Merge pull request #39 from lgallard/feature/config-objects-values

Update config variables to support objects instead of maps values
lgallard · Apr 30, 2021 · c5bb3e8 · c5bb3e8
2 parents c404840 + 13b8f2e
commit c5bb3e8
Show file tree

Hide file tree

Showing 12 changed files with 105 additions and 83 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.10.0 (April 30, 2021)
+
+ENHANCEMENTS:
+
+* Update config variables to support objects instead of maps values
+* Update README & examples
+
+FIXES:
+
+* Remove `availability_zone_count` constraint
+
 ## 0.9.1 (April 22, 2021)
 
 ENHANCEMENTS:

diff --git a/README.md b/README.md
@@ -22,11 +22,11 @@ module "aws_es" {
   elasticsearch_version = "7.1"
 
   cluster_config = {
-    dedicated_master_enabled = "true"
-    instance_count           = "3"
+    dedicated_master_enabled = true
+    instance_count           = 3
     instance_type            = "r5.large.elasticsearch"
-    zone_awareness_enabled   = "true"
-    availability_zone_count  = "3"
+    zone_awareness_enabled   = true
+    availability_zone_count  = 3
   }
 
   ebs_options = {
@@ -35,17 +35,17 @@ module "aws_es" {
   }
 
   encrypt_at_rest = {
-    enabled    = "true"
+    enabled    = true
     kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
   log_publishing_options = {
-    enabled                  = "true"
+    enabled                  = true
     log_type                 = "INDEX_SLOW_LOGS"
   }
 
   advanced_options = {
-    "rest.action.multi.allow_explicit_index" = "true"
+    "rest.action.multi.allow_explicit_index" = true
   }
 
   domain_endpoint_options = {
@@ -55,8 +55,8 @@ module "aws_es" {
     custom_endpoint_certificate_arn = "arn:aws:acm:us-east-1:123456789101:certificate/abcd1234-ef11-abcd-1234-abcd1234efef"
   }
 
-  node_to_node_encryption_enabled                = "true"
-  snapshot_options_automated_snapshot_start_hour = "23"
+  node_to_node_encryption_enabled                = true
+  snapshot_options_automated_snapshot_start_hour = 23
 
   tags = {
     Owner = "sysops"
@@ -76,13 +76,13 @@ module "aws_es" {
   elasticsearch_version = "7.1"
 
   cluster_config_dedicated_master_enabled = true
-  cluster_config_instance_count           = "3"
+  cluster_config_instance_count           = 3
   cluster_config_instance_type            = "r5.large.elasticsearch"
   cluster_config_zone_awareness_enabled   = "true"
-  cluster_config_availability_zone_count  = "3"
+  cluster_config_availability_zone_count  = 3
 
   ebs_options_ebs_enabled = true
-  ebs_options_volume_size = "25"
+  ebs_options_volume_size = 25
 
   encrypt_at_rest_enabled    = true
   encrypt_at_rest_kms_key_id = "alias/aws/es"
@@ -91,11 +91,11 @@ module "aws_es" {
   log_publishing_options_log_type = "INDEX_SLOW_LOGS"
 
   advanced_options = {
-    "rest.action.multi.allow_explicit_index" = "true"
+    "rest.action.multi.allow_explicit_index" = true
   }
 
-  node_to_node_encryption_enabled                = "true"
-  snapshot_options_automated_snapshot_start_hour = "23"
+  node_to_node_encryption_enabled                = true
+  snapshot_options_automated_snapshot_start_hour = 23
 
