Rename repo. Update module. Add TravisCI. Update README (#2)

* Update module

* Update `README`

* Update `README`

* Add `force_destroy` variable

* Add default tag

* Add default tag

* Update `README`

* Update `README`

* Update `README`

Author: aknysh

.gitignore

@@ -1 +1,9 @@
-.terraform
+# Compiled files
+*.tfstate
+*.tfstate.backup
+.terraform.tfstate.lock.info
+
+# Module directory
+.terraform/
+.idea
+*.iml

.travis.yml

@@ -0,0 +1,16 @@
+addons:
+  apt:
+    packages:
+      - git
+      - make
+      - curl
+
+install:
+  - make init
+
+script:
+  - make terraform/install
+  - make terraform/get-plugins
+  - make terraform/get-modules
+  - make terraform/lint
+  - make terraform/validate

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright 2017-2018 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,6 @@
+SHELL := /bin/bash
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+lint:
+	$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate

README.md

@@ -1,19 +1,189 @@
-# tf_kops_bootstrap
+# terraform-aws-kops-state-backend [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-kops-state-backend.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-kops-state-backend)
+
+Terraform module to provision dependencies for `kops` (config S3 bucket & DNS zone).
+
+The module supports the following:
+
+1. Forced server-side encryption at rest for the S3 bucket
+2. S3 bucket versioning to allow for `kops` state recovery in the case of accidental deletions or human errors
 
-Easily bootstrap dependencies for `kops` (config bucket & DNS zone)
 
 ## Usage
 
-Provision environment for `foobar.example.com`.
+This example will create a DNS zone called `kops.cloudxl.net` and delegate it from the parent zone `cloudxl.net` by setting `NS` and `SOA` records in the parent zone.
 
