terraform-aws-modules · antonbabenko · Jun 11, 2019 · Jun 5, 2019 · Jun 6, 2019 · Jun 6, 2019
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -2,12 +2,12 @@
 # See http://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.7.1
+    rev: v1.12.0
     hooks:
       - id: terraform_fmt
       # - id: terraform_docs
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v1.2.3
+    rev: v2.2.3
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace

diff --git a/.travis.yml b/.travis.yml
@@ -17,8 +17,8 @@ before_script:
 - export TF_VAR_region=${AWS_REGION}
 - echo "using AWS_REGION=${AWS_REGION}"
 - export TF_WARN_OUTPUT_ERRORS=1
-- curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip
-- sha256sum terraform.zip  | grep "6b8ce67647a59b2a3f70199c304abca0ddec0e49fd060944c26f666298e23418"
+- curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.12.1/terraform_0.12.1_linux_amd64.zip
+- sha256sum terraform.zip  | grep "c9a30d3e3abf751b3b3e323897e9c7cb411d5c4bb7473a3284a2a2b4b89f93ed"
 - unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform
 - mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/
 - terraform -v

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
 project adheres to [Semantic Versioning](http://semver.org/).
 
-## [[vNEXT](/~https://github.com/terraform-aws-modules/terraform-aws-alb/compare/v3.5.0...HEAD)] - yyyy-mm-dd]
+## [[vNEXT](/~https://github.com/terraform-aws-modules/terraform-aws-alb/compare/v4.0.0...HEAD)] - yyyy-mm-dd]
+
+## [[v4.0.0](/~https://github.com/terraform-aws-modules/terraform-aws-alb/compare/v3.5.0...4.0.0)] - yyyy-mm-dd]
+
+### Changed
+
+- Upgrade module to support Terraform 0.12
 
 ## [[v3.5.0](/~https://github.com/terraform-aws-modules/terraform-aws-alb/compare/v3.4.0...v3.5.0)] - 2018-12-03]
 

diff --git a/Gemfile b/Gemfile
@@ -3,7 +3,7 @@
 ruby '2.4.2'
 
 source 'https://rubygems.org/' do
-  gem 'awspec', '~> 1.4.2'
-  gem 'kitchen-terraform', '~> 3.3'
-  gem 'kitchen-verifier-awspec', '~> 0.1.1'
+  gem 'awspec', '~> 1.17.4'
+  gem 'kitchen-terraform', '~> 5.0'
+  gem 'kitchen-verifier-awspec', '~> 0.2.0'
 end
diff --git a/README.md b/README.md
@@ -43,7 +43,9 @@ A full example leveraging other community modules is contained in the [examples/
 
 ```hcl
 module "alb" {
-  source                        = "terraform-aws-modules/alb/aws"
+  source  = "terraform-aws-modules/alb/aws"
+  version = "~> 4.0"
+
   load_balancer_name            = "my-alb"
   security_groups               = ["sg-edcd9784", "sg-edcd9785"]
   log_bucket_name               = "logs-us-east-2-123456789012"
@@ -125,17 +127,17 @@ MIT Licensed. See [LICENSE](/~https://github.com/terraform-aws-modules/terraform-a
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| create\_alb | Controls if the ALB should be created | string | `true` | no |
-| enable\_cross\_zone\_load\_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | string | `false` | no |
-| enable\_deletion\_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | string | `false` | no |
-| enable\_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | string | `true` | no |
-| extra\_ssl\_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list | `<list>` | no |
-| extra\_ssl\_certs\_count | A manually provided count/length of the extra_ssl_certs list of maps since the list cannot be computed. | string | `0` | no |
-| http\_tcp\_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to 0) | list | `<list>` | no |
-| http\_tcp\_listeners\_count | A manually provided count/length of the http_tcp_listeners list of maps since the list cannot be computed. | string | `0` | no |
-| https\_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to 0) | list | `<list>` | no |
-| https\_listeners\_count | A manually provided count/length of the https_listeners list of maps since the list cannot be computed. | string | `0` | no |
-| idle\_timeout | The time in seconds that the connection is allowed to be idle. | string | `60` | no |
+| create\_alb | Controls if the ALB should be created | bool | `true` | no |
+| enable\_cross\_zone\_load\_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | bool | `false` | no |
+| enable\_deletion\_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool | `false` | no |
+| enable\_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool | `true` | no |
+| extra\_ssl\_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list(object) | `<list>` | no |
