambda.this_lambda_function_invoke_arn
value = module.lambda.lambda_function_invoke_arn
}

output "notify_slack_lambda_function_last_modified" {
description = "The date Lambda function was last modified"
value = module.lambda.this_lambda_function_last_modified
value = module.lambda.lambda_function_last_modified
}

output "notify_slack_lambda_function_version" {
description = "Latest published version of your Lambda function"
value = module.lambda.this_lambda_function_version
value = module.lambda.lambda_function_version
}

output "lambda_cloudwatch_log_group_arn" {
description = "The Amazon Resource Name (ARN) specifying the log group"
value = element(concat(aws_cloudwatch_log_group.lambda.*.arn, [""]), 0)
value = try(aws_cloudwatch_log_group.lambda[0].arn, "")
}
7 changes: 5 additions & 2 deletions versions.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
terraform {
required_version = ">= 0.13.0"
required_version = ">= 0.13.1"

required_providers {
aws = ">= 2.35"
aws = {
source = "hashicorp/aws"
version = ">= 3.61"
}
}
}

0 comments on commit 0a1fae8

Please sign in to comment.