From ec6519bcf14134d7e5494179948132073cd1ae70 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 16:41:47 -0400 Subject: [PATCH 01/31] Update dependency versions --- .circleci/config.yml | 45 ++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index dad1821..6b329f6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,9 +1,22 @@ +defaults: &defaults + # We need to run Docker Compose with volumes, which isn't supported by CircleCI's Docker executor, so we have to use + # the machine executor instead. + machine: + image: circleci/classic:201711-01 + environment: + GRUNTWORK_INSTALLER_VERSION: v0.0.21 + TERRATEST_LOG_PARSER_VERSION: v0.13.24 + MODULE_CI_VERSION: v0.13.15 + # TODO: switch to TF12 + TERRAFORM_VERSION: 0.11.14 + TERRAGRUNT_VERSION: NONE + PACKER_VERSION: 1.4.1 + GOLANG_VERSION: 1.11 + version: 2 jobs: test: - # We need to run Docker Compose with volumes, which isn't supported by CircleCI's Docker executor, so we have to use - # the machine executor instead. - machine: true + <<: *defaults steps: - checkout @@ -13,20 +26,20 @@ jobs: # Install Gruntwork and HashiCorp dependencies - restore_cache: keys: - - v1-external-dep - - v1-dep-{{ checksum "test/Gopkg.lock" }} + - v2-external-dep + - v2-dep-{{ checksum "test/Gopkg.lock" }} # Use the Gruntwork Installer to install the gruntwork-module-circleci-helpers - - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version v0.0.21 - - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.7.1" - - run: gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag v0.14.2 - - run: configure-environment-for-gruntwork-module --circle-ci-2-machine-executor --go-src-path test --use-go-dep + - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "${GRUNTWORK_INSTALLER_VERSION}" + - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}" + - run: gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag "${TERRATEST_LOG_PARSER_VERSION}" + - run: configure-environment-for-gruntwork-module \ --circle-ci-2-machine-executor --terraform-version ${TERRAFORM_VERSION} --terragrunt-version ${TERRAGRUNT_VERSION} --packer-version ${PACKER_VERSION} --use-go-dep --go-version ${GOLANG_VERSION} --go-src-path test - save_cache: - key: v1-external-dep + key: v2-external-dep paths: - $HOME/terraform - $HOME/packer - save_cache: - key: v1-dep-{{ checksum "test/Gopkg.lock" }} + key: v2-dep-{{ checksum "test/Gopkg.lock" }} paths: - $HOME/.go_workspace/src/github.com/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/test/vendor @@ -56,7 +69,7 @@ jobs: path: /tmp/logs release: - machine: true + <<: *defaults steps: - checkout @@ -64,10 +77,10 @@ jobs: - run: echo 'export PATH=$HOME/.local/bin:$HOME/terraform:$HOME/packer:$PATH' >> $BASH_ENV # Use the Gruntwork Installer to install the gruntwork-module-circleci-helpers - - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version v0.0.21 - - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.7.1" - - run: gruntwork-install --module-name "build-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.7.1" - - run: gruntwork-install --module-name "aws-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.7.1" + - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "${GRUNTWORK_INSTALLER_VERSION}" + - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}" + - run: gruntwork-install --module-name "build-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}" + - run: gruntwork-install --module-name "aws-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}" - run: configure-environment-for-gruntwork-module --circle-ci-2-machine-executor --go-src-path test --use-go-dep --terraform-version NONE --terragrunt-version NONE --glide-version NONE - run: ~/project/.circleci/publish-amis.sh "ubuntu-ami" From c3f3606dda0668e8a07231f07a2a7a99f1a560c8 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 16:43:08 -0400 Subject: [PATCH 02/31] Fix syntax error in config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6b329f6..4cb21ef 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -32,7 +32,7 @@ jobs: - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "${GRUNTWORK_INSTALLER_VERSION}" - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}" - run: gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag "${TERRATEST_LOG_PARSER_VERSION}" - - run: configure-environment-for-gruntwork-module \ --circle-ci-2-machine-executor --terraform-version ${TERRAFORM_VERSION} --terragrunt-version ${TERRAGRUNT_VERSION} --packer-version ${PACKER_VERSION} --use-go-dep --go-version ${GOLANG_VERSION} --go-src-path test + - run: configure-environment-for-gruntwork-module --circle-ci-2-machine-executor --terraform-version ${TERRAFORM_VERSION} --terragrunt-version ${TERRAGRUNT_VERSION} --packer-version ${PACKER_VERSION} --use-go-dep --go-version ${GOLANG_VERSION} --go-src-path test - save_cache: key: v2-external-dep paths: From a8c7338f78659cdb4d86cf0f1255da377b7e7ec6 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 16:47:44 -0400 Subject: [PATCH 03/31] Update CI env to TF 0.12 --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4cb21ef..193cb67 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,8 +7,7 @@ defaults: &defaults GRUNTWORK_INSTALLER_VERSION: v0.0.21 TERRATEST_LOG_PARSER_VERSION: v0.13.24 MODULE_CI_VERSION: v0.13.15 - # TODO: switch to TF12 - TERRAFORM_VERSION: 0.11.14 + TERRAFORM_VERSION: 0.12.2 TERRAGRUNT_VERSION: NONE PACKER_VERSION: 1.4.1 GOLANG_VERSION: 1.11 From 85bbd88ebf982b0b7579262f0b565a02f13c0c5a Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 16:50:32 -0400 Subject: [PATCH 04/31] Update sync-gateway-security-group-rules to 0.12 --- .../sync-gateway-security-group-rules/main.tf | 56 +++++++++++-------- .../outputs.tf | 5 +- .../variables.tf | 14 +++-- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/modules/sync-gateway-security-group-rules/main.tf b/modules/sync-gateway-security-group-rules/main.tf index 23a9910..87028ff 100644 --- a/modules/sync-gateway-security-group-rules/main.tf +++ b/modules/sync-gateway-security-group-rules/main.tf @@ -1,34 +1,43 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + +terraform { + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # INTERFACE # Main REST interface for Sync Gateway # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "interface_port_cidr_blocks" { - count = "${signum(length(var.interface_port_cidr_blocks))}" + count = signum(length(var.interface_port_cidr_blocks)) type = "ingress" - from_port = "${var.interface_port}" - to_port = "${var.interface_port}" + from_port = var.interface_port + to_port = var.interface_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.interface_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.interface_port_cidr_blocks } resource "aws_security_group_rule" "interface_port_security_groups" { - count = "${var.num_interface_port_security_groups}" + count = var.num_interface_port_security_groups type = "ingress" - from_port = "${var.interface_port}" - to_port = "${var.interface_port}" + from_port = var.interface_port + to_port = var.interface_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.interface_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.interface_port_security_groups, count.index) } resource "aws_security_group_rule" "interface_port_self" { type = "ingress" - from_port = "${var.interface_port}" - to_port = "${var.interface_port}" + from_port = var.interface_port + to_port = var.interface_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -38,21 +47,22 @@ resource "aws_security_group_rule" "interface_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "admin_interface_port_cidr_blocks" { - count = "${signum(length(var.admin_interface_port_cidr_blocks))}" + count = signum(length(var.admin_interface_port_cidr_blocks)) type = "ingress" - from_port = "${var.admin_interface_port}" - to_port = "${var.admin_interface_port}" + from_port = var.admin_interface_port + to_port = var.admin_interface_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.admin_interface_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.admin_interface_port_cidr_blocks } resource "aws_security_group_rule" "admin_interface_port_security_groups" { - count = "${var.num_admin_interface_port_security_groups}" + count = var.num_admin_interface_port_security_groups type = "ingress" - from_port = "${var.admin_interface_port}" - to_port = "${var.admin_interface_port}" + from_port = var.admin_interface_port + to_port = var.admin_interface_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.admin_interface_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.admin_interface_port_security_groups, count.index) } + diff --git a/modules/sync-gateway-security-group-rules/outputs.tf b/modules/sync-gateway-security-group-rules/outputs.tf index 0926e6f..20655ee 100644 --- a/modules/sync-gateway-security-group-rules/outputs.tf +++ b/modules/sync-gateway-security-group-rules/outputs.tf @@ -1,7 +1,8 @@ output "interface_port" { - value = "${var.interface_port}" + value = var.interface_port } output "admin_interface_port" { - value = "${var.admin_interface_port}" + value = var.admin_interface_port } + diff --git a/modules/sync-gateway-security-group-rules/variables.tf b/modules/sync-gateway-security-group-rules/variables.tf index 9ee4711..cf39a81 100644 --- a/modules/sync-gateway-security-group-rules/variables.tf +++ b/modules/sync-gateway-security-group-rules/variables.tf @@ -5,6 +5,7 @@ variable "security_group_id" { description = "The ID of the Security Group to which all the rules should be attached." + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -14,44 +15,49 @@ variable "security_group_id" { variable "interface_port" { description = "The port to use for the main Sync Gateway REST interface." + type = number default = 4984 } variable "interface_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the interface_port." - type = "list" + type = list(string) default = [] } variable "interface_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the interface_port. If you update this variable, make sure to update var.num_interface_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_interface_port_security_groups" { description = "The number of security group IDs in var.interface_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "admin_interface_port" { description = "The port to use for the Sync Gateway Admin interface." + type = number default = 4985 } variable "admin_interface_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the admin_interface_port. The admin interface exposes ALL Couchbase data, so you probably want to leave this list empty and only allow access from localhost!" - type = "list" + type = list(string) default = [] } variable "admin_interface_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the admin_interface_port. The admin interface exposes ALL Couchbase data, so you probably want to leave this list empty and only allow access from localhost! If you update this variable, make sure to update var.num_admin_interface_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_admin_interface_port_security_groups" { description = "The number of security group IDs in var.admin_interface_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } + From 829a4fbd2009b3fd6a2b02873daf4a380ecd572c Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 16:55:19 -0400 Subject: [PATCH 05/31] Update load-balancer-target-group to 0.12 --- modules/load-balancer-target-group/main.tf | 58 ++++++++++++------- modules/load-balancer-target-group/outputs.tf | 3 +- .../load-balancer-target-group/variables.tf | 26 ++++++++- 3 files changed, 62 insertions(+), 25 deletions(-) diff --git a/modules/load-balancer-target-group/main.tf b/modules/load-balancer-target-group/main.tf index 4dbdf59..987468e 100644 --- a/modules/load-balancer-target-group/main.tf +++ b/modules/load-balancer-target-group/main.tf @@ -1,30 +1,39 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + +terraform { + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # CREATE A TARGET GROUP # This will perform health checks on the servers and receive requests from the Listerers that match Listener Rules. # --------------------------------------------------------------------------------------------------------------------- resource "aws_alb_target_group" "tg" { - name = "${var.target_group_name}" - port = "${var.port}" - protocol = "${var.protocol}" - vpc_id = "${var.vpc_id}" - deregistration_delay = "${var.deregistration_delay}" + name = var.target_group_name + port = var.port + protocol = var.protocol + vpc_id = var.vpc_id + deregistration_delay = var.deregistration_delay health_check { port = "traffic-port" - protocol = "${var.protocol}" - interval = "${var.health_check_interval}" - path = "${var.health_check_path}" - timeout = "${var.health_check_timeout}" - healthy_threshold = "${var.health_check_healthy_threshold}" - unhealthy_threshold = "${var.health_check_unhealthy_threshold}" - matcher = "${var.health_check_matcher}" + protocol = var.protocol + interval = var.health_check_interval + path = var.health_check_path + timeout = var.health_check_timeout + healthy_threshold = var.health_check_healthy_threshold + unhealthy_threshold = var.health_check_unhealthy_threshold + matcher = var.health_check_matcher } stickiness { type = "lb_cookie" - cookie_duration = "${var.stickiness_cookie_duration}" - enabled = "${var.enable_stickiness}" + cookie_duration = var.stickiness_cookie_duration + enabled = var.enable_stickiness } } @@ -34,17 +43,23 @@ resource "aws_alb_target_group" "tg" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_alb_listener_rule" "http_path" { - count = "${var.num_listener_arns}" + count = var.num_listener_arns - listener_arn = "${element(var.listener_arns, count.index)}" - priority = "${var.listener_rule_starting_priority + count.index}" + listener_arn = element(var.listener_arns, count.index) + priority = var.listener_rule_starting_priority + count.index action { - target_group_arn = "${aws_alb_target_group.tg.arn}" + target_group_arn = aws_alb_target_group.tg.arn type = "forward" } - condition = "${var.routing_condition}" + dynamic "condition" { + for_each = var.routing_condition + content { + field = lookup(condition.value, "field") + values = lookup(condition.value, "values") + } + } } # --------------------------------------------------------------------------------------------------------------------- @@ -54,6 +69,7 @@ resource "aws_alb_listener_rule" "http_path" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_autoscaling_attachment" "attach" { - autoscaling_group_name = "${var.asg_name}" - alb_target_group_arn = "${aws_alb_target_group.tg.arn}" + autoscaling_group_name = var.asg_name + alb_target_group_arn = aws_alb_target_group.tg.arn } + diff --git a/modules/load-balancer-target-group/outputs.tf b/modules/load-balancer-target-group/outputs.tf index 35e278d..c66bcfb 100644 --- a/modules/load-balancer-target-group/outputs.tf +++ b/modules/load-balancer-target-group/outputs.tf @@ -1,3 +1,4 @@ output "target_group_arn" { - value = "${aws_alb_target_group.tg.arn}" + value = aws_alb_target_group.tg.arn } + diff --git a/modules/load-balancer-target-group/variables.tf b/modules/load-balancer-target-group/variables.tf index abb983a..c2c3212 100644 --- a/modules/load-balancer-target-group/variables.tf +++ b/modules/load-balancer-target-group/variables.tf @@ -5,35 +5,42 @@ variable "target_group_name" { description = "The name to use for the Target Group" + type = string } variable "asg_name" { description = "The name of the ASG (ASG) in the servers are deployed" + type = string } variable "port" { description = "The port the servers are listening on for requests." + type = number } variable "listener_arns" { description = "The ARNs of ALB listeners to which Listener Rules that route to this Target Group should be added." - type = "list" + type = list(string) } variable "num_listener_arns" { description = "The number of ARNs in var.listener_arns. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.listener_arns, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number } variable "listener_rule_starting_priority" { description = "The starting priority for the Listener Rules" + type = number } variable "health_check_path" { description = "The path to use for health check requests." + type = string } variable "vpc_id" { description = "The ID of the VPC in which to deploy the Target Group" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -43,7 +50,10 @@ variable "vpc_id" { variable "routing_condition" { description = "This variable defines the paths or domain names that will be routed to the servers. By default, we route all paths and domain names to the servers. To override this, you should pass in a list of maps, where each map has the keys field and values. See the Condition Blocks documentation for the syntax to use: https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html." - type = "list" + type = list(object({ + field = string + values = list(string) + })) default = [ { @@ -55,45 +65,55 @@ variable "routing_condition" { variable "protocol" { description = "The protocol to use to talk to the servers. Must be one of: HTTP, HTTPS." + type = string default = "HTTP" } variable "deregistration_delay" { description = "The amount time for the Load Balancer to wait before changing the state of a deregistering server from draining to unused. The range is 0-3600 seconds." + type = number default = 300 } variable "health_check_interval" { description = "The approximate amount of time, in seconds, between health checks of each server. Minimum value 5 seconds, Maximum value 300 seconds." + type = number default = 30 } variable "health_check_timeout" { description = "The amount of time, in seconds, during which no response from a server means a failed health check. Must be between 2 and 60 seconds." + type = number default = 5 } variable "health_check_healthy_threshold" { description = "The number of times the health check must pass before a server is considered healthy." + type = number default = 2 } variable "health_check_unhealthy_threshold" { description = "The number of times the health check must fail before a server is considered unhealthy." + type = number default = 2 } variable "health_check_matcher" { description = "The HTTP codes to use when checking for a successful response from a server. You can specify multiple comma-separated values (for example, \"200,202\") or a range of values (for example, \"200-299\")." + type = string default = "200" } variable "enable_stickiness" { description = "Set to true to enable stickiness, so a given user always gets routed to the same server. We recommend enabling this for the Couchbase Web Console." + type = bool default = false } variable "stickiness_cookie_duration" { description = "The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). Only used if var.enable_stickiness is true." - default = 86400 # 1 day + type = number + default = 86400 # 1 day } + From 5044dae2d2dd3954ed3906419dfb4f8d68f17856 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:00:45 -0400 Subject: [PATCH 06/31] Update load-balancer to 0.12 --- modules/load-balancer/main.tf | 102 ++++++++++++++++------------- modules/load-balancer/outputs.tf | 30 ++++++--- modules/load-balancer/variables.tf | 32 ++++++--- 3 files changed, 99 insertions(+), 65 deletions(-) diff --git a/modules/load-balancer/main.tf b/modules/load-balancer/main.tf index ad61b15..3affc24 100644 --- a/modules/load-balancer/main.tf +++ b/modules/load-balancer/main.tf @@ -1,20 +1,29 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + +terraform { + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # CREATE AN THE LOAD BALANCER # --------------------------------------------------------------------------------------------------------------------- resource "aws_alb" "lb" { - name = "${var.name}" + name = var.name load_balancer_type = "application" - idle_timeout = "${var.idle_timeout}" + idle_timeout = var.idle_timeout - internal = "${var.internal}" - security_groups = ["${aws_security_group.sg.id}"] - subnets = ["${var.subnet_ids}"] + internal = var.internal + security_groups = [aws_security_group.sg.id] + subnets = var.subnet_ids - enable_http2 = "${var.enable_http2}" - ip_address_type = "${var.ip_address_type}" + enable_http2 = var.enable_http2 + ip_address_type = var.ip_address_type - tags = "${var.tags}" + tags = var.tags } # --------------------------------------------------------------------------------------------------------------------- @@ -22,28 +31,28 @@ resource "aws_alb" "lb" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_alb_listener" "http" { - count = "${length(var.http_listener_ports)}" + count = length(var.http_listener_ports) - load_balancer_arn = "${aws_alb.lb.arn}" - port = "${element(var.http_listener_ports, count.index)}" + load_balancer_arn = aws_alb.lb.arn + port = element(var.http_listener_ports, count.index) protocol = "HTTP" default_action { - target_group_arn = "${length(var.default_target_group_arn) > 0 ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, list("")), 0)}" + target_group_arn = var.default_target_group_arn == null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) type = "forward" } } resource "aws_alb_listener" "https" { - count = "${length(var.https_listener_ports_and_certs)}" + count = length(var.https_listener_ports_and_certs) - load_balancer_arn = "${aws_alb.lb.arn}" - port = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" + load_balancer_arn = aws_alb.lb.arn + port = var.https_listener_ports_and_certs[count.index]["port"] protocol = "HTTPS" - certificate_arn = "${lookup(var.https_listener_ports_and_certs[count.index], "certificate_arn")}" + certificate_arn = var.https_listener_ports_and_certs[count.index]["certificate_arn"] default_action { - target_group_arn = "${length(var.default_target_group_arn) > 0 ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, list("")), 0)}" + target_group_arn = var.default_target_group_arn == null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) type = "forward" } } @@ -61,12 +70,12 @@ resource "aws_alb_listener" "https" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_alb_target_group" "black_hole" { - count = "${length(var.default_target_group_arn) == 0 ? 1 : 0}" + count = var.default_target_group_arn == null ? 1 : 0 name = "${var.name}-hole" protocol = "HTTP" port = 12345 - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id } # --------------------------------------------------------------------------------------------------------------------- @@ -75,7 +84,7 @@ resource "aws_alb_target_group" "black_hole" { resource "aws_security_group" "sg" { name = "${var.name}-lb" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id } resource "aws_security_group_rule" "allow_all_outbound" { @@ -83,54 +92,54 @@ resource "aws_security_group_rule" "allow_all_outbound" { from_port = 0 to_port = 0 protocol = "-1" - security_group_id = "${aws_security_group.sg.id}" + security_group_id = aws_security_group.sg.id cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "allow_http_inbound_from_cidr_blocks" { - count = "${length(var.http_listener_ports)}" + count = length(var.http_listener_ports) type = "ingress" - from_port = "${element(var.http_listener_ports, count.index)}" - to_port = "${element(var.http_listener_ports, count.index)}" + from_port = element(var.http_listener_ports, count.index) + to_port = element(var.http_listener_ports, count.index) protocol = "tcp" - security_group_id = "${aws_security_group.sg.id}" - cidr_blocks = ["${var.allow_inbound_from_cidr_blocks}"] + security_group_id = aws_security_group.sg.id + cidr_blocks = var.allow_inbound_from_cidr_blocks } resource "aws_security_group_rule" "allow_http_inbound_from_security_groups" { - count = "${length(var.http_listener_ports) * var.num_inbound_security_groups}" + count = length(var.http_listener_ports) * var.num_inbound_security_groups type = "ingress" - from_port = "${element(var.http_listener_ports, count.index)}" - to_port = "${element(var.http_listener_ports, count.index)}" + from_port = element(var.http_listener_ports, count.index) + to_port = element(var.http_listener_ports, count.index) protocol = "tcp" - security_group_id = "${aws_security_group.sg.id}" - source_security_group_id = "${element(var.allow_inbound_from_security_groups, count.index)}" + security_group_id = aws_security_group.sg.id + source_security_group_id = element(var.allow_inbound_from_security_groups, count.index) } resource "aws_security_group_rule" "allow_https_inbound_from_cidr_blocks" { - count = "${length(var.https_listener_ports_and_certs)}" + count = length(var.https_listener_ports_and_certs) type = "ingress" - from_port = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" - to_port = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" + from_port = var.https_listener_ports_and_certs[count.index]["port"] + to_port = var.https_listener_ports_and_certs[count.index]["port"] protocol = "tcp" - security_group_id = "${aws_security_group.sg.id}" - cidr_blocks = ["${var.allow_inbound_from_cidr_blocks}"] + security_group_id = aws_security_group.sg.id + cidr_blocks = var.allow_inbound_from_cidr_blocks } resource "aws_security_group_rule" "allow_https_inbound_from_security_groups" { - count = "${length(var.https_listener_ports_and_certs) * var.num_inbound_security_groups}" + count = length(var.https_listener_ports_and_certs) * var.num_inbound_security_groups type = "ingress" - from_port = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" - to_port = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" + from_port = var.https_listener_ports_and_certs[count.index]["port"] + to_port = var.https_listener_ports_and_certs[count.index]["port"] protocol = "tcp" - security_group_id = "${aws_security_group.sg.id}" + security_group_id = aws_security_group.sg.id # The split/join workaround below should NOT be necessary, but without it, if var.https_listener_ports_and_certs # contains any data sources, and var.allow_inbound_from_security_groups is empty, we get a "element() may not be # used with an empty list" error. The count param is supposed to support interpolating data sources, but perhaps # because we have a map involved, it does not, so we have to use this ugly workaround for now. For more info, see: # https://github.com/hashicorp/terraform/issues/17812 - source_security_group_id = "${element(split(",", var.num_inbound_security_groups == 0 ? "fake-id-for-workaround" : join(",", var.allow_inbound_from_security_groups)), count.index)}" + source_security_group_id = element(split(",", var.num_inbound_security_groups == 0 ? "fake-id-for-workaround" : join(",", var.allow_inbound_from_security_groups)), count.index) } # --------------------------------------------------------------------------------------------------------------------- @@ -138,14 +147,15 @@ resource "aws_security_group_rule" "allow_https_inbound_from_security_groups" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_route53_record" "load_balancer" { - count = "${length(var.route53_records)}" - name = "${lookup(var.route53_records[count.index], "domain")}" - zone_id = "${lookup(var.route53_records[count.index], "zone_id")}" + count = length(var.route53_records) + name = var.route53_records[count.index]["domain"] + zone_id = var.route53_records[count.index]["zone_id"] type = "A" alias { - name = "${aws_alb.lb.dns_name}" - zone_id = "${aws_alb.lb.zone_id}" + name = aws_alb.lb.dns_name + zone_id = aws_alb.lb.zone_id evaluate_target_health = true } } + diff --git a/modules/load-balancer/outputs.tf b/modules/load-balancer/outputs.tf index b0831f9..74124a4 100644 --- a/modules/load-balancer/outputs.tf +++ b/modules/load-balancer/outputs.tf @@ -1,36 +1,46 @@ output "alb_arn" { - value = "${aws_alb.lb.arn}" + value = aws_alb.lb.arn } output "alb_name" { - value = "${aws_alb.lb.name}" + value = aws_alb.lb.name } output "alb_dns_name" { - value = "${aws_alb.lb.dns_name}" + value = aws_alb.lb.dns_name } output "domain_names" { - value = "${aws_route53_record.load_balancer.