From 5e2bd0330913e5502a0225718961721c388f4cde Mon Sep 17 00:00:00 2001
From: "alexander.miehe" <alexander.miehe@flaconi.de>
Date: Fri, 29 Nov 2024 14:29:34 +0100
Subject: [PATCH] PLT-0 - Move module from sharded to extra repo

* setup module
---
 .github/CODEOWNERS                    |  2 +-
 .github/dependabot.yml                |  3 ++
 .github/workflows/auto-merge.yml      |  9 ++++
 .github/workflows/release-drafter.yml | 14 ++----
 README.md                             | 62 +++++++++++++++++++++++----
 main.tf                               | 26 +++++++++++
 outputs.tf                            |  4 ++
 variables.tf                          | 27 ++++++++++++
 versions.tf                           |  9 +++-
 9 files changed, 134 insertions(+), 22 deletions(-)
 create mode 100644 .github/workflows/auto-merge.yml
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 variables.tf

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index ec25d53..a4ae074 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @Flaconi/devops
+* @Flaconi/devops @Flaconi/ci @Flaconi/platform
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ad4645f..67a0666 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,3 +7,6 @@ updates:
       day: monday
       time: "08:00"
       timezone: Europe/Berlin
+  - package-ecosystem: "terraform"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
new file mode 100644
index 0000000..7a4779e
--- /dev/null
+++ b/.github/workflows/auto-merge.yml
@@ -0,0 +1,9 @@
+---
+name: Dependabot auto-merge
+
+on: pull_request
+
+jobs:
+  auto-merge:
+    uses: Flaconi/github-actions/.github/workflows/auto-merge.yml@v1
+    secrets: inherit
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 73c0e8f..40357a3 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -1,3 +1,4 @@
+---
 name: Release Drafter
 
 on:
@@ -5,16 +6,7 @@ on:
     branches:
       - master
 
-permissions:
-  contents: read
-
 jobs:
   update_release_draft:
-    permissions:
-      contents: write
-      pull-requests: read
-    runs-on: ubuntu-latest
-    steps:
-      - uses: release-drafter/release-drafter@v6
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    uses: Flaconi/github-actions/.github/workflows/release-drafter.yml@v1
+    secrets: inherit
diff --git a/README.md b/README.md
index da64134..46f7c17 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,11 @@
-# terraform-module-template
-Template for Terraform modules
+# terraform-aws-ssm-secrets
+
+Wrapper to store ssm parameters and also the same values as a secret in secrets manager.
 
 <!-- Uncomment and replace with your module name
-[![lint](https://github.com/flaconi/<MODULENAME>/workflows/lint/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Alint)
-[![test](https://github.com/flaconi/<MODULENAME>/workflows/test/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Atest)
-[![Tag](https://img.shields.io/github/tag/flaconi/<MODULENAME>.svg)](https://github.com/flaconi/<MODULENAME>/releases)
+[![lint](https://github.com/flaconi/terraform-aws-ssm-secrets/workflows/lint/badge.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/actions?query=workflow%3Alint)
+[![test](https://github.com/flaconi/terraform-aws-ssm-secrets/workflows/test/badge.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/actions?query=workflow%3Atest)
+[![Tag](https://img.shields.io/github/tag/flaconi/terraform-aws-ssm-secrets.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/releases)
 -->
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
@@ -27,7 +28,8 @@ No providers.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.29 |
 
 <!-- TFDOCS_REQUIREMENTS_END -->
 
@@ -38,14 +40,56 @@ No required inputs.
 
 ## Optional Inputs
 
-No optional inputs.
+The following input variables are optional (have default values):
+
+### <a name="input_tags"></a> [tags](#input\_tags)
+
+Description: Tags applied to the resources
+
+Type: `map(string)`
+
+Default: `{}`
+
+### <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias)
+
+Description: kms\_alias sets the kms alias used for SecureString
+
+Type: `string`
+
+Default: `"alias/aws/ssm"`
+
+### <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix)
+
+Description: name\_prefix prefixes the given name with a prefix
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_parameters"></a> [parameters](#input\_parameters)
+
+Description: A list of dicts with parameter information
+
+Type:
+
+```hcl
+list(object({
+    name  = string
+    type  = optional(string, "SecureString") # String, StringList or SecureString
+    value = string
+  }))
+```
+
+Default: `[]`
 
 <!-- TFDOCS_INPUTS_END -->
 
 <!-- TFDOCS_OUTPUTS_START -->
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_parameter_arns"></a> [parameter\_arns](#output\_parameter\_arns) | Map of parameter name and arn |
 
 <!-- TFDOCS_OUTPUTS_END -->
 
@@ -53,4 +97,4 @@ No outputs.
 
 **[MIT License](LICENSE)**
 
-Copyright (c) 2023 **[Flaconi GmbH](https://github.com/flaconi)**
+Copyright (c) 2024 **[Flaconi GmbH](https://github.com/flaconi)**
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..1e29ac6
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,26 @@
+moved {
+  from = aws_ssm_parameter.this
+  to   = module.ssm.aws_ssm_parameter.this
+}
+
+module "ssm" {
+  source = "github.com/Flaconi/terraform-aws-ssm-store?ref=v1.2.0"
+
+  tags        = var.tags
+  kms_alias   = var.kms_alias
+  name_prefix = var.name_prefix
+  parameters  = var.parameters
+}
+
+module "secrets" {
+  source = "github.com/terraform-aws-modules/terraform-aws-secrets-manager?ref=v1.1.2"
+
+  tags = var.tags
+
+  kms_key_id = "alias/aws/secretsmanager"
+
+  name        = trimsuffix(var.name_prefix, "/")
+  description = "Secrets for the ${var.tags.Project} application"
+
+  secret_string = jsonencode({ for parameter in var.parameters : parameter.name => parameter.value })
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..8dd03f4
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "parameter_arns" {
+  description = "Map of parameter name and arn"
+  value       = module.ssm.parameter_arns
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..b2da434
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,27 @@
+variable "tags" {
+  description = "Tags applied to the resources"
+  type        = map(string)
+  default     = {}
+}
+
+variable "kms_alias" {
+  description = "kms_alias sets the kms alias used for SecureString"
+  type        = string
+  default     = "alias/aws/ssm"
+}
+
+variable "name_prefix" {
+  description = "name_prefix prefixes the given name with a prefix"
+  type        = string
+  default     = ""
+}
+
+variable "parameters" {
+  description = "A list of dicts with parameter information"
+  type = list(object({
+    name  = string
+    type  = optional(string, "SecureString") # String, StringList or SecureString
+    value = string
+  }))
+  default = []
+}
diff --git a/versions.tf b/versions.tf
index e6b4cbd..acc0dcc 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,3 +1,10 @@
 terraform {
-  required_version = "~> 1.3"
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.29"
+    }
+  }
 }