Skip to content

Commit

Permalink
Merge pull request #345 from sassoftware/IAC-1196
Browse files Browse the repository at this point in the history
chore: (IAC-1196) Update path pattern to support additional branches
  • Loading branch information
riragh authored Jan 9, 2024
2 parents 18c34b8 + f951885 commit c3e8b70
Show file tree
Hide file tree
Showing 15 changed files with 65 additions and 75 deletions.
9 changes: 6 additions & 3 deletions .github/workflows/linter-analysis.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Linter Analysis
on:
push:
branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
branches: ['**'] # '*' will cause the workflow to run on all commits to all branches.

jobs:
# Hadolint: Job-1
Expand Down Expand Up @@ -52,8 +52,11 @@ jobs:
tflint_version: latest
github_token: ${{ secrets.LINTER_TOKEN }}

- name: Initializing viya4-iac-azure
run: terraform init

- name: Initializing TFLint
run: TFLINT_LOG=info tflint --init -c .tflint.hcl
run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl"

- name: Run TFLint Action
run: TFLINT_LOG=info tflint -c .tflint.hcl
run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive
11 changes: 11 additions & 0 deletions linting-configs/.tflint.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,14 @@ plugin "terraform" {
rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
enabled = false
}

# We specify the versions and providers in the top level versions.tf.
# This stops it from throwing a warning when scanning our modules
# in viya4-iac-azure/modules/
rule "terraform_required_version" {
enabled = false
}

rule "terraform_required_providers" {
enabled = false
}
2 changes: 1 addition & 1 deletion locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ locals {

# Useful flags
ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
? file(var.ssh_public_key)
? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null
: null
)

Expand Down
2 changes: 0 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ module "aks" {

aks_cluster_name = "${var.prefix}-aks"
aks_cluster_rg = local.aks_rg.name
aks_cluster_rg_id = local.aks_rg.id
aks_cluster_dns_prefix = "${var.prefix}-aks"
aks_cluster_sku_tier = var.aks_cluster_sku_tier
aks_cluster_location = var.location
Expand Down Expand Up @@ -241,7 +240,6 @@ module "netapp" {
prefix = var.prefix
resource_group_name = local.aks_rg.name
location = var.location
vnet_name = module.vnet.name
subnet_id = module.vnet.subnets["netapp"].id
network_features = var.netapp_network_features
service_level = var.netapp_service_level
Expand Down
4 changes: 2 additions & 2 deletions modules/aks_node_pool/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,8 @@ variable "min_nodes" {

variable "node_taints" {
description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
type = list(any)
default = []
type = list(any)
default = []
}

variable "node_labels" {
Expand Down
36 changes: 18 additions & 18 deletions modules/azure_aks/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@

# Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = var.aks_cluster_name
location = var.aks_cluster_location
resource_group_name = var.aks_cluster_rg
dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null

sku_tier = var.aks_cluster_sku_tier
role_based_access_control_enabled = true
http_application_routing_enabled = false
name = var.aks_cluster_name
location = var.aks_cluster_location
resource_group_name = var.aks_cluster_rg
dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null

sku_tier = var.aks_cluster_sku_tier
role_based_access_control_enabled = true
http_application_routing_enabled = false

# https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
# az aks get-versions --location eastus -o table
kubernetes_version = var.kubernetes_version
api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
private_cluster_enabled = var.aks_private_cluster
private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
kubernetes_version = var.kubernetes_version
api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
private_cluster_enabled = var.aks_private_cluster
private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)

network_profile {
network_plugin = var.aks_network_plugin
Expand All @@ -45,7 +45,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
content {
admin_username = var.aks_cluster_node_admin
ssh_key {
key_data = var.aks_cluster_ssh_public_key
key_data = var.aks_cluster_ssh_public_key
}
}
}
Expand Down Expand Up @@ -80,7 +80,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
dynamic "identity" {
for_each = var.aks_uai_id == null ? [] : [1]
content {
type = "UserAssigned"
type = "UserAssigned"
identity_ids = [var.aks_uai_id]
}
}
Expand Down Expand Up @@ -108,8 +108,8 @@ resource "azurerm_kubernetes_cluster" "aks" {

}

data "azurerm_public_ip" "cluster_public_ip" {
count = var.cluster_egress_type == "loadBalancer" ? 1 : 0
data "azurerm_public_ip" "cluster_public_ip" {
count = var.cluster_egress_type == "loadBalancer" ? 1 : 0

# effective_outbound_ips is a set of strings, that needs to be converted to a list type
name = split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile[0].load_balancer_profile[0].effective_outbound_ips)[0])[8]
Expand Down
9 changes: 2 additions & 7 deletions modules/azure_aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,6 @@ variable "aks_cluster_rg" {
type = string
}

variable "aks_cluster_rg_id" {
description = "The `azurerm_kubernetes_cluster`'s id."
type = string
}

variable "aks_cluster_dns_prefix" {
description = "DNS prefix specified when creating the managed cluster."
type = string
Expand Down Expand Up @@ -146,7 +141,7 @@ variable "aks_dns_service_ip" {
type = string
default = "10.0.0.10"
validation {
condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false
error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
}

