SweetOps
diff --git a/‎.github/CODEOWNERS
+1 b/‎.github/CODEOWNERS
+1
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md
+26 b/‎.github/ISSUE_TEMPLATE/bug_report.md
+26
diff --git a/‎.github/ISSUE_TEMPLATE/feature_request.md
+20 b/‎.github/ISSUE_TEMPLATE/feature_request.md
+20
diff --git a/‎.github/main.workflow
-56 b/‎.github/main.workflow
-56
diff --git a/‎.github/workflows/docs.yml
+28 b/‎.github/workflows/docs.yml
+28
diff --git a/‎.github/workflows/pr-lint.yml
+40 b/‎.github/workflows/pr-lint.yml
+40
diff --git a/‎.github/workflows/release.yml
+17 b/‎.github/workflows/release.yml
+17
diff --git a/‎.github/workflows/terraform.yml
+33 b/‎.github/workflows/terraform.yml
+33
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎.goreleaser.yml
-17 b/‎.goreleaser.yml
-17
diff --git a/‎.goreleaser/main.go
-4 b/‎.goreleaser/main.go
-4
diff --git a/‎LICENSE
+1-1 b/‎LICENSE
+1-1
diff --git a/‎README.md
+58-19 b/‎README.md
+58-19
@@ -0,0 +1 @@
+* @SweetOps
@@ -0,0 +1,26 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: SweetOps
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Terraform version**
+Output of  command:
+```sh
+terraform version
+```
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'feature'
+assignees: 'SweetOps'
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,28 @@
+name: Generate terraform docs
+on:
+  - pull_request
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: main docs
+      uses: Dirrk/[email protected]
+      with:
+        tf_docs_working_dir: .
+        tf_docs_output_file: README.md
+        tf_docs_output_method: inject
+        tf_docs_git_push: 'true'
+        tf_docs_args: '--sort-inputs-by-required'
+
+    - name: basic example docs
+      uses: Dirrk/[email protected]
+      with:
+        tf_docs_working_dir: ./examples/basic/
+        tf_docs_output_file: README.md
+        tf_docs_output_method: inject
+        tf_docs_git_push: 'true'
+        tf_docs_args: '--sort-inputs-by-required'
@@ -0,0 +1,40 @@
+name: Lint PR
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Lint PR
+        uses: aslafy-z/conventional-pr-title-action@master
+        with:
+          preset: conventional-changelog-angular@^5.0.6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment for PR title conformance
+        if: failure()
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{tojson(github.event.number)}}
+          body: |
+            Please ensure your PR conforms to conventional commits (see https://www.conventionalcommits.org).
+
+            Commits MUST be prefixed with a type, which consists of one of the following:
+
+            * **build**: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
+            * **ci**: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
+            * **docs**: Documentation only changes
+            * **feat**: A new feature
+            * **fix**: A bug fix
+            * **perf**: A code change that improves performance
+            * **refactor**: A code change that neither fixes a bug nor adds a feature
+            * **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
+            * **test**: Adding missing tests or correcting existing tests
@@ -0,0 +1,17 @@
+name: Release
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  release-notary:
+    name: Release-notary
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Release Notary Action
+        uses: commitsar-app/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,33 @@
+name: 'Validate TF manifests'
+on:
+  - pull_request
+jobs:
+  terraform:
+    name: Terraform
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.14.7
+
+      - name: Terraform Format
+        run: terraform fmt
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Validate
+        run: terraform validate -no-color
+
+      - name: tflint
+        uses: reviewdog/action-tflint@master
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-review
+          fail_on_error: "true"
+          filter_mode: "nofilter"
+          flags: "--module"
@@ -1,6 +1,7 @@
 # Compiled files
 *.tfstate
 *.tfstate.backup
+.terraform.lock.hcl
 
 # Module directory
 .terraform/
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017-2019 Vladimir Syromyatnikov
+   Copyright 2017-2021 Vladimir Syromyatnikov
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
 
@@ -1,36 +1,75 @@
 # terraform-google-service-account
-Terraform module : GCP : for creation service account.
+
+Terraform module to provision service account with normalized name.
 
 ## Usage
 
 ```terraform
-module "s3_service_account" {
-  source     = "git::https://github.com/SweetOps/terraform-google-service-account.git?ref=master"
+module "service_account" {
+  source    = "git::https://github.com/SweetOps/terraform-google-service-account.git?ref=master"
   name      = "awesome"
   stage     = "production"
   namespace = "sweetops"
 }
 ```
 
+<!--- BEGIN_TF_DOCS --->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.13 |
+| google | >= 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | >= 3.0 |
 
 ## Inputs
 
-| Name        | Description                                                                                     |  Type  | Default  | Required |
-|:------------|:------------------------------------------------------------------------------------------------|:------:|:--------:|:--------:|
-| name        | Solution name, e.g. 'app' or 'jenkins'                                                          | string |   n/a    |   yes    |
-| namespace   | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'             | string |   n/a    |   yes    |
-| stage       | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'         | string |   n/a    |   yes    |
-| attributes  | Additional attributes (e.g. `1`)                                                                |  list  |   `[]`   |    no    |
-| delimiter   | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`       | string |  `"-"`   |    no    |
-| enabled     | Set to false to prevent the module from creating any resources                                  | string | `"true"` |    no    |
-| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'                                   | string |   `""`   |    no    |
-| project     | The project in which the resource belongs. If it is not provided, the provider project is used. | string |   `""`   |    no    |
-| tags        | Additional tags (e.g. `map('BusinessUnit','XYZ')`                                               |  map   |   `{}`   |    no    |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
+| create\_service\_account\_key | Whether to create service account key | `bool` | `true` | no |
+| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| description | A text description of the service account. | `string` | `"Managed by Terraform"` | no |
+| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| id\_length\_limit | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
+| keepers | Arbitrary map of values that, when changed, will trigger a new key to be generated. | `map(string)` | `null` | no |
+| key\_algorithm | The algorithm used to generate the key. Possible values: `KEY_ALG_UNSPECIFIED`, `KEY_ALG_RSA_1024`, `KEY_ALG_RSA_2048` | `string` | `"KEY_ALG_RSA_2048"` | no |
+| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `"lower"` | no |
+| label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
+| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| private\_key\_type | The output format of the private key. | `string` | `"TYPE_GOOGLE_CREDENTIALS_FILE"` | no |
+| project | The project in which the resource belongs. If it is not provided, the provider project is used. | `string` | `null` | no |
+| public\_key\_data | Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509\_PEM and it conflicts with `public_key_type` and `private_key_type`. | `string` | `null` | no |
+| public\_key\_type | The output format of the public key requested. | `string` | `"TYPE_X509_PEM_FILE"` | no |
+| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| roles | The list of roles that should be applied to service account. | `list(string)` | `[]` | no |
+| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
 
 ## Outputs
 
-| Name      | Description                                      |
-|:----------|:-------------------------------------------------|
-| email     | The e-mail address of the service account.       |
-| name      | The fully-qualified name of the service account. |
-| unique_id | The unique id of the service account.            |
+| Name | Description |
+|------|-------------|
+| email | The e-mail address of the service account. |
+| id | The id of the service account. |
+| key\_id | The id of the service account key. |
+| key\_name | The name of the service account key. |
+| name | The fully-qualified name of the service account. |
+| private\_key | The private key in JSON format, base64 encoded. |
+| public\_key | The public key, base64 encoded. |
+| unique\_id | The unique id of the service account. |
+
+<!--- END_TF_DOCS --->
+
+## License
+The Apache-2.0 license