+| extra\_ssl\_certs\_count | A manually provided count/length of the extra_ssl_certs list of maps since the list cannot be computed. | number | `0` | no |
+| http\_tcp\_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to 0) | list(object) | `<list>` | no |
+| http\_tcp\_listeners\_count | A manually provided count/length of the http_tcp_listeners list of maps since the list cannot be computed. | number | `0` | no |
+| https\_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to 0) | list(object) | `<list>` | no |
+| https\_listeners\_count | A manually provided count/length of the https_listeners list of maps since the list cannot be computed. | number | `0` | no |
+| idle\_timeout | The time in seconds that the connection is allowed to be idle. | number | `60` | no |
 | ip\_address\_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | string | `ipv4` | no |
 | listener\_ssl\_policy\_default | The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html). | string | `ELBSecurityPolicy-2016-08` | no |
 | load\_balancer\_create\_timeout | Timeout value when creating the ALB. | string | `10m` | no |
@@ -145,13 +147,13 @@ MIT Licensed. See [LICENSE](/~https://github.com/terraform-aws-modules/terraform-a
 | load\_balancer\_update\_timeout | Timeout value when updating the ALB. | string | `10m` | no |
 | log\_bucket\_name | S3 bucket (externally created) for storing load balancer access logs. Required if logging_enabled is true. | string | `` | no |
 | log\_location\_prefix | S3 prefix within the log_bucket_name under which logs are stored. | string | `` | no |
-| logging\_enabled | Controls if the ALB will log requests to S3. | string | `true` | no |
+| logging\_enabled | Controls if the ALB will log requests to S3. | bool | `true` | no |
 | security\_groups | The security groups to attach to the load balancer. e.g. ["sg-edcd9784","sg-edcd9785"] | list | - | yes |
-| subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list | - | yes |
-| tags | A map of tags to add to all resources | map | `<map>` | no |
-| target\_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port. Optional key/values are in the target_groups_defaults variable. | list | `<list>` | no |
+| subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list(string) | - | yes |
+| tags | A map of tags to add to all resources | map(string) | `<map>` | no |
+| target\_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port. Optional key/values are in the target_groups_defaults variable. | list(object) | `<list>` | no |
 | target\_groups\_count | A manually provided count/length of the target_groups list of maps since the list cannot be computed. | string | `0` | no |
-| target\_groups\_defaults | Default values for target groups as defined by the list of maps. | map | `<map>` | no |
+| target\_groups\_defaults | Default values for target groups as defined by the list of maps. | object | `<object>` | no |
 | vpc\_id | VPC id where the load balancer and other resources will be deployed. | string | - | yes |
 
 ## Outputs

diff --git a/alb_no_logs.tf b/alb_no_logs.tf
@@ -1,88 +1,158 @@
 resource "aws_lb" "application_no_logs" {
   load_balancer_type               = "application"
-  name                             = "${var.load_balancer_name}"
-  internal                         = "${var.load_balancer_is_internal}"
-  security_groups                  = ["${var.security_groups}"]
-  subnets                          = ["${var.subnets}"]
-  idle_timeout                     = "${var.idle_timeout}"
-  enable_cross_zone_load_balancing = "${var.enable_cross_zone_load_balancing}"
-  enable_deletion_protection       = "${var.enable_deletion_protection}"
-  enable_http2                     = "${var.enable_http2}"
-  ip_address_type                  = "${var.ip_address_type}"
-  tags                             = "${merge(var.tags, map("Name", var.load_balancer_name))}"
+  name                             = var.load_balancer_name
+  internal                         = var.load_balancer_is_internal
+  security_groups                  = var.security_groups
+  subnets                          = var.subnets
+  idle_timeout                     = var.idle_timeout
+  enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
+  enable_deletion_protection       = var.enable_deletion_protection
+  enable_http2                     = var.enable_http2
+  ip_address_type                  = var.ip_address_type
+
+  tags = merge(
+    var.tags,