*.fqdn}" + value = aws_route53_record.load_balancer.*.fqdn } output "http_listener_arns" { - value = "${zipmap(var.http_listener_ports, aws_alb_listener.http.*.arn)}" + value = zipmap(var.http_listener_ports, aws_alb_listener.http.*.arn) } data "template_file" "https_listener_ports" { - count = "${length(var.https_listener_ports_and_certs)}" - template = "${lookup(var.https_listener_ports_and_certs[count.index], "port")}" + count = length(var.https_listener_ports_and_certs) + template = var.https_listener_ports_and_certs[count.index]["port"] } output "https_listener_arns" { - value = "${zipmap(data.template_file.https_listener_ports.*.rendered, aws_alb_listener.https.*.arn)}" + value = zipmap( + data.template_file.https_listener_ports.*.rendered, + aws_alb_listener.https.*.arn + ) } output "all_listener_arns" { - value = "${merge(zipmap(var.http_listener_ports, aws_alb_listener.http.*.arn), zipmap(data.template_file.https_listener_ports.*.rendered, aws_alb_listener.https.*.arn))}" + value = merge( + zipmap(var.http_listener_ports, aws_alb_listener.http.*.arn), + zipmap( + data.template_file.https_listener_ports.*.rendered, + aws_alb_listener.https.*.arn + ) + ) } output "security_group_id" { - value = "${aws_security_group.sg.id}" + value = aws_security_group.sg.id } + diff --git a/modules/load-balancer/variables.tf b/modules/load-balancer/variables.tf index 468a2b2..bf140fa 100644 --- a/modules/load-balancer/variables.tf +++ b/modules/load-balancer/variables.tf @@ -5,12 +5,12 @@ variable "name" { description = "The name to use for the Load Balancer" + type = string } variable "http_listener_ports" { description = "A list of ports to listen on for HTTP requests." - type = "list" - + type = list(number) # Example: # # default = [80] @@ -18,7 +18,10 @@ variable "http_listener_ports" { variable "https_listener_ports_and_certs" { description = "A list of objects that define the ports to listen on for HTTPS requests. Each object should have the keys 'port' (the port number to listen on) and 'certificate_arn' (the ARN of an ACM or IAM TLS cert to use on this listener)." - type = "list" + type = list(object({ + port = number + certificate_arn = string + })) # Example: # @@ -32,16 +35,17 @@ variable "https_listener_ports_and_certs" { variable "allow_inbound_from_cidr_blocks" { description = "A list of IP addresses in CIDR notation from which the load balancer will allow incoming HTTP/HTTPS requests." - type = "list" + type = list(string) } variable "vpc_id" { description = "The ID of the VPC in which to deploy the Load Balancer" + type = string } variable "subnet_ids" { description = "The subnet IDs into which the Load Balancer should be deployed." - type = "list" + type = list(string) } # --------------------------------------------------------------------------------------------------------------------- @@ -51,49 +55,58 @@ variable "subnet_ids" { variable "allow_inbound_from_security_groups" { description = "A list of Security Group IDs from which the load balancer will allow incoming HTTP/HTTPS requests. Any time you change this value, make sure to update var.allow_inbound_from_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_inbound_security_groups" { description = "The number of Security Group IDs in var.allow_inbound_from_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "default_target_group_arn" { description = "The ARN of a Target Group where all requests that don't match any Load Balancer Listener Rules will be sent. If you set this to empty string, we will send the requests to a \"black hole\" target group that always returns a 503, so we strongly recommend configuring this to be a target group that can instead return a reasonable 404 page." - default = "" + type = string + default = null } variable "internal" { description = "Set to true to make this an internal load balancer that is only accessible from within the VPC. Set to false to make it publicly accessible." + type = bool default = false } variable "enable_http2" { description = "Set to true to enable HTTP/2 on the load balancer." + type = bool default = true } variable "ip_address_type" { description = "The type of IP address to use on the load balancer. Must be one of: ipv4, dualstack." + type = string default = "ipv4" } variable "tags" { description = "Custom tags to apply to the load balancer." - type = "map" + type = map(string) default = {} } variable "idle_timeout" { description = "The time in seconds that the connection is allowed to be idle." + type = number default = 30 } variable "route53_records" { description = "A list of DNS A records to create in Route 53 that point at this Load Balancer. Each item in the list should be an object with the keys 'domain' (the domain name to create) and 'zone_id' (the Route 53 Hosted Zone ID in which to create the DNS A record)." - type = "list" + type = list(object({ + domain = string + zone_id = string + })) default = [] # Example: @@ -105,3 +118,4 @@ variable "route53_records" { # } # ] } + From efbb30db5b93738e765758bf026566983b6c588e Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:14:33 -0400 Subject: [PATCH 07/31] Update couchbase-server-security-group-rules --- .../main.tf | 446 +++++++++--------- .../outputs.tf | 37 +- .../variables.tf | 62 ++- 3 files changed, 293 insertions(+), 252 deletions(-) diff --git a/modules/couchbase-server-security-group-rules/main.tf b/modules/couchbase-server-security-group-rules/main.tf index 67625a8..5200513 100644 --- a/modules/couchbase-server-security-group-rules/main.tf +++ b/modules/couchbase-server-security-group-rules/main.tf @@ -1,65 +1,74 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + +terraform { + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # REST PORT # REST/HTTP including Web UI # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "rest_port_cidr_blocks" { - count = "${signum(length(var.rest_port_cidr_blocks)) * var.enable_non_ssl_ports}" + count = length(var.rest_port_cidr_blocks) > 0 && var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.rest_port}" - to_port = "${var.rest_port}" + from_port = var.rest_port + to_port = var.rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.rest_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.rest_port_cidr_blocks } resource "aws_security_group_rule" "rest_port_security_groups" { - count = "${var.num_rest_port_security_groups * var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? var.num_rest_port_security_groups : 0 type = "ingress" - from_port = "${var.rest_port}" - to_port = "${var.rest_port}" + from_port = var.rest_port + to_port = var.rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.rest_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.rest_port_security_groups, count.index) } resource "aws_security_group_rule" "rest_port_self" { - count = "${var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.rest_port}" - to_port = "${var.rest_port}" + from_port = var.rest_port + to_port = var.rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } resource "aws_security_group_rule" "ssl_rest_port_cidr_blocks" { - count = "${signum(length(var.rest_port_cidr_blocks)) * var.enable_ssl_ports}" + count = length(var.rest_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_rest_port}" - to_port = "${var.ssl_rest_port}" + from_port = var.ssl_rest_port + to_port = var.ssl_rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.rest_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.rest_port_cidr_blocks } resource "aws_security_group_rule" "ssl_rest_port_security_groups" { - count = "${var.num_rest_port_security_groups * var.enable_ssl_ports}" + count = var.enable_ssl_ports ? var.num_rest_port_security_groups : 0 type = "ingress" - from_port = "${var.ssl_rest_port}" - to_port = "${var.ssl_rest_port}" + from_port = var.ssl_rest_port + to_port = var.ssl_rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.rest_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.rest_port_security_groups, count.index) } resource "aws_security_group_rule" "ssl_rest_port_self" { - count = "${var.enable_ssl_ports}" + count = var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_rest_port}" - to_port = "${var.ssl_rest_port}" + from_port = var.ssl_rest_port + to_port = var.ssl_rest_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -69,62 +78,62 @@ resource "aws_security_group_rule" "ssl_rest_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "capi_port_cidr_blocks" { - count = "${signum(length(var.capi_port_cidr_blocks)) * var.enable_non_ssl_ports}" + count = length(var.capi_port_cidr_blocks) > 0 && var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.capi_port}" - to_port = "${var.capi_port}" + from_port = var.capi_port + to_port = var.capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.capi_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.capi_port_cidr_blocks } resource "aws_security_group_rule" "capi_port_security_groups" { - count = "${var.num_capi_port_security_groups * var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? var.num_capi_port_security_groups : 0 type = "ingress" - from_port = "${var.capi_port}" - to_port = "${var.capi_port}" + from_port = var.capi_port + to_port = var.capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.capi_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.capi_port_security_groups, count.index) } resource "aws_security_group_rule" "capi_port_self" { - count = "${var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.capi_port}" - to_port = "${var.capi_port}" + from_port = var.capi_port + to_port = var.capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } resource "aws_security_group_rule" "ssl_capi_port_cidr_blocks" { - count = "${signum(length(var.capi_port_cidr_blocks)) * var.enable_ssl_ports}" + count = length(var.capi_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_capi_port}" - to_port = "${var.ssl_capi_port}" + from_port = var.ssl_capi_port + to_port = var.ssl_capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.capi_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.capi_port_cidr_blocks } resource "aws_security_group_rule" "ssl_capi_port_security_groups" { - count = "${var.num_capi_port_security_groups * var.enable_ssl_ports}" + count = var.enable_ssl_ports ? var.num_capi_port_security_groups : 0 type = "ingress" - from_port = "${var.ssl_capi_port}" - to_port = "${var.ssl_capi_port}" + from_port = var.ssl_capi_port + to_port = var.ssl_capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.capi_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.capi_port_security_groups, count.index) } resource "aws_security_group_rule" "ssl_capi_self" { - count = "${var.enable_ssl_ports}" + count = var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_capi_port}" - to_port = "${var.ssl_capi_port}" + from_port = var.ssl_capi_port + to_port = var.ssl_capi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -134,62 +143,62 @@ resource "aws_security_group_rule" "ssl_capi_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "query_port_cidr_blocks" { - count = "${signum(length(var.query_port_cidr_blocks)) * var.enable_non_ssl_ports}" + count = length(var.query_port_cidr_blocks) > 0 && var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.query_port}" - to_port = "${var.query_port}" + from_port = var.query_port + to_port = var.query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.query_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.query_port_cidr_blocks } resource "aws_security_group_rule" "query_port_security_groups" { - count = "${var.num_query_port_security_groups * var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? var.num_query_port_security_groups : 0 type = "ingress" - from_port = "${var.query_port}" - to_port = "${var.query_port}" + from_port = var.query_port + to_port = var.query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.query_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.query_port_security_groups, count.index) } resource "aws_security_group_rule" "query_port_self" { - count = "${var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.query_port}" - to_port = "${var.query_port}" + from_port = var.query_port + to_port = var.query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } resource "aws_security_group_rule" "ssl_query_port_cidr_blocks" { - count = "${signum(length(var.query_port_cidr_blocks)) * var.enable_ssl_ports}" + count = length(var.query_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 :0 type = "ingress" - from_port = "${var.ssl_query_port}" - to_port = "${var.ssl_query_port}" + from_port = var.ssl_query_port + to_port = var.ssl_query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.query_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.query_port_cidr_blocks } resource "aws_security_group_rule" "ssl_query_port_security_groups" { - count = "${var.num_query_port_security_groups * var.enable_ssl_ports}" + count = var.enable_ssl_ports ? var.num_query_port_security_groups : 0 type = "ingress" - from_port = "${var.ssl_query_port}" - to_port = "${var.ssl_query_port}" + from_port = var.ssl_query_port + to_port = var.ssl_query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.query_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.query_port_security_groups, count.index) } resource "aws_security_group_rule" "ssl_query_port_self" { - count = "${var.enable_ssl_ports}" + count = var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_query_port}" - to_port = "${var.ssl_query_port}" + from_port = var.ssl_query_port + to_port = var.ssl_query_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -199,62 +208,62 @@ resource "aws_security_group_rule" "ssl_query_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "fts_port_cidr_blocks" { - count = "${signum(length(var.fts_port_cidr_blocks)) * var.enable_non_ssl_ports}" + count = length(var.fts_port_cidr_blocks) > 0 && var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.fts_port}" - to_port = "${var.fts_port}" + from_port = var.fts_port + to_port = var.fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.fts_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.fts_port_cidr_blocks } resource "aws_security_group_rule" "fts_port_security_groups" { - count = "${var.num_fts_port_security_groups * var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? var.num_fts_port_security_groups : 0 type = "ingress" - from_port = "${var.fts_port}" - to_port = "${var.fts_port}" + from_port = var.fts_port + to_port = var.fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.fts_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.fts_port_security_groups, count.index) } resource "aws_security_group_rule" "fts_port_self" { - count = "${var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.fts_port}" - to_port = "${var.fts_port}" + from_port = var.fts_port + to_port = var.fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } resource "aws_security_group_rule" "ssl_fts_port_cidr_blocks" { - count = "${signum(length(var.fts_port_cidr_blocks)) * var.enable_ssl_ports}" + count = length(var.fts_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_fts_port}" - to_port = "${var.ssl_fts_port}" + from_port = var.ssl_fts_port + to_port = var.ssl_fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.fts_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.fts_port_cidr_blocks } resource "aws_security_group_rule" "ssl_fts_port_security_groups" { - count = "${var.num_fts_port_security_groups * var.enable_ssl_ports}" + count = var.enable_ssl_ports ? var.num_fts_port_security_groups : 0 type = "ingress" - from_port = "${var.ssl_fts_port}" - to_port = "${var.ssl_fts_port}" + from_port = var.ssl_fts_port + to_port = var.ssl_fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.fts_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.fts_port_security_groups, count.index) } resource "aws_security_group_rule" "ssl_fts_port_self" { - count = "${var.enable_ssl_ports}" + count = var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_fts_port}" - to_port = "${var.ssl_fts_port}" + from_port = var.ssl_fts_port + to_port = var.ssl_fts_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -264,62 +273,62 @@ resource "aws_security_group_rule" "ssl_fts_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "memcached_port_cidr_blocks" { - count = "${signum(length(var.memcached_port_cidr_blocks)) * var.enable_non_ssl_ports}" + count = length(var.memcached_port_cidr_blocks) > 0 && var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.memcached_port}" - to_port = "${var.memcached_port}" + from_port = var.memcached_port + to_port = var.memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.memcached_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.memcached_port_cidr_blocks } resource "aws_security_group_rule" "memcached_port_security_groups" { - count = "${var.num_memcached_port_security_groups * var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? var.num_memcached_port_security_groups : 0 type = "ingress" - from_port = "${var.memcached_port}" - to_port = "${var.memcached_port}" + from_port = var.memcached_port + to_port = var.memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.memcached_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.memcached_port_security_groups, count.index) } resource "aws_security_group_rule" "memcached_port_self" { - count = "${var.enable_non_ssl_ports}" + count = var.enable_non_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.memcached_port}" - to_port = "${var.memcached_port}" + from_port = var.memcached_port + to_port = var.memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } resource "aws_security_group_rule" "ssl_memcached_port_cidr_blocks" { - count = "${signum(length(var.memcached_port_cidr_blocks)) * var.enable_ssl_ports}" + count = length(var.memcached_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_memcached_port}" - to_port = "${var.ssl_memcached_port}" + from_port = var.ssl_memcached_port + to_port = var.ssl_memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.memcached_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.memcached_port_cidr_blocks } resource "aws_security_group_rule" "ssl_memcached_port_security_groups" { - count = "${var.num_memcached_port_security_groups * var.enable_ssl_ports}" + count = var.enable_ssl_ports ? var.num_memcached_port_security_groups : 0 type = "ingress" - from_port = "${var.ssl_memcached_port}" - to_port = "${var.ssl_memcached_port}" + from_port = var.ssl_memcached_port + to_port = var.ssl_memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.memcached_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.memcached_port_security_groups, count.index) } resource "aws_security_group_rule" "ssl_memcached_port_self" { - count = "${var.enable_ssl_ports}" + count = var.enable_ssl_ports ? 1 : 0 type = "ingress" - from_port = "${var.ssl_memcached_port}" - to_port = "${var.ssl_memcached_port}" + from_port = var.ssl_memcached_port + to_port = var.ssl_memcached_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -329,31 +338,31 @@ resource "aws_security_group_rule" "ssl_memcached_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "memcached_dedicated_port_cidr_blocks" { - count = "${signum(length(var.memcached_dedicated_port_cidr_blocks))}" + count = signum(length(var.memcached_dedicated_port_cidr_blocks)) type = "ingress" - from_port = "${var.memcached_dedicated_port}" - to_port = "${var.memcached_dedicated_port}" + from_port = var.memcached_dedicated_port + to_port = var.memcached_dedicated_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.memcached_dedicated_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.memcached_dedicated_port_cidr_blocks } resource "aws_security_group_rule" "memcached_dedicated_port_security_groups" { - count = "${var.num_memcached_dedicated_port_security_groups}" + count = var.num_memcached_dedicated_port_security_groups type = "ingress" - from_port = "${var.memcached_dedicated_port}" - to_port = "${var.memcached_dedicated_port}" + from_port = var.memcached_dedicated_port + to_port = var.memcached_dedicated_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.memcached_dedicated_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.memcached_dedicated_port_security_groups, count.index) } resource "aws_security_group_rule" "memcached_dedicated_port_self" { type = "ingress" - from_port = "${var.memcached_dedicated_port}" - to_port = "${var.memcached_dedicated_port}" + from_port = var.memcached_dedicated_port + to_port = var.memcached_dedicated_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -363,31 +372,31 @@ resource "aws_security_group_rule" "memcached_dedicated_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "moxi_port_cidr_blocks" { - count = "${signum(length(var.moxi_port_cidr_blocks))}" + count = signum(length(var.moxi_port_cidr_blocks)) type = "ingress" - from_port = "${var.moxi_port}" - to_port = "${var.moxi_port}" + from_port = var.moxi_port + to_port = var.moxi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.moxi_port_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.moxi_port_cidr_blocks } resource "aws_security_group_rule" "moxi_port_security_groups" { - count = "${var.num_moxi_port_security_groups}" + count = var.num_moxi_port_security_groups type = "ingress" - from_port = "${var.moxi_port}" - to_port = "${var.moxi_port}" + from_port = var.moxi_port + to_port = var.moxi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.moxi_port_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.moxi_port_security_groups, count.index) } resource "aws_security_group_rule" "moxi_port_self" { type = "ingress" - from_port = "${var.moxi_port}" - to_port = "${var.moxi_port}" + from_port = var.moxi_port + to_port = var.moxi_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -397,31 +406,31 @@ resource "aws_security_group_rule" "moxi_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "epmd_port_cidr_blocks" { - count = "${signum(length(var.internal_ports_cidr_blocks))}" + count = signum(length(var.internal_ports_cidr_blocks)) type = "ingress" - from_port = "${var.epmd_port}" - to_port = "${var.epmd_port}" + from_port = var.epmd_port + to_port = var.epmd_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.internal_ports_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.internal_ports_cidr_blocks } resource "aws_security_group_rule" "epmd_port_security_groups" { - count = "${var.num_internal_ports_security_groups}" + count = var.num_internal_ports_security_groups type = "ingress" - from_port = "${var.epmd_port}" - to_port = "${var.epmd_port}" + from_port = var.epmd_port + to_port = var.epmd_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.internal_ports_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.internal_ports_security_groups, count.index) } resource "aws_security_group_rule" "epmd_port_self" { type = "ingress" - from_port = "${var.epmd_port}" - to_port = "${var.epmd_port}" + from_port = var.epmd_port + to_port = var.epmd_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -431,31 +440,31 @@ resource "aws_security_group_rule" "epmd_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "indexer_port_cidr_blocks" { - count = "${signum(length(var.internal_ports_cidr_blocks))}" + count = signum(length(var.internal_ports_cidr_blocks)) type = "ingress" - from_port = "${var.indexer_start_port_range}" - to_port = "${var.indexer_end_port_range}" + from_port = var.indexer_start_port_range + to_port = var.indexer_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.internal_ports_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.internal_ports_cidr_blocks } resource "aws_security_group_rule" "indexer_port_security_groups" { - count = "${var.num_internal_ports_security_groups}" + count = var.num_internal_ports_security_groups type = "ingress" - from_port = "${var.indexer_start_port_range}" - to_port = "${var.indexer_end_port_range}" + from_port = var.indexer_start_port_range + to_port = var.indexer_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.internal_ports_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.internal_ports_security_groups, count.index) } resource "aws_security_group_rule" "indexer_port_self" { type = "ingress" - from_port = "${var.indexer_start_port_range}" - to_port = "${var.indexer_end_port_range}" + from_port = var.indexer_start_port_range + to_port = var.indexer_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -465,31 +474,31 @@ resource "aws_security_group_rule" "indexer_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "projector_port_cidr_blocks" { - count = "${signum(length(var.internal_ports_cidr_blocks))}" + count = signum(length(var.internal_ports_cidr_blocks)) type = "ingress" - from_port = "${var.projector_port}" - to_port = "${var.projector_port}" + from_port = var.projector_port + to_port = var.projector_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.internal_ports_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.internal_ports_cidr_blocks } resource "aws_security_group_rule" "projector_port_security_groups" { - count = "${var.num_internal_ports_security_groups}" + count = var.num_internal_ports_security_groups type = "ingress" - from_port = "${var.projector_port}" - to_port = "${var.projector_port}" + from_port = var.projector_port + to_port = var.projector_port protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.internal_ports_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.internal_ports_security_groups, count.index) } resource "aws_security_group_rule" "projector_port_self" { type = "ingress" - from_port = "${var.projector_port}" - to_port = "${var.projector_port}" + from_port = var.projector_port + to_port = var.projector_port protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } @@ -499,30 +508,31 @@ resource "aws_security_group_rule" "projector_port_self" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group_rule" "internal_data_port_cidr_blocks" { - count = "${signum(length(var.internal_ports_cidr_blocks))}" + count = signum(length(var.internal_ports_cidr_blocks)) type = "ingress" - from_port = "${var.internal_data_start_port_range}" - to_port = "${var.internal_data_end_port_range}" + from_port = var.internal_data_start_port_range + to_port = var.internal_data_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" - cidr_blocks = ["${var.internal_ports_cidr_blocks}"] + security_group_id = var.security_group_id + cidr_blocks = var.internal_ports_cidr_blocks } resource "aws_security_group_rule" "internal_data_port_security_groups" { - count = "${var.num_internal_ports_security_groups}" + count = var.num_internal_ports_security_groups type = "ingress" - from_port = "${var.internal_data_start_port_range}" - to_port = "${var.internal_data_end_port_range}" + from_port = var.internal_data_start_port_range + to_port = var.internal_data_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" - source_security_group_id = "${element(var.internal_ports_security_groups, count.index)}" + security_group_id = var.security_group_id + source_security_group_id = element(var.internal_ports_security_groups, count.index) } resource "aws_security_group_rule" "internal_data_port_self" { type = "ingress" - from_port = "${var.internal_data_start_port_range}" - to_port = "${var.internal_data_end_port_range}" + from_port = var.internal_data_start_port_range + to_port = var.internal_data_end_port_range protocol = "tcp" - security_group_id = "${var.security_group_id}" + security_group_id = var.security_group_id self = true } + diff --git a/modules/couchbase-server-security-group-rules/outputs.tf b/modules/couchbase-server-security-group-rules/outputs.tf index 1314720..4c5c8af 100644 --- a/modules/couchbase-server-security-group-rules/outputs.tf +++ b/modules/couchbase-server-security-group-rules/outputs.tf @@ -1,71 +1,72 @@ output "rest_port" { - value = "${var.rest_port}" + value = var.rest_port } output "ssl_rest_port" { - value = "${var.ssl_rest_port}" + value = var.ssl_rest_port } output "capi_port" { - value = "${var.capi_port}" + value = var.capi_port } output "ssl_capi_port" { - value = "${var.ssl_capi_port}" + value = var.ssl_capi_port } output "query_port" { - value = "${var.query_port}" + value = var.query_port } output "ssl_query_port" { - value = "${var.ssl_query_port}" + value = var.ssl_query_port } output "fts_port" { - value = "${var.fts_port}" + value = var.fts_port } output "ssl_fts_port" { - value = "${var.ssl_fts_port}" + value = var.ssl_fts_port } output "memcached_port" { - value = "${var.memcached_port}" + value = var.memcached_port } output "ssl_memcached_port" { - value = "${var.ssl_memcached_port}" + value = var.ssl_memcached_port } output "moxi_port" { - value = "${var.moxi_port}" + value = var.moxi_port } output "epmd_port" { - value = "${var.epmd_port}" + value = var.epmd_port } output "indexer_start_port_range" { - value = "${var.indexer_start_port_range}" + value = var.indexer_start_port_range } output "indexer_end_port_range" { - value = "${var.indexer_end_port_range}" + value = var.indexer_end_port_range } output "projector_port" { - value = "${var.projector_port}" + value = var.projector_port } output "memcached_dedicated_port" { - value = "${var.memcached_dedicated_port}" + value = var.memcached_dedicated_port } output "internal_data_start_port_range" { - value = "${var.internal_data_start_port_range}" + value = var.internal_data_start_port_range } output "internal_data_end_port_range" { - value = "${var.internal_data_end_port_range}" + value = var.internal_data_end_port_range } + diff --git a/modules/couchbase-server-security-group-rules/variables.tf b/modules/couchbase-server-security-group-rules/variables.tf index e4a085f..1f00f38 100644 --- a/modules/couchbase-server-security-group-rules/variables.tf +++ b/modules/couchbase-server-security-group-rules/variables.tf @@ -5,6 +5,7 @@ variable "security_group_id" { description = "The ID of the Security Group to which all the rules should be attached." + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -14,236 +15,265 @@ variable "security_group_id" { variable "enable_non_ssl_ports" { description = "If set to true, enable the non SSL ports. Only applies to ports that have bot SSL and non SSL versions." + type = bool default = true } variable "enable_ssl_ports" { description = "If set to true, enable the SSL ports. Only applies to ports that have bot SSL and non SSL versions." + type = bool default = false } variable "rest_port" { description = "The port to use for REST/HTTP requests, including the Couchbase Web Console." + type = number default = 8091 } variable "ssl_rest_port" { description = "The port to use for REST/HTTP requests over SSL, including the Couchbase Web Console." + type = number default = 18091 } variable "rest_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the rest_port." - type = "list" + type = list(string) default = [] } variable "rest_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the rest_port. If you update this variable, make sure to update var.num_rest_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_rest_port_security_groups" { description = "The number of security group IDs in var.rest_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "capi_port" { description = "The port to use for Views and XDCR access." + type = number default = 8092 } variable "ssl_capi_port" { description = "The port to use for Views and XDCR access over SSL." + type = number default = 18092 } variable "capi_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the capi_port." - type = "list" + type = list(string) default = [] } variable "capi_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the capi_port. If you update this variable, make sure to update var.num_capi_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_capi_port_security_groups" { description = "The number of security group IDs in var.capi_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "query_port" { description = "The port to use for Query service REST/HTTP traffic." + type = number default = 8093 } variable "ssl_query_port" { description = "The port to use for Query service REST/HTTP traffic over SSL." + type = number default = 18093 } variable "query_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the query_port." - type = "list" + type = list(string) default = [] } variable "query_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the query_port. If you update this variable, make sure to update var.num_query_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_query_port_security_groups" { description = "The number of security group IDs in var.query_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "fts_port" { description = "The port to use for Search service REST/HTTP traffic." + type = number default = 8094 } variable "ssl_fts_port" { description = "The port to use for Search service REST/HTTP traffic." + type = number default = 18094 } variable "fts_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the fts_port." - type = "list" + type = list(string) default = [] } variable "fts_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the fts_port. If you update this variable, make sure to update var.num_fts_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_fts_port_security_groups" { description = "The number of security group IDs in var.fts_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "memcached_port" { description = "The port to use for the Data Service." + type = number default = 11210 } variable "ssl_memcached_port" { description = "The port to use for the Data Service." + type = number default = 11207 } variable "memcached_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the memcached_port." - type = "list" + type = list(string) default = [] } variable "memcached_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the memcached_port. If you update this variable, make sure to update var.num_memcached_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_memcached_port_security_groups" { description = "The number of security group IDs in var.memcached_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "memcached_dedicated_port" { description = "The port to use for the Data Service." + type = number default = 11209 } variable "memcached_dedicated_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the memcached_dedicated_port." - type = "list" + type = list(string) default = [] } variable "memcached_dedicated_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the memcached_dedicated_port. If you update this variable, make sure to update var.num_memcached_dedicated_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_memcached_dedicated_port_security_groups" { description = "The number of security group IDs in var.memcached_dedicated_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "moxi_port" { description = "The port to use for the Data Service." + type = number default = 11211 } variable "moxi_port_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the moxi_port." - type = "list" + type = list(string) default = [] } variable "moxi_port_security_groups" { description = "The list of Security Group IDs from which to allow connections to the moxi_port. If you update this variable, make sure to update var.num_moxi_port_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_moxi_port_security_groups" { description = "The number of security group IDs in var.moxi_port_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } variable "epmd_port" { description = "The port to use for the Erlang Port Mapper Daemon." + type = number default = 4369 } variable "indexer_start_port_range" { description = "The starting port in the port range to use for the Indexer Service." + type = number default = 9100 } variable "indexer_end_port_range" { description = "The starting port in the port range to use for the Indexer Service." + type = number default = 9105 } variable "projector_port" { description = "The port to use for the Indexer Service." + type = number default = 9999 } variable "internal_data_start_port_range" { description = "The starting port in the port range to use for node data exchange." + type = number default = 21100 } variable "internal_data_end_port_range" { description = "The starting port in the port range to use for node data exchange." + type = number default = 21299 } variable "internal_ports_cidr_blocks" { description = "The list of IP address ranges in CIDR notation from which to allow connections to the internal ports: epmd, indexer, projector, internal data." - type = "list" + type = list(string) default = [] } variable "internal_ports_security_groups" { description = "The list of Security Group IDs from which to allow connections to the internal ports: epmd, indexer, projector, internal data. If you update this variable, make sure to update var.num_internal_ports_security_groups too!" - type = "list" + type = list(string) default = [] } variable "num_internal_ports_security_groups" { description = "The number of security group IDs in var.internal_ports_security_groups. We should be able to compute this automatically, but due to a Terraform limitation, if there are any dynamic resources in var.allow_inbound_from_cidr_blocks, then we won't be able to: https://github.com/hashicorp/terraform/pull/11482" + type = number default = 0 } + From e180ab8038664a116674845a57cf29fc318534f2 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:15:12 -0400 Subject: [PATCH 08/31] Update couchbase-iam-policies to 0.12 --- modules/couchbase-iam-policies/main.tf | 14 ++++++++++++-- modules/couchbase-iam-policies/variables.tf | 2 ++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/couchbase-iam-policies/main.tf b/modules/couchbase-iam-policies/main.tf index c65397b..e29f3ca 100644 --- a/modules/couchbase-iam-policies/main.tf +++ b/modules/couchbase-iam-policies/main.tf @@ -1,11 +1,20 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + +terraform { + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # ATTACH AN IAM POLICY THAT ALLOWS THE COUCHBASE NODES TO AUTOMATICALLY DISCOVER EACH OTHER AND FORM A CLUSTER # --------------------------------------------------------------------------------------------------------------------- resource "aws_iam_role_policy" "auto_discover_cluster" { name = "auto-discover-cluster" - role = "${var.iam_role_id}" - policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}" + role = var.iam_role_id + policy = data.aws_iam_policy_document.auto_discover_cluster.json } data "aws_iam_policy_document" "auto_discover_cluster" { @@ -21,3 +30,4 @@ data "aws_iam_policy_document" "auto_discover_cluster" { resources = ["*"] } } + diff --git a/modules/couchbase-iam-policies/variables.tf b/modules/couchbase-iam-policies/variables.tf index c93792f..26ac224 100644 --- a/modules/couchbase-iam-policies/variables.tf +++ b/modules/couchbase-iam-policies/variables.tf @@ -5,4 +5,6 @@ variable "iam_role_id" { description = "The ID of the IAM Role to which these IAM policies should be attached" + type = string } + From 8b1e07bf4f2eabc4421313509daf75b9e86ed23e Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:25:36 -0400 Subject: [PATCH 09/31] Update couchbase-cluster to 0.12 --- examples/couchbase-cluster-mds/variables.tf | 4 +- .../variables.tf | 4 +- .../variables.tf | 8 +- modules/couchbase-cluster/main.tf | 108 ++++++++++-------- modules/couchbase-cluster/outputs.tf | 13 ++- modules/couchbase-cluster/variables.tf | 50 ++++++-- 6 files changed, 116 insertions(+), 71 deletions(-) diff --git a/examples/couchbase-cluster-mds/variables.tf b/examples/couchbase-cluster-mds/variables.tf index 442c3d3..0aee733 100644 --- a/examples/couchbase-cluster-mds/variables.tf +++ b/examples/couchbase-cluster-mds/variables.tf @@ -38,8 +38,8 @@ variable "sync_gateway_cluster_name" { } variable "ssh_key_name" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + default = null } variable "data_volume_device_name" { diff --git a/examples/couchbase-cluster-simple-dns-tls/variables.tf b/examples/couchbase-cluster-simple-dns-tls/variables.tf index 257ae94..28b5720 100644 --- a/examples/couchbase-cluster-simple-dns-tls/variables.tf +++ b/examples/couchbase-cluster-simple-dns-tls/variables.tf @@ -32,8 +32,8 @@ variable "cluster_name" { } variable "ssh_key_name" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + default = null } variable "data_volume_device_name" { diff --git a/examples/couchbase-multi-datacenter-replication/variables.tf b/examples/couchbase-multi-datacenter-replication/variables.tf index baf450d..fe2c2cd 100644 --- a/examples/couchbase-multi-datacenter-replication/variables.tf +++ b/examples/couchbase-multi-datacenter-replication/variables.tf @@ -37,13 +37,13 @@ variable "cluster_name_replica" { } variable "ssh_key_name_primary" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the primary Couchbase cluster. Must be a Key Pair in the same region as the primary cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the primary Couchbase cluster. Must be a Key Pair in the same region as the primary cluster. Set to null to not associate a Key Pair." + default = null } variable "ssh_key_name_replica" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the replica Couchbase cluster. Must be a Key Pair in the same region as the replica cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the replica Couchbase cluster. Must be a Key Pair in the same region as the replica cluster. Set to null to not associate a Key Pair." + default = null } variable "couchbase_load_balancer_port" { diff --git a/modules/couchbase-cluster/main.tf b/modules/couchbase-cluster/main.tf index d8da751..0aa8b69 100644 --- a/modules/couchbase-cluster/main.tf +++ b/modules/couchbase-cluster/main.tf @@ -1,5 +1,10 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + terraform { - required_version = ">= 0.10.0" + required_version = ">= 0.12" } # --------------------------------------------------------------------------------------------------------------------- @@ -7,26 +12,26 @@ terraform { # --------------------------------------------------------------------------------------------------------------------- resource "aws_autoscaling_group" "autoscaling_group" { - name = "${var.cluster_name}" + name = var.cluster_name - launch_configuration = "${aws_launch_configuration.launch_configuration.name}" - vpc_zone_identifier = ["${var.subnet_ids}"] + launch_configuration = aws_launch_configuration.launch_configuration.name + vpc_zone_identifier = var.subnet_ids - min_size = "${var.min_size}" - max_size = "${var.max_size}" - termination_policies = ["${var.termination_policies}"] + min_size = var.min_size + max_size = var.max_size + termination_policies = [var.termination_policies] - health_check_type = "${var.health_check_type}" - health_check_grace_period = "${var.health_check_grace_period}" - wait_for_capacity_timeout = "${var.wait_for_capacity_timeout}" + health_check_type = var.health_check_type + health_check_grace_period = var.health_check_grace_period + wait_for_capacity_timeout = var.wait_for_capacity_timeout tags = [ { key = "Name" - value = "${var.cluster_name}" + value = var.cluster_name propagate_at_launch = true }, - "${var.tags}", + var.tags, ] } @@ -36,27 +41,37 @@ resource "aws_autoscaling_group" "autoscaling_group" { resource "aws_launch_configuration" "launch_configuration" { name_prefix = "${var.cluster_name}-" - image_id = "${var.ami_id}" - instance_type = "${var.instance_type}" - user_data = "${var.user_data}" - spot_price = "${var.spot_price}" + image_id = var.ami_id + instance_type = var.instance_type + user_data = var.user_data + spot_price = var.spot_price - iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}" - key_name = "${var.ssh_key_name}" - security_groups = ["${aws_security_group.lc_security_group.id}"] - placement_tenancy = "${var.tenancy}" - associate_public_ip_address = "${var.associate_public_ip_address}" + iam_instance_profile = aws_iam_instance_profile.instance_profile.name + key_name = var.ssh_key_name + security_groups = [aws_security_group.lc_security_group.id] + placement_tenancy = var.tenancy + associate_public_ip_address = var.associate_public_ip_address - ebs_optimized = "${var.root_volume_ebs_optimized}" + ebs_optimized = var.root_volume_ebs_optimized root_block_device { - volume_type = "${var.root_volume_type}" - volume_size = "${var.root_volume_size}" - delete_on_termination = "${var.root_volume_delete_on_termination}" - iops = "${var.root_volume_iops}" + volume_type = var.root_volume_type + volume_size = var.root_volume_size + delete_on_termination = var.root_volume_delete_on_termination + iops = var.root_volume_iops } - ebs_block_device = "${var.ebs_block_devices}" + dynamic "ebs_block_device" { + for_each = var.ebs_block_devices + content { + device_name = lookup(ebs_block_device.value, "device_name") + volume_type = lookup(ebs_block_device.value, "volume_type") + volume_size = lookup(ebs_block_device.value, "volume_size") + iops = lookup(ebs_block_device.value, "iops", null) + encrypted = lookup(ebs_block_device.value, "encrypted", null) + delete_on_termination = lookup(ebs_block_device.value, "delete_on_termination", null) + } + } # Important note: whenever using a launch configuration with an auto scaling group, you must set # create_before_destroy = true. However, as soon as you set create_before_destroy = true in one resource, you must @@ -76,9 +91,9 @@ resource "aws_launch_configuration" "launch_configuration" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_security_group" "lc_security_group" { - name_prefix = "${var.cluster_name}" + name_prefix = var.cluster_name description = "Security group for the ${var.cluster_name} launch configuration" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors @@ -87,29 +102,29 @@ resource "aws_security_group" "lc_security_group" { create_before_destroy = true } - tags = "${var.security_group_tags}" + tags = var.security_group_tags } resource "aws_security_group_rule" "allow_ssh_inbound" { - count = "${length(var.allowed_ssh_cidr_blocks) >= 1 ? 1 : 0}" + count = length(var.allowed_ssh_cidr_blocks) >= 1 ? 