## Description du module
Ce module a pour but de gérer les applications et leur ressources associées dans le cloud public Scaleway.
## Fonctionnement du module
- Ce module prend en charge la gestion des ressources suivantes :
- Les applications, groupes et policies de l'IAM Scaleway.
- Les buckets S3 et de leur policy associée.
- Les file d'attente de type SQS et leurs identifiants associés.
### Fonctionnement bucket S3
#### Pré-requis
- Une liste de bucket est déclarée au sein de l'application.
- Pour déclarer des règles de cycle de vie (lifecycle\_rules), au moins expiration\_days ou le couple transition\_days et transition\_sc doivent être déclarés.
#### Fonctionnement
- Pour chaque bucket de la liste buckets\_list, une resource va être déclarée. Dans cette ressource, une lifecycle\_rule va être déclarée pour chaque membre de la liste de lifecycle\_rule.
- Pour chaque bucket de la liste buckets\_list, une policy est attachée et contient 3 sections :
- Une section pour autoriser l'application principale à accéder au bucket.
- Une section pour donner accès aux user\_id et application\_id des administrateurs.
- Une section pour donner accès à d'autres user\_id pour une application tierce.
### Fonctionnement SQS
#### Pré-requis
- Avoir activé le module SQS dans l'interface Scaleway -> Messaging.
- Une liste de queue est déclarée au sein de l'application.
#### Informations
- On utilise une resource de type scaleway\_mnq\_sqs\_credentials.admin\_creds par projet. En effet, en lui donnant uniquement le droit "can\_manage", elle peut créer, supprimer et modifier des queues mais pas accéder à leur contenu.
- En parallèle, on créé un jeu d'identifiant par application et par queue qui ne disposent que des droits de publication/réception.
## Requirements
| Name | Version |
|------|---------|
| [scaleway](#requirement\_scaleway) | >= 1.11.0 |
## Providers
| Name | Version |
|------|---------|
| [scaleway](#provider\_scaleway) | >= 1.11.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [scaleway_iam_api_key.keys](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_api_key) | resource |
| [scaleway_iam_application.apps](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_application) | resource |
| [scaleway_iam_group.groups](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_group) | resource |
| [scaleway_iam_policy.group_policies](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_policy) | resource |
| [scaleway_mnq_sns_credentials.app_creds](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sns_credentials) | resource |
| [scaleway_mnq_sns_topic.main](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sns_topic) | resource |
| [scaleway_mnq_sqs_credentials.app_creds](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sqs_credentials) | resource |
| [scaleway_mnq_sqs_queue.main](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sqs_queue) | resource |
| [scaleway_object_bucket.s3_buckets](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket_policy.s3_policies](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_policy) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [admin\_creds\_access\_key](#input\_admin\_creds\_access\_key) | SQS Admin access key | `string` | `""` | no |
| [admin\_creds\_secret\_key](#input\_admin\_creds\_secret\_key) | SQS Admin secret key | `string` | `""` | no |
| [admins\_user\_id](#input\_admins\_user\_id) | List of s3 admin user's ID | `list(string)` | `[]` | no |
| [app\_desc](#input\_app\_desc) | Application's description | `string` | `""` | no |
| [app\_name](#input\_app\_name) | Name of the application | `string` | `"changeme"` | no |
| [app\_tags](#input\_app\_tags) | Application's tags | `map(string)` | `{}` | no |
| [buckets\_list](#input\_buckets\_list) | List of the application's buckets | list(object({