Expand Down Expand Up @@ -225,6 +220,6 @@ variable "cluster_egress_type" {
}

variable "aks_cluster_private_dns_zone_id" {
type = string
type = string
default = ""
}
2 changes: 1 addition & 1 deletion modules/azurerm_netapp/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ output "netapp_pool_id" {
}

output "netapp_endpoint" {
value = azurerm_netapp_volume.anf.mount_ip_addresses.0
value = azurerm_netapp_volume.anf.mount_ip_addresses[0]
}

output "netapp_path" {
Expand Down
11 changes: 0 additions & 11 deletions modules/azurerm_netapp/variables.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

variable create_netapp {
description = "Boolean flag to create Azure NetApp Files"
type = bool
default = false
}

variable "prefix" {
description = "A prefix used in the name for all the Azure resources created by this script."
type = string
Expand All @@ -22,11 +16,6 @@ variable "location" {
type = string
}

variable "vnet_name" {
description = "Azure Virtual Network"
type = string
}

variable "subnet_id" {
description = "Azure subnet id for Azure NetApp Files"
type = string
Expand Down
12 changes: 6 additions & 6 deletions modules/azurerm_postgresql_flex/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
}

resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" {
for_each = {
for config in var.postgresql_configurations:
config.name => config
for_each = {
for config in var.postgresql_configurations :
config.name => config
}

name = each.value.name
server_id = azurerm_postgresql_flexible_server.flexpsql.id
value = each.value.value
name = each.value.name
server_id = azurerm_postgresql_flexible_server.flexpsql.id
value = each.value.value
}

resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" {
Expand Down
6 changes: 0 additions & 6 deletions modules/azurerm_postgresql_flex/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,3 @@ variable "delegated_subnet_id" {
description = "The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created."
type = string
}

variable "private_dns_zone_id" {
description = "The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created."
type = string
default = null
}
22 changes: 11 additions & 11 deletions modules/azurerm_vnet/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
# Sourced and modified from https://github.com/Azure/terraform-azurerm-vnet
locals {
vnet_name = coalesce(var.name, "${var.prefix}-vnet")
subnets = ( length(var.existing_subnets) == 0
? [ for k, v in azurerm_subnet.subnet[*] :{ for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
: [ for k, v in data.azurerm_subnet.subnet[*] :{for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
subnets = (length(var.existing_subnets) == 0
? [for k, v in azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
: [for k, v in data.azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
)
}

Expand Down Expand Up @@ -35,14 +35,14 @@ data "azurerm_subnet" "subnet" {
}

resource "azurerm_subnet" "subnet" {
for_each = length(var.existing_subnets) == 0 ? var.subnets : {}
name = "${var.prefix}-${each.key}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = local.vnet_name
address_prefixes = each.value.prefixes
service_endpoints = each.value.service_endpoints
private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled
private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
for_each = length(var.existing_subnets) == 0 ? var.subnets : {}
name = "${var.prefix}-${each.key}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = local.vnet_name
address_prefixes = each.value.prefixes
service_endpoints = each.value.service_endpoints
private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled
private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
dynamic "delegation" {
for_each = each.value.service_delegations
content {
Expand Down
8 changes: 4 additions & 4 deletions modules/kubeconfig/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ locals {
cluster_name = var.cluster_name
endpoint = var.endpoint
name = local.service_account_name
ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data,"ca.crt", ""))
token = lookup(data.kubernetes_secret.sa_secret[0].data,"token", "")
ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data, "ca.crt", ""))
token = lookup(data.kubernetes_secret.sa_secret[0].data, "token", "")
namespace = var.namespace
}) : null
}
Expand All @@ -33,7 +33,7 @@ data "kubernetes_secret" "sa_secret" {
name = kubernetes_secret.sa_secret[0].metadata[0].name
namespace = var.namespace
}

depends_on = [kubernetes_secret.sa_secret]
}

Expand Down Expand Up @@ -66,7 +66,7 @@ resource "kubernetes_service_account" "kubernetes_sa" {
resource "kubernetes_cluster_role_binding" "kubernetes_crb" {
count = var.create_static_kubeconfig ? 1 : 0
metadata {
name = local.cluster_role_binding_name
name = local.cluster_role_binding_name
}
role_ref {
api_group = "rbac.authorization.k8s.io"
Expand Down
2 changes: 1 addition & 1 deletion modules/kubeconfig/output.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@
# SPDX-License-Identifier: Apache-2.0

output "kube_config" {
value = local_file.kubeconfig.content
value = local_file.kubeconfig.content
sensitive = true
}
4 changes: 2 additions & 2 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -756,8 +756,8 @@ variable "aks_identity" {

variable "aks_cluster_private_dns_zone_id" {
description = "Specify private DNS zone resource ID for AKS private cluster to use."
type = string
default = ""
type = string
default = ""
}

## Message Broker - Azure Service Bus - Experimental
Expand Down

0 comments on commit c3e8b70

Please sign in to comment.