diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 79ce661b..954c9818 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -1,7 +1,7 @@ name: Linter Analysis on: push: - branches: ['*'] # '*' will cause the workflow to run on all commits to all branches. + branches: ['**'] # '*' will cause the workflow to run on all commits to all branches. jobs: # Hadolint: Job-1 @@ -52,8 +52,11 @@ jobs: tflint_version: latest github_token: ${{ secrets.LINTER_TOKEN }} + - name: Initializing viya4-iac-azure + run: terraform init + - name: Initializing TFLint - run: TFLINT_LOG=info tflint --init -c .tflint.hcl + run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" - name: Run TFLint Action - run: TFLINT_LOG=info tflint -c .tflint.hcl + run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl index cc2593de..f49fac6a 100644 --- a/linting-configs/.tflint.hcl +++ b/linting-configs/.tflint.hcl @@ -26,3 +26,14 @@ plugin "terraform" { rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" { enabled = false } + +# We specify the versions and providers in the top level versions.tf. +# This stops it from throwing a warning when scanning our modules +# in viya4-iac-azure/modules/ +rule "terraform_required_version" { + enabled = false +} + +rule "terraform_required_providers" { + enabled = false +} diff --git a/locals.tf b/locals.tf index 19666a15..99b57c5b 100644 --- a/locals.tf +++ b/locals.tf @@ -5,7 +5,7 @@ locals { # Useful flags ssh_public_key = (var.create_jump_vm || var.storage_type == "standard" - ? file(var.ssh_public_key) + ? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null : null ) diff --git a/main.tf b/main.tf index dc607342..bd14d89b 100644 --- a/main.tf +++ b/main.tf @@ -131,7 +131,6 @@ module "aks" { aks_cluster_name = "${var.prefix}-aks" aks_cluster_rg = local.aks_rg.name - aks_cluster_rg_id = local.aks_rg.id aks_cluster_dns_prefix = "${var.prefix}-aks" aks_cluster_sku_tier = var.aks_cluster_sku_tier aks_cluster_location = var.location @@ -241,7 +240,6 @@ module "netapp" { prefix = var.prefix resource_group_name = local.aks_rg.name location = var.location - vnet_name = module.vnet.name subnet_id = module.vnet.subnets["netapp"].id network_features = var.netapp_network_features service_level = var.netapp_service_level diff --git a/modules/aks_node_pool/variables.tf b/modules/aks_node_pool/variables.tf index b84cf6f7..1ab640db 100755 --- a/modules/aks_node_pool/variables.tf +++ b/modules/aks_node_pool/variables.tf @@ -85,8 +85,8 @@ variable "min_nodes" { variable "node_taints" { description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created." - type = list(any) - default = [] + type = list(any) + default = [] } variable "node_labels" { diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf index d1d0098c..85078514 100644 --- a/modules/azure_aks/main.tf +++ b/modules/azure_aks/main.tf @@ -3,22 +3,22 @@ # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster resource "azurerm_kubernetes_cluster" "aks" { - name = var.aks_cluster_name - location = var.aks_cluster_location - resource_group_name = var.aks_cluster_rg - dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null - dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null - - sku_tier = var.aks_cluster_sku_tier - role_based_access_control_enabled = true - http_application_routing_enabled = false - + name = var.aks_cluster_name + location = var.aks_cluster_location + resource_group_name = var.aks_cluster_rg + dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null + dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null + + sku_tier = var.aks_cluster_sku_tier + role_based_access_control_enabled = true + http_application_routing_enabled = false + # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions # az aks get-versions --location eastus -o table - kubernetes_version = var.kubernetes_version - api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs - private_cluster_enabled = var.aks_private_cluster - private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null) + kubernetes_version = var.kubernetes_version + api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs + private_cluster_enabled = var.aks_private_cluster + private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null) network_profile { network_plugin = var.aks_network_plugin @@ -45,7 +45,7 @@ resource "azurerm_kubernetes_cluster" "aks" { content { admin_username = var.aks_cluster_node_admin ssh_key { - key_data = var.aks_cluster_ssh_public_key + key_data = var.aks_cluster_ssh_public_key } } } @@ -80,7 +80,7 @@ resource "azurerm_kubernetes_cluster" "aks" { dynamic "identity" { for_each = var.aks_uai_id == null ? [] : [1] content { - type = "UserAssigned" + type = "UserAssigned" identity_ids = [var.aks_uai_id] } } @@ -108,8 +108,8 @@ resource "azurerm_kubernetes_cluster" "aks" { } - data "azurerm_public_ip" "cluster_public_ip" { - count = var.cluster_egress_type == "loadBalancer" ? 1 : 0 +data "azurerm_public_ip" "cluster_public_ip" { + count = var.cluster_egress_type == "loadBalancer" ? 1 : 0 # effective_outbound_ips is a set of strings, that needs to be converted to a list type name = split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile[0].load_balancer_profile[0].effective_outbound_ips)[0])[8] diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf index 92795558..01330e73 100644 --- a/modules/azure_aks/variables.tf +++ b/modules/azure_aks/variables.tf @@ -11,11 +11,6 @@ variable "aks_cluster_rg" { type = string } -variable "aks_cluster_rg_id" { - description = "The `azurerm_kubernetes_cluster`'s id." - type = string -} - variable "aks_cluster_dns_prefix" { description = "DNS prefix specified when creating the managed cluster." type = string @@ -146,7 +141,7 @@ variable "aks_dns_service_ip" { type = string default = "10.0.0.10" validation { - condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false + condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address." } @@ -225,6 +220,6 @@ variable "cluster_egress_type" { } variable "aks_cluster_private_dns_zone_id" { - type = string + type = string default = "" } diff --git a/modules/azurerm_netapp/outputs.tf b/modules/azurerm_netapp/outputs.tf index a9d2530c..75b68b3f 100644 --- a/modules/azurerm_netapp/outputs.tf +++ b/modules/azurerm_netapp/outputs.tf @@ -10,7 +10,7 @@ output "netapp_pool_id" { } output "netapp_endpoint" { - value = azurerm_netapp_volume.anf.mount_ip_addresses.0 + value = azurerm_netapp_volume.anf.mount_ip_addresses[0] } output "netapp_path" { diff --git a/modules/azurerm_netapp/variables