+    {
+      "Name" = var.load_balancer_name
+    },
+  )
 
   timeouts {
-    create = "${var.load_balancer_create_timeout}"
-    delete = "${var.load_balancer_delete_timeout}"
-    update = "${var.load_balancer_update_timeout}"
+    create = var.load_balancer_create_timeout
+    delete = var.load_balancer_delete_timeout
+    update = var.load_balancer_update_timeout
   }
 
-  count = "${var.create_alb && !var.logging_enabled ? 1 : 0}"
+  count = var.create_alb && false == var.logging_enabled ? 1 : 0
 }
 
 resource "aws_lb_target_group" "main_no_logs" {
-  name                 = "${lookup(var.target_groups[count.index], "name")}"
-  vpc_id               = "${var.vpc_id}"
-  port                 = "${lookup(var.target_groups[count.index], "backend_port")}"
-  protocol             = "${upper(lookup(var.target_groups[count.index], "backend_protocol"))}"
-  deregistration_delay = "${lookup(var.target_groups[count.index], "deregistration_delay", lookup(local.target_groups_defaults, "deregistration_delay"))}"
-  target_type          = "${lookup(var.target_groups[count.index], "target_type", lookup(local.target_groups_defaults, "target_type"))}"
-  slow_start           = "${lookup(var.target_groups[count.index], "slow_start", lookup(local.target_groups_defaults, "slow_start"))}"
+  name     = var.target_groups[count.index]["name"]
+  vpc_id   = var.vpc_id
+  port     = var.target_groups[count.index]["backend_port"]
+  protocol = upper(var.target_groups[count.index]["backend_protocol"])
+  deregistration_delay = lookup(
+    var.target_groups[count.index],
+    "deregistration_delay",
+    var.target_groups_defaults["deregistration_delay"],
+  )
+  target_type = lookup(
+    var.target_groups[count.index],
+    "target_type",
+    var.target_groups_defaults["target_type"],
+  )
+  slow_start = lookup(
+    var.target_groups[count.index],
+    "slow_start",
+    var.target_groups_defaults["slow_start"],
+  )
 
   health_check {
-    interval            = "${lookup(var.target_groups[count.index], "health_check_interval", lookup(local.target_groups_defaults, "health_check_interval"))}"
-    path                = "${lookup(var.target_groups[count.index], "health_check_path", lookup(local.target_groups_defaults, "health_check_path"))}"
-    port                = "${lookup(var.target_groups[count.index], "health_check_port", lookup(local.target_groups_defaults, "health_check_port"))}"
-    healthy_threshold   = "${lookup(var.target_groups[count.index], "health_check_healthy_threshold", lookup(local.target_groups_defaults, "health_check_healthy_threshold"))}"
-    unhealthy_threshold = "${lookup(var.target_groups[count.index], "health_check_unhealthy_threshold", lookup(local.target_groups_defaults, "health_check_unhealthy_threshold"))}"
-    timeout             = "${lookup(var.target_groups[count.index], "health_check_timeout", lookup(local.target_groups_defaults, "health_check_timeout"))}"
-    protocol            = "${upper(lookup(var.target_groups[count.index], "healthcheck_protocol", lookup(var.target_groups[count.index], "backend_protocol")))}"
-    matcher             = "${lookup(var.target_groups[count.index], "health_check_matcher", lookup(local.target_groups_defaults, "health_check_matcher"))}"
+    interval = lookup(
+      var.target_groups[count.index],
+      "health_check_interval",
+      var.target_groups_defaults["health_check_interval"],
+    )
+    path = lookup(
+      var.target_groups[count.index],
+      "health_check_path",
+      var.target_groups_defaults["health_check_path"],
+    )
+    port = lookup(
+      var.target_groups[count.index],
+      "health_check_port",
+      var.target_groups_defaults["health_check_port"],
+    )
+    healthy_threshold = lookup(
+      var.target_groups[count.index],
+      "health_check_healthy_threshold",
+      var.target_groups_defaults["health_check_healthy_threshold"],
+    )
+    unhealthy_threshold = lookup(
+      var.target_groups[count.index],
+      "health_check_unhealthy_threshold",
+      var.target_groups_defaults["health_check_unhealthy_threshold"],
+    )
+    timeout = lookup(
+      var.target_groups[count.index],
+      "health_check_timeout",
+      var.target_groups_defaults["health_check_timeout"],
+    )
+    protocol = upper(
+      lookup(
+        var.target_groups[count.index],
+        "healthcheck_protocol",
+        var.target_groups[count.index]["backend_protocol"],
+      ),
+    )
