Acasă Explorează Ajutor
Înregistrare Autentificare
AFS
/
xdr-terraform-modules
2
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: e40246b7e7
Ramuri Etichete
xdr-terraform-m...
/
base
/
codebuild_splunk_apps
/
main.tf

main.tf 2.4 KB
Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. data "github_repository" "this" {
    2. 

  2.     name    = "content_source"
    3. 

  3. }
    4. 

  4. 

  5. #resource "aws_codebuild_source_credential" "github_token" {
    6. 

  6. #  auth_type   = "PERSONAL_ACCESS_TOKEN"
    7. 

  7. #  server_type = "GITHUB_ENTERPRISE"
    8. 

  8. #  token       = "" # This could be used to make life easier, but it would be stored in the state in plaintext.
    9. 

  9. #}
    10. 

  10. output "Codebuild_AWS_Key_Reminder" {
    11. 

  11.   value = "REMINDER: If this is a fresh deployment, you must manually enter the GITHUB token for 'mdr-aws-codebuild' (found in the vault) into one of the codebuild jobs."
    12. 

  12. }
    13. 

  13. 

  14. resource "aws_codebuild_project" "this" {
    15. 

  15.   for_each               = local.splunk_server_types
    16. 

  16. 

  17.   name                  = "splunk_apps_${var.splunk_prefix}_${each.value}"
    18. 

  18.   description           = "Splunk Application build for ${each.value}"
    19. 

  19.   service_role          = aws_iam_role.codebuild_splunk_apps_role.arn
    20. 

  20.   encryption_key        = aws_kms_key.s3_codebuild_splunk_apps_artifacts.arn
    21. 

  21.   badge_enabled         = var.badge_enabled
    22. 

  22.   concurrent_build_limit = 1
    23. 

  23.   build_timeout          = 60
    24. 

  24. 

  25.   source {
    26. 

  26.     type                = "GITHUB_ENTERPRISE"
    27. 

  27.     location            = data.github_repository.this.http_clone_url
    28. 

  28.     report_build_status = true
    29. 

  29.     git_clone_depth     = 1
    30. 

  30.   }
    31. 

  31. 

  32.   source_version = var.source_version
    33. 

  33. 

  34.   environment {
    35. 

  35.     compute_type        = "BUILD_GENERAL1_SMALL"
    36. 

  36.     image               = "${var.common_services_account}.dkr.ecr.us-gov-east-1.amazonaws.com/content_generator:latest"
    37. 

  37.     image_pull_credentials_type = "SERVICE_ROLE"
    38. 

  38.     type                = "LINUX_CONTAINER"
    39. 

  39.     environment_variable {
    40. 

  40.       name = "TAG"
    41. 

  41.       type = "PLAINTEXT"
    42. 

  42.       value = "${var.splunk_prefix}:${each.value}"
    43. 

  43.     }
    44. 

  44.   }
    45. 

  45. 

  46.   artifacts {
    47. 

  47.     type                = "S3"
    48. 

  48.     location            = "xdr-${var.splunk_prefix}-${var.environment}-splunk-apps"
    49. 

  49.     name                = each.value
    50. 

  50.     #path                = each.value
    51. 

  51.     namespace_type      = "NONE"
    52. 

  52.     packaging           = "NONE"
    53. 

  53.   }
    54. 

  54. 

  55.   tags = merge(var.standard_tags, var.tags)
    56. 

  56. }
    57. 

  57. 

  58. #resource "aws_codebuild_webhook" "this" {
    59. 

  59. #  project_name  = var.name
    60. 

  60. #  branch_filter = var.webhook_branch_filter
    61. 

  61. #
    62. 

  62. #  depends_on = [ aws_codebuild_project.this  ]
    63. 

  63. #}
    64. 

  64. 

  65. #resource "github_repository_webhook" "this" {
    66. 

  66. #  active     = true
    67. 

  67. #  events     = ["push"]
    68. 

  68. #  repository = data.github_repository.this.name
    69. 

  69. #
    70. 

  70. #  configuration {
    71. 

  71. #    url          = aws_codebuild_webhook.this.payload_url
    72. 

  72. #    secret       = aws_codebuild_webhook.this.secret
    73. 

  73. #    content_type = "json"
    74. 

  74. #    insecure_ssl = false
    75. 

  75. #  }
    76. 

  76. #}
    77.