1 : 0 type = "ingress" - from_port = "${var.ssh_port}" - to_port = "${var.ssh_port}" + from_port = var.ssh_port + to_port = var.ssh_port protocol = "tcp" - cidr_blocks = ["${var.allowed_ssh_cidr_blocks}"] + cidr_blocks = var.allowed_ssh_cidr_blocks - security_group_id = "${aws_security_group.lc_security_group.id}" + security_group_id = aws_security_group.lc_security_group.id } resource "aws_security_group_rule" "allow_ssh_inbound_from_security_group_ids" { - count = "${length(var.allowed_ssh_security_group_ids)}" + count = length(var.allowed_ssh_security_group_ids) type = "ingress" - from_port = "${var.ssh_port}" - to_port = "${var.ssh_port}" + from_port = var.ssh_port + to_port = var.ssh_port protocol = "tcp" - source_security_group_id = "${element(var.allowed_ssh_security_group_ids, count.index)}" + source_security_group_id = element(var.allowed_ssh_security_group_ids, count.index) - security_group_id = "${aws_security_group.lc_security_group.id}" + security_group_id = aws_security_group.lc_security_group.id } resource "aws_security_group_rule" "allow_all_outbound" { @@ -119,7 +134,7 @@ resource "aws_security_group_rule" "allow_all_outbound" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.lc_security_group.id}" + security_group_id = aws_security_group.lc_security_group.id } # --------------------------------------------------------------------------------------------------------------------- @@ -130,9 +145,9 @@ resource "aws_security_group_rule" "allow_all_outbound" { # --------------------------------------------------------------------------------------------------------------------- resource "aws_iam_instance_profile" "instance_profile" { - name_prefix = "${var.cluster_name}" - path = "${var.instance_profile_path}" - role = "${aws_iam_role.instance_role.name}" + name_prefix = var.cluster_name + path = var.instance_profile_path + role = aws_iam_role.instance_role.name # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors @@ -143,8 +158,8 @@ resource "aws_iam_instance_profile" "instance_profile" { } resource "aws_iam_role" "instance_role" { - name_prefix = "${var.cluster_name}" - assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}" + name_prefix = var.cluster_name + assume_role_policy = data.aws_iam_policy_document.instance_role.json # aws_iam_instance_profile.instance_profile in this module sets create_before_destroy to true, which means # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors @@ -165,3 +180,4 @@ data "aws_iam_policy_document" "instance_role" { } } } + diff --git a/modules/couchbase-cluster/outputs.tf b/modules/couchbase-cluster/outputs.tf index e4a97ff..43f4b8d 100644 --- a/modules/couchbase-cluster/outputs.tf +++ b/modules/couchbase-cluster/outputs.tf @@ -1,23 +1,24 @@ output "asg_name" { - value = "${aws_autoscaling_group.autoscaling_group.name}" + value = aws_autoscaling_group.autoscaling_group.name } output "cluster_size" { - value = "${aws_autoscaling_group.autoscaling_group.desired_capacity}" + value = aws_autoscaling_group.autoscaling_group.desired_capacity } output "launch_config_name" { - value = "${aws_launch_configuration.launch_configuration.name}" + value = aws_launch_configuration.launch_configuration.name } output "iam_role_arn" { - value = "${aws_iam_role.instance_role.arn}" + value = aws_iam_role.instance_role.arn } output "iam_role_id" { - value = "${aws_iam_role.instance_role.id}" + value = aws_iam_role.instance_role.id } output "security_group_id" { - value = "${aws_security_group.lc_security_group.id}" + value = aws_security_group.lc_security_group.id } + diff --git a/modules/couchbase-cluster/variables.tf b/modules/couchbase-cluster/variables.tf index adac2c1..ac8a051 100644 --- a/modules/couchbase-cluster/variables.tf +++ b/modules/couchbase-cluster/variables.tf @@ -5,35 +5,42 @@ variable "cluster_name" { description = "The name of the Couchbase cluster (e.g. couchbase-stage). This variable is used to namespace all resources created by this module." + type = string } variable "ami_id" { description = "The ID of the AMI to run in this cluster." + type = string } variable "instance_type" { description = "The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro)." + type = string } variable "min_size" { description = "The minimum number of nodes to have in the Couchbase cluster." + type = number } variable "max_size" { description = "The maximum number of nodes to have in the Couchbase cluster." + type = number } variable "vpc_id" { description = "The ID of the VPC in which to deploy the Couchbase cluster" + type = string } variable "subnet_ids" { description = "The subnet IDs into which the EC2 Instances should be deployed." - type = "list" + type = list(string) } variable "user_data" { description = "A User Data script to execute while the server is booting." + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -42,72 +49,84 @@ variable "user_data" { # --------------------------------------------------------------------------------------------------------------------- variable "ssh_key_name" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + type = string + default = null } variable "allowed_ssh_cidr_blocks" { description = "A list of CIDR-formatted IP address ranges from which the EC2 Instances will allow SSH connections" - type = "list" + type = list(string) default = [] } variable "allowed_ssh_security_group_ids" { description = "A list of security group IDs from which the EC2 Instances will allow SSH connections" - type = "list" + type = list(string) default = [] } variable "termination_policies" { description = "A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default." + type = string default = "Default" } variable "associate_public_ip_address" { description = "If set to true, associate a public IP address with each EC2 Instance in the cluster." + type = bool default = false } variable "spot_price" { description = "The maximum hourly price to pay for EC2 Spot Instances." + type = string default = "" } variable "tenancy" { description = "The tenancy of the instance. Must be one of: empty string, default, or dedicated. For EC2 Spot Instances only empty string or dedicated can be used." - default = "" + type = string + default = null } variable "root_volume_ebs_optimized" { description = "If true, the launched EC2 instance will be EBS-optimized." + type = bool default = false } variable "root_volume_type" { description = "The type of volume. Must be one of: standard, gp2, or io1." + type = string default = "gp2" } variable "root_volume_size" { description = "The size, in GB, of the root EBS volume." + type = number default = 50 } variable "root_volume_delete_on_termination" { description = "Whether the volume should be destroyed on instance termination." + type = bool default = true } variable "root_volume_iops" { description = "The amount of provisioned IOPS for the root volume. Only used if volume type is io1." + type = number default = 0 } variable "ebs_block_devices" { description = "A list of EBS volumes to attach to each EC2 Instance. Each item in the list should be an object with the keys 'device_name', 'volume_type', 'volume_size', 'iops', 'delete_on_termination', and 'encrypted', as defined here: https://www.terraform.io/docs/providers/aws/r/launch_configuration.html#block-devices. We recommend using one EBS Volume for the Couchbase data dir and another one for the index dir." - type = "list" + # We can't narrow the inner type down more than "any" because if we use object, then all the fields will be required + # (whereas some, such as encrypted, should be optional), and if we use map, all the values must be of the same type, + # whereas some here are strings, some are bools, and some are ints. + type = list(any) default = [] - # Example: # # default = [ @@ -122,34 +141,42 @@ variable "ebs_block_devices" { variable "wait_for_capacity_timeout" { description = "A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior." + type = string default = "10m" } variable "health_check_type" { description = "Controls how health checking is done. Must be one of EC2 or ELB." + type = string default = "EC2" } variable "health_check_grace_period" { description = "Time, in seconds, after instance comes into service before checking health." + type = number default = 600 } variable "instance_profile_path" { description = "Path in which to create the IAM instance profile." + type = string default = "/" } variable "ssh_port" { description = "The port used for SSH connections" + type = number default = 22 } variable "tags" { description = "List fo extra tag blocks added to the autoscaling group configuration. Each element in the list is a map containing keys 'key', 'value', and 'propagate_at_launch' mapped to the respective values." - type = "list" + type = list(object({ + key = string + value = string + propagate_at_launch = bool + })) default = [] - # Example: # # default = [ @@ -163,6 +190,7 @@ variable "tags" { variable "security_group_tags" { description = "Custom tags to apply to the security group." - type = "map" + type = map(string) default = {} } + From bee89ea9ffce6bdf79c7a27b6a2e316af4207722 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:33:36 -0400 Subject: [PATCH 10/31] Fix tag handling --- modules/couchbase-cluster/main.tf | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/modules/couchbase-cluster/main.tf b/modules/couchbase-cluster/main.tf index 0aa8b69..ab23645 100644 --- a/modules/couchbase-cluster/main.tf +++ b/modules/couchbase-cluster/main.tf @@ -25,14 +25,21 @@ resource "aws_autoscaling_group" "autoscaling_group" { health_check_grace_period = var.health_check_grace_period wait_for_capacity_timeout = var.wait_for_capacity_timeout - tags = [ - { - key = "Name" - value = var.cluster_name - propagate_at_launch = true - }, - var.tags, - ] + tag { + key = "Name" + value = var.cluster_name + propagate_at_launch = true + } + + dynamic "tag" { + for_each = var.tags + + content { + key = lookup(tag.value, "key") + value = lookup(tag.value, "value") + propagate_at_launch = lookup(tag.value, "propagate_at_launch") + } + } } # --------------------------------------------------------------------------------------------------------------------- From fd4b0ac71d0d86608cd5765226b28d1c31e13785 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:33:43 -0400 Subject: [PATCH 11/31] Update couchbase-cluster-mds example --- examples/couchbase-cluster-mds/main.tf | 189 ++++++++++---------- examples/couchbase-cluster-mds/outputs.tf | 7 +- examples/couchbase-cluster-mds/variables.tf | 18 +- 3 files changed, 115 insertions(+), 99 deletions(-) diff --git a/examples/couchbase-cluster-mds/main.tf b/examples/couchbase-cluster-mds/main.tf index 23ac2cf..f575274 100644 --- a/examples/couchbase-cluster-mds/main.tf +++ b/examples/couchbase-cluster-mds/main.tf @@ -4,8 +4,13 @@ # clsuters in AWS. # --------------------------------------------------------------------------------------------------------------------- +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + terraform { - required_version = ">= 0.10.3" + required_version = ">= 0.12" } # --------------------------------------------------------------------------------------------------------------------- @@ -18,7 +23,7 @@ module "couchbase_data_nodes" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.couchbase_data_node_cluster_name}" + cluster_name = var.couchbase_data_node_cluster_name min_size = 3 max_size = 3 @@ -26,16 +31,16 @@ module "couchbase_data_nodes" { # R4 or M4 instances. instance_type = "t2.micro" - ami_id = "${data.template_file.ami_id.rendered}" - user_data = "${data.template_file.user_data_couchbase_data_nodes.rendered}" + ami_id = data.template_file.ami_id.rendered + user_data = data.template_file.user_data_couchbase_data_nodes.rendered - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # We recommend using a separate EBS Volumes for the Couchbase data dir ebs_block_devices = [ { - device_name = "${var.data_volume_device_name}" + device_name = var.data_volume_device_name volume_type = "gp2" volume_size = 50 }, @@ -45,7 +50,7 @@ module "couchbase_data_nodes" { # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name}" + ssh_key_name = var.ssh_key_name # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -75,7 +80,7 @@ module "couchbase_index_query_search_nodes" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.couchbase_index_query_search_node_cluster_name}" + cluster_name = var.couchbase_index_query_search_node_cluster_name min_size = 2 max_size = 2 @@ -83,16 +88,16 @@ module "couchbase_index_query_search_nodes" { # R4 or M4 instances. instance_type = "t2.micro" - ami_id = "${data.template_file.ami_id.rendered}" - user_data = "${data.template_file.user_data_couchbase_index_query_search_nodes.rendered}" + ami_id = data.template_file.ami_id.rendered + user_data = data.template_file.user_data_couchbase_index_query_search_nodes.rendered - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # We recommend using a separate EBS Volumes for the Couchbase index dir ebs_block_devices = [ { - device_name = "${var.index_volume_device_name}" + device_name = var.index_volume_device_name volume_type = "gp2" volume_size = 50 }, @@ -102,7 +107,7 @@ module "couchbase_index_query_search_nodes" { # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name}" + ssh_key_name = var.ssh_key_name # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -132,7 +137,7 @@ module "sync_gateway" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.sync_gateway_cluster_name}" + cluster_name = var.sync_gateway_cluster_name min_size = 2 max_size = 2 @@ -140,17 +145,17 @@ module "sync_gateway" { # R4 or M4 instances. instance_type = "t2.micro" - ami_id = "${data.template_file.ami_id.rendered}" - user_data = "${data.template_file.user_data_sync_gateway.rendered}" + ami_id = data.template_file.ami_id.rendered + user_data = data.template_file.user_data_sync_gateway.rendered - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # To make testing easier, we allow SSH requests from any IP address here. In a production deployment, we strongly # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name}" + ssh_key_name = var.ssh_key_name # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -175,53 +180,47 @@ module "sync_gateway" { # --------------------------------------------------------------------------------------------------------------------- data "template_file" "user_data_couchbase_data_nodes" { - template = "${file("${path.module}/user-data/user-data-couchbase-data-nodes.sh")}" - - vars { - cluster_asg_name = "${var.couchbase_data_node_cluster_name}" - cluster_port = "${module.couchbase_data_nodes_security_group_rules.rest_port}" - - # Pass in the data about the EBS volumes so they can be mounted - - data_volume_device_name = "${var.data_volume_device_name}" - data_volume_mount_point = "${var.data_volume_mount_point}" - volume_owner = "${var.volume_owner}" + template = file("${path.module}/user-data/user-data-couchbase-data-nodes.sh") + + vars = { + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + data_volume_device_name = var.data_volume_device_name + data_volume_mount_point = var.data_volume_mount_point + volume_owner = var.volume_owner # Use a small amount of memory so this example can fit on a t2.micro. In production settings, you'll want to run # on - data_ramsize = "512" + data_ramsize = "512" index_ramsize = "256" fts_ramsize = "256" } + # Pass in the data about the EBS volumes so they can be mounted } data "template_file" "user_data_couchbase_index_query_search_nodes" { - template = "${file("${path.module}/user-data/user-data-couchbase-index-query-search-nodes.sh")}" - - vars { - cluster_asg_name = "${var.couchbase_data_node_cluster_name}" - cluster_port = "${module.couchbase_data_nodes_security_group_rules.rest_port}" - - # Pass in the data about the EBS volumes so they can be mounted - - index_volume_device_name = "${var.index_volume_device_name}" - index_volume_mount_point = "${var.index_volume_mount_point}" - volume_owner = "${var.volume_owner}" + template = file("${path.module}/user-data/user-data-couchbase-index-query-search-nodes.sh") + + vars = { + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + index_volume_device_name = var.index_volume_device_name + index_volume_mount_point = var.index_volume_mount_point + volume_owner = var.volume_owner } + # Pass in the data about the EBS volumes so they can be mounted } data "template_file" "user_data_sync_gateway" { - template = "${file("${path.module}/user-data/user-data-sync-gateway.sh")}" - - vars { - cluster_asg_name = "${var.couchbase_data_node_cluster_name}" - cluster_port = "${module.couchbase_data_nodes_security_group_rules.rest_port}" - - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. + template = file("${path.module}/user-data/user-data-sync-gateway.sh") + vars = { + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" } + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. } # --------------------------------------------------------------------------------------------------------------------- @@ -237,11 +236,11 @@ module "load_balancer" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer?ref=v0.0.1" source = "../../modules/load-balancer" - name = "${var.couchbase_data_node_cluster_name}" - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + name = var.couchbase_data_node_cluster_name + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids - http_listener_ports = ["${var.data_nodes_load_balancer_port}", "${var.index_query_search_nodes_load_balancer_port}", "${var.sync_gateway_load_balancer_port}"] + http_listener_ports = [var.data_nodes_load_balancer_port, var.index_query_search_nodes_load_balancer_port, var.sync_gateway_load_balancer_port] https_listener_ports_and_certs = [] # To make testing easier, we allow inbound connections from any IP. In production usage, you may want to only allow @@ -250,12 +249,13 @@ module "load_balancer" { allow_inbound_from_cidr_blocks = ["0.0.0.0/0"] internal = false + # Since Sync Gateway and Couchbase Lite can have long running connections for changes feeds, we recommend setting the # idle timeout to the maximum value of 3,600 seconds (1 hour) # https://developer.couchbase.com/documentation/mobile/1.5/guides/sync-gateway/nginx/index.html#aws-elastic-load-balancer-elb idle_timeout = 3600 tags = { - Name = "${var.couchbase_data_node_cluster_name}" + Name = var.couchbase_data_node_cluster_name } } @@ -265,13 +265,13 @@ module "couchbase_data_nodes_target_group" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer-target-group?ref=v0.0.1" source = "../../modules/load-balancer-target-group" - target_group_name = "${var.couchbase_data_node_cluster_name}" - asg_name = "${module.couchbase_data_nodes.asg_name}" - port = "${module.couchbase_data_nodes_security_group_rules.rest_port}" + target_group_name = var.couchbase_data_node_cluster_name + asg_name = module.couchbase_data_nodes.asg_name + port = module.couchbase_data_nodes_security_group_rules.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, var.data_nodes_load_balancer_port)}"] + listener_arns = [module.load_balancer.http_listener_arns[var.data_nodes_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -286,13 +286,13 @@ module "couchbase_index_query_search_nodes_target_group" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer-target-group?ref=v0.0.1" source = "../../modules/load-balancer-target-group" - target_group_name = "${var.couchbase_index_query_search_node_cluster_name}" - asg_name = "${module.couchbase_index_query_search_nodes.asg_name}" - port = "${module.couchbase_index_query_search_nodes_security_group_rules.rest_port}" + target_group_name = var.couchbase_index_query_search_node_cluster_name + asg_name = module.couchbase_index_query_search_nodes.asg_name + port = module.couchbase_index_query_search_nodes_security_group_rules.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, var.index_query_search_nodes_load_balancer_port)}"] + listener_arns = [module.load_balancer.http_listener_arns[var.index_query_search_nodes_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -307,13 +307,13 @@ module "sync_gateway_target_group" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer-target-group?ref=v0.0.1" source = "../../modules/load-balancer-target-group" - target_group_name = "${var.sync_gateway_cluster_name}" - asg_name = "${module.sync_gateway.asg_name}" - port = "${module.sync_gateway_security_group_rules.interface_port}" + target_group_name = var.sync_gateway_cluster_name + asg_name = module.sync_gateway.asg_name + port = module.sync_gateway_security_group_rules.interface_port health_check_path = "/" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, var.sync_gateway_load_balancer_port)}"] + listener_arns = [module.load_balancer.http_listener_arns[var.sync_gateway_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 } @@ -329,7 +329,7 @@ module "couchbase_data_nodes_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase_data_nodes.security_group_id}" + security_group_id = module.couchbase_data_nodes.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -343,19 +343,19 @@ module "couchbase_data_nodes_security_group_rules" { # Make sure all the ports used for node-to-node communication are open to all the clusters - rest_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + rest_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_rest_port_security_groups = 2 - capi_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + capi_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_capi_port_security_groups = 2 - query_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + query_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_query_port_security_groups = 2 - fts_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + fts_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_fts_port_security_groups = 2 - memcached_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + memcached_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_memcached_port_security_groups = 2 - memcached_dedicated_port_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + memcached_dedicated_port_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_memcached_dedicated_port_security_groups = 2 - internal_ports_security_groups = ["${module.couchbase_index_query_search_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + internal_ports_security_groups = [module.couchbase_index_query_search_nodes.security_group_id, module.sync_gateway.security_group_id] num_internal_ports_security_groups = 2 } @@ -365,7 +365,7 @@ module "couchbase_index_query_search_nodes_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase_index_query_search_nodes.security_group_id}" + security_group_id = module.couchbase_index_query_search_nodes.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -379,19 +379,19 @@ module "couchbase_index_query_search_nodes_security_group_rules" { # Make sure all the ports used for node-to-node communication are open to all the clusters - rest_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + rest_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_rest_port_security_groups = 2 - capi_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + capi_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_capi_port_security_groups = 2 - query_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + query_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_query_port_security_groups = 2 - fts_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + fts_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_fts_port_security_groups = 2 - memcached_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + memcached_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_memcached_port_security_groups = 2 - memcached_dedicated_port_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + memcached_dedicated_port_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_memcached_dedicated_port_security_groups = 2 - internal_ports_security_groups = ["${module.couchbase_data_nodes.security_group_id}", "${module.sync_gateway.security_group_id}"] + internal_ports_security_groups = [module.couchbase_data_nodes.security_group_id, module.sync_gateway.security_group_id] num_internal_ports_security_groups = 2 } @@ -401,7 +401,7 @@ module "sync_gateway_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/sync-gateway-security-group-rules?ref=v0.0.1" source = "../../modules/sync-gateway-security-group-rules" - security_group_id = "${module.sync_gateway.security_group_id}" + security_group_id = module.sync_gateway.security_group_id # To keep this example simple, we allow these interface port to be accessed from any IP. In a production # deployment, you may want to lock this down just to trusted servers. @@ -419,7 +419,7 @@ module "iam_policies_couchbase_data_nodes" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase_data_nodes.iam_role_id}" + iam_role_id = module.couchbase_data_nodes.iam_role_id } module "iam_policies_couchbase_index_query_search_nodes" { @@ -428,7 +428,7 @@ module "iam_policies_couchbase_index_query_search_nodes" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase_index_query_search_nodes.iam_role_id}" + iam_role_id = module.couchbase_index_query_search_nodes.iam_role_id } module "iam_policies_sync_gateway" { @@ -437,7 +437,7 @@ module "iam_policies_sync_gateway" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.sync_gateway.iam_role_id}" + iam_role_id = module.sync_gateway.iam_role_id } # --------------------------------------------------------------------------------------------------------------------- @@ -472,7 +472,7 @@ data "aws_ami" "coubase_ubuntu_example" { } data "template_file" "ami_id" { - template = "${var.ami_id == "" ? data.aws_ami.coubase_ubuntu_example.id : var.ami_id}" + template = var.ami_id == null ? data.aws_ami.coubase_ubuntu_example.id : var.ami_id } # --------------------------------------------------------------------------------------------------------------------- @@ -487,5 +487,6 @@ data "aws_vpc" "default" { } data "aws_subnet_ids" "default" { - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } + diff --git a/examples/couchbase-cluster-mds/outputs.tf b/examples/couchbase-cluster-mds/outputs.tf index 946b17c..4a60475 100644 --- a/examples/couchbase-cluster-mds/outputs.tf +++ b/examples/couchbase-cluster-mds/outputs.tf @@ -11,13 +11,14 @@ output "sync_gateway_url" { } output "couchbase_data_nodes_cluster_asg_name" { - value = "${module.couchbase_data_nodes.asg_name}" + value = module.couchbase_data_nodes.asg_name } output "couchbase_index_query_search_nodes_cluster_asg_name" { - value = "${module.couchbase_index_query_search_nodes.asg_name}" + value = module.couchbase_index_query_search_nodes.asg_name } output "sync_gateway_cluster_asg_name" { - value = "${module.sync_gateway.asg_name}" + value = module.sync_gateway.asg_name } + diff --git a/examples/couchbase-cluster-mds/variables.tf b/examples/couchbase-cluster-mds/variables.tf index 0aee733..779b652 100644 --- a/examples/couchbase-cluster-mds/variables.tf +++ b/examples/couchbase-cluster-mds/variables.tf @@ -18,66 +18,80 @@ # --------------------------------------------------------------------------------------------------------------------- variable "ami_id" { - description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Leave blank to use one of the example AMIs we have published publicly." - default = "" + description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Set to null to use one of the example AMIs we have published publicly." + type = string + default = null } variable "couchbase_data_node_cluster_name" { description = "What to name the Couchbase data nodes cluster and all of its associated resources" + type = string default = "couchbase-server-data" } variable "couchbase_index_query_search_node_cluster_name" { description = "What to name the Couchbase index/query/search nodes cluster and all of its associated resources" + type = string default = "couchbase-server-search" } variable "sync_gateway_cluster_name" { description = "What to name the Sync Gateway cluster and all of its associated resources" + type = string default = "couchbase-sync-gateway" } variable "ssh_key_name" { description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + type = string default = null } variable "data_volume_device_name" { description = "The device name to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/dev/xvdh" } variable "data_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/couchbase-data" } variable "index_volume_device_name" { description = "The device name to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/dev/xvdi" } variable "index_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/couchbase-index" } variable "volume_owner" { description = "The OS user who should be made the owner of the