+    matcher = lookup(
+      var.target_groups[count.index],
+      "health_check_matcher",
+      var.target_groups_defaults["health_check_matcher"],
+    )
   }
 
   stickiness {
-    type            = "lb_cookie"
-    cookie_duration = "${lookup(var.target_groups[count.index], "cookie_duration", lookup(local.target_groups_defaults, "cookie_duration"))}"
-    enabled         = "${lookup(var.target_groups[count.index], "stickiness_enabled", lookup(local.target_groups_defaults, "stickiness_enabled"))}"
+    type = "lb_cookie"
+    cookie_duration = lookup(
+      var.target_groups[count.index],
+      "cookie_duration",
+      var.target_groups_defaults["cookie_duration"],
+    )
+    enabled = lookup(
+      var.target_groups[count.index],
+      "stickiness_enabled",
+      var.target_groups_defaults["stickiness_enabled"],
+    )
   }
 
-  tags       = "${merge(var.tags, map("Name", lookup(var.target_groups[count.index], "name")))}"
-  count      = "${var.create_alb && !var.logging_enabled ? var.target_groups_count : 0}"
-  depends_on = ["aws_lb.application_no_logs"]
+  tags = merge(
+    var.tags,
+    {
+      "Name" = var.target_groups[count.index]["name"]
+    },
+  )
+  count      = var.create_alb && false == var.logging_enabled ? var.target_groups_count : 0
+  depends_on = [aws_lb.application_no_logs]
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
 resource "aws_lb_listener" "frontend_http_tcp_no_logs" {
-  load_balancer_arn = "${element(concat(aws_lb.application_no_logs.*.arn, list("")), 0)}"
-  port              = "${lookup(var.http_tcp_listeners[count.index], "port")}"
-  protocol          = "${lookup(var.http_tcp_listeners[count.index], "protocol")}"
-  count             = "${var.create_alb && !var.logging_enabled ? var.http_tcp_listeners_count : 0}"
+  load_balancer_arn = element(concat(aws_lb.application_no_logs.*.arn, [""]), 0)
+  port              = var.http_tcp_listeners[count.index]["port"]
+  protocol          = var.http_tcp_listeners[count.index]["protocol"]
+  count             = var.create_alb && false == var.logging_enabled ? var.http_tcp_listeners_count : 0
 
   default_action {
-    target_group_arn = "${aws_lb_target_group.main_no_logs.*.id[lookup(var.http_tcp_listeners[count.index], "target_group_index", 0)]}"
+    target_group_arn = aws_lb_target_group.main_no_logs[lookup(var.http_tcp_listeners[count.index], "target_group_index", 0)].id
     type             = "forward"
   }
 }
 
 resource "aws_lb_listener" "frontend_https_no_logs" {
-  load_balancer_arn = "${element(concat(aws_lb.application_no_logs.*.arn, list("")), 0)}"
-  port              = "${lookup(var.https_listeners[count.index], "port")}"
+  load_balancer_arn = element(concat(aws_lb.application_no_logs.*.arn, [""]), 0)
+  port              = var.https_listeners[count.index]["port"]
   protocol          = "HTTPS"
-  certificate_arn   = "${lookup(var.https_listeners[count.index], "certificate_arn")}"
-  ssl_policy        = "${lookup(var.https_listeners[count.index], "ssl_policy", var.listener_ssl_policy_default)}"
-  count             = "${var.create_alb && !var.logging_enabled ? var.https_listeners_count : 0}"
+  certificate_arn   = var.https_listeners[count.index]["certificate_arn"]
+  ssl_policy = lookup(
+    var.https_listeners[count.index],
+    "ssl_policy",
+    var.listener_ssl_policy_default,
+  )
+  count = var.create_alb && false == var.logging_enabled ? var.https_listeners_count : 0
 
   default_action {
-    target_group_arn = "${aws_lb_target_group.main_no_logs.*.id[lookup(var.https_listeners[count.index], "target_group_index", 0)]}"
+    target_group_arn = aws_lb_target_group.main_no_logs[lookup(var.https_listeners[count.index], "target_group_index", 0)].id
     type             = "forward"
   }
 }
 
 resource "aws_lb_listener_certificate" "https_listener_no_logs" {
-  listener_arn    = "${aws_lb_listener.frontend_https_no_logs.*.arn[lookup(var.extra_ssl_certs[count.index], "https_listener_index")]}"
-  certificate_arn = "${lookup(var.extra_ssl_certs[count.index], "certificate_arn")}"
-  count           = "${var.create_alb && !var.logging_enabled ? var.extra_ssl_certs_count : 0}"
+  listener_arn    = aws_lb_listener.frontend_https_no_logs[var.extra_ssl_certs[count.index]["https_listener_index"]].arn
+  certificate_arn = var.extra_ssl_certs[count.index]["certificate_arn"]
+  count           = var.create_alb && false == var.logging_enabled ? var.extra_ssl_certs_count : 0
 }
+