feat: Added wrappers for all submodules (#333)

Author: antonbabenko

.pre-commit-config.yaml

@@ -3,14 +3,17 @@ repos:
     rev: v1.96.1
     hooks:
       - id: terraform_fmt
+      - id: terraform_wrapper_module_for_each
       - id: terraform_docs
         args:
           - '--args=--lockfile=false'
       - id: terraform_validate
-        exclude: '^modules/_templates/[^/]+$'
+        exclude: '^modules/_templates/[^/]+$|^wrappers/.+$'
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
       - id: trailing-whitespace
+      - id: mixed-line-ending
+        args: [--fix=lf]

wrappers/README.md

@@ -0,0 +1,100 @@
+# Wrapper for the root module
+
+The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
+
+You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
+
+This wrapper does not implement any extra functionality.
+
+## Usage with Terragrunt
+
+`terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/security-group/aws//wrappers"
+  # Alternative source:
+  # source = "git::[email protected]:terraform-aws-modules/terraform-aws-security-group.git//wrappers?ref=master"
+}
+
+inputs = {
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Usage with Terraform
+
+```hcl
+module "wrapper" {
+  source = "terraform-aws-modules/security-group/aws//wrappers"
+
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Example: Manage multiple S3 buckets in one Terragrunt layer
+
+`eu-west-1/s3-buckets/terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers"
+  # Alternative source:
+  # source = "git::[email protected]:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master"
+}
+
+inputs = {
+  defaults = {
+    force_destroy = true
+
+    attach_elb_log_delivery_policy        = true
+    attach_lb_log_delivery_policy         = true
+    attach_deny_insecure_transport_policy = true
+    attach_require_latest_tls_policy      = true
+  }
+
+  items = {
+    bucket1 = {
+      bucket = "my-random-bucket-1"
+    }
+    bucket2 = {
+      bucket = "my-random-bucket-2"
+      tags = {
+        Secure = "probably"
+      }
+    }
+  }
+}
+```

wrappers/_templates/README.md

@@ -0,0 +1,100 @@
+# Wrapper for module: `modules/_templates`
+
+The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
+
+You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
+
+This wrapper does not implement any extra functionality.
+
+## Usage with Terragrunt
+
+`terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/_templates"
+  # Alternative source:
+  # source = "git::[email protected]:terraform-aws-modules/terraform-aws-security-group.git//wrappers/_templates?ref=master"
+}
+
+inputs = {
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Usage with Terraform
+
+```hcl
+module "wrapper" {
+  source = "terraform-aws-modules/security-group/aws//wrappers/_templates"
+
+  defaults = { # Default values
+    create = true
+    tags = {
+      Terraform   = "true"
+      Environment = "dev"
+    }
+  }
+
+  items = {
+    my-item = {
+      # omitted... can be any argument supported by the module
+    }
+    my-second-item = {
+      # omitted... can be any argument supported by the module
+    }
+    # omitted...
+  }
+}
+```
+
+## Example: Manage multiple S3 buckets in one Terragrunt layer
+
+`eu-west-1/s3-buckets/terragrunt.hcl`:
+
+```hcl
+terraform {
+  source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers"
+  # Alternative source:
+  # source = "git::[email protected]:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master"
+}
+
+inputs = {
+  defaults = {
+    force_destroy = true
+
+    attach_elb_log_delivery_policy        = true
+    attach_lb_log_delivery_policy         = true
+    attach_deny_insecure_transport_policy = true
+    attach_require_latest_tls_policy      = true
+  }
+
+  items = {
+    bucket1 = {
+      bucket = "my-random-bucket-1"
+    }
+    bucket2 = {
+      bucket = "my-random-bucket-2"
+      tags = {
+        Secure = "probably"
+      }
+    }
+  }
+}
+```