   tags = {
     Owner = "sysops"
@@ -143,7 +143,7 @@ No modules.
 | <a name="input_advanced_security_options_master_user_arn"></a> [advanced\_security\_options\_master\_user\_arn](#input\_advanced\_security\_options\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
 | <a name="input_advanced_security_options_master_user_password"></a> [advanced\_security\_options\_master\_user\_password](#input\_advanced\_security\_options\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
 | <a name="input_advanced_security_options_master_user_username"></a> [advanced\_security\_options\_master\_user\_username](#input\_advanced\_security\_options\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
-| <a name="input_cluster_config"></a> [cluster\_config](#input\_cluster\_config) | Cluster configuration of the domain | `map` | `{}` | no |
+| <a name="input_cluster_config"></a> [cluster\_config](#input\_cluster\_config) | Cluster configuration of the domain | `any` | `{}` | no |
 | <a name="input_cluster_config_availability_zone_count"></a> [cluster\_config\_availability\_zone\_count](#input\_cluster\_config\_availability\_zone\_count) | Number of Availability Zones for the domain to use with | `number` | `3` | no |
 | <a name="input_cluster_config_dedicated_master_count"></a> [cluster\_config\_dedicated\_master\_count](#input\_cluster\_config\_dedicated\_master\_count) | Number of dedicated master nodes in the cluster | `number` | `3` | no |
 | <a name="input_cluster_config_dedicated_master_enabled"></a> [cluster\_config\_dedicated\_master\_enabled](#input\_cluster\_config\_dedicated\_master\_enabled) | Indicates whether dedicated master nodes are enabled for the cluster | `bool` | `true` | no |
@@ -154,7 +154,7 @@ No modules.
 | <a name="input_cluster_config_warm_enabled"></a> [cluster\_config\_warm\_enabled](#input\_cluster\_config\_warm\_enabled) | Indicates whether to enable warm storage | `bool` | `false` | no |
 | <a name="input_cluster_config_warm_type"></a> [cluster\_config\_warm\_type](#input\_cluster\_config\_warm\_type) | The instance type for the Elasticsearch cluster's warm nodes | `string` | `null` | no |
 | <a name="input_cluster_config_zone_awareness_enabled"></a> [cluster\_config\_zone\_awareness\_enabled](#input\_cluster\_config\_zone\_awareness\_enabled) | Indicates whether zone awareness is enabled. To enable awareness with three Availability Zones | `bool` | `false` | no |
-| <a name="input_cognito_options"></a> [cognito\_options](#input\_cognito\_options) | Options for Amazon Cognito Authentication for Kibana | `map` | `{}` | no |
+| <a name="input_cognito_options"></a> [cognito\_options](#input\_cognito\_options) | Options for Amazon Cognito Authentication for Kibana | `any` | `{}` | no |
 | <a name="input_cognito_options_enabled"></a> [cognito\_options\_enabled](#input\_cognito\_options\_enabled) | Specifies whether Amazon Cognito authentication with Kibana is enabled or not | `bool` | `false` | no |
 | <a name="input_cognito_options_identity_pool_id"></a> [cognito\_options\_identity\_pool\_id](#input\_cognito\_options\_identity\_pool\_id) | ID of the Cognito Identity Pool to use | `string` | `""` | no |
 | <a name="input_cognito_options_role_arn"></a> [cognito\_options\_role\_arn](#input\_cognito\_options\_role\_arn) | ARN of the IAM role that has the AmazonESCognitoAccess policy attached | `string` | `""` | no |
@@ -168,30 +168,30 @@ No modules.
 | <a name="input_domain_endpoint_options_tls_security_policy"></a> [domain\_endpoint\_options\_tls\_security\_policy](#input\_domain\_endpoint\_options\_tls\_security\_policy) | The name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: `Policy-Min-TLS-1-0-2019-07` and `Policy-Min-TLS-1-2-2019-07` | `string` | `"Policy-Min-TLS-1-2-2019-07"` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Name of the domain | `string` | n/a | yes |
 | <a name="input_ebs_enabled"></a> [ebs\_enabled](#input\_ebs\_enabled) | Whether EBS volumes are attached to data nodes in the domain | `bool` | `true` | no |
-| <a name="input_ebs_options"></a> [ebs\_options](#input\_ebs\_options) | EBS related options, may be required based on chosen instance size | `map` | `{}` | no |
+| <a name="input_ebs_options"></a> [ebs\_options](#input\_ebs\_options) | EBS related options, may be required based on chosen instance size | `any` | `{}` | no |
 | <a name="input_ebs_options_iops"></a> [ebs\_options\_iops](#input\_ebs\_options\_iops) | The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type | `number` | `0` | no |
 | <a name="input_ebs_options_volume_size"></a> [ebs\_options\_volume\_size](#input\_ebs\_options\_volume\_size) | The size of EBS volumes attached to data nodes (in GB). Required if ebs\_enabled is set to true | `number` | `10` | no |
 | <a name="input_ebs_options_volume_type"></a> [ebs\_options\_volume\_type](#input\_ebs\_options\_volume\_type) | The type of EBS volumes attached to data nodes | `string` | `"gp2"` | no |