-```
+It will also create an S3 bucket with the name `cp-prod-kops-state` for storing `kops` manifests.
+
+```hcl
 module "kops" {
-  source          = "git::https://github.com/cloudposse/tf_kops_bootstrap.git?ref=master"
-  namespace       = "example"
-  stage           = "dev"
-  name            = "foobar"
-  parent_dns_zone = "example.com"
+  source           = "git::https://github.com/cloudposse/terraform-aws-kops-state-backend.git?ref=master"
+  namespace        = "cp"
+  stage            = "prod"
+  name             = "kops"
+  attributes       = ["state"]
+  parent_zone_name = "cloudxl.net"
+  zone_name        = "$${name}.$${parent_zone_name}"
+  region           = "us-east-1"
+}
+```
+
+<br/>
+
+![kops-state-backend](images/kops-state-backend.png)
+
+<br/>
+
+To check that the created `kops` DNS zone has been tagged correctly, run
+
+```sh
+aws route53 list-tags-for-resources --resource-type hostedzone --resource-ids Z58RWQWFVU4HT
+```
+
+
+```js
+{
+    "ResourceTagSets": [
+        {
+            "ResourceType": "hostedzone",
+            "ResourceId": "Z58RWQWFVU4HT",
+            "Tags": [
+                {
+                    "Key": "Cluster",
+                    "Value": "kops.cloudxl.net"
+                },
+                {
+                    "Key": "Stage",
+                    "Value": "prod"
+                },
+                {
+                    "Key": "Namespace",
+                    "Value": "cp"
+                },
+                {
+                    "Key": "Name",
+                    "Value": "cp-prod-kops-state"
+                }
+            ]
+        }
+    ]
 }
 ```
 
-This example will create a DNS zone called `foobar.example.com` and delegate it from `example.com` by setting `NS` and `SOA` records. It will also provision a bucket called `config.foobar.example.com` for storing kops manifests.
+
+## Variables
+
+__NOTE:__ One of `parent_zone_name` or `parent_zone_id` is required, but not both.
+The module will lookup the parent zone by either name or ID.
+
+
+|  Name                    |  Default                          |  Description                                                                      | Required |
+|:-------------------------|:----------------------------------|:----------------------------------------------------------------------------------|:--------:|
+| `namespace`              | ``                                | Namespace (_e.g._ `cp` or `cloudposse`)                                           | Yes      |
+| `stage`                  | ``                                | Stage (_e.g._ `prod`, `dev`, `staging`)                                           | Yes      |
+| `region`                 | `us-east-1`                       | AWS Region the S3 bucket should reside in                                         | Yes      |
+| `parent_zone_name`       | ``                                | Parent DNS zone name (e.g. `domain.com`). Required if `parent_zone_id` is not provided    | Yes      |
+| `parent_zone_id`         | ``                                | Parent DNS zone ID. Required if `parent_zone_name` is not provided                | Yes      |
+| `name`                   | `kops`                            | Name  (_e.g._ `kops`)                                                             | No       |
+| `attributes`             | `["state"]`                       | Additional attributes (_e.g._ `state`)                                            | No       |
+| `tags`                   | `{}`                              | Additional tags  (_e.g._ `map("BusinessUnit","XYZ")`                              | No       |
+| `delimiter`              | `-`                               | Delimiter to be used between `namespace`, `stage`, `name`, and `attributes`       | No       |
+| `acl`                    | `private`                         | The canned ACL to apply to the S3 bucket                                          | No       |
+| `zone_name`              | `$${name}.$${parent_zone_name}`   | Template for `kops` DNS zone name                                                 | No       |
+| `force_destroy`          | `false`                           | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without errors   | No       |
+
+
+## Outputs
+
+| Name                   | Description               |
+|:-----------------------|:--------------------------|
+| `parent_zone_id`       | Parent zone ID            |
+| `parent_zone_name`     | Parent zone name          |
+| `zone_id`              | `kops` zone ID            |
+| `zone_name`            | `kops` zone name          |
+| `bucket_name`          | S3 bucket name            |
+| `bucket_region`        | S3 bucket region          |
+| `bucket_domain_name`   | S3 bucket domain name     |
+| `bucket_id`            | S3 bucket ID              |
+| `bucket_arn`           | S3 bucket ARN             |
+
+
+## Help
+
+**Got a question?**
+
+File a GitHub [issue](https://github.com/cloudposse/terraform-aws-kops-state-backend/issues), send us an [email](mailto:[email protected]) or reach out to us on [Gitter](https://gitter.im/cloudposse/).
+
+
+## Contributing
+
+### Bug Reports & Feature Requests
+
+Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-kops-state-backend/issues) to report any bugs or file feature requests.
