From 5361a040c1bd20a32e53e07c408427a616710499 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Wed, 7 Oct 2020 09:15:05 +0800
Subject: [PATCH] NEW: more samples

---
 conditional/main.tf                   | 16 ++++++++++++++
 conditional/variables.tf              |  1 +
 csv/csv.off                           | 25 +++++++++++++++++++++
 csv/dynamic.tf                        | 22 +++++++++++++++++++
 csv/sg.csv                            |  4 ++++
 kms/main.tf                           | 31 +++++++++++++++++++++++++++
 loop/groups.tf                        | 15 +++++++++++++
 loop/provider.tf                      | 10 +++++++++
 vpc-subnets/{state.tf => state.tf-no} |  0
 9 files changed, 124 insertions(+)
 create mode 100644 conditional/main.tf
 create mode 100644 conditional/variables.tf
 create mode 100644 csv/csv.off
 create mode 100644 csv/dynamic.tf
 create mode 100644 csv/sg.csv
 create mode 100644 kms/main.tf
 create mode 100644 loop/groups.tf
 create mode 100644 loop/provider.tf
 rename vpc-subnets/{state.tf => state.tf-no} (100%)

diff --git a/conditional/main.tf b/conditional/main.tf
new file mode 100644
index 0000000..5c8b543
--- /dev/null
+++ b/conditional/main.tf
@@ -0,0 +1,16 @@
+resource null_resource res1 {
+  count = var.is-sys-sec-account ? 1 : 0
+}
+
+// cannot be res1 otherwise terraform complains about duplication
+resource null_resource res2 {
+  count = var.is-sys-sec-account ? 0 : 1
+}
+
+output res1-id {
+  value = null_resource.res1.*.id
+}
+
+output res2-id {
+  value = null_resource.res2.*.id
+}
diff --git a/conditional/variables.tf b/conditional/variables.tf
new file mode 100644
index 0000000..f88ef37
--- /dev/null
+++ b/conditional/variables.tf
@@ -0,0 +1 @@
+variable is-sys-sec-account {}
\ No newline at end of file
diff --git a/csv/csv.off b/csv/csv.off
new file mode 100644
index 0000000..ed147cd
--- /dev/null
+++ b/csv/csv.off
@@ -0,0 +1,25 @@
+locals {
+  csv_file = file("sg.csv")
+  rules    = csvdecode(local.csv_file)
+}
+
+data aws_caller_identity self {}
+
+resource "aws_security_group" "security-groups" {
+  description = "sg description"
+  name        = "sg1"
+  vpc_id      = data.aws_caller_identity.self.id
+
+  for_each = {
+    for rule in local.rules : rule.rule_no => rule
+  }
+
+  ingress {
+    description = each.value.description
+    from_port   = each.value.from_port
+    to_port     = each.value.to_port
+    protocol    = each.value.proto
+    cidr_blocks = [each.value.source]
+  }
+}
+
diff --git a/csv/dynamic.tf b/csv/dynamic.tf
new file mode 100644
index 0000000..9183135
--- /dev/null
+++ b/csv/dynamic.tf
@@ -0,0 +1,22 @@
+data aws_caller_identity self {}
+
+variable sg1 {}
+
+resource "aws_security_group" "sg1" {
+  name        = var.sg1.name
+  description = var.sg1.description
+  vpc_id      = data.aws_caller_identity.self.id
+
+  dynamic "ingress" {
+    for_each = var.sg1.cidrs
+    content {
+      description = ingress.key
+      cidr_blocks = [ingress.value]
+      from_port   = var.sg1.from_port
+      to_port     = var.sg1.to_port
+      protocol    = "tcp"
+    }
+  }
+}
+
+
diff --git a/csv/sg.csv b/csv/sg.csv
new file mode 100644
index 0000000..3a78c2b
--- /dev/null
+++ b/csv/sg.csv
@@ -0,0 +1,4 @@
+rule_no,direction,proto,from_port,to_port,source,description
+rule1,ingress,TCP,0,65535,10.193.35.0/24,MTCPortal
+rule2,ingress,TCP,0,65535,10.193.36.0/24,MTCVDI
+rule3,ingress,TCP,0,65535,10.193.46.0/24,iDesk
\ No newline at end of file
diff --git a/kms/main.tf b/kms/main.tf
new file mode 100644
index 0000000..3801343
--- /dev/null
+++ b/kms/main.tf
@@ -0,0 +1,31 @@
+resource "aws_kms_external_key" "kms-key1" {
+  description = "Customer managed key"
+  key_material_base64 = "s5yiaoDbfHrBkbuGdyIxQaILucovIgPMbw8/pgYZJu0="
+  enabled = true
+  policy =<<EOF
+{
+    "Version": "2012-10-17",
+    "Id": "key-default-1",
+    "Statement": [
+        {
+            "Sid": "Allow access for key administrators"
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": [
+			"arn:aws:iam::376395444418:user/temp-provisioning-fullaccess",
+			"arn:aws:iam::376395444418:root"
+		]
+            },
+            "Action": "kms:*",
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+ 
+}
+
+resource "aws_kms_alias" "keyalias1" {
+  name          = "alias/kf-test-3"
+  target_key_id = aws_kms_external_key.kms-key1.id
+}
diff --git a/loop/groups.tf b/loop/groups.tf
new file mode 100644
index 0000000..c3d6628
--- /dev/null
+++ b/loop/groups.tf
@@ -0,0 +1,15 @@
+locals {
+  group_names = {
+    group1 = "/users/"
+    group2 = "/users/"
+    group3 = "/users/"
+  }
+}
+
+resource "aws_iam_group" "iam-groups" {
+  for_each = local.group_names
+  name     = each.key
+  path 	   = each.value
+}
+
+
diff --git a/loop/provider.tf b/loop/provider.tf
new file mode 100644
index 0000000..48c33f4
--- /dev/null
+++ b/loop/provider.tf
@@ -0,0 +1,10 @@
+variable "aws_access_key" {}
+variable "aws_secret_key" {}
+variable "aws_region" {}
+
+provider "aws" {
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  region     = var.aws_region
+}
+
diff --git a/vpc-subnets/state.tf b/vpc-subnets/state.tf-no
similarity index 100%
rename from vpc-subnets/state.tf
rename to vpc-subnets/state.tf-no