data and index volume mount points." + type = string default = "couchbase" } variable "data_nodes_load_balancer_port" { description = "The port the load balancer should listen on for Couchbase Web Console requests for the data nodes." + type = number default = 8091 } variable "index_query_search_nodes_load_balancer_port" { description = "The port the load balancer should listen on for Couchbase Web Console requests for the index, query, and search nodes." + type = number default = 9091 } variable "sync_gateway_load_balancer_port" { description = "The port the load balancer should listen on for Sync Gateway requests." + type = number default = 4984 } + From d416fde465ff8b8c6b71b6a51be6ab5169785c2c Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:36:03 -0400 Subject: [PATCH 12/31] Update root example --- main.tf | 90 +++++++++++++++++++++++++++------------------------- outputs.tf | 3 +- variables.tf | 19 ++++++++--- 3 files changed, 64 insertions(+), 48 deletions(-) diff --git a/main.tf b/main.tf index 2c2d6cc..6071181 100644 --- a/main.tf +++ b/main.tf @@ -5,8 +5,13 @@ # used for health checks and to distribute traffic across Sync Gateway. # --------------------------------------------------------------------------------------------------------------------- +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + terraform { - required_version = ">= 0.10.3" + required_version = ">= 0.12" } # --------------------------------------------------------------------------------------------------------------------- @@ -19,28 +24,28 @@ module "couchbase" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "./modules/couchbase-cluster" - cluster_name = "${var.cluster_name}" + cluster_name = var.cluster_name min_size = 3 max_size = 3 instance_type = "t2.medium" - ami_id = "${data.template_file.ami_id.rendered}" - user_data = "${data.template_file.user_data_server.rendered}" + ami_id = data.template_file.ami_id.rendered + user_data = data.template_file.user_data_server.rendered - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # We recommend using two EBS Volumes with your Couchbase servers: one for the data directory and one for the index # directory. ebs_block_devices = [ { - device_name = "${var.data_volume_device_name}" + device_name = var.data_volume_device_name volume_type = "gp2" volume_size = 50 encrypted = true }, { - device_name = "${var.index_volume_device_name}" + device_name = var.index_volume_device_name volume_type = "gp2" volume_size = 50 encrypted = true @@ -51,7 +56,7 @@ module "couchbase" { # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name}" + ssh_key_name = var.ssh_key_name # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -77,26 +82,23 @@ module "couchbase" { # --------------------------------------------------------------------------------------------------------------------- data "template_file" "user_data_server" { - template = "${file("${path.module}/examples/couchbase-cluster-simple/user-data/user-data.sh")}" - - vars { - cluster_asg_name = "${var.cluster_name}" - cluster_port = "${module.couchbase_security_group_rules.rest_port}" - - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. + template = file("${path.module}/examples/couchbase-cluster-simple/user-data/user-data.sh") + vars = { + cluster_asg_name = var.cluster_name + cluster_port = module.couchbase_security_group_rules.rest_port sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" - - # Pass in the data about the EBS volumes so they can be mounted - - data_volume_device_name = "${var.data_volume_device_name}" - data_volume_mount_point = "${var.data_volume_mount_point}" - index_volume_device_name = "${var.index_volume_device_name}" - index_volume_mount_point = "${var.index_volume_mount_point}" - volume_owner = "${var.volume_owner}" + data_volume_device_name = var.data_volume_device_name + data_volume_mount_point = var.data_volume_mount_point + index_volume_device_name = var.index_volume_device_name + index_volume_mount_point = var.index_volume_mount_point + volume_owner = var.volume_owner } + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. + + # Pass in the data about the EBS volumes so they can be mounted } # --------------------------------------------------------------------------------------------------------------------- @@ -111,11 +113,11 @@ module "load_balancer" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer?ref=v0.0.1" source = "./modules/load-balancer" - name = "${var.cluster_name}" - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + name = var.cluster_name + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids - http_listener_ports = ["${var.couchbase_load_balancer_port}", "${var.sync_gateway_load_balancer_port}"] + http_listener_ports = [var.couchbase_load_balancer_port, var.sync_gateway_load_balancer_port] https_listener_ports_and_certs = [] # To make testing easier, we allow inbound connections from any IP. In production usage, you may want to only allow @@ -124,12 +126,13 @@ module "load_balancer" { allow_inbound_from_cidr_blocks = ["0.0.0.0/0"] internal = false + # Since Sync Gateway and Couchbase Lite can have long running connections for changes feeds, we recommend setting the # idle timeout to the maximum value of 3,600 seconds (1 hour) # https://developer.couchbase.com/documentation/mobile/1.5/guides/sync-gateway/nginx/index.html#aws-elastic-load-balancer-elb idle_timeout = 3600 tags = { - Name = "${var.cluster_name}" + Name = var.cluster_name } } @@ -140,12 +143,12 @@ module "couchbase_target_group" { source = "./modules/load-balancer-target-group" target_group_name = "${var.cluster_name}-cb" - asg_name = "${module.couchbase.asg_name}" - port = "${module.couchbase_security_group_rules.rest_port}" + asg_name = module.couchbase.asg_name + port = module.couchbase_security_group_rules.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, var.couchbase_load_balancer_port)}"] + listener_arns = [module.load_balancer.http_listener_arns[var.couchbase_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -161,12 +164,12 @@ module "sync_gateway_target_group" { source = "./modules/load-balancer-target-group" target_group_name = "${var.cluster_name}-sg" - asg_name = "${module.couchbase.asg_name}" - port = "${module.sync_gateway_security_group_rules.interface_port}" + asg_name = module.couchbase.asg_name + port = module.sync_gateway_security_group_rules.interface_port health_check_path = "/" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, var.sync_gateway_load_balancer_port)}"] + listener_arns = [module.load_balancer.http_listener_arns[var.sync_gateway_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 } @@ -182,7 +185,7 @@ module "couchbase_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "./modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase.security_group_id}" + security_group_id = module.couchbase.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -201,7 +204,7 @@ module "sync_gateway_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/sync-gateway-security-group-rules?ref=v0.0.1" source = "./modules/sync-gateway-security-group-rules" - security_group_id = "${module.couchbase.security_group_id}" + security_group_id = module.couchbase.security_group_id # To keep this example simple, we allow these interface port to be accessed from any IP. In a production # deployment, you may want to lock this down just to trusted servers. @@ -219,7 +222,7 @@ module "iam_policies" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "./modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase.iam_role_id}" + iam_role_id = module.couchbase.iam_role_id } # --------------------------------------------------------------------------------------------------------------------- @@ -254,7 +257,7 @@ data "aws_ami" "couchbase_ubuntu_example" { } data "template_file" "ami_id" { - template = "${var.ami_id == "" ? data.aws_ami.couchbase_ubuntu_example.id : var.ami_id}" + template = var.ami_id == null ? data.aws_ami.couchbase_ubuntu_example.id : var.ami_id } # --------------------------------------------------------------------------------------------------------------------- @@ -269,5 +272,6 @@ data "aws_vpc" "default" { } data "aws_subnet_ids" "default" { - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } + diff --git a/outputs.tf b/outputs.tf index 92e9f4f..4138cc3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -7,5 +7,6 @@ output "sync_gateway_url" { } output "couchbase_cluster_asg_name" { - value = "${module.couchbase.asg_name}" + value = module.couchbase.asg_name } + diff --git a/variables.tf b/variables.tf index 7a382ee..e463cef 100644 --- a/variables.tf +++ b/variables.tf @@ -18,51 +18,62 @@ # --------------------------------------------------------------------------------------------------------------------- variable "ami_id" { - description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Leave blank to use one of the example AMIs we have published publicly." - default = "" + description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Set to null to use one of the example AMIs we have published publicly." + type = string + default = null } variable "cluster_name" { description = "What to name the Couchbase cluster and all of its associated resources" + type = string default = "couchbase-server" } variable "ssh_key_name" { - description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to an empty string to not associate a Key Pair." - default = "" + description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + type = string + default = null } variable "data_volume_device_name" { description = "The device name to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/dev/xvdh" } variable "data_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/couchbase-data" } variable "index_volume_device_name" { description = "The device name to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/dev/xvdi" } variable "index_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/couchbase-index" } variable "volume_owner" { description = "The OS user who should be made the owner of the data and index volume mount points." + type = string default = "couchbase" } variable "couchbase_load_balancer_port" { description = "The port the load balancer should listen on for Couchbase Web Console requests." + type = number default = 8091 } variable "sync_gateway_load_balancer_port" { description = "The port the load balancer should listen on for Sync Gateway requests." + type = number default = 4984 } + From 1148796d1562c3a868fc41d406a2a2d495c82cf4 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:37:51 -0400 Subject: [PATCH 13/31] Upgrade couchbase-cluster-simple-dns-tls example --- .../couchbase-cluster-simple-dns-tls/main.tf | 101 +++++++++--------- .../outputs.tf | 3 +- .../variables.tf | 18 +++- 3 files changed, 70 insertions(+), 52 deletions(-) diff --git a/examples/couchbase-cluster-simple-dns-tls/main.tf b/examples/couchbase-cluster-simple-dns-tls/main.tf index 007b40c..f7e3731 100644 --- a/examples/couchbase-cluster-simple-dns-tls/main.tf +++ b/examples/couchbase-cluster-simple-dns-tls/main.tf @@ -6,8 +6,13 @@ # for it. # --------------------------------------------------------------------------------------------------------------------- +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + terraform { - required_version = ">= 0.10.3" + required_version = ">= 0.12" } # --------------------------------------------------------------------------------------------------------------------- @@ -20,28 +25,28 @@ module "couchbase" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.cluster_name}" + cluster_name = var.cluster_name min_size = 3 max_size = 3 instance_type = "t2.medium" - ami_id = "${data.template_file.ami_id.rendered}" - user_data = "${data.template_file.user_data_server.rendered}" + ami_id = data.template_file.ami_id.rendered + user_data = data.template_file.user_data_server.rendered - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # We recommend using two EBS Volumes with your Couchbase servers: one for the data directory and one for the index # directory. ebs_block_devices = [ { - device_name = "${var.data_volume_device_name}" + device_name = var.data_volume_device_name volume_type = "gp2" volume_size = 50 encrypted = true }, { - device_name = "${var.index_volume_device_name}" + device_name = var.index_volume_device_name volume_type = "gp2" volume_size = 50 encrypted = true @@ -52,7 +57,7 @@ module "couchbase" { # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name}" + ssh_key_name = var.ssh_key_name # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -78,26 +83,23 @@ module "couchbase" { # --------------------------------------------------------------------------------------------------------------------- data "template_file" "user_data_server" { - template = "${file("${path.module}/user-data/user-data.sh")}" - - vars { - cluster_asg_name = "${var.cluster_name}" - cluster_port = "${module.couchbase_security_group_rules.rest_port}" - - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. + template = file("${path.module}/user-data/user-data.sh") + vars = { + cluster_asg_name = var.cluster_name + cluster_port = module.couchbase_security_group_rules.rest_port sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" - - # Pass in the data about the EBS volumes so they can be mounted - - data_volume_device_name = "${var.data_volume_device_name}" - data_volume_mount_point = "${var.data_volume_mount_point}" - index_volume_device_name = "${var.index_volume_device_name}" - index_volume_mount_point = "${var.index_volume_mount_point}" - volume_owner = "${var.volume_owner}" + data_volume_device_name = var.data_volume_device_name + data_volume_mount_point = var.data_volume_mount_point + index_volume_device_name = var.index_volume_device_name + index_volume_mount_point = var.index_volume_mount_point + volume_owner = var.volume_owner } + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. + + # Pass in the data about the EBS volumes so they can be mounted } # --------------------------------------------------------------------------------------------------------------------- @@ -112,29 +114,30 @@ module "load_balancer" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer?ref=v0.0.1" source = "../../modules/load-balancer" - name = "${var.cluster_name}" - vpc_id = "${data.aws_vpc.default.id}" - subnet_ids = "${data.aws_subnet_ids.default.ids}" + name = var.cluster_name + vpc_id = data.aws_vpc.default.id + subnet_ids = data.aws_subnet_ids.default.ids # In this example, we only listen for HTTPS requests on the load balancer http_listener_ports = [] https_listener_ports_and_certs = [ { - port = "${var.couchbase_load_balancer_port}" - certificate_arn = "${data.aws_acm_certificate.load_balancer.arn}" + port = var.couchbase_load_balancer_port + certificate_arn = data.aws_acm_certificate.load_balancer.arn }, { - port = "${var.sync_gateway_load_balancer_port}" - certificate_arn = "${data.aws_acm_certificate.load_balancer.arn}" + port = var.sync_gateway_load_balancer_port + certificate_arn = data.aws_acm_certificate.load_balancer.arn }, ] + # Create a DNS A record for . (e.g., couchbase-example.acme.com) pointing at this load # balancer. route53_records = [ { domain = "${var.cluster_name}.${var.domain_name}" - zone_id = "${data.aws_route53_zone.load_balancer.id}" + zone_id = data.aws_route53_zone.load_balancer.id }, ] @@ -144,12 +147,13 @@ module "load_balancer" { allow_inbound_from_cidr_blocks = ["0.0.0.0/0"] internal = false + # Since Sync Gateway and Couchbase Lite can have long running connections for changes feeds, we recommend setting the # idle timeout to the maximum value of 3,600 seconds (1 hour) # https://developer.couchbase.com/documentation/mobile/1.5/guides/sync-gateway/nginx/index.html#aws-elastic-load-balancer-elb idle_timeout = 3600 tags = { - Name = "${var.cluster_name}" + Name = var.cluster_name } } @@ -160,12 +164,12 @@ module "couchbase_target_group" { source = "../../modules/load-balancer-target-group" target_group_name = "${var.cluster_name}-cb" - asg_name = "${module.couchbase.asg_name}" - port = "${module.couchbase_security_group_rules.rest_port}" + asg_name = module.couchbase.asg_name + port = module.couchbase_security_group_rules.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.https_listener_arns, var.couchbase_load_balancer_port)}"] + listener_arns = [module.load_balancer.https_listener_arns[var.couchbase_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -181,12 +185,12 @@ module "sync_gateway_target_group" { source = "../../modules/load-balancer-target-group" target_group_name = "${var.cluster_name}-sg" - asg_name = "${module.couchbase.asg_name}" - port = "${module.sync_gateway_security_group_rules.interface_port}" + asg_name = module.couchbase.asg_name + port = module.sync_gateway_security_group_rules.interface_port health_check_path = "/" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id - listener_arns = ["${lookup(module.load_balancer.https_listener_arns, var.sync_gateway_load_balancer_port)}"] + listener_arns = [module.load_balancer.https_listener_arns[var.sync_gateway_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 } @@ -202,7 +206,7 @@ module "couchbase_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase.security_group_id}" + security_group_id = module.couchbase.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -221,7 +225,7 @@ module "sync_gateway_security_group_rules" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/sync-gateway-security-group-rules?ref=v0.0.1" source = "../../modules/sync-gateway-security-group-rules" - security_group_id = "${module.couchbase.security_group_id}" + security_group_id = module.couchbase.security_group_id # To keep this example simple, we allow these interface port to be accessed from any IP. In a production # deployment, you may want to lock this down just to trusted servers. @@ -239,7 +243,7 @@ module "iam_policies" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-iam-policies?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase.iam_role_id}" + iam_role_id = module.couchbase.iam_role_id } # --------------------------------------------------------------------------------------------------------------------- @@ -254,7 +258,7 @@ data "aws_vpc" "default" { } data "aws_subnet_ids" "default" { - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } # --------------------------------------------------------------------------------------------------------------------- @@ -299,7 +303,7 @@ data "aws_ami" "coubase_ubuntu_example" { } data "template_file" "ami_id" { - template = "${var.ami_id == "" ? data.aws_ami.coubase_ubuntu_example.id : var.ami_id}" + template = var.ami_id == null ? data.aws_ami.coubase_ubuntu_example.id : var.ami_id } # --------------------------------------------------------------------------------------------------------------------- @@ -310,5 +314,6 @@ data "template_file" "ami_id" { data "aws_route53_zone" "load_balancer" { name = "${var.domain_name}." - tags = "${var.domain_name_tags}" + tags = var.domain_name_tags } + diff --git a/examples/couchbase-cluster-simple-dns-tls/outputs.tf b/examples/couchbase-cluster-simple-dns-tls/outputs.tf index 717c66b..bf8c18b 100644 --- a/examples/couchbase-cluster-simple-dns-tls/outputs.tf +++ b/examples/couchbase-cluster-simple-dns-tls/outputs.tf @@ -7,5 +7,6 @@ output "sync_gateway_url" { } output "couchbase_cluster_asg_name" { - value = "${module.couchbase.asg_name}" + value = module.couchbase.asg_name } + diff --git a/examples/couchbase-cluster-simple-dns-tls/variables.tf b/examples/couchbase-cluster-simple-dns-tls/variables.tf index 28b5720..c4b4418 100644 --- a/examples/couchbase-cluster-simple-dns-tls/variables.tf +++ b/examples/couchbase-cluster-simple-dns-tls/variables.tf @@ -14,6 +14,7 @@ variable "domain_name" { description = "A domain name for which (a) you have a Route 53 Hosted Zone, (b) a wildcard SSL certificate from Amazon Certificate Manager. This module will configure the load balancer (a) with a DNS A Record set to . and (b) to listen for SSL requests using the wildcard SSL cert. For example, if you set this value to acme.com, the load balancer will have the domain name couchbase-example.example.com and will listen on SSL requests using an ACM cert for *.example.com." + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -22,57 +23,68 @@ variable "domain_name" { # --------------------------------------------------------------------------------------------------------------------- variable "ami_id" { - description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Leave blank to use one of the example AMIs we have published publicly." - default = "" + description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Set to null to use one of the example AMIs we have published publicly." + type = string + default = null } variable "cluster_name" { description = "What to name the Couchbase cluster and all of its associated resources" + type = string default = "couchbase-server" } variable "ssh_key_name" { description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair." + type = string default = null } variable "data_volume_device_name" { description = "The device name to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/dev/xvdh" } variable "data_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the data directory on Couchbase nodes." + type = string default = "/couchbase-data" } variable "index_volume_device_name" { description = "The device name to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/dev/xvdi" } variable "index_volume_mount_point" { description = "The mount point (folder path) to use for the EBS Volume used for the index directory on Couchbase nodes." + type = string default = "/couchbase-index" } variable "volume_owner" { description = "The OS user who should be made the owner of the data and index volume mount points." + type = string default = "couchbase" } variable "couchbase_load_balancer_port" { description = "The port the load balancer should listen on for Couchbase Web Console requests." + type = number default = 8091 } variable "sync_gateway_load_balancer_port" { description = "The port the load balancer should listen on for Sync Gateway requests." + type = number default = 4984 } variable "domain_name_tags" { description = "Tags the hosted zone must have. Useful if you have multiple hosted zones with the same domain name." - type = "map" + type = map(string) default = {} } + From 1ad70a9faa6592b66d67848ea3345a8060e15223 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:39:44 -0400 Subject: [PATCH 14/31] Update couchbase-multi-datacenter-replication example --- .../main.tf | 135 +++++++++--------- .../outputs.tf | 5 +- .../providers.tf | 3 +- .../variables.tf | 16 ++- 4 files changed, 86 insertions(+), 73 deletions(-) diff --git a/examples/couchbase-multi-datacenter-replication/main.tf b/examples/couchbase-multi-datacenter-replication/main.tf index 9ce4e29..cff1b50 100644 --- a/examples/couchbase-multi-datacenter-replication/main.tf +++ b/examples/couchbase-multi-datacenter-replication/main.tf @@ -3,8 +3,13 @@ # This is an example of how to deploy two Couchbase clusters in AWS with replication between them. # --------------------------------------------------------------------------------------------------------------------- +# ---------------------------------------------------------------------------------------------------------------------- +# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER +# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. +# ---------------------------------------------------------------------------------------------------------------------- + terraform { - required_version = ">= 0.10.3" + required_version = ">= 0.12" } # --------------------------------------------------------------------------------------------------------------------- @@ -17,22 +22,22 @@ module "couchbase_primary" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.cluster_name_primary}" + cluster_name = var.cluster_name_primary min_size = 3 max_size = 3 instance_type = "t2.micro" - ami_id = "${data.template_file.ami_id_primary.rendered}" - user_data = "${data.template_file.user_data_primary.rendered}" + ami_id = data.template_file.ami_id_primary.rendered + user_data = data.template_file.user_data_primary.rendered - vpc_id = "${data.aws_vpc.default_primary.id}" - subnet_ids = "${data.aws_subnet_ids.default_primary.ids}" + vpc_id = data.aws_vpc.default_primary.id + subnet_ids = data.aws_subnet_ids.default_primary.ids # To make testing easier, we allow SSH requests from any IP address here. In a production deployment, we strongly # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name_primary}" + ssh_key_name = var.ssh_key_name_primary # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -43,7 +48,7 @@ module "couchbase_primary" { health_check_type = "ELB" providers = { - aws = "aws.primary" + aws = aws.primary } } @@ -57,22 +62,22 @@ module "couchbase_replica" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-cluster?ref=v0.0.1" source = "../../modules/couchbase-cluster" - cluster_name = "${var.cluster_name_replica}" + cluster_name = var.cluster_name_replica min_size = 3 max_size = 3 instance_type = "t2.micro" - ami_id = "${data.template_file.ami_id_replica.rendered}" - user_data = "${data.template_file.user_data_replica.rendered}" + ami_id = data.template_file.ami_id_replica.rendered + user_data = data.template_file.user_data_replica.rendered - vpc_id = "${data.aws_vpc.default_replica.id}" - subnet_ids = "${data.aws_subnet_ids.default_replica.ids}" + vpc_id = data.aws_vpc.default_replica.id + subnet_ids = data.aws_subnet_ids.default_replica.ids # To make testing easier, we allow SSH requests from any IP address here. In a production deployment, we strongly # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC. allowed_ssh_cidr_blocks = ["0.0.0.0/0"] - ssh_key_name = "${var.ssh_key_name_replica}" + ssh_key_name = var.ssh_key_name_replica # To make it easy to test this example from your computer, we allow the Couchbase servers to have public IPs. In a # production deployment, you'll probably want to keep all the servers in private subnets with only private IPs. @@ -83,7 +88,7 @@ module "couchbase_replica" { health_check_type = "ELB" providers = { - aws = "aws.replica" + aws = aws.replica } } @@ -93,14 +98,13 @@ module "couchbase_replica" { # --------------------------------------------------------------------------------------------------------------------- data "template_file" "user_data_primary" { - template = "${file("${path.module}/user-data/user-data-primary.sh")}" - - vars { - cluster_asg_name = "${var.cluster_name_primary}" - cluster_port = "${module.couchbase_security_group_rules_primary.rest_port}" + template = file("${path.module}/user-data/user-data-primary.sh") - replication_dest_cluster_name = "${var.cluster_name_replica}" - replication_dest_cluster_aws_region = "${data.aws_region.replica.name}" + vars = { + cluster_asg_name = var.cluster_name_primary + cluster_port = module.couchbase_security_group_rules_primary.rest_port + replication_dest_cluster_name = var.cluster_name_replica + replication_dest_cluster_aws_region = data.aws_region.replica.name } } @@ -110,11 +114,11 @@ data "template_file" "user_data_primary" { # --------------------------------------------------------------------------------------------------------------------- data "template_file" "user_data_replica" { - template = "${file("${path.module}/user-data/user-data-replica.sh")}" + template = file("${path.module}/user-data/user-data-replica.sh") - vars { - cluster_asg_name = "${var.cluster_name_replica}" - cluster_port = "${module.couchbase_security_group_rules_replica.rest_port}" + vars = { + cluster_asg_name = var.cluster_name_replica + cluster_port = module.couchbase_security_group_rules_replica.rest_port } } @@ -130,11 +134,11 @@ module "load_balancer_primary" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer?ref=v0.0.1" source = "../../modules/load-balancer" - name = "${var.cluster_name_primary}" - vpc_id = "${data.aws_vpc.default_primary.id}" - subnet_ids = "${data.aws_subnet_ids.default_primary.ids}" + name = var.cluster_name_primary + vpc_id = data.aws_vpc.default_primary.id + subnet_ids = data.aws_subnet_ids.default_primary.ids - http_listener_ports = ["${var.couchbase_load_balancer_port}"] + http_listener_ports = [var.couchbase_load_balancer_port] https_listener_ports_and_certs = [] # To make testing easier, we allow inbound connections from any IP. In production usage, you may want to only allow @@ -144,7 +148,7 @@ module "load_balancer_primary" { allow_inbound_from_cidr_blocks = ["0.0.0.0/0"] internal = false providers = { - aws = "aws.primary" + aws = aws.primary } } @@ -155,12 +159,12 @@ module "couchbase_target_group_primary" { source = "../../modules/load-balancer-target-group" target_group_name = "${var.cluster_name_primary}-cb" - asg_name = "${module.couchbase_primary.asg_name}" - port = "${module.couchbase_security_group_rules_primary.rest_port}" + asg_name = module.couchbase_primary.asg_name + port = module.couchbase_security_group_rules_primary.