+
+### Developing
+
+If you are interested in being a contributor and want to get involved in developing `terraform-aws-kops-state-backend`, we would love to hear from you! Shoot us an [email](mailto:[email protected]).
+
+In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
+
+ 1. **Fork** the repo on GitHub
+ 2. **Clone** the project to your own machine
+ 3. **Commit** changes to your own branch
+ 4. **Push** your work back up to your fork
+ 5. Submit a **Pull request** so that we can review your changes
+
+**NOTE:** Be sure to merge the latest from "upstream" before making a pull request!
+
+
+## License
+
+[APACHE 2.0](LICENSE) © 2017-2018 [Cloud Posse, LLC](https://cloudposse.com)
+
+See [LICENSE](LICENSE) for full details.
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+
+## About
+
+`terraform-aws-kops-state-backend` is maintained and funded by [Cloud Posse, LLC][website].
+
+![Cloud Posse](https://cloudposse.com/logo-300x69.png)
+
+
+Like it? Please let us know at <[email protected]>
+
+We love [Open Source Software](https://github.com/cloudposse/)!
+
+See [our other projects][community]
+or [hire us][hire] to help build your next cloud platform.
+
+  [website]: https://cloudposse.com/
+  [community]: https://github.com/cloudposse/
+  [hire]: https://cloudposse.com/contact/
+
+
+### Contributors
+
+| [![Erik Osterman][erik_img]][erik_web]<br/>[Erik Osterman][erik_web] | [![Andriy Knysh][andriy_img]][andriy_web]<br/>[Andriy Knysh][andriy_web] |
+|-------------------------------------------------------|------------------------------------------------------------------|
+
+  [erik_img]: http://s.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb?s=144
+  [erik_web]: https://github.com/osterman/
+  [andriy_img]: https://avatars0.githubusercontent.com/u/7356997?v=4&u=ed9ce1c9151d552d985bdf5546772e14ef7ab617&s=144
+  [andriy_web]: https://github.com/aknysh/

images/kops-state-backend.png

@@ -1,51 +1,72 @@
-# Label & Tags (e.g. `example-dev-foobar`)
+data "template_file" "zone_name" {
+  template = "${replace(var.zone_name, "$$$$", "$")}"
+
+  vars {
+    namespace        = "${var.namespace}"
+    name             = "${var.name}"
+    stage            = "${var.stage}"
+    parent_zone_name = "${var.parent_zone_name}"
+  }
+}
+
+# Label & Tags
 module "label" {
-  source    = "git::https://github.com/cloudposse/tf_label.git?ref=tags/0.1.0"
-  namespace = "${var.namespace}"
-  stage     = "${var.stage}"
-  name      = "${var.name}"
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3"
+  namespace  = "${var.namespace}"
+  name       = "${var.name}"
+  stage      = "${var.stage}"
+  delimiter  = "${var.delimiter}"
+  attributes = "${var.attributes}"
+
+  tags = "${
+      merge(
+        var.tags,
+        map(
+          "Cluster", "${data.template_file.zone_name.rendered}"
+        )
+      )
+    }"
 }
 
-# Kops domain (e.g. `foobar.example.com`)
+# Kops domain (e.g. `kops.domain.com`)
 module "domain" {
-  source    = "git::https://github.com/cloudposse/tf_domain.git?ref=tags/0.2.0"
-  namespace = "${var.namespace}"
-  name      = "${var.name}"
-  stage     = "${var.stage}"
-
-  zone_name        = "$${namespace}.$${parent_zone_name}"
+  source           = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-zone.git?ref=tags/0.2.3"
+  namespace        = "${var.namespace}"
+  name             = "${var.name}"
+  stage            = "${var.stage}"
+  delimiter        = "${var.delimiter}"
+  attributes       = "${var.attributes}"
+  zone_name        = "${var.zone_name}"
   parent_zone_id   = "${var.parent_zone_id}"
   parent_zone_name = "${var.parent_zone_name}"
-  ttl              = 60
-}
 
-data "template_file" "bucket_name" {
-  template = "${replace(var.bucket_name, "$$$$", "$")}"
-
-  vars {
-    namespace        = "${var.namespace}"
-    name             = "${var.name}"
-    stage            = "${var.stage}"
-    id               = "${module.label.id}"
-    zone_name        = "${module.domain.zone_name}"
-    parent_zone_name = "${module.domain.parent_zone_name}"
-  }
+  tags = "${
+      merge(
+        var.tags,
+        map(
+          "Cluster", "${data.template_file.zone_name.rendered}"
+        )
+      )
+    }"
 }
 
-# Kops bucket for manifests (e.g. `config.foobar.example.com`)
 resource "aws_s3_bucket" "default" {
-  bucket        = "${data.template_file.bucket_name.rendered}"
-  acl           = "private"
-  tags          = "${module.label.tags}"
-  force_destroy = true
+  bucket        = "${module.label.id}"
+  acl           = "${var.acl}"
+  region        = "${var.region}"
+  force_destroy = "${var.force_destroy}"
 
   versioning {
     enabled = true
   }
 
-  tags = "${module.label.tags}"
-
-  lifecycle {
-    create_before_destroy = true
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
   }
+
+  tags = "${module.label.tags}"
 }

main.tf

@@ -22,6 +22,14 @@ output "bucket_region" {
   value = "${aws_s3_bucket.default.region}"
 }
 
-output "id" {
-  value = "${module.label.id}"
+output "bucket_domain_name" {
+  value = "${aws_s3_bucket.default.bucket_domain_name}"
+}
+
+output "bucket_id" {
+  value = "${aws_s3_bucket.default.id}"
+}
+
+output "bucket_arn" {
+  value = "${aws_s3_bucket.default.arn}"
 }