 | <a name="input_elasticsearch_version"></a> [elasticsearch\_version](#input\_elasticsearch\_version) | The version of Elasticsearch to deploy. | `string` | `"7.1"` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Change to false to avoid deploying any AWS ElasticSearch resources | `bool` | `true` | no |
-| <a name="input_encrypt_at_rest"></a> [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Encrypt at rest options. Only available for certain instance types | `map` | `{}` | no |
+| <a name="input_encrypt_at_rest"></a> [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Encrypt at rest options. Only available for certain instance types | `any` | `{}` | no |
 | <a name="input_encrypt_at_rest_enabled"></a> [encrypt\_at\_rest\_enabled](#input\_encrypt\_at\_rest\_enabled) | Whether to enable encryption at rest | `bool` | `true` | no |
 | <a name="input_encrypt_at_rest_kms_key_id"></a> [encrypt\_at\_rest\_kms\_key\_id](#input\_encrypt\_at\_rest\_kms\_key\_id) | The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key | `string` | `"alias/aws/es"` | no |
-| <a name="input_log_publishing_options"></a> [log\_publishing\_options](#input\_log\_publishing\_options) | Options for publishing slow logs to CloudWatch Logs | `map` | `{}` | no |
+| <a name="input_log_publishing_options"></a> [log\_publishing\_options](#input\_log\_publishing\_options) | Options for publishing slow logs to CloudWatch Logs | `any` | `{}` | no |
 | <a name="input_log_publishing_options_cloudwatch_log_group_arn"></a> [log\_publishing\_options\_cloudwatch\_log\_group\_arn](#input\_log\_publishing\_options\_cloudwatch\_log\_group\_arn) | iARN of the Cloudwatch log group to which log needs to be published | `string` | `""` | no |
 | <a name="input_log_publishing_options_enabled"></a> [log\_publishing\_options\_enabled](#input\_log\_publishing\_options\_enabled) | Specifies whether given log publishing option is enabled or not | `bool` | `true` | no |
 | <a name="input_log_publishing_options_log_type"></a> [log\_publishing\_options\_log\_type](#input\_log\_publishing\_options\_log\_type) | A type of Elasticsearch log. Valid values: INDEX\_SLOW\_LOGS, SEARCH\_SLOW\_LOGS, ES\_APPLICATION\_LOGS | `string` | `"INDEX_SLOW_LOGS"` | no |
 | <a name="input_log_publishing_options_retention"></a> [log\_publishing\_options\_retention](#input\_log\_publishing\_options\_retention) | Retention in days for the created Cloudwatch log group | `number` | `90` | no |
-| <a name="input_node_to_node_encryption"></a> [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Node-to-node encryption options | `map` | `{}` | no |
+| <a name="input_node_to_node_encryption"></a> [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Node-to-node encryption options | `any` | `{}` | no |
 | <a name="input_node_to_node_encryption_enabled"></a> [node\_to\_node\_encryption\_enabled](#input\_node\_to\_node\_encryption\_enabled) | Whether to enable node-to-node encryption | `bool` | `true` | no |
-| <a name="input_snapshot_options"></a> [snapshot\_options](#input\_snapshot\_options) | Snapshot related options | `map` | `{}` | no |
+| <a name="input_snapshot_options"></a> [snapshot\_options](#input\_snapshot\_options) | Snapshot related options | `any` | `{}` | no |
 | <a name="input_snapshot_options_automated_snapshot_start_hour"></a> [snapshot\_options\_automated\_snapshot\_start\_hour](#input\_snapshot\_options\_automated\_snapshot\_start\_hour) | Hour during which the service takes an automated daily snapshot of the indices in the domain | `number` | `0` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map` | `{}` | no |
-| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Timeouts map. | `map` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(any)` | `{}` | no |
+| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Timeouts map. | `map(any)` | `{}` | no |
 | <a name="input_timeouts_update"></a> [timeouts\_update](#input\_timeouts\_update) | How long to wait for updates. | `string` | `null` | no |
-| <a name="input_vpc_options"></a> [vpc\_options](#input\_vpc\_options) | VPC related options, see below. Adding or removing this configuration forces a new resource | `map` | `{}` | no |
-| <a name="input_vpc_options_security_group_ids"></a> [vpc\_options\_security\_group\_ids](#input\_vpc\_options\_security\_group\_ids) | List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used | `list` | `[]` | no |
-| <a name="input_vpc_options_subnet_ids"></a> [vpc\_options\_subnet\_ids](#input\_vpc\_options\_subnet\_ids) | List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in | `list` | `[]` | no |
+| <a name="input_vpc_options"></a> [vpc\_options](#input\_vpc\_options) | VPC related options, see below. Adding or removing this configuration forces a new resource | `any` | `{}` | no |
+| <a name="input_vpc_options_security_group_ids"></a> [vpc\_options\_security\_group\_ids](#input\_vpc\_options\_security\_group\_ids) | List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used | `list(any)` | `[]` | no |
+| <a name="input_vpc_options_subnet_ids"></a> [vpc\_options\_subnet\_ids](#input\_vpc\_options\_subnet\_ids) | List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in | `list(any)` | `[]` | no |
 