bucket_name = string
bucket_region = optional(string)
bucket_versioning = optional(bool)
bucket_tags = optional(map(string))
bucket_policy_actions = optional(list(string))
bucket_lifecycle_rules = optional(list(object({
id = string
enabled = bool
prefix = optional(string)
expiration_days = optional(number)
transition_days = optional(number)
transition_sc = optional(string)
tags = optional(map(string))
})))
other_app_access = optional(list(string))
other_app_policy_actions= optional(list(string))
})) | n/a | yes |
| [env](#input\_env) | App's environment (dev/stg/prd) | `string` | `"dev"` | no |
| [policy\_permissions](#input\_policy\_permissions) | Policy permissions for app | `list(string)` | `[]` | no |
| [project\_id](#input\_project\_id) | App's project ID | `string` | `"changeme"` | no |
| [readonly\_users\_id](#input\_readonly\_users\_id) | List of readonly user's ID | `list(string)` | `[]` | no |
| [sns\_admin\_creds\_access\_key](#input\_sns\_admin\_creds\_access\_key) | SNS Admin access key | `string` | `""` | no |
| [sns\_admin\_creds\_secret\_key](#input\_sns\_admin\_creds\_secret\_key) | SNS Admin secret key | `string` | `""` | no |
| [sns\_can\_manage](#input\_sns\_can\_manage) | Can SNS credentials manage the topic | `bool` | `false` | no |
| [sns\_can\_publish](#input\_sns\_can\_publish) | Can SNS credentials publish message to the topic | `bool` | `true` | no |
| [sns\_can\_receive](#input\_sns\_can\_receive) | Can SNS credentials receive message from the topic | `bool` | `true` | no |
| [sns\_fifo\_topic](#input\_sns\_fifo\_topic) | Is the topic in FIFO mode ? (name must end with .fifo) | `bool` | `false` | no |
| [sns\_topic\_list](#input\_sns\_topic\_list) | List of the SNS topics | list(object({
sns_topic_name = string
sns_fifo_topic = optional(bool)
})) | n/a | yes |
| [sqs\_can\_manage](#input\_sqs\_can\_manage) | Can SQS credentials manage the queue | `bool` | `false` | no |
| [sqs\_can\_publish](#input\_sqs\_can\_publish) | Can SQS credentials publish message to the queue | `bool` | `true` | no |
| [sqs\_can\_receive](#input\_sqs\_can\_receive) | Can SQS credentials receive message from the queue | `bool` | `true` | no |
| [sqs\_fifo\_queue](#input\_sqs\_fifo\_queue) | Is the queue in FIFO mode ? | `bool` | `false` | no |
| [sqs\_message\_max\_age](#input\_sqs\_message\_max\_age) | Max age of message before being deleted in seconds | `number` | `345600` | no |
| [sqs\_message\_max\_size](#input\_sqs\_message\_max\_size) | Max size of message accepted in octet | `number` | `262144` | no |
| [sqs\_queue\_list](#input\_sqs\_queue\_list) | List of the SQS queues | list(object({
sqs_queue_name = string
sqs_fifo_queue = optional(bool)
sqs_message_max_age = optional(string)
sqs_message_max_size= optional(string)
})) | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [api\_access\_key](#output\_api\_access\_key) | App access key |
| [api\_secret\_key](#output\_api\_secret\_key) | App secret key |
| [app\_desc](#output\_app\_desc) | Description of the application |
| [app\_id](#output\_app\_id) | ID of the application |
| [app\_name](#output\_app\_name) | Name of the application |
| [bucket\_ID](#output\_bucket\_ID) | ID of the bucket |
| [bucket\_endpoint](#output\_bucket\_endpoint) | Bucket's endpoint |
| [sns\_creds\_access\_key](#output\_sns\_creds\_access\_key) | SNS Credentials access key |
| [sns\_creds\_secret\_key](#output\_sns\_creds\_secret\_key) | SNS Credentials secret key |
| [sns\_topic\_arn](#output\_sns\_topic\_arn) | SNS Topic ARN |
| [sqs\_creds\_access\_key](#output\_sqs\_creds\_access\_key) | SQS Credentials access key |
| [sqs\_creds\_secret\_key](#output\_sqs\_creds\_secret\_key) | SQS Credentials secret key |
| [sqs\_url\_endpoint](#output\_sqs\_url\_endpoint) | SQS URL Endpoint |