Modifies the codebuild_splunk_apps module to allow for multiple source repositories

Facilities FM's source repo.

To be tagged v4.1.9

base/codebuild_splunk_apps/cloudwatch.tf

@@ -14,13 +14,13 @@ resource "random_integer" "minute" {
 resource "aws_cloudwatch_event_rule" "schedule_rule" {
   for_each               = local.splunk_server_types
 
-  name = "scheduled_build_${each.value}"
+  name = "scheduled_build_${var.repository}_${each.value}"
   schedule_expression = "cron(${random_integer.minute.result} ${random_integer.hour.result} * * ? *)"
 }
 
 resource "aws_iam_role" "codebuild_role" {
-  name = "splunk_apps_codebuild_role"
-  path     = "/aws_services/"
+  name_prefix = "splunk_apps_codebuild_role"
+  path        = "/aws_services/"
 
   assume_role_policy = <<EOF
 {
@@ -42,8 +42,8 @@ EOF
 }
 
 resource "aws_iam_policy" "codebuild_policy" {
-  name = "splunk_apps_policy"
-  path     = "/aws_services/"
+  name_prefix = "splunk_apps_policy"
+  path        = "/aws_services/"
 
   policy = <<POLICY
 {
@@ -89,7 +89,7 @@ resource "aws_iam_policy_attachment" "service_role_attachment" {
 resource "aws_cloudwatch_event_target" "trigger_build" {
   for_each = local.splunk_server_types
 
-  target_id = "trigger_build_${each.value}"
+  target_id = "trigger_build_${var.repository}_${each.value}"
   rule = "${aws_cloudwatch_event_rule.schedule_rule[each.value].name}"
   arn = "${aws_codebuild_project.this[each.value].id}"
 

base/codebuild_splunk_apps/iam.tf

@@ -1,6 +1,6 @@
 resource "aws_iam_role" "codebuild_splunk_apps_role" {
-  name     = "codebuild_splunk_apps_role"
-  path     = "/aws_services/"
+  name_prefix = "codebuild_splunk_apps_role"
+  path        = "/aws_services/"
 
   assume_role_policy = <<EOF
 {
@@ -31,7 +31,7 @@ resource "aws_iam_role_policy_attachment" "codebuild_splunk_apps_role_policy_att
 # or we'll need to authorize the codebuild role to be able to pull from any 
 # codecommit repo.  Which may be fine?
 resource "aws_iam_policy" "codebuild_splunk_apps_policy" {
-  name        = "codebuild_splunk_apps_policy"
+  name_prefix = "codebuild_splunk_apps_policy"
   description = "Policy for AWS codebuild to build and store artifacts"
   path     = "/aws_services/"
 

base/codebuild_splunk_apps/kms.tf

@@ -1,13 +1,13 @@
 #Codebuild artifacts by rule must be encrypted by a KMS key
 # using the default aws/s3 key doesn't work with cross-account access
 resource "aws_kms_key" "s3_codebuild_splunk_apps_artifacts" {
-  description             = "Codebuild Artifacts S3 bucket"
+  description             = "Codebuild Artifacts S3 bucket - ${var.repository}"
   enable_key_rotation     = true
   policy                  = data.aws_iam_policy_document.codebuild_splunk_apps_kms_key_encryption_policy.json
 }
 
 resource "aws_kms_alias" "codebuilt-artifacts" {
-  name          = "alias/codebuild-splunk-apps"
+  name          = "alias/codebuild-splunk-apps-${var.repository}"
   target_key_id = aws_kms_key.s3_codebuild_splunk_apps_artifacts.key_id
 }
 

base/codebuild_splunk_apps/main.tf

@@ -1,12 +1,12 @@
 data "github_repository" "this" {
-    name    = "content_source"
+    name    = var.repository
 }
 
 resource "aws_codebuild_project" "this" {
   for_each               = local.splunk_server_types
 
-  name                  = "splunk_apps_${var.splunk_prefix}_${each.value}"
-  description           = "Splunk Application build for ${each.value}"
+  name                  = "splunk_apps_${var.splunk_prefix}_${each.value}_${var.repository}"
+  description           = "Splunk Application build for ${each.value} from ${var.repository} repository"
   service_role          = aws_iam_role.codebuild_splunk_apps_role.arn
   encryption_key        = aws_kms_key.s3_codebuild_splunk_apps_artifacts.arn
   badge_enabled         = var.badge_enabled
@@ -39,7 +39,7 @@ resource "aws_codebuild_project" "this" {
     environment_variable {
       name = "ARTIFACTS_PATH"
       type = "PLAINTEXT"
-      value = "s3://xdr-${var.splunk_prefix}-${var.environment}-splunk-apps/${ each.value }/content_source/"
+      value = "s3://xdr-${var.splunk_prefix}-${var.environment}-splunk-apps/${ each.value }/${var.repository}/"
     }
   }
 
@@ -47,7 +47,7 @@ resource "aws_codebuild_project" "this" {
   artifacts {
     type                = "S3"
     location            = "xdr-${var.splunk_prefix}-${var.environment}-splunk-apps"
-    name                = "content_source"
+    name                = var.repository
     path                = "/${ each.value }/"
     namespace_type      = "NONE"
     packaging           = "NONE"

base/codebuild_splunk_apps/vars.tf

@@ -9,6 +9,11 @@ locals {
   ])
 }
 
+variable "repository" {
+  description = "Name of the repository. Must be part of the provider in the terragrunt.hcl. This will determine both the name of the repository and the folder in S3 where application artifacts are stored."
+  type = string
+}
+
 variable "source_version" {
   description = "Tag or branch for the git repository."
   type = string