 ## Outputs
 

diff --git a/examples/advanced_security_options_master_user_arn/main.tf b/examples/advanced_security_options_master_user_arn/main.tf
@@ -6,11 +6,11 @@ module "aws_es" {
   elasticsearch_version = var.es_version
 
   cluster_config = {
-    dedicated_master_enabled = "true"
-    instance_count           = "3"
+    dedicated_master_enabled = true
+    instance_count           = 3
     instance_type            = "r5.large.elasticsearch"
-    zone_awareness_enabled   = "true"
-    availability_zone_count  = "3"
+    zone_awareness_enabled   = true
+    availability_zone_count  = 3
   }
 
   advanced_security_options = {
@@ -28,22 +28,21 @@ module "aws_es" {
   }
 
   ebs_options = {
-    ebs_enabled = "true"
-    volume_size = "25"
+    ebs_enabled = true
+    volume_size = 25
   }
 
   encrypt_at_rest = {
-    enabled    = "true"
+    enabled    = true
     kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
-
   log_publishing_options = {
-    enabled = "true"
+    enabled = true
   }
 
   advanced_options = {
-    "rest.action.multi.allow_explicit_index" = "true"
+    "rest.action.multi.allow_explicit_index" = true
   }
 
   access_policies = templatefile("${path.module}/whitelits.tpl", {
@@ -53,8 +52,8 @@ module "aws_es" {
     whitelist   = jsonencode(var.whitelist)
   })
 
-  node_to_node_encryption_enabled                = "true"
-  snapshot_options_automated_snapshot_start_hour = "23"
+  node_to_node_encryption_enabled                = true
+  snapshot_options_automated_snapshot_start_hour = 23
 
   #timeouts_update = "90m"
 

diff --git a/examples/advanced_security_options_master_user_arn/versions.tf b/examples/advanced_security_options_master_user_arn/versions.tf
@@ -1,4 +1,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    aws = ">= 3.35.0"
+  }
 }
diff --git a/examples/advanced_security_options_master_user_name_pasword/main.tf b/examples/advanced_security_options_master_user_name_pasword/main.tf
@@ -6,11 +6,11 @@ module "aws_es" {
   elasticsearch_version = var.es_version
 
   cluster_config = {
-    dedicated_master_enabled = "true"
-    instance_count           = "3"
+    dedicated_master_enabled = true
+    instance_count           = 3
     instance_type            = "r5.large.elasticsearch"
-    zone_awareness_enabled   = "true"
-    availability_zone_count  = "3"
+    zone_awareness_enabled   = true
+    availability_zone_count  = 3
   }
 
   advanced_security_options = {
@@ -30,22 +30,21 @@ module "aws_es" {
   }
 
   ebs_options = {
-    ebs_enabled = "true"
-    volume_size = "25"
+    ebs_enabled = true
+    volume_size = 25
   }
 
   encrypt_at_rest = {
-    enabled    = "true"
+    enabled    = true
     kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
-
   log_publishing_options = {
-    enabled = "true"
+    enabled = true
   }
 
   advanced_options = {
-    "rest.action.multi.allow_explicit_index" = "true"
+    "rest.action.multi.allow_explicit_index" = true
   }
 
   access_policies = templatefile("${path.module}/whitelits.tpl", {
@@ -55,8 +54,8 @@ module "aws_es" {
     whitelist   = jsonencode(var.whitelist)
   })
 