wrappers/_templates/main.tf

@@ -0,0 +1,67 @@
+module "wrapper" {
+  source = "../../modules/_templates"
+
+  for_each = var.items
+
+  computed_egress_cidr_blocks                              = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"])
+  computed_egress_ipv6_cidr_blocks                         = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"])
+  computed_egress_prefix_list_ids                          = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, [])
+  computed_egress_rules                                    = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, [])
+  computed_egress_with_cidr_blocks                         = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, [])
+  computed_egress_with_ipv6_cidr_blocks                    = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, [])
+  computed_egress_with_prefix_list_ids                     = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, [])
+  computed_egress_with_self                                = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, [])
+  computed_egress_with_source_security_group_id            = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, [])
+  computed_ingress_cidr_blocks                             = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, [])
+  computed_ingress_ipv6_cidr_blocks                        = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, [])
+  computed_ingress_prefix_list_ids                         = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, [])
+  computed_ingress_rules                                   = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, [])
+  computed_ingress_with_cidr_blocks                        = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, [])
+  computed_ingress_with_ipv6_cidr_blocks                   = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, [])
+  computed_ingress_with_prefix_list_ids                    = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, [])
+  computed_ingress_with_self                               = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, [])
+  computed_ingress_with_source_security_group_id           = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, [])
+  create                                                   = try(each.value.create, var.defaults.create, true)
+  description                                              = try(each.value.description, var.defaults.description, "Security Group managed by Terraform")
+  egress_cidr_blocks                                       = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"])
+  egress_ipv6_cidr_blocks                                  = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"])
+  egress_prefix_list_ids                                   = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, [])
+  egress_rules                                             = try(each.value.egress_rules, var.defaults.egress_rules, [])
+  egress_with_cidr_blocks                                  = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, [])
+  egress_with_ipv6_cidr_blocks                             = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, [])
+  egress_with_prefix_list_ids                              = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, [])
+  egress_with_self                                         = try(each.value.egress_with_self, var.defaults.egress_with_self, [])
+  egress_with_source_security_group_id                     = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, [])
+  ingress_cidr_blocks                                      = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, [])
+  ingress_ipv6_cidr_blocks                                 = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, [])
+  ingress_prefix_list_ids                                  = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, [])
+  ingress_rules                                            = try(each.value.ingress_rules, var.defaults.ingress_rules, [])
+  ingress_with_cidr_blocks                                 = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, [])
+  ingress_with_ipv6_cidr_blocks                            = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, [])
+  ingress_with_prefix_list_ids                             = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, [])
+  ingress_with_self                                        = try(each.value.ingress_with_self, var.defaults.ingress_with_self, [])
+  ingress_with_source_security_group_id                    = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, [])
+  name                                                     = try(each.value.name, var.defaults.name)
+  number_of_computed_egress_cidr_blocks                    = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0)
+  number_of_computed_egress_ipv6_cidr_blocks               = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0)
+  number_of_computed_egress_prefix_list_ids                = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0)
+  number_of_computed_egress_rules                          = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0)
+  number_of_computed_egress_with_cidr_blocks               = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0)
+  number_of_computed_egress_with_ipv6_cidr_blocks          = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0)
+  number_of_computed_egress_with_prefix_list_ids           = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0)
+  number_of_computed_egress_with_self                      = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0)
+  number_of_computed_egress_with_source_security_group_id  = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0)
+  number_of_computed_ingress_cidr_blocks                   = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0)
+  number_of_computed_ingress_ipv6_cidr_blocks              = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0)
+  number_of_computed_ingress_prefix_list_ids               = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0)
+  number_of_computed_ingress_rules                         = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0)
+  number_of_computed_ingress_with_cidr_blocks              = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0)
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0)
+  number_of_computed_ingress_with_prefix_list_ids          = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0)
+  number_of_computed_ingress_with_self                     = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0)
+  number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0)
+  revoke_rules_on_delete                                   = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false)
+  tags                                                     = try(each.value.tags, var.defaults.tags, {})
+  use_name_prefix                                          = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true)
+  vpc_id                                                   = try(each.value.vpc_id, var.defaults.vpc_id)
+}

wrappers/_templates/outputs.tf

@@ -0,0 +1,5 @@
+output "wrapper" {
+  description = "Map of outputs of a wrapper."
+  value       = module.wrapper
+  # sensitive = false # No sensitive module output found
+}

wrappers/_templates/variables.tf

@@ -0,0 +1,11 @@
+variable "defaults" {
+  description = "Map of default values which will be used for each item."
+  type        = any
+  default     = {}
+}
+
+variable "items" {
+  description = "Maps of items to create a wrapper from. Values are passed through to the module."
+  type        = any
+  default     = {}
+}

wrappers/_templates/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.29"
+    }
+  }
+}