artem-hatchenko

def payload_json = "${env.json_payload}".substring(1, "${env.json_payload}".length() - 1); // removing extra curly braces from json payload
def parsed_json = new JsonSlurper().parseText("{$payload_json}");
env.REPO_FULL_NAME = parsed_json.pullrequest.source.repository.full_name // Get full repo name (consists of: <workspace>/<repo_slug>)
env.COMMIT_HASH = parsed_json.pullrequest.source.commit.hash // Get pull request commit hash 
env.PULL_REQUEST_ID = parsed_json.pullrequest.id // Get pull request id
env.PULL_REQUEST_TITLE = parsed_json.pullrequest.title // Get pull request title
env.PULL_REQUEST_URL = parsed_json.pullrequest.links.html.href // Get pull request URL
env.PULL_REQUEST_COMMENT_COUNT = parsed_json.pullrequest.comment_count // Get number of comments in pull request
env.BRANCH = parsed_json.pullrequest.source.branch.name // Get pull request branch name
env.AUTHOR = parsed_json.pullrequest.author.nickname // Get username of author    

artem-hatchenko

options { // Default build options
  lock label: "tf-ci", variable: "LOCKED_NODE", quantity: 1 
  buildDiscarder(logRotator(numToKeepStr: '10'))
  timeout(time: 240, unit:'MINUTES')
  timestamps()
}

artem-hatchenko

NODES_CONFIG = [
  "tf-ci-worker-1": [
    AWS_ACCOUNT: "111111111111",
    ENV_NAME: "prod1",
    DEPLOY_ROLE_ARN: "arn:aws:iam::111111111111:role\\/terraform",
    PROD_VPC_CIDR: "10.210.0.0\\/16"
  ],
  "tf-ci-worker-2": [
    AWS_ACCOUNT: "222222222222",
    ENV_NAME: "prod2",

artem-hatchenko

---
modules:
  - acm
  - s3
  - cloudfront
  - wafv2-fortinet

artem-hatchenko

# Get the list of ALL modules in the form: "./rds/common",  "./rds/instance" etc.
MODULES="$(cd $TF_DIR/$MODULE_DIR; find . -type f -name '*.tf' -exec dirname {} \;)"
SORTED="$(echo $MODULES | sed -e $'s/ /\\\n/g' | sort | uniq)"

# Get the list of used modules from the INPUT_MODULE_LIST variable (i.e. "ecr,rds,eks", "s3")
IFS=',' read -ra INPUT_MODULE_LIST <<<"$INPUT_MODULE_LIST"

#If the modules used (INPUT_MODULE_LIST variable) are in the list of all modules (SORTED variable),
# then we call the "check_modules()" function and use the "tflint" command for the module being checked
if [ -n "${INPUT_MODULE_LIST}" ]; then

artem-hatchenko

# Block for the modules
check_modules() {
  # Run the "tflint" command and write the result to the $MODULES_OUTPUT file
  cd $TF_DIR/$MODULE_DIR/$1
  echo -e "\nMODULE: $1" | tee -a $MODULES_OUTPUT
  if grep -qP '^module' *.tf
    then echo "Found module call. Running terraform init..."
    terraform init &>/dev/null
    $TFLIT --config $MODULES_CONF_FILE | tee -a $MODULES_OUTPUT
    rm -rf .terraform*

artem-hatchenko

# Generating a summary for a $MODULES_OUTPUT file
ENVIRONMENT_STAT="$(cat $ENVIRONMENT_OUTPUT | grep -v -e '^$' | grep -v -P '^[0-9]+\ +issue\(s\)\ +found:' | grep -v -P '^(ENVIRONMENT: .[a-zA-Z]+.*)' | wc -l)"
if [[ -f "$MODULES_OUTPUT" ]]
  then
    MODULE_STAT="$(cat $MODULES_OUTPUT | grep -v -e '^$' | grep -v -P '^[0-9]+\ +issue\(s\)\ +found:' | grep -v -P '^(MODULE: .\/[a-z0-9]+.*)' | wc -l)"
  else
    MODULE_STAT="0"
fi

echo -e "\n\n\n"

artem-hatchenko

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

artem-hatchenko

cgi.fix_pathinfo = 0
short_open_tag = Off
display_errors = Off
display_startup_errors = Off
allow_url_fopen = Off
allow_url_include = Off

artem-hatchenko

resource "aws_lb_listener_rule" "cognito" {
  listener_arn = aws_alb_listener.kibana-listener-https.arn

  ### ALB in "eu-west-3" region doesn't support "authenticate-cognito" method ###
  # action {
  #   type = "authenticate-cognito"

  #   authenticate_cognito {
  #     scope               = "openid"
  #     user_pool_arn       = var.cognito_user_pool_arn