-  node_to_node_encryption_enabled                = "true"
-  snapshot_options_automated_snapshot_start_hour = "23"
+  node_to_node_encryption_enabled                = true
+  snapshot_options_automated_snapshot_start_hour = 23
 
   #timeouts_update = "90m"
 

diff --git a/examples/advanced_security_options_master_user_name_pasword/versions.tf b/examples/advanced_security_options_master_user_name_pasword/versions.tf
@@ -1,4 +1,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    aws = ">= 3.35.0"
+  }
 }
diff --git a/examples/public/main.tf b/examples/public/main.tf
@@ -6,29 +6,29 @@ module "aws_es" {
   elasticsearch_version = var.es_version
 
   cluster_config = {
-    dedicated_master_enabled = "true"
-    instance_count           = "3"
+    dedicated_master_enabled = true
+    instance_count           = 3
     instance_type            = "r5.large.elasticsearch"
-    zone_awareness_enabled   = "true"
-    availability_zone_count  = "3"
+    zone_awareness_enabled   = true
+    availability_zone_count  = 3
   }
 
   ebs_options = {
-    ebs_enabled = "true"
-    volume_size = "25"
+    ebs_enabled = true
+    volume_size = 25
   }
 
   encrypt_at_rest = {
-    enabled    = "true"
+    enabled    = true
     kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
   log_publishing_options = {
-    enabled = "true"
+    enabled = true
   }
 
   advanced_options = {
-    "rest.action.multi.allow_explicit_index" = "true"
+    "rest.action.multi.allow_explicit_index" = true
   }
 
   access_policies = templatefile("${path.module}/whitelits.tpl", {
@@ -38,8 +38,8 @@ module "aws_es" {
     whitelist   = jsonencode(var.whitelist)
   })
 
-  node_to_node_encryption_enabled                = "true"
-  snapshot_options_automated_snapshot_start_hour = "23"
+  node_to_node_encryption_enabled                = true
+  snapshot_options_automated_snapshot_start_hour = 23
 
   timeouts_update = "60m"
 

diff --git a/examples/public/versions.tf b/examples/public/versions.tf
@@ -1,4 +1,7 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    aws = ">= 3.35.0"
+  }
 }
diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
@@ -6,20 +6,20 @@ module "aws_es" {
   elasticsearch_version = var.es_version
 
   cluster_config = {
-    dedicated_master_enabled = "true"
-    instance_count           = "3"
+    dedicated_master_enabled = true
+    instance_count           = 3
     instance_type            = "r5.large.elasticsearch"
-    zone_awareness_enabled   = "true"
-    availability_zone_count  = "3"
+    zone_awareness_enabled   = true
+    availability_zone_count  = 3
   }
 
   ebs_options = {
-    ebs_enabled = "true"
-    volume_size = "25"
+    ebs_enabled = true
+    volume_size = 25
   }
 
   encrypt_at_rest = {
-    enabled    = "true"
+    enabled    = true
     kms_key_id = "arn:aws:kms:us-east-1:123456789101:key/cccc103b-4ba3-5993-6fc7-b7e538b25fd8"
   }
 
@@ -43,5 +43,4 @@ module "aws_es" {
     Owner = "sysops"
     env   = "dev"
   }
-
 }
diff --git a/examples/vpc/versions.tf b/examples/vpc/versions.tf
@@ -1,4 +1,8 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    aws = ">= 3.35.0"
+  }
+
 }
diff --git a/main.tf b/main.tf
@@ -85,9 +85,10 @@ resource "aws_elasticsearch_domain" "es_domain" {
 
       dynamic "zone_awareness_config" {
         # cluster_availability_zone_count valid values: 2 or 3.
-        for_each = lookup(cluster_config.value, "zone_awareness_enabled", false) == false || ! contains(["2", "3"], lookup(cluster_config.value, "availability_zone_count", "1")) ? [] : [1]
+        for_each = lookup(cluster_config.value, "zone_awareness_enabled", false) ? [1] : []
         content {
           availability_zone_count = lookup(cluster_config.value, "availability_zone_count")
+
         }
       }
     }