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default_primary.id}" + vpc_id = data.aws_vpc.default_primary.id - listener_arns = ["${lookup(module.load_balancer_primary.http_listener_arns, var.couchbase_load_balancer_port)}"] + listener_arns = [module.load_balancer_primary.http_listener_arns[var.couchbase_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -169,7 +173,7 @@ module "couchbase_target_group_primary" { enable_stickiness = true providers = { - aws = "aws.primary" + aws = aws.primary } } @@ -185,11 +189,11 @@ module "load_balancer_replica" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/load-balancer?ref=v0.0.1" source = "../../modules/load-balancer" - name = "${var.cluster_name_replica}" - vpc_id = "${data.aws_vpc.default_replica.id}" - subnet_ids = "${data.aws_subnet_ids.default_replica.ids}" + name = var.cluster_name_replica + vpc_id = data.aws_vpc.default_replica.id + subnet_ids = data.aws_subnet_ids.default_replica.ids - http_listener_ports = ["${var.couchbase_load_balancer_port}"] + http_listener_ports = [var.couchbase_load_balancer_port] https_listener_ports_and_certs = [] # To make testing easier, we allow inbound connections from any IP. In production usage, you may want to only allow @@ -199,7 +203,7 @@ module "load_balancer_replica" { allow_inbound_from_cidr_blocks = ["0.0.0.0/0"] internal = false providers = { - aws = "aws.replica" + aws = aws.replica } } @@ -210,12 +214,12 @@ module "couchbase_target_group_replica" { source = "../../modules/load-balancer-target-group" target_group_name = "${var.cluster_name_replica}-cb" - asg_name = "${module.couchbase_replica.asg_name}" - port = "${module.couchbase_security_group_rules_replica.rest_port}" + asg_name = module.couchbase_replica.asg_name + port = module.couchbase_security_group_rules_replica.rest_port health_check_path = "/ui/index.html" - vpc_id = "${data.aws_vpc.default_replica.id}" + vpc_id = data.aws_vpc.default_replica.id - listener_arns = ["${lookup(module.load_balancer_replica.http_listener_arns, var.couchbase_load_balancer_port)}"] + listener_arns = [module.load_balancer_replica.http_listener_arns[var.couchbase_load_balancer_port]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -224,7 +228,7 @@ module "couchbase_target_group_replica" { enable_stickiness = true providers = { - aws = "aws.replica" + aws = aws.replica } } @@ -239,7 +243,7 @@ module "couchbase_security_group_rules_primary" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase_primary.security_group_id}" + security_group_id = module.couchbase_primary.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -251,7 +255,7 @@ module "couchbase_security_group_rules_primary" { memcached_port_cidr_blocks = ["0.0.0.0/0"] moxi_port_cidr_blocks = ["0.0.0.0/0"] providers = { - aws = "aws.primary" + aws = aws.primary } } @@ -266,7 +270,7 @@ module "couchbase_security_group_rules_replica" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-server-security-group-rules" - security_group_id = "${module.couchbase_replica.security_group_id}" + security_group_id = module.couchbase_replica.security_group_id # To keep this example simple, we allow these client-facing ports to be accessed from any IP. In a production # deployment, you may want to lock these down just to trusted servers. @@ -278,7 +282,7 @@ module "couchbase_security_group_rules_replica" { memcached_port_cidr_blocks = ["0.0.0.0/0"] moxi_port_cidr_blocks = ["0.0.0.0/0"] providers = { - aws = "aws.replica" + aws = aws.replica } } @@ -293,10 +297,10 @@ module "iam_policies_primary" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase_primary.iam_role_id}" + iam_role_id = module.couchbase_primary.iam_role_id providers = { - aws = "aws.primary" + aws = aws.primary } } @@ -311,10 +315,10 @@ module "iam_policies_replica" { # source = "git::git@github.com:gruntwork-io/terraform-aws-couchbase.git//modules/couchbase-server-security-group-rules?ref=v0.0.1" source = "../../modules/couchbase-iam-policies" - iam_role_id = "${module.couchbase_replica.iam_role_id}" + iam_role_id = module.couchbase_replica.iam_role_id providers = { - aws = "aws.replica" + aws = aws.replica } } @@ -348,7 +352,7 @@ data "aws_ami" "coubase_ubuntu_example_primary" { values = ["*couchbase-ubuntu-example*"] } - provider = "aws.primary" + provider = aws.primary } data "aws_ami" "coubase_ubuntu_example_replica" { @@ -375,15 +379,15 @@ data "aws_ami" "coubase_ubuntu_example_replica" { values = ["*couchbase-ubuntu-example*"] } - provider = "aws.replica" + provider = aws.replica } data "template_file" "ami_id_primary" { - template = "${var.ami_id_primary == "" ? data.aws_ami.coubase_ubuntu_example_primary.id : var.ami_id_primary}" + template = var.ami_id_primary == null ? data.aws_ami.coubase_ubuntu_example_primary.id : var.ami_id_primary } data "template_file" "ami_id_replica" { - template = "${var.ami_id_replica == "" ? data.aws_ami.coubase_ubuntu_example_replica.id : var.ami_id_replica}" + template = var.ami_id_replica == null ? data.aws_ami.coubase_ubuntu_example_replica.id : var.ami_id_replica } # --------------------------------------------------------------------------------------------------------------------- @@ -396,13 +400,13 @@ data "template_file" "ami_id_replica" { data "aws_vpc" "default_primary" { default = true - provider = "aws.primary" + provider = aws.primary } data "aws_subnet_ids" "default_primary" { - vpc_id = "${data.aws_vpc.default_primary.id}" + vpc_id = data.aws_vpc.default_primary.id - provider = "aws.primary" + provider = aws.primary } # --------------------------------------------------------------------------------------------------------------------- @@ -415,15 +419,16 @@ data "aws_subnet_ids" "default_primary" { data "aws_vpc" "default_replica" { default = true - provider = "aws.replica" + provider = aws.replica } data "aws_subnet_ids" "default_replica" { - vpc_id = "${data.aws_vpc.default_replica.id}" + vpc_id = data.aws_vpc.default_replica.id - provider = "aws.replica" + provider = aws.replica } data "aws_region" "replica" { - provider = "aws.replica" + provider = aws.replica } + diff --git a/examples/couchbase-multi-datacenter-replication/outputs.tf b/examples/couchbase-multi-datacenter-replication/outputs.tf index 4944191..b176bee 100644 --- a/examples/couchbase-multi-datacenter-replication/outputs.tf +++ b/examples/couchbase-multi-datacenter-replication/outputs.tf @@ -3,7 +3,7 @@ output "couchbase_primary_web_console_url" { } output "couchbase_primary_cluster_asg_name" { - value = "${module.couchbase_primary.asg_name}" + value = module.couchbase_primary.asg_name } output "couchbase_replica_web_console_url" { @@ -11,5 +11,6 @@ output "couchbase_replica_web_console_url" { } output "couchbase_replica_cluster_asg_name" { - value = "${module.couchbase_replica.asg_name}" + value = module.couchbase_replica.asg_name } + diff --git a/examples/couchbase-multi-datacenter-replication/providers.tf b/examples/couchbase-multi-datacenter-replication/providers.tf index 027412a..e0d0c8a 100644 --- a/examples/couchbase-multi-datacenter-replication/providers.tf +++ b/examples/couchbase-multi-datacenter-replication/providers.tf @@ -7,14 +7,13 @@ provider "aws" { alias = "primary" - # Region intentionally ommitted so this example will prompt the user for a region when run via Terraform Registry # instructions } provider "aws" { alias = "replica" - # Region intentionally ommitted so this example will prompt the user for a region when run via Terraform Registry # instructions } + diff --git a/examples/couchbase-multi-datacenter-replication/variables.tf b/examples/couchbase-multi-datacenter-replication/variables.tf index fe2c2cd..924cdab 100644 --- a/examples/couchbase-multi-datacenter-replication/variables.tf +++ b/examples/couchbase-multi-datacenter-replication/variables.tf @@ -17,36 +17,44 @@ # --------------------------------------------------------------------------------------------------------------------- variable "ami_id_primary" { - description = "The ID of the AMI to run in the primary cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Leave blank to use one of the example AMIs we have published publicly." - default = "" + description = "The ID of the AMI to run in the primary cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Set to null to use one of the example AMIs we have published publicly." + type = string + default = null } variable "ami_id_replica" { - description = "The ID of the AMI to run in the replica cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Leave blank to use one of the example AMIs we have published publicly." - default = "" + description = "The ID of the AMI to run in the replica cluster. This should be an AMI built from the Packer template under examples/couchbase-ami/couchbase.json. Set to null to use one of the example AMIs we have published publicly." + type = string + default = null } variable "cluster_name_primary" { description = "What to name the primary Couchbase cluster and all of its associated resources" + type = string default = "couchbase-server-primary" } variable "cluster_name_replica" { description = "What to name the replica Couchbase cluster and all of its associated resources" + type = string default = "couchbase-server-replica" } variable "ssh_key_name_primary" { description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the primary Couchbase cluster. Must be a Key Pair in the same region as the primary cluster. Set to null to not associate a Key Pair." + type = string default = null } variable "ssh_key_name_replica" { description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in the replica Couchbase cluster. Must be a Key Pair in the same region as the replica cluster. Set to null to not associate a Key Pair." + type = string default = null } variable "couchbase_load_balancer_port" { description = "The port the load balancer should listen on for Couchbase Web Console requests." + type = number default = 8091 } + From 1fd3948f90d8a4d0686aa1eab5f9d044885b161d Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:44:42 -0400 Subject: [PATCH 15/31] Run terraform fmt --- modules/couchbase-cluster/variables.tf | 8 ++++---- modules/couchbase-server-security-group-rules/main.tf | 2 +- modules/load-balancer-target-group/variables.tf | 2 +- modules/load-balancer/variables.tf | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/couchbase-cluster/variables.tf b/modules/couchbase-cluster/variables.tf index ac8a051..8893e43 100644 --- a/modules/couchbase-cluster/variables.tf +++ b/modules/couchbase-cluster/variables.tf @@ -125,8 +125,8 @@ variable "ebs_block_devices" { # We can't narrow the inner type down more than "any" because if we use object, then all the fields will be required # (whereas some, such as encrypted, should be optional), and if we use map, all the values must be of the same type, # whereas some here are strings, some are bools, and some are ints. - type = list(any) - default = [] + type = list(any) + default = [] # Example: # # default = [ @@ -171,12 +171,12 @@ variable "ssh_port" { variable "tags" { description = "List fo extra tag blocks added to the autoscaling group configuration. Each element in the list is a map containing keys 'key', 'value', and 'propagate_at_launch' mapped to the respective values." - type = list(object({ + type = list(object({ key = string value = string propagate_at_launch = bool })) - default = [] + default = [] # Example: # # default = [ diff --git a/modules/couchbase-server-security-group-rules/main.tf b/modules/couchbase-server-security-group-rules/main.tf index 5200513..5d0f320 100644 --- a/modules/couchbase-server-security-group-rules/main.tf +++ b/modules/couchbase-server-security-group-rules/main.tf @@ -173,7 +173,7 @@ resource "aws_security_group_rule" "query_port_self" { } resource "aws_security_group_rule" "ssl_query_port_cidr_blocks" { - count = length(var.query_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 :0 + count = length(var.query_port_cidr_blocks) > 0 && var.enable_ssl_ports ? 1 : 0 type = "ingress" from_port = var.ssl_query_port to_port = var.ssl_query_port diff --git a/modules/load-balancer-target-group/variables.tf b/modules/load-balancer-target-group/variables.tf index c2c3212..d0bbba3 100644 --- a/modules/load-balancer-target-group/variables.tf +++ b/modules/load-balancer-target-group/variables.tf @@ -50,7 +50,7 @@ variable "vpc_id" { variable "routing_condition" { description = "This variable defines the paths or domain names that will be routed to the servers. By default, we route all paths and domain names to the servers. To override this, you should pass in a list of maps, where each map has the keys field and values. See the Condition Blocks documentation for the syntax to use: https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html." - type = list(object({ + type = list(object({ field = string values = list(string) })) diff --git a/modules/load-balancer/variables.tf b/modules/load-balancer/variables.tf index bf140fa..990d99f 100644 --- a/modules/load-balancer/variables.tf +++ b/modules/load-balancer/variables.tf @@ -18,7 +18,7 @@ variable "http_listener_ports" { variable "https_listener_ports_and_certs" { description = "A list of objects that define the ports to listen on for HTTPS requests. Each object should have the keys 'port' (the port number to listen on) and 'certificate_arn' (the ARN of an ACM or IAM TLS cert to use on this listener)." - type = list(object({ + type = list(object({ port = number certificate_arn = string })) @@ -103,11 +103,11 @@ variable "idle_timeout" { variable "route53_records" { description = "A list of DNS A records to create in Route 53 that point at this Load Balancer. Each item in the list should be an object with the keys 'domain' (the domain name to create) and 'zone_id' (the Route 53 Hosted Zone ID in which to create the DNS A record)." - type = list(object({ + type = list(object({ domain = string zone_id = string })) - default = [] + default = [] # Example: # From 378e4bbbb874e637871500726d6e6c6331847046 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:55:30 -0400 Subject: [PATCH 16/31] Update test dependency versions --- test/Gopkg.lock | 642 ++++++++++++++++++++++++++++++++++++++++++++++-- test/Gopkg.toml | 20 +- 2 files changed, 633 insertions(+), 29 deletions(-) diff --git a/test/Gopkg.lock b/test/Gopkg.lock index b3e740f..3d9c880 100644 --- a/test/Gopkg.lock +++ b/test/Gopkg.lock @@ -2,79 +2,675 @@ [[projects]] + digest = "1:80004fcc5cf64e591486b3e11b406f1e0d17bf85d475d64203c8494f5da4fcd1" + name = "cloud.google.com/go" + packages = ["compute/metadata"] + pruneopts = "UT" + revision = "457ea5c15ccf3b87db582c450e80101989da35f7" + version = "v0.40.0" + +[[projects]] + digest = "1:03aafd99ae2f7971ead3a96aea97941d1fba6f378b0890ea3c72fce17c6e284e" name = "github.com/aws/aws-sdk-go" - packages = ["aws","aws/awserr","aws/awsutil","aws/client","aws/client/metadata","aws/corehandlers","aws/credentials","aws/credentials/ec2rolecreds","aws/credentials/endpointcreds","aws/credentials/stscreds","aws/defaults","aws/ec2metadata","aws/endpoints","aws/request","aws/session","aws/signer/v4","internal/sdkio","internal/sdkrand","internal/shareddefaults","private/protocol","private/protocol/ec2query","private/protocol/json/jsonutil","private/protocol/jsonrpc","private/protocol/query","private/protocol/query/queryutil","private/protocol/rest","private/protocol/restxml","private/protocol/xml/xmlutil","service/acm","service/cloudwatchlogs","service/ec2","service/iam","service/kms","service/s3","service/sns","service/sqs","service/sts"] - revision = "cb873de7862ba08c63e82f37ffebc5ba02d87d26" - version = "v1.13.38" + packages = [ + "aws", + "aws/awserr", + "aws/awsutil", + "aws/client", + "aws/client/metadata", + "aws/corehandlers", + "aws/credentials", + "aws/credentials/ec2rolecreds", + "aws/credentials/endpointcreds", + "aws/credentials/processcreds", + "aws/credentials/stscreds", + "aws/crr", + "aws/csm", + "aws/defaults", + "aws/ec2metadata", + "aws/endpoints", + "aws/request", + "aws/session", + "aws/signer/v4", + "internal/ini", + "internal/s3err", + "internal/sdkio", + "internal/sdkrand", + "internal/sdkuri", + "internal/shareddefaults", + "private/protocol", + "private/protocol/ec2query", + "private/protocol/eventstream", + "private/protocol/eventstream/eventstreamapi", + "private/protocol/json/jsonutil", + "private/protocol/jsonrpc", + "private/protocol/query", + "private/protocol/query/queryutil", + "private/protocol/rest", + "private/protocol/restxml", + "private/protocol/xml/xmlutil", + "service/acm", + "service/autoscaling", + "service/cloudwatchlogs", + "service/dynamodb", + "service/ec2", + "service/ecs", + "service/iam", + "service/kms", + "service/rds", + "service/s3", + "service/s3/s3iface", + "service/s3/s3manager", + "service/sns", + "service/sqs", + "service/ssm", + "service/sts", + ] + pruneopts = "UT" + revision = "b0b59fd2ceb03908e5d3bcd1449b46ce75508f4b" + version = "v1.20.7" [[projects]] + digest = "1:7b94d37d65c0445053c6f3e73090e3966c1c29127035492c349e14f25c440359" name = "github.com/boombuler/barcode" - packages = [".","qr","utils"] + packages = [ + ".", + "qr", + "utils", + ] + pruneopts = "UT" revision = "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d" version = "v1.0.0" [[projects]] + digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" name = "github.com/davecgh/go-spew" packages = ["spew"] - revision = "346938d642f2ec3594ed81d874461961cd0faa76" + pruneopts = "UT" + revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73" + version = "v1.1.1" + +[[projects]] + digest = "1:58be7025fd84632dfbb8a398f931b5bdbbecc0390e4385df4ae56775487a0f87" + name = "github.com/docker/spdystream" + packages = [ + ".", + "spdy", + ] + pruneopts = "UT" + revision = "449fdfce4d962303d702fec724ef0ad181c92528" + +[[projects]] + digest = "1:c45cef8e0074ea2f8176a051df38553ba997a3616f1ec2d35222b1cf9864881e" + name = "github.com/ghodss/yaml" + packages = ["."] + pruneopts = "UT" + revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee" + +[[projects]] + branch = "master" + digest = "1:d0557c61d3acd22f04f7b6b675b847381034b229b7dce10b1d31bfa0d7f30017" + name = "github.com/go-errors/errors" + packages = ["."] + pruneopts = "UT" + revision = "d98b870cc4e05f1545532a80e9909be8216095b6" + +[[projects]] + digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65" + name = "github.com/go-sql-driver/mysql" + packages = ["."] + pruneopts = "UT" + revision = "72cd26f257d44c1114970e19afddcd812016007e" + version = "v1.4.1" + +[[projects]] + digest = "1:4d02824a56d268f74a6b6fdd944b20b58a77c3d70e81008b3ee0c4f1a6777340" + name = "github.com/gogo/protobuf" + packages = [ + "proto", + "sortkeys", + ] + pruneopts = "UT" + revision = "ba06b47c162d49f2af050fb4c75bcbc86a159d5c" + version = "v1.2.1" + +[[projects]] + digest = "1:2edd2416f89b4e841df0e4a78802ce14d2bc7ad79eba1a45986e39f0f8cb7d87" + name = "github.com/golang/glog" + packages = ["."] + pruneopts = "UT" + revision = "44145f04b68cf362d9c4df2182967c2275eaefed" + +[[projects]] + digest = "1:17fe264ee908afc795734e8c4e63db2accabaf57326dbf21763a7d6b86096260" + name = "github.com/golang/protobuf" + packages = [ + "proto", + "ptypes", + "ptypes/any", + "ptypes/duration", + "ptypes/timestamp", + ] + pruneopts = "UT" + revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265" version = "v1.1.0" [[projects]] - name = "github.com/go-ini/ini" + digest = "1:0bfbe13936953a98ae3cfe8ed6670d396ad81edf069a806d2f6515d7bb6950df" + name = "github.com/google/btree" + packages = ["."] + pruneopts = "UT" + revision = "4030bb1f1f0c35b30ca7009e9ebd06849dd45306" + version = "v1.0.0" + +[[projects]] + digest = "1:41bfd4219241b7f7d6e6fdb13fc712576f1337e68e6b895136283b76928fdd66" + name = "github.com/google/gofuzz" packages = ["."] - revision = "6529cf7c58879c08d927016dde4477f18a0634cb" - version = "v1.36.0" + pruneopts = "UT" + revision = "44d81051d367757e1c7c6a5a86423ece9afcf63c" [[projects]] + digest = "1:8f8811f9be822914c3a25c6a071e93beb4c805d7b026cbf298bc577bc1cc945b" name = "github.com/google/uuid" packages = ["."] + pruneopts = "UT" revision = "064e2069ce9c359c118179501254f67d7d37ba24" version = "0.2" [[projects]] + digest = "1:75eb87381d25cc75212f52358df9c3a2719584eaa9685cd510ce28699122f39d" + name = "github.com/googleapis/gnostic" + packages = [ + "OpenAPIv2", + "compiler", + "extensions", + ] + pruneopts = "UT" + revision = "0c5108395e2debce0d731cf0287ddf7242066aba" + +[[projects]] + digest = "1:878f0defa9b853f9acfaf4a162ba450a89d0050eff084f9fe7f5bd15948f172a" + name = "github.com/gregjones/httpcache" + packages = [ + ".", + "diskcache", + ] + pruneopts = "UT" + revision = "787624de3eb7bd915c329cba748687a3b22666a6" + +[[projects]] + digest = "1:b17934d012a71aa0367870f2a0d0a7b117cb823768295b0e9e1b6e39fab6ebbd" + name = "github.com/gruntwork-io/gruntwork-cli" + packages = ["errors"] + pruneopts = "UT" + revision = "6a2163138f3d10377f313428e7e367b0a6c0c1c9" + version = "v0.4.2" + +[[projects]] + digest = "1:9c39a536a4be8f69b26403d927bd081085df51f8239cf05e521ca21d188928a8" name = "github.com/gruntwork-io/terratest" - packages = ["modules/aws","modules/collections","modules/docker","modules/files","modules/http-helper","modules/logger","modules/packer","modules/random","modules/retry","modules/shell","modules/ssh","modules/terraform","modules/test-structure"] - revision = "9354fd45ae87d44e248afccccbc9e2e6a2683970" - version = "v0.9.5" + packages = [ + "modules/aws", + "modules/collections", + "modules/customerrors", + "modules/docker", + "modules/environment", + "modules/files", + "modules/http-helper", + "modules/k8s", + "modules/logger", + "modules/packer", + "modules/random", + "modules/retry", + "modules/shell", + "modules/ssh", + "modules/terraform", + "modules/test-structure", + ] + pruneopts = "UT" + revision = "f36b86b9865baa7ac0dbac2cc04c79b337d9ca17" + version = "v0.17.2" + +[[projects]] + digest = "1:3e260afa138eab6492b531a3b3d10ab4cb70512d423faa78b8949dec76e66a21" + name = "github.com/imdario/mergo" + packages = ["."] + pruneopts = "UT" + revision = "9316a62528ac99aaecb4e47eadd6dc8aa6533d58" + version = "v0.3.5" + +[[projects]] + digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be" + name = "github.com/inconshreveable/mousetrap" + packages = ["."] + pruneopts = "UT" + revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" + version = "v1.0" [[projects]] + digest = "1:bb81097a5b62634f3e9fec1014657855610c82d19b9a40c17612e32651e35dca" name = "github.com/jmespath/go-jmespath" packages = ["."] - revision = "0b12d6b5" + pruneopts = "UT" + revision = "c2b33e84" + +[[projects]] + digest = "1:ec5ed9e7ac12b35906c2c65e21dd011aa7dd37c3b7248ae37cd8dafdfe8804d4" + name = "github.com/json-iterator/go" + packages = ["."] + pruneopts = "UT" + revision = "0ac74bba4a81211b28e32ef260c0f16ae41f1377" + version = "1.1.1" + +[[projects]] + digest = "1:5d231480e1c64a726869bc4142d270184c419749d34f167646baa21008eb0a79" + name = "github.com/mitchellh/go-homedir" + packages = ["."] + pruneopts = "UT" + revision = "af06845cf3004701891bf4fdb884bfe4920b3727" + version = "v1.1.0" + +[[projects]] + digest = "1:33422d238f147d247752996a26574ac48dcf472976eda7f5134015f06bf16563" + name = "github.com/modern-go/concurrent" + packages = ["."] + pruneopts = "UT" + revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94" + version = "1.0.3" [[projects]] + digest = "1:c3e6c10392207c5b728fb5f9ab234ea8a42413378d29422de59547125f5b473d" + name = "github.com/modern-go/reflect2" + packages = ["."] + pruneopts = "UT" + revision = "05fbef0ca5da472bbf96c9322b84a53edc03c9fd" + +[[projects]] + branch = "master" + digest = "1:89da0f0574bc94cfd0ac8b59af67bf76cdd110d503df2721006b9f0492394333" + name = "github.com/petar/GoLLRB" + packages = ["llrb"] + pruneopts = "UT" + revision = "33fb24c13b99c46c93183c291836c573ac382536" + +[[projects]] + digest = "1:0e7775ebbcf00d8dd28ac663614af924411c868dca3d5aa762af0fae3808d852" + name = "github.com/peterbourgon/diskv" + packages = ["."] + pruneopts = "UT" + revision = "5f041e8faa004a95c88a202771f4cc3e991971e6" + version = "v2.0.1" + +[[projects]] + digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe" name = "github.com/pmezard/go-difflib" packages = ["difflib"] + pruneopts = "UT" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] + digest = "1:3e5eb9af2330c7a46d64592800813c33adf94305ce53a3fae42191ea18e520e6" name = "github.com/pquerna/otp" - packages = [".","hotp","totp"] - revision = "b7b89250c468c06871d3837bee02e2d5c155ae19" - version = "v1.0.0" + packages = [ + ".", + "hotp", + "totp", + ] + pruneopts = "UT" + revision = "43bebefda392017900e7a7b237b4c914c6a55b50" + version = "v1.2.0" + +[[projects]] + digest = "1:e096613fb7cf34743d49af87d197663cfccd61876e2219853005a57baedfa562" + name = "github.com/spf13/cobra" + packages = ["."] + pruneopts = "UT" + revision = "f2b07da1e2c38d5f12845a4f607e2e1018cbb1f5" + version = "v0.0.5" + +[[projects]] + digest = "1:9424f440bba8f7508b69414634aef3b2b3a877e522d8a4624692412805407bb7" + name = "github.com/spf13/pflag" + packages = ["."] + pruneopts = "UT" + revision = "583c0c0531f06d5278b7d917446061adc344b5cd" + version = "v1.0.1" [[projects]] + digest = "1:5da8ce674952566deae4dbc23d07c85caafc6cfa815b0b3e03e41979cedb8750" name = "github.com/stretchr/testify" - packages = ["assert"] - revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71" - version = "v1.2.1" + packages = [ + "assert", + "require", + ] + pruneopts = "UT" + revision = "ffdc059bfe9ce6a4e144ba849dbedead332c6053" + version = "v1.3.0" + +[[projects]] + digest = "1:b24d38b282bacf9791408a080f606370efa3d364e4b5fd9ba0f7b87786d3b679" + name = "github.com/urfave/cli" + packages = ["."] + pruneopts = "UT" + revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1" + version = "v1.20.0" + +[[projects]] + digest = "1:f23077ad8275f965e666500a7e03e9e4f38e03a8a4e73f7b54b0a5138911d2a9" + name = "github.com/v2pro/plz" + packages = [ + "concurrent", + "reflect2", + ] + pruneopts = "UT" + revision = "10fc95fad3224a032229e59f6e7023137d82b526" + version = "0.9.1" [[projects]] branch = "master" + digest = "1:eacd8dc6eafbff1b51ba206a543b893456639edf07c8db524393cdd4a0d7eac4" name = "golang.org/x/crypto" - packages = ["curve25519","ed25519","ed25519/internal/edwards25519","internal/chacha20","poly1305","ssh"] - revision = "b49d69b5da943f7ef3c9cf91c8777c1f78a0cc3c" + packages = [ + "curve25519", + "ed25519", + "ed25519/internal/edwards25519", + "internal/chacha20", + "internal/subtle", + "poly1305", + "ssh", + "ssh/agent", + "ssh/terminal", + ] + pruneopts = "UT" + revision = "cc06ce4a13d484c0101a9e92913248488a75786d" [[projects]] branch = "master" + digest = "1:08e8bdf5b8cea90c289e0bf7ea95b34c59dbd6b8e71b28164da637ef525a78e0" name = "golang.org/x/net" - packages = ["context"] - revision = "5f9ae10d9af5b1c89ae6904293b14b064d4ada23" + packages = [ + "context", + "http/httpguts", + "http2", + "http2/hpack", + "idna", + ] + pruneopts = "UT" + revision = "3b0461eec859c4b73bb64fdc8285971fd33e3938" + +[[projects]] + digest = "1:ad764db92ed977f803ff0f59a7a957bf65cc4e8ae9dfd08228e1f54ea40392e0" + name = "golang.org/x/oauth2" + packages = [ + ".", + "google", + "internal", + "jws", + "jwt", + ] + pruneopts = "UT" + revision = "a6bd8cefa1811bd24b86f8902872e4e8225f74c4" + +[[projects]] + branch = "master" + digest = "1:213da46d2d9744e2baa0db9ff4b24806ef1f30fddc0d72c63da03b518b92bebe" + name = "golang.org/x/sys" + packages = [ + "cpu", + "unix", + "windows", + ] + pruneopts = "UT" + revision = "c5567b49c5d04a5f83870795b8c0e2df43a8ce32" + +[[projects]] + digest = "1:8d8faad6b12a3a4c819a3f9618cb6ee1fa1cfc33253abeeea8b55336721e3405" + name = "golang.org/x/text" + packages = [ + "collate", + "collate/build", + "internal/colltab", + "internal/gen", + "internal/language", + "internal/language/compact", + "internal/tag", + "internal/triegen", + "internal/ucd", + "language", + "secure/bidirule", + "transform", + "unicode/bidi", + "unicode/cldr", + "unicode/norm", + "unicode/rangetable", + ] + pruneopts = "UT" + revision = "342b2e1fbaa52c93f31447ad2c6abc048c63e475" + version = "v0.3.2" + +[[projects]] + digest = "1:d37b0ef2944431fe9e8ef35c6fffc8990d9e2ca300588df94a6890f3649ae365" + name = "golang.org/x/time" + packages = ["rate"] + pruneopts = "UT" + revision = "f51c12702a4d776e4c1fa9b0fabab841babae631" + +[[projects]] + digest = "1:76c1775fd61f519170d614db8b995be8695014a605170c5949aaee6f94dcf62e" + name = "google.golang.org/appengine" + packages = [ + ".", + "cloudsql", + "internal", + "internal/app_identity", + "internal/base", + "internal/datastore", + "internal/log", + "internal/modules", + "internal/remote_api", + "internal/urlfetch", + "urlfetch", + ] + pruneopts = "UT" + revision = "b2f4a3cf3c67576a2ee09e1fe62656a5086ce880" + version = "v1.6.1" + +[[projects]] + digest = "1:ef72505cf098abdd34efeea032103377bec06abb61d8a06f002d5d296a4b1185" + name = "gopkg.in/inf.v0" + packages = ["."] + pruneopts = "UT" + revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" + version = "v0.9.0" + +[[projects]] + digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96" + name = "gopkg.in/yaml.v2" + packages = ["."] + pruneopts = "UT" + revision = "51d6538a90f86fe93ac480b35f37b2be17fef232" + version = "v2.2.2" + +[[projects]] + branch = "release-1.12" + digest = "1:faf52d216e0d651ee48a5ee8fb43f818a6c36bf4246282a5e30b8985da5581ff" + name = "k8s.io/api" + packages = [ + "admissionregistration/v1alpha1", + "admissionregistration/v1beta1", + "apps/v1", + "apps/v1beta1", + "apps/v1beta2", + "authentication/v1", + "authentication/v1beta1", + "authorization/v1", + "authorization/v1beta1", + "autoscaling/v1", + "autoscaling/v2beta1", + "autoscaling/v2beta2", + "batch/v1", + "batch/v1beta1", + "batch/v2alpha1", + "certificates/v1beta1", + "coordination/v1beta1", + "core/v1", + "events/v1beta1", + "extensions/v1beta1", + "networking/v1", + "policy/v1beta1", + "rbac/v1", + "rbac/v1alpha1", + "rbac/v1beta1", + "scheduling/v1alpha1", + "scheduling/v1beta1", + "settings/v1alpha1", + "storage/v1", + "storage/v1alpha1", + "storage/v1beta1", + ] + pruneopts = "UT" + revision = "6db15a15d2d3874a6c3ddb2140ac9f3bc7058428" + +[[projects]] + branch = "release-1.12" + digest = "1:efacf240bb0225324e22fc0c20da3fc166b8d42778f667e1e32835556aa146df" + name = "k8s.io/apimachinery" + packages = [ + "pkg/api/errors", + "pkg/api/meta", + "pkg/api/resource", + "pkg/apis/meta/v1", + "pkg/apis/meta/v1/unstructured", + "pkg/apis/meta/v1beta1", + "pkg/conversion", + "pkg/conversion/queryparams", + "pkg/fields", + "pkg/labels", + "pkg/runtime", + "pkg/runtime/schema", + "pkg/runtime/serializer", + "pkg/runtime/serializer/json", + "pkg/runtime/serializer/protobuf", + "pkg/runtime/serializer/recognizer", + "pkg/runtime/serializer/streaming", + "pkg/runtime/serializer/versioning", + "pkg/selection", + "pkg/types", + "pkg/util/clock", + "pkg/util/errors", + "pkg/util/framer", + "pkg/util/httpstream", + "pkg/util/httpstream/spdy", + "pkg/util/intstr", + "pkg/util/json", + "pkg/util/naming", + "pkg/util/net", + "pkg/util/runtime", + "pkg/util/sets", + "pkg/util/validation", + "pkg/util/validation/field", + "pkg/util/yaml", + "pkg/version", + "pkg/watch", + "third_party/forked/golang/netutil", + "third_party/forked/golang/reflect", + ] + pruneopts = "UT" + revision = "01f179d85dbce0f2e0e4351a92394b38694b7cae" + +[[projects]] + branch = "release-9.0" + digest = "1:3c542387467a0f8a236086801293739245eb0937ef17ddb6a3d001b4dd4d6c81" + name = "k8s.io/client-go" + packages = [ + "discovery", + "kubernetes", + "kubernetes/scheme", + "kubernetes/typed/admissionregistration/v1alpha1", + "kubernetes/typed/admissionregistration/v1beta1", + "kubernetes/typed/apps/v1", + "kubernetes/typed/apps/v1beta1", + "kubernetes/typed/apps/v1beta2", + "kubernetes/typed/authentication/v1", + "kubernetes/typed/authentication/v1beta1", + "kubernetes/typed/authorization/v1", + "kubernetes/typed/authorization/v1beta1", + "kubernetes/typed/autoscaling/v1", + "kubernetes/typed/autoscaling/v2beta1", + "kubernetes/typed/autoscaling/v2beta2", + "kubernetes/typed/batch/v1", + "kubernetes/typed/batch/v1beta1", + "kubernetes/typed/batch/v2alpha1", + "kubernetes/typed/certificates/v1beta1", + "kubernetes/typed/coordination/v1beta1", + "kubernetes/typed/core/v1", + "kubernetes/typed/events/v1beta1", + "kubernetes/typed/extensions/v1beta1", + "kubernetes/typed/networking/v1", + "kubernetes/typed/policy/v1beta1", + "kubernetes/typed/rbac/v1", + "kubernetes/typed/rbac/v1alpha1", + "kubernetes/typed/rbac/v1beta1", + "kubernetes/typed/scheduling/v1alpha1", + "kubernetes/typed/scheduling/v1beta1", + "kubernetes/typed/settings/v1alpha1", + "kubernetes/typed/storage/v1", + "kubernetes/typed/storage/v1alpha1", + "kubernetes/typed/storage/v1beta1", + "pkg/apis/clientauthentication", + "pkg/apis/clientauthentication/v1alpha1", + "pkg/apis/clientauthentication/v1beta1", + "pkg/version", + "plugin/pkg/client/auth/exec", + "plugin/pkg/client/auth/gcp", + "rest", + "rest/watch", + "third_party/forked/golang/template", + "tools/auth", + "tools/clientcmd", + "tools/clientcmd/api", + "tools/clientcmd/api/latest", + "tools/clientcmd/api/v1", + "tools/metrics", + "tools/portforward", + "tools/reference", + "transport", + "transport/spdy", + "util/cert", + "util/connrotation", + "util/flowcontrol", + "util/homedir", + "util/integer", + "util/jsonpath", + ] + pruneopts = "UT" + revision = "b6aa6aafe32b0767f075245e5d391381c5449c8a" + +[[projects]] + digest = "1:0eb0e54e287f561fa804eba0640e99c857606aa47c04c0a41ce6e395e0ea3b7a" + name = "k8s.io/kubernetes" + packages = ["pkg/kubectl/generate"] + pruneopts = "UT" + revision = "e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529" + version = "v1.15.0" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "7823e552ec3e29cb44963625975c032ca9c267fad1b34c3e975efb8c5179148d" + input-imports = [ + "github.com/gruntwork-io/terratest/modules/aws", + "github.com/gruntwork-io/terratest/modules/docker", + "github.com/gruntwork-io/terratest/modules/files", + "github.com/gruntwork-io/terratest/modules/http-helper", + "github.com/gruntwork-io/terratest/modules/logger", + "github.com/gruntwork-io/terratest/modules/packer", + "github.com/gruntwork-io/terratest/modules/random", + "github.com/gruntwork-io/terratest/modules/retry", + "github.com/gruntwork-io/terratest/modules/terraform", + "github.com/gruntwork-io/terratest/modules/test-structure", + "github.com/stretchr/testify/assert", + ] solver-name = "gps-cdcl" solver-version = 1 diff --git a/test/Gopkg.toml b/test/Gopkg.toml index 720abed..473bf65 100644 --- a/test/Gopkg.toml +++ b/test/Gopkg.toml @@ -1,7 +1,6 @@ - # Gopkg.toml example # -# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html # for detailed Gopkg.toml documentation. # # required = ["github.com/user/thing/cmd/thing"] @@ -17,14 +16,23 @@ # source = "github.com/myfork/project2" # # [[override]] -# name = "github.com/x/y" -# version = "2.4.0" +# name = "github.com/x/y" +# version = "2.4.0" +# +# [prune] +# non-go = false +# go-tests = true +# unused-packages = true [[constraint]] name = "github.com/gruntwork-io/terratest" - version = "0.9.5" + version = "0.17.2" [[constraint]] name = "github.com/stretchr/testify" - version = "1.2.1" + version = "1.3.0" + +[prune] + go-tests = true + unused-packages = true From a2f3dd2984faeb508250370c8c33f2e70adc97ee Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 17:59:54 -0400 Subject: [PATCH 17/31] Add SKIP params to tests for convenience --- test/couchbase_single_cluster_test.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/test/couchbase_single_cluster_test.go b/test/couchbase_single_cluster_test.go index 9b9ef3c..e0c2f57 100644 --- a/test/couchbase_single_cluster_test.go +++ b/test/couchbase_single_cluster_test.go @@ -1,12 +1,12 @@ package test import ( - "testing" - "path/filepath" + "github.com/gruntwork-io/terratest/modules/aws" + "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/gruntwork-io/terratest/modules/test-structure" - "github.com/gruntwork-io/terratest/modules/random" - "github.com/gruntwork-io/terratest/modules/aws" + "path/filepath" + "testing" ) const couchbaseClusterVarName = "cluster_name" @@ -35,6 +35,15 @@ func testCouchbaseSingleCluster(t *testing.T, osName string, edition string) { rootFolder := test_structure.CopyTerraformFolderToTemp(t, "../", ".") couchbaseAmiDir := filepath.Join(rootFolder, "examples", "couchbase-ami") + // For convenience - uncomment these as well as the "os" import + // when doing local testing if you need to skip any sections. + //os.Setenv("TERRATEST_REGION", "eu-west-1") + //os.Setenv("SKIP_setup_ami", "true") + //os.Setenv("SKIP_setup_deploy", "true") + //os.Setenv("SKIP_validation", "true") + //os.Setenv("SKIP_teardown", "true") + //os.Setenv("SKIP_logs", "true") + test_structure.RunTestStage(t, "setup_ami", func() { awsRegion := getRandomAwsRegion(t) uniqueId := random.UniqueId() From ad806d4c5e637243a02e114a032ae73bb221492a Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:06:46 -0400 Subject: [PATCH 18/31] Fix Go dependencies --- test/Gopkg.lock | 27 ++++++++------------------- test/Gopkg.toml | 7 ++++++- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/test/Gopkg.lock b/test/Gopkg.lock index 3d9c880..42577e3 100644 --- a/test/Gopkg.lock +++ b/test/Gopkg.lock @@ -208,7 +208,7 @@ version = "v0.4.2" [[projects]] - digest = "1:9c39a536a4be8f69b26403d927bd081085df51f8239cf05e521ca21d188928a8" + digest = "1:ae57e57f5ce2594f95959d0b24511f518a5a219e68dd9f92971b2a113d21bdaa" name = "github.com/gruntwork-io/terratest" packages = [ "modules/aws", @@ -229,8 +229,8 @@ "modules/test-structure", ] pruneopts = "UT" - revision = "f36b86b9865baa7ac0dbac2cc04c79b337d9ca17" - version = "v0.17.2" + revision = "295736141a96daa369a972e1409622d702c8f40e" + version = "v0.17.4" [[projects]] digest = "1:3e260afa138eab6492b531a3b3d10ab4cb70512d423faa78b8949dec76e66a21" @@ -256,12 +256,11 @@ revision = "c2b33e84" [[projects]] - digest = "1:ec5ed9e7ac12b35906c2c65e21dd011aa7dd37c3b7248ae37cd8dafdfe8804d4" + digest = "1:bb3cc4c1b21ea18cfa4e3e47440fc74d316ab25b0cf42927e8c1274917bd9891" name = "github.com/json-iterator/go" packages = ["."] pruneopts = "UT" - revision = "0ac74bba4a81211b28e32ef260c0f16ae41f1377" - version = "1.1.1" + revision = "f2b4162afba35581b6d4a50d3b8f34e33c144682" [[projects]] digest = "1:5d231480e1c64a726869bc4142d270184c419749d34f167646baa21008eb0a79" @@ -280,11 +279,12 @@ version = "1.0.3" [[projects]] - digest = "1:c3e6c10392207c5b728fb5f9ab234ea8a42413378d29422de59547125f5b473d" + digest = "1:e32bdbdb7c377a07a9a46378290059822efdce5c8d96fe71940d87cb4f918855" name = "github.com/modern-go/reflect2" packages = ["."] pruneopts = "UT" - revision = "05fbef0ca5da472bbf96c9322b84a53edc03c9fd" + revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" + version = "1.0.1" [[projects]] branch = "master" @@ -357,17 +357,6 @@ revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1" version = "v1.20.0" -[[projects]] - digest = "1:f23077ad8275f965e666500a7e03e9e4f38e03a8a4e73f7b54b0a5138911d2a9" - name = "github.com/v2pro/plz" - packages = [ - "concurrent", - "reflect2", - ] - pruneopts = "UT" - revision = "10fc95fad3224a032229e59f6e7023137d82b526" - version = "0.9.1" - [[projects]] branch = "master" digest = "1:eacd8dc6eafbff1b51ba206a543b893456639edf07c8db524393cdd4a0d7eac4" diff --git a/test/Gopkg.toml b/test/Gopkg.toml index 473bf65..4925cde 100644 --- a/test/Gopkg.toml +++ b/test/Gopkg.toml @@ -27,12 +27,17 @@ [[constraint]] name = "github.com/gruntwork-io/terratest" - version = "0.17.2" + version = "0.17.4" [[constraint]] name = "github.com/stretchr/testify" version = "1.3.0" +# Workaround for: https://github.com/kubernetes/apimachinery/issues/46 +[[override]] + name = "github.com/json-iterator/go" + revision = "f2b4162afba35581b6d4a50d3b8f34e33c144682" + [prune] go-tests = true unused-packages = true From 35fdf0e175484ae7d7409c0cc7ecbb56ba4f2695 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:22:21 -0400 Subject: [PATCH 19/31] Fix folders and what we upload in Packer template --- examples/couchbase-ami/couchbase.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/examples/couchbase-ami/couchbase.json b/examples/couchbase-ami/couchbase.json index 99d5e16..32e2526 100644 --- a/examples/couchbase-ami/couchbase.json +++ b/examples/couchbase-ami/couchbase.json @@ -108,13 +108,17 @@ "inline": ["mkdir -p /tmp/terraform-aws-couchbase"] },{ "type": "file", - "source": "{{template_dir}}/../../", - "destination": "/tmp/terraform-aws-couchbase" + "source": "{{template_dir}}/../../modules", + "destination": "/tmp/terraform-aws-couchbase/modules" + },{ + "type": "file", + "source": "{{template_dir}}/sync_gateway.json", + "destination": "/tmp/terraform-aws-couchbase/sync_gateway.json" },{ "type": "shell", "inline": [ "/tmp/terraform-aws-couchbase/modules/install-couchbase-server/install-couchbase-server --edition {{user `edition`}}", - "/tmp/terraform-aws-couchbase/modules/install-sync-gateway/install-sync-gateway --edition {{user `edition`}} --config /tmp/terraform-aws-couchbase/examples/couchbase-ami/sync_gateway.json" + "/tmp/terraform-aws-couchbase/modules/install-sync-gateway/install-sync-gateway --edition {{user `edition`}} --config /tmp/terraform-aws-couchbase/sync_gateway.json" ] }], "post-processors": [{ From 0a012929617d9ad88bf8120fdfe21996656180be Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:32:43 -0400 Subject: [PATCH 20/31] Fix comments broken by upgrade command --- examples/couchbase-cluster-mds/main.tf | 12 ++++++++---- examples/couchbase-cluster-simple-dns-tls/main.tf | 9 +++++---- main.tf | 9 +++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/examples/couchbase-cluster-mds/main.tf b/examples/couchbase-cluster-mds/main.tf index f575274..81659dc 100644 --- a/examples/couchbase-cluster-mds/main.tf +++ b/examples/couchbase-cluster-mds/main.tf @@ -185,16 +185,18 @@ data "template_file" "user_data_couchbase_data_nodes" { vars = { cluster_asg_name = var.couchbase_data_node_cluster_name cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + + # Pass in the data about the EBS volumes so they can be mounted data_volume_device_name = var.data_volume_device_name data_volume_mount_point = var.data_volume_mount_point volume_owner = var.volume_owner + # Use a small amount of memory so this example can fit on a t2.micro. In production settings, you'll want to run # on data_ramsize = "512" index_ramsize = "256" fts_ramsize = "256" } - # Pass in the data about the EBS volumes so they can be mounted } data "template_file" "user_data_couchbase_index_query_search_nodes" { @@ -203,11 +205,12 @@ data "template_file" "user_data_couchbase_index_query_search_nodes" { vars = { cluster_asg_name = var.couchbase_data_node_cluster_name cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + + # Pass in the data about the EBS volumes so they can be mounted index_volume_device_name = var.index_volume_device_name index_volume_mount_point = var.index_volume_mount_point volume_owner = var.volume_owner } - # Pass in the data about the EBS volumes so they can be mounted } data "template_file" "user_data_sync_gateway" { @@ -216,11 +219,12 @@ data "template_file" "user_data_sync_gateway" { vars = { cluster_asg_name = var.couchbase_data_node_cluster_name cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" } - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. } # --------------------------------------------------------------------------------------------------------------------- diff --git a/examples/couchbase-cluster-simple-dns-tls/main.tf b/examples/couchbase-cluster-simple-dns-tls/main.tf index f7e3731..b4f3f05 100644 --- a/examples/couchbase-cluster-simple-dns-tls/main.tf +++ b/examples/couchbase-cluster-simple-dns-tls/main.tf @@ -88,18 +88,19 @@ data "template_file" "user_data_server" { vars = { cluster_asg_name = var.cluster_name cluster_port = module.couchbase_security_group_rules.rest_port + + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" + + # Pass in the data about the EBS volumes so they can be mounted data_volume_device_name = var.data_volume_device_name data_volume_mount_point = var.data_volume_mount_point index_volume_device_name = var.index_volume_device_name index_volume_mount_point = var.index_volume_mount_point volume_owner = var.volume_owner } - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. - - # Pass in the data about the EBS volumes so they can be mounted } # --------------------------------------------------------------------------------------------------------------------- diff --git a/main.tf b/main.tf index 6071181..e42d36c 100644 --- a/main.tf +++ b/main.tf @@ -87,18 +87,19 @@ data "template_file" "user_data_server" { vars = { cluster_asg_name = var.cluster_name cluster_port = module.couchbase_security_group_rules.rest_port + + # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it + # provides admin access to ALL Sync Gateway data. sync_gateway_interface = ":${module.sync_gateway_security_group_rules.interface_port}" sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" + + # Pass in the data about the EBS volumes so they can be mounted data_volume_device_name = var.data_volume_device_name data_volume_mount_point = var.data_volume_mount_point index_volume_device_name = var.index_volume_device_name index_volume_mount_point = var.index_volume_mount_point volume_owner = var.volume_owner } - # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it - # provides admin access to ALL Sync Gateway data. - - # Pass in the data about the EBS volumes so they can be mounted } # --------------------------------------------------------------------------------------------------------------------- From f253eb64adf23c873c8c872addecc8831c63a6db Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:33:30 -0400 Subject: [PATCH 21/31] Run terraform fmt --- examples/couchbase-cluster-mds/main.tf | 12 ++++++------ examples/couchbase-cluster-simple-dns-tls/main.tf | 14 +++++++------- main.tf | 14 +++++++------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/examples/couchbase-cluster-mds/main.tf b/examples/couchbase-cluster-mds/main.tf index 81659dc..cd89e4c 100644 --- a/examples/couchbase-cluster-mds/main.tf +++ b/examples/couchbase-cluster-mds/main.tf @@ -183,8 +183,8 @@ data "template_file" "user_data_couchbase_data_nodes" { template = file("${path.module}/user-data/user-data-couchbase-data-nodes.sh") vars = { - cluster_asg_name = var.couchbase_data_node_cluster_name - cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port # Pass in the data about the EBS volumes so they can be mounted data_volume_device_name = var.data_volume_device_name @@ -203,8 +203,8 @@ data "template_file" "user_data_couchbase_index_query_search_nodes" { template = file("${path.module}/user-data/user-data-couchbase-index-query-search-nodes.sh") vars = { - cluster_asg_name = var.couchbase_data_node_cluster_name - cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port # Pass in the data about the EBS volumes so they can be mounted index_volume_device_name = var.index_volume_device_name @@ -217,8 +217,8 @@ data "template_file" "user_data_sync_gateway" { template = file("${path.module}/user-data/user-data-sync-gateway.sh") vars = { - cluster_asg_name = var.couchbase_data_node_cluster_name - cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port + cluster_asg_name = var.couchbase_data_node_cluster_name + cluster_port = module.couchbase_data_nodes_security_group_rules.rest_port # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it # provides admin access to ALL Sync Gateway data. diff --git a/examples/couchbase-cluster-simple-dns-tls/main.tf b/examples/couchbase-cluster-simple-dns-tls/main.tf index b4f3f05..21623b9 100644 --- a/examples/couchbase-cluster-simple-dns-tls/main.tf +++ b/examples/couchbase-cluster-simple-dns-tls/main.tf @@ -86,8 +86,8 @@ data "template_file" "user_data_server" { template = file("${path.module}/user-data/user-data.sh") vars = { - cluster_asg_name = var.cluster_name - cluster_port = module.couchbase_security_group_rules.rest_port + cluster_asg_name = var.cluster_name + cluster_port = module.couchbase_security_group_rules.rest_port # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it # provides admin access to ALL Sync Gateway data. @@ -95,11 +95,11 @@ data "template_file" "user_data_server" { sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" # Pass in the data about the EBS volumes so they can be mounted - data_volume_device_name = var.data_volume_device_name - data_volume_mount_point = var.data_volume_mount_point - index_volume_device_name = var.index_volume_device_name - index_volume_mount_point = var.index_volume_mount_point - volume_owner = var.volume_owner + data_volume_device_name = var.data_volume_device_name + data_volume_mount_point = var.data_volume_mount_point + index_volume_device_name = var.index_volume_device_name + index_volume_mount_point = var.index_volume_mount_point + volume_owner = var.volume_owner } } diff --git a/main.tf b/main.tf index e42d36c..1868c0a 100644 --- a/main.tf +++ b/main.tf @@ -85,8 +85,8 @@ data "template_file" "user_data_server" { template = file("${path.module}/examples/couchbase-cluster-simple/user-data/user-data.sh") vars = { - cluster_asg_name = var.cluster_name - cluster_port = module.couchbase_security_group_rules.rest_port + cluster_asg_name = var.cluster_name + cluster_port = module.couchbase_security_group_rules.rest_port # We expose the Sync Gateway on all IPs but the Sync Gateway Admin should ONLY be accessible from localhost, as it # provides admin access to ALL Sync Gateway data. @@ -94,11 +94,11 @@ data "template_file" "user_data_server" { sync_gateway_admin_interface = "127.0.0.1:${module.sync_gateway_security_group_rules.admin_interface_port}" # Pass in the data about the EBS volumes so they can be mounted - data_volume_device_name = var.data_volume_device_name - data_volume_mount_point = var.data_volume_mount_point - index_volume_device_name = var.index_volume_device_name - index_volume_mount_point = var.index_volume_mount_point - volume_owner = var.volume_owner + data_volume_device_name = var.data_volume_device_name + data_volume_mount_point = var.data_volume_mount_point + index_volume_device_name = var.index_volume_device_name + index_volume_mount_point = var.index_volume_mount_point + volume_owner = var.volume_owner } } From e7cc7ba2fc2523a05399e1d89011e78c0a13f8d0 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:37:42 -0400 Subject: [PATCH 22/31] Define env vars before call to CopyTerraformFolderToTemp --- test/couchbase_single_cluster_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/couchbase_single_cluster_test.go b/test/couchbase_single_cluster_test.go index e0c2f57..919247a 100644 --- a/test/couchbase_single_cluster_test.go +++ b/test/couchbase_single_cluster_test.go @@ -32,9 +32,6 @@ func TestIntegrationCouchbaseEnterpriseSingleClusterAmazonLinux(t *testing.T) { } func testCouchbaseSingleCluster(t *testing.T, osName string, edition string) { - rootFolder := test_structure.CopyTerraformFolderToTemp(t, "../", ".") - couchbaseAmiDir := filepath.Join(rootFolder, "examples", "couchbase-ami") - // For convenience - uncomment these as well as the "os" import // when doing local testing if you need to skip any sections. //os.Setenv("TERRATEST_REGION", "eu-west-1") @@ -44,6 +41,9 @@ func testCouchbaseSingleCluster(t *testing.T, osName string, edition string) { //os.Setenv("SKIP_teardown", "true") //os.Setenv("SKIP_logs", "true") + rootFolder := test_structure.CopyTerraformFolderToTemp(t, "../", ".") + couchbaseAmiDir := filepath.Join(rootFolder, "examples", "couchbase-ami") + test_structure.RunTestStage(t, "setup_ami", func() { awsRegion := getRandomAwsRegion(t) uniqueId := random.UniqueId() From f11bc090fe5a1c9789333708f5248f86a4d11dec Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 18:37:51 -0400 Subject: [PATCH 23/31] Fix null check for default_target_group_arn --- modules/load-balancer/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/load-balancer/main.tf b/modules/load-balancer/main.tf index 3affc24..b2125b3 100644 --- a/modules/load-balancer/main.tf +++ b/modules/load-balancer/main.tf @@ -38,7 +38,7 @@ resource "aws_alb_listener" "http" { protocol = "HTTP" default_action { - target_group_arn = var.default_target_group_arn == null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) + target_group_arn = var.default_target_group_arn != null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) type = "forward" } } @@ -52,7 +52,7 @@ resource "aws_alb_listener" "https" { certificate_arn = var.https_listener_ports_and_certs[count.index]["certificate_arn"] default_action { - target_group_arn = var.default_target_group_arn == null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) + target_group_arn = var.default_target_group_arn != null ? var.default_target_group_arn : element(concat(aws_alb_target_group.black_hole.*.arn, [""]), 0) type = "forward" } } From 74eeb6715f3a28bb4ad05759fe5ed25a4b45d051 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 19:10:37 -0400 Subject: [PATCH 24/31] Remove unused params. Add SKIP env vars. --- test/couchbase_multi_datacenter_replication_test.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/test/couchbase_multi_datacenter_replication_test.go b/test/couchbase_multi_datacenter_replication_test.go index ccee5e1..cfce169 100644 --- a/test/couchbase_multi_datacenter_replication_test.go +++ b/test/couchbase_multi_datacenter_replication_test.go @@ -40,6 +40,15 @@ func TestIntegrationCouchbaseEnterpriseMultiDataCenterReplicationAmazonLinux(t * } func testCouchbaseMultiDataCenterReplication(t *testing.T, osName string, edition string) { + // For convenience - uncomment these as well as the "os" import + // when doing local testing if you need to skip any sections. + //os.Setenv("TERRATEST_REGION", "eu-west-1") + //os.Setenv("SKIP_setup_ami", "true") + //os.Setenv("SKIP_setup_deploy", "true") + //os.Setenv("SKIP_validation", "true") + //os.Setenv("SKIP_teardown", "true") + //os.Setenv("SKIP_logs", "true") + examplesFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples") couchbaseAmiDir := filepath.Join(examplesFolder, "couchbase-ami") couchbaseMultiClusterDir := filepath.Join(examplesFolder, "couchbase-multi-datacenter-replication") @@ -132,8 +141,6 @@ func testCouchbaseMultiDataCenterReplication(t *testing.T, osName string, editio terraformOptions := &terraform.Options{ TerraformDir: couchbaseMultiClusterDir, Vars: map[string]interface{} { - "aws_region_primary": awsRegionPrimary, - "aws_region_replica": awsRegionReplica, "ami_id_primary": amiIdPrimary, "ami_id_replica": amiIdReplica, clusterNamePrimaryVarName: formatCouchbaseClusterName("primary", uniqueIdPrimary), From 894dabc7fcba186390f284874dc3504564fc534e Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 22:46:08 -0400 Subject: [PATCH 25/31] Try to switch to setting regions via vars --- .../main.tf | 10 +++ .../providers.tf | 19 ----- .../variables.tf | 10 +++ ...hbase_multi_datacenter_replication_test.go | 81 +++---------------- 4 files changed, 32 insertions(+), 88 deletions(-) delete mode 100644 examples/couchbase-multi-datacenter-replication/providers.tf diff --git a/examples/couchbase-multi-datacenter-replication/main.tf b/examples/couchbase-multi-datacenter-replication/main.tf index cff1b50..5773fad 100644 --- a/examples/couchbase-multi-datacenter-replication/main.tf +++ b/examples/couchbase-multi-datacenter-replication/main.tf @@ -12,6 +12,16 @@ terraform { required_version = ">= 0.12" } +provider "aws" { + alias = "primary" + region = var.primary_region +} + +provider "aws" { + alias = "replica" + region = var.replica_region +} + # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE PRIMARY COUCHBASE CLUSTER # --------------------------------------------------------------------------------------------------------------------- diff --git a/examples/couchbase-multi-datacenter-replication/providers.tf b/examples/couchbase-multi-datacenter-replication/providers.tf deleted file mode 100644 index e0d0c8a..0000000 --- a/examples/couchbase-multi-datacenter-replication/providers.tf +++ /dev/null @@ -1,19 +0,0 @@ -# --------------------------------------------------------------------------------------------------------------------- -# CONFIGURE THE PRIMARY AND REPLICA PROVIDERS FOR THIS EXAMPLE -# Note that we do this in a separate file so the automated tests can override it and set custom regions in these -# providers. Ideally, we'd use Terraform file overrides instead, but those do not properly override provider aliases -# in Terraform 0.11. This may be fixed in Terraform 0.12. -# --------------------------------------------------------------------------------------------------------------------- - -provider "aws" { - alias = "primary" - # Region intentionally ommitted so this example will prompt the user for a region when run via Terraform Registry - # instructions -} - -provider "aws" { - alias = "replica" - # Region intentionally ommitted so this example will prompt the user for a region when run via Terraform Registry - # instructions -} - diff --git a/examples/couchbase-multi-datacenter-replication/variables.tf b/examples/couchbase-multi-datacenter-replication/variables.tf index 924cdab..99c18d0 100644 --- a/examples/couchbase-multi-datacenter-replication/variables.tf +++ b/examples/couchbase-multi-datacenter-replication/variables.tf @@ -11,6 +11,16 @@ # You must provide a value for each of these parameters. # --------------------------------------------------------------------------------------------------------------------- +variable "primary_region" { + description = "The region to deploy the primary to" + type = string +} + +variable "replica_region" { + description = "The region to deploy the replica to" + type = string +} + # --------------------------------------------------------------------------------------------------------------------- # OPTIONAL PARAMETERS # These parameters have reasonable defaults. diff --git a/test/couchbase_multi_datacenter_replication_test.go b/test/couchbase_multi_datacenter_replication_test.go index cfce169..e1b8047 100644 --- a/test/couchbase_multi_datacenter_replication_test.go +++ b/test/couchbase_multi_datacenter_replication_test.go @@ -1,17 +1,14 @@ package test import ( - "testing" - "path/filepath" "fmt" - "sync" - "github.com/gruntwork-io/terratest/modules/test-structure" + "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/gruntwork-io/terratest/modules/aws" - "github.com/gruntwork-io/terratest/modules/files" - "os" - "github.com/gruntwork-io/terratest/modules/logger" + "github.com/gruntwork-io/terratest/modules/test-structure" + "path/filepath" + "sync" + "testing" ) const clusterNamePrimaryVarName = "cluster_name_primary" @@ -105,8 +102,6 @@ func testCouchbaseMultiDataCenterReplication(t *testing.T, osName string, editio terraformOptions := test_structure.LoadTerraformOptions(t, couchbaseMultiClusterDir) terraform.Destroy(t, terraformOptions) - restoreProvider(t, couchbaseMultiClusterDir) - amiIdPrimary := test_structure.LoadString(t, couchbaseMultiClusterDir, savedAmiIdPrimary) amiIdReplica := test_structure.LoadString(t, couchbaseMultiClusterDir, savedAmiIdReplica) @@ -136,15 +131,15 @@ func testCouchbaseMultiDataCenterReplication(t *testing.T, osName string, editio uniqueIdPrimary := test_structure.LoadString(t, couchbaseMultiClusterDir, savedUniqueIdPrimary) uniqueIdReplica := test_structure.LoadString(t, couchbaseMultiClusterDir, savedUniqueIdReplica) - overrideProvider(t, couchbaseMultiClusterDir, awsRegionPrimary, awsRegionReplica) - terraformOptions := &terraform.Options{ TerraformDir: couchbaseMultiClusterDir, - Vars: map[string]interface{} { - "ami_id_primary": amiIdPrimary, - "ami_id_replica": amiIdReplica, - clusterNamePrimaryVarName: formatCouchbaseClusterName("primary", uniqueIdPrimary), - clusterNameReplicaVarName: formatCouchbaseClusterName("replica", uniqueIdReplica), + Vars: map[string]interface{}{ + "primary_region": awsRegionPrimary, + "replica_region": awsRegionReplica, + "ami_id_primary": amiIdPrimary, + "ami_id_replica": amiIdReplica, + clusterNamePrimaryVarName: formatCouchbaseClusterName("primary", uniqueIdPrimary), + clusterNameReplicaVarName: formatCouchbaseClusterName("replica", uniqueIdReplica), }, } @@ -168,55 +163,3 @@ func testCouchbaseMultiDataCenterReplication(t *testing.T, osName string, editio checkReplicationIsWorking(t, consoleUrlPrimary, consoleUrlReplica, "test-bucket", "test-bucket-replica") }) } - -const providerOverrideTemplate = ` -# This file temporarily overrides the providers at test time. The original providers file should be restored at the -# end of the test! - -provider "aws" { - alias = "primary" - region = "%s" -} - -provider "aws" { - alias = "replica" - region = "%s" -} -` - -// In order for the examples to work well with the Terraform Registry, where they are wrapped in a module, we cannot -// define the AWS regions in those providers. This works OK for manual usage, where the user can specify the region -// interactively, but not at test time. Therefore, as a workaround, we override the providers.tf file at test time -// with the regions fully defined, and then put it back at the end of the test in the restoreProvider function. -func overrideProvider(t *testing.T, couchbaseMultiClusterDir string, awsRegionPrimary string, awsRegionReplica string) { - providersFilePath := filepath.Join(couchbaseMultiClusterDir, providersFile) - providersFileBackupPath := filepath.Join(couchbaseMultiClusterDir, providersFileBackup) - - logger.Logf(t, "Backing up %s to %s", providersFilePath, providersFileBackupPath) - if err := files.CopyFile(providersFilePath, providersFileBackupPath); err != nil { - t.Fatal(err) - } - - newProvidersFileContents := fmt.Sprintf(providerOverrideTemplate, awsRegionPrimary, awsRegionReplica) - - logger.Logf(t, "Creating override proviers file at %s with contents:\n%s", providersFilePath, newProvidersFileContents) - if err := files.WriteFileWithSamePermissions(providersFilePath, providersFilePath, []byte(newProvidersFileContents)); err != nil { - t.Fatal(err) - } -} - -// See the overrideProvider method for details -func restoreProvider(t *testing.T, couchbaseMultiClusterDir string) { - providersFilePath := filepath.Join(couchbaseMultiClusterDir, providersFile) - providersFileBackupPath := filepath.Join(couchbaseMultiClusterDir, providersFileBackup) - - logger.Logf(t, "Restoring %s from %s", providersFilePath, providersFileBackupPath) - if err := files.CopyFile(providersFileBackupPath, providersFilePath); err != nil { - t.Fatal(err) - } - - logger.Logf(t, "Deleting %s", providersFileBackupPath) - if err := os.Remove(providersFileBackupPath); err != nil { - t.Fatal(err) - } -} \ No newline at end of file From 31d9a70aaba2d4546225efd1c0c023e1931f0304 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:10:45 -0400 Subject: [PATCH 26/31] Make termination_policies a list --- modules/couchbase-cluster/main.tf | 2 +- modules/couchbase-cluster/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/couchbase-cluster/main.tf b/modules/couchbase-cluster/main.tf index ab23645..073b602 100644 --- a/modules/couchbase-cluster/main.tf +++ b/modules/couchbase-cluster/main.tf @@ -19,7 +19,7 @@ resource "aws_autoscaling_group" "autoscaling_group" { min_size = var.min_size max_size = var.max_size - termination_policies = [var.termination_policies] + termination_policies = var.termination_policies health_check_type = var.health_check_type health_check_grace_period = var.health_check_grace_period diff --git a/modules/couchbase-cluster/variables.tf b/modules/couchbase-cluster/variables.tf index 8893e43..b19b3eb 100644 --- a/modules/couchbase-cluster/variables.tf +++ b/modules/couchbase-cluster/variables.tf @@ -68,8 +68,8 @@ variable "allowed_ssh_security_group_ids" { variable "termination_policies" { description = "A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default." - type = string - default = "Default" + type = list(string) + default = ["Default"] } variable "associate_public_ip_address" { From e49dc0e4d17bb77047e51f2a49916263cfc4afe1 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:11:12 -0400 Subject: [PATCH 27/31] Default spot_price to null --- modules/couchbase-cluster/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/couchbase-cluster/variables.tf b/modules/couchbase-cluster/variables.tf index b19b3eb..74c25e5 100644 --- a/modules/couchbase-cluster/variables.tf +++ b/modules/couchbase-cluster/variables.tf @@ -81,7 +81,7 @@ variable "associate_public_ip_address" { variable "spot_price" { description = "The maximum hourly price to pay for EC2 Spot Instances." type = string - default = "" + default = null } variable "tenancy" { From 8c9412aa93eda61ab056fb974cd6894d1e232cbf Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:12:26 -0400 Subject: [PATCH 28/31] Fix ebs_block_devices type --- modules/couchbase-cluster/variables.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/couchbase-cluster/variables.tf b/modules/couchbase-cluster/variables.tf index 74c25e5..ddd4af6 100644 --- a/modules/couchbase-cluster/variables.tf +++ b/modules/couchbase-cluster/variables.tf @@ -122,10 +122,11 @@ variable "root_volume_iops" { variable "ebs_block_devices" { description = "A list of EBS volumes to attach to each EC2 Instance. Each item in the list should be an object with the keys 'device_name', 'volume_type', 'volume_size', 'iops', 'delete_on_termination', and 'encrypted', as defined here: https://www.terraform.io/docs/providers/aws/r/launch_configuration.html#block-devices. We recommend using one EBS Volume for the Couchbase data dir and another one for the index dir." - # We can't narrow the inner type down more than "any" because if we use object, then all the fields will be required - # (whereas some, such as encrypted, should be optional), and if we use map, all the values must be of the same type, - # whereas some here are strings, some are bools, and some are ints. - type = list(any) + # We can't narrow the type down more than "any" because if we use list(object(...)), then all the fields in the + # object will be required (whereas some, such as encrypted, should be optional), and if we use list(map(...)), all + # the values in the map must be of the same type, whereas we need some to be strings, some to be bools, and some to + # be ints. So, we have to fall back to just any ugly "any." + type = any default = [] # Example: # From 30031d392201098a64abb8b68ac840b239593841 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:16:12 -0400 Subject: [PATCH 29/31] Remove lookup syntax without default --- modules/couchbase-cluster/main.tf | 12 ++++++------ modules/load-balancer-target-group/main.tf | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/couchbase-cluster/main.tf b/modules/couchbase-cluster/main.tf index 073b602..72456a7 100644 --- a/modules/couchbase-cluster/main.tf +++ b/modules/couchbase-cluster/main.tf @@ -35,9 +35,9 @@ resource "aws_autoscaling_group" "autoscaling_group" { for_each = var.tags content { - key = lookup(tag.value, "key") - value = lookup(tag.value, "value") - propagate_at_launch = lookup(tag.value, "propagate_at_launch") + key = tag.value["key"] + value = tag.value["value"] + propagate_at_launch = tag.value["propagate_at_launch"] } } } @@ -71,9 +71,9 @@ resource "aws_launch_configuration" "launch_configuration" { dynamic "ebs_block_device" { for_each = var.ebs_block_devices content { - device_name = lookup(ebs_block_device.value, "device_name") - volume_type = lookup(ebs_block_device.value, "volume_type") - volume_size = lookup(ebs_block_device.value, "volume_size") + device_name = ebs_block_device.value["device_name"] + volume_type = ebs_block_device.value["volume_type"] + volume_size = ebs_block_device.value["volume_size"] iops = lookup(ebs_block_device.value, "iops", null) encrypted = lookup(ebs_block_device.value, "encrypted", null) delete_on_termination = lookup(ebs_block_device.value, "delete_on_termination", null) diff --git a/modules/load-balancer-target-group/main.tf b/modules/load-balancer-target-group/main.tf index 987468e..e466de2 100644 --- a/modules/load-balancer-target-group/main.tf +++ b/modules/load-balancer-target-group/main.tf @@ -56,8 +56,8 @@ resource "aws_alb_listener_rule" "http_path" { dynamic "condition" { for_each = var.routing_condition content { - field = lookup(condition.value, "field") - values = lookup(condition.value, "values") + field = condition.value["field"] + values = condition.value["values"] } } } From 4129dba52a17136af704cce6bfc0e36ddbffdefd Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:16:17 -0400 Subject: [PATCH 30/31] Update syntax in READMEs --- modules/couchbase-iam-policies/README.md | 2 +- .../couchbase-server-security-group-rules/README.md | 2 +- modules/load-balancer-target-group/README.md | 12 ++++++------ modules/load-balancer/README.md | 1 - modules/sync-gateway-security-group-rules/README.md | 2 +- 5 files changed, 9 insertions(+), 10 deletions(-) diff --git a/modules/couchbase-iam-policies/README.md b/modules/couchbase-iam-policies/README.md index 83c507a..9221542 100644 --- a/modules/couchbase-iam-policies/README.md +++ b/modules/couchbase-iam-policies/README.md @@ -29,7 +29,7 @@ module "couchbase_iam_policies" { # TODO: replace with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-couchbase/releases source = "github.com/gruntwork-io/terraform-aws-couchbase//modules/couchbase-iam-policies?ref=" - iam_role_id = "${module.couchbase.iam_role_id}" + iam_role_id = module.couchbase.iam_role_id } ``` diff --git a/modules/couchbase-server-security-group-rules/README.md b/modules/couchbase-server-security-group-rules/README.md index 15681fd..208e46d 100644 --- a/modules/couchbase-server-security-group-rules/README.md +++ b/modules/couchbase-server-security-group-rules/README.md @@ -30,7 +30,7 @@ module "security_group_rules" { # TODO: replace with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-couchbase/releases source = "github.com/gruntwork-io/terraform-aws-couchbase//modules/couchbase-server-security-group-rules?ref=" - security_group_id = "${module.couchbase_cluster.security_group_id}" + security_group_id = module.couchbase_cluster.security_group_id rest_port = 8091 rest_port_cidr_blocks = ["0.0.0.0/0"] diff --git a/modules/load-balancer-target-group/README.md b/modules/load-balancer-target-group/README.md index d7f1b18..b71f21e 100644 --- a/modules/load-balancer-target-group/README.md +++ b/modules/load-balancer-target-group/README.md @@ -27,7 +27,7 @@ module "couchbase" { # TODO: replace with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-couchbase/releases source = "github.com/gruntwork/terraform-aws-couchbase//modules/couchbase-cluster?ref=" - cluster_name = "${var.cluster_name}" + cluster_name = var.cluster_name health_check_type = "ELB" @@ -38,7 +38,7 @@ module "load_balancer" { # TODO: replace with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-couchbase/releases source = "github.com/gruntwork/terraform-aws-couchbase//modules/load-balancer?ref=" - name = "${var.cluster_name}" + name = var.cluster_name http_listener_ports = [8091, 4984] @@ -63,11 +63,11 @@ module "couchbase_target_group" { source = "github.com/gruntwork/terraform-aws-couchbase//modules/load-balancer-target-group?ref=" target_group_name = "${var.cluster_name}-cb" - asg_name = "${module.couchbase.asg_name}" + asg_name = module.couchbase.asg_name port = 8091 health_check_path = "/ui/index.html" - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, 8091)}"] + listener_arns = [module.load_balancer.http_listener_arns[8091]] num_listener_arns = 1 listener_rule_starting_priority = 100 @@ -83,11 +83,11 @@ module "sync_gateway_target_group" { source = "github.com/gruntwork/terraform-aws-couchbase//modules/load-balancer-target-group?ref=" target_group_name = "${var.cluster_name}-sg" - asg_name = "${module.couchbase.asg_name}" + asg_name = module.couchbase.asg_name port = 4985 health_check_path = "/" - listener_arns = ["${lookup(module.load_balancer.http_listener_arns, 4984)}"] + listener_arns = [module.load_balancer.http_listener_arns[4984]] num_listener_arns = 1 listener_rule_starting_priority = 100 diff --git a/modules/load-balancer/README.md b/modules/load-balancer/README.md index 6981ebc..c3e457f 100644 --- a/modules/load-balancer/README.md +++ b/modules/load-balancer/README.md @@ -44,7 +44,6 @@ module "load_balancer" { } ] - allow_ inbound_from_cidr_blocks = ["0.0.0.0/0"] # ... See variables.tf for the other parameters you must define for this module diff --git a/modules/sync-gateway-security-group-rules/README.md b/modules/sync-gateway-security-group-rules/README.md index e10c91a..f5e50b6 100644 --- a/modules/sync-gateway-security-group-rules/README.md +++ b/modules/sync-gateway-security-group-rules/README.md @@ -28,7 +28,7 @@ module "security_group_rules" { # TODO: replace with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-couchbase/releases source = "github.com/gruntwork-io/terraform-aws-couchbase//modules/sync-gateway-security-group-rules?ref=" - security_group_id = "${module.sync_gateway.security_group_id}" + security_group_id = module.sync_gateway.security_group_id interface_port = 4984 interface_port_cidr_blocks = ["0.0.0.0/0"] From 08b796997af782fee51b313ca1e89dd3d77d6549 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Mon, 24 Jun 2019 23:37:41 -0400 Subject: [PATCH 31/31] Add TF 0.12 badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index db0fdf0..ddbfff5 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ [![Maintained by Gruntwork.io](https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg)](https://gruntwork.io/?ref=repo_aws_couchbase) +![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.12.0-blue.svg) + # Couchbase AWS Module This repo contains a Module for deploying [Couchbase](https://www.couchbase.com/) on [AWS](https://aws.amazon.com/)