From 8e2c8eba260dbc737b8d2ab3829a4050fe4b76af Mon Sep 17 00:00:00 2001 From: jarpat Date: Wed, 27 Sep 2023 14:11:15 -0400 Subject: [PATCH 1/6] initial linter updates --- .github/workflows/linter-analysis.yaml | 16 +++++++++-- linting-configs/.tflint.hcl | 4 +-- modules/aws_vm/variables.tf | 38 ++++++++++++++++++++++---- modules/aws_vpc/main.tf | 2 +- modules/aws_vpc/variables.tf | 15 ++-------- modules/kubeconfig/output.tf | 1 + modules/kubeconfig/variables.tf | 5 ++++ 7 files changed, 56 insertions(+), 25 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 3620bd64..644cb5d3 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -2,7 +2,7 @@ name: Linter Analysis on: push: - branches: ['*'] # '*' will cause the workflow to run on all commits to all branches. + branches: [ '**' ] # '*8' will cause the workflow to run on all commits to all branches, including those with path separators jobs: # Hadolint: Job-1 @@ -54,8 +54,18 @@ jobs: tflint_version: latest github_token: ${{ secrets.LINTER_TEST_TOKEN }} + - name: Initializing viya4-iac-aws + run: terraform init + + # Necessary so we can recursively tflint our modules folder + # with the plugin, not needed for regular project use. + - name: Initializing modules + run: | + terraform -chdir=modules/aws_autoscaling init + terraform -chdir=modules/aws_ebs_csi init + - name: Initializing TFLint - run: TFLINT_LOG=info tflint --init -c .tflint.hcl + run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" - name: Run TFLint Action - run: TFLINT_LOG=info tflint -c .tflint.hcl + run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive \ No newline at end of file diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl index 8a125a87..3ac62f29 100644 --- a/linting-configs/.tflint.hcl +++ b/linting-configs/.tflint.hcl @@ -9,12 +9,12 @@ config { # Enables module inspection. - module = false + module = true } plugin "aws" { enabled = true - version = "0.23.0" + version = "0.27.0" source = "github.com/terraform-linters/tflint-ruleset-aws" } diff --git a/modules/aws_vm/variables.tf b/modules/aws_vm/variables.tf index 88a7c030..03f6be40 100644 --- a/modules/aws_vm/variables.tf +++ b/modules/aws_vm/variables.tf @@ -2,6 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 variable "name" { + description = "Name to assign the VM" type = string } @@ -12,77 +13,102 @@ variable "tags" { } variable "vm_type" { + description = "EC2 instance type" + type = string default = "m5.4xlarge" } variable "cloud_init" { + description = "Cloud init script to execute" + type = string default = "" } -variable "postgres_administrator_login" { - description = "The Administrator Login for the PostgreSQL Server. Changing this forces a new resource to be created." - default = "pgadmin" -} - variable "vm_admin" { - description = "OS Admin User for VMs of AKS Cluster nodes" + description = "OS Admin User for VMs of EC2 instance" + type = string default = "azureuser" } variable "ssh_public_key" { description = "Path to ssh public key" + type = string default = "" } variable "security_group_ids" { + description = "List of security group ids to associate with the EC2 instance" + type = list(string) default = [] } variable "create_public_ip" { + description = "Toggle the creation of a public EIP to be associated with the EC2 instance" + type = bool default = false } variable "data_disk_count" { + description = "Number of disks to attach to the EC2 instance" + type = number default = 0 } variable "data_disk_size" { + description = "Size of disk to attach to the EC2 instance in GiBs" + type = number default = 128 } variable "data_disk_type" { + description = "The type of EBS volume for the data disk" + type = string default = "gp2" } variable "data_disk_availability_zone" { + description = "The AZ where the EBS volume will exist" + type = string default = "" } variable "data_disk_iops" { + description = "The amount of IOPS to provision for the data disk" + type = number default = 0 } variable "os_disk_size" { + description = "The size of the OS disk" + type = number default = 64 } variable "os_disk_type" { + description = "The type of EBS volume for the OS disk" + type = string default = "standard" } variable "os_disk_delete_on_termination" { + description = "Delete disk on termination" + type = bool default = true } variable "os_disk_iops" { + description = "The amount of IOPS to provision for the OS disk" + type = number default = 0 } variable "subnet_id" { + description = "The VPC Subnet ID to launch in." type = string } variable "enable_ebs_encryption" { description = "Enable encryption on EBS volumes." + type = bool default = false } diff --git a/modules/aws_vpc/main.tf b/modules/aws_vpc/main.tf index a0463bb9..7817ff4a 100644 --- a/modules/aws_vpc/main.tf +++ b/modules/aws_vpc/main.tf @@ -11,7 +11,7 @@ locals { existing_private_subnets = local.existing_subnets && contains(keys(var.existing_subnet_ids), "private") ? (length(var.existing_subnet_ids["private"]) > 0 ? true : false) : false existing_database_subnets = local.existing_subnets && contains(keys(var.existing_subnet_ids), "database") ? (length(var.existing_subnet_ids["database"]) > 0 ? true : false) : false - public_subnets = local.existing_public_subnets ? data.aws_subnet.public : aws_subnet.public + # public_subnets = local.existing_public_subnets ? data.aws_subnet.public : aws_subnet.public # not used keeping for ref private_subnets = local.existing_private_subnets ? data.aws_subnet.private : aws_subnet.private } diff --git a/modules/aws_vpc/variables.tf b/modules/aws_vpc/variables.tf index 3e035270..1ceb5419 100644 --- a/modules/aws_vpc/variables.tf +++ b/modules/aws_vpc/variables.tf @@ -9,10 +9,12 @@ variable "azs" { variable "vpc_id" { description = "Existing vpc id" + type = string default = null } variable "name" { + description = "Prefix used when creating VPC resources" type = string default = null } @@ -39,18 +41,6 @@ variable "existing_nat_id" { description = "Pre-existing VPC NAT Gateway id" } -variable "enable_nat_gateway" { - description = "Should be true if you want to provision NAT Gateways for each of your private networks" - type = bool - default = true -} - -variable "single_nat_gateway" { - description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" - type = bool - default = true -} - variable "enable_dns_hostnames" { description = "Should be true to enable DNS hostnames in the VPC" type = bool @@ -63,7 +53,6 @@ variable "enable_dns_support" { default = true } - variable "tags" { description = "The tags to associate with your network and subnets." type = map(string) diff --git a/modules/kubeconfig/output.tf b/modules/kubeconfig/output.tf index 1aaeb6eb..7204c4bc 100644 --- a/modules/kubeconfig/output.tf +++ b/modules/kubeconfig/output.tf @@ -1,6 +1,7 @@ # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# tflint-ignore: terraform_standard_module_structure output "kube_config" { value = local_file.kubeconfig.content } diff --git a/modules/kubeconfig/variables.tf b/modules/kubeconfig/variables.tf index 71a2dbda..45575e7e 100644 --- a/modules/kubeconfig/variables.tf +++ b/modules/kubeconfig/variables.tf @@ -13,6 +13,7 @@ variable "namespace" { } variable "region" { + description = "AWS Region this cluster was provisioned in" type = string default = null } @@ -24,17 +25,21 @@ variable "create_static_kubeconfig" { } variable "path" { + description = "Path to output the kubeconfig file" type = string } variable "cluster_name" { + description = "Kubernetes cluster name" type = string } variable "endpoint" { + description = "Kubernetes cluster endpoint" type = string } variable "ca_crt" { + description = "Kubernetes CA certificate" type = string } From 5563705505e4ee2878a3500cde56c26f7c7dd536 Mon Sep 17 00:00:00 2001 From: jarpat Date: Wed, 27 Sep 2023 14:13:36 -0400 Subject: [PATCH 2/6] spacing --- modules/aws_vm/variables.tf | 30 +++++++++++++++--------------- modules/aws_vpc/variables.tf | 4 ++-- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/aws_vm/variables.tf b/modules/aws_vm/variables.tf index 03f6be40..8121de5d 100644 --- a/modules/aws_vm/variables.tf +++ b/modules/aws_vm/variables.tf @@ -3,7 +3,7 @@ variable "name" { description = "Name to assign the VM" - type = string + type = string } variable "tags" { @@ -15,13 +15,13 @@ variable "tags" { variable "vm_type" { description = "EC2 instance type" type = string - default = "m5.4xlarge" + default = "m5.4xlarge" } variable "cloud_init" { description = "Cloud init script to execute" type = string - default = "" + default = "" } variable "vm_admin" { @@ -39,72 +39,72 @@ variable "ssh_public_key" { variable "security_group_ids" { description = "List of security group ids to associate with the EC2 instance" type = list(string) - default = [] + default = [] } variable "create_public_ip" { description = "Toggle the creation of a public EIP to be associated with the EC2 instance" type = bool - default = false + default = false } variable "data_disk_count" { description = "Number of disks to attach to the EC2 instance" type = number - default = 0 + default = 0 } variable "data_disk_size" { description = "Size of disk to attach to the EC2 instance in GiBs" type = number - default = 128 + default = 128 } variable "data_disk_type" { description = "The type of EBS volume for the data disk" type = string - default = "gp2" + default = "gp2" } variable "data_disk_availability_zone" { description = "The AZ where the EBS volume will exist" type = string - default = "" + default = "" } variable "data_disk_iops" { description = "The amount of IOPS to provision for the data disk" type = number - default = 0 + default = 0 } variable "os_disk_size" { description = "The size of the OS disk" type = number - default = 64 + default = 64 } variable "os_disk_type" { description = "The type of EBS volume for the OS disk" type = string - default = "standard" + default = "standard" } variable "os_disk_delete_on_termination" { description = "Delete disk on termination" type = bool - default = true + default = true } variable "os_disk_iops" { description = "The amount of IOPS to provision for the OS disk" type = number - default = 0 + default = 0 } variable "subnet_id" { description = "The VPC Subnet ID to launch in." - type = string + type = string } variable "enable_ebs_encryption" { diff --git a/modules/aws_vpc/variables.tf b/modules/aws_vpc/variables.tf index 1ceb5419..3b2b272a 100644 --- a/modules/aws_vpc/variables.tf +++ b/modules/aws_vpc/variables.tf @@ -15,8 +15,8 @@ variable "vpc_id" { variable "name" { description = "Prefix used when creating VPC resources" - type = string - default = null + type = string + default = null } variable "cidr" { From 795dff20d8cc3b97beca9a6c4d2fa2a14f8dabff Mon Sep 17 00:00:00 2001 From: jarpat Date: Wed, 27 Sep 2023 14:17:39 -0400 Subject: [PATCH 3/6] testing init --- .github/workflows/linter-analysis.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 644cb5d3..1fe91d34 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -54,9 +54,6 @@ jobs: tflint_version: latest github_token: ${{ secrets.LINTER_TEST_TOKEN }} - - name: Initializing viya4-iac-aws - run: terraform init - # Necessary so we can recursively tflint our modules folder # with the plugin, not needed for regular project use. - name: Initializing modules From 6a102768e5b9612de444307c844cfe63c7bd9d1b Mon Sep 17 00:00:00 2001 From: jarpat Date: Wed, 27 Sep 2023 14:23:57 -0400 Subject: [PATCH 4/6] toggle config --- linting-configs/.tflint.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl index 3ac62f29..7b6e4873 100644 --- a/linting-configs/.tflint.hcl +++ b/linting-configs/.tflint.hcl @@ -9,7 +9,7 @@ config { # Enables module inspection. - module = true + module = false } plugin "aws" { From 86db3c2c8a5d067505a93c4071a1a51eff02dc84 Mon Sep 17 00:00:00 2001 From: jarpat Date: Wed, 27 Sep 2023 14:40:05 -0400 Subject: [PATCH 5/6] types workflow file --- .github/workflows/linter-analysis.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 1fe91d34..b4454d04 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -2,7 +2,7 @@ name: Linter Analysis on: push: - branches: [ '**' ] # '*8' will cause the workflow to run on all commits to all branches, including those with path separators + branches: [ '**' ] # '**' will cause the workflow to run on all commits to all branches, including those with path separators jobs: # Hadolint: Job-1 @@ -65,4 +65,4 @@ jobs: run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" - name: Run TFLint Action - run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive \ No newline at end of file + run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive From eee7546bf4ce59c406141e6ab7b1e1b1827a5d3a Mon Sep 17 00:00:00 2001 From: jarpat Date: Thu, 28 Sep 2023 10:26:42 -0400 Subject: [PATCH 6/6] rename output.tf to outputs.tf --- modules/kubeconfig/{output.tf => outputs.tf} | 1 - 1 file changed, 1 deletion(-) rename modules/kubeconfig/{output.tf => outputs.tf} (77%) diff --git a/modules/kubeconfig/output.tf b/modules/kubeconfig/outputs.tf similarity index 77% rename from modules/kubeconfig/output.tf rename to modules/kubeconfig/outputs.tf index 7204c4bc..1aaeb6eb 100644 --- a/modules/kubeconfig/output.tf +++ b/modules/kubeconfig/outputs.tf @@ -1,7 +1,6 @@ # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -# tflint-ignore: terraform_standard_module_structure output "kube_config" { value = local_file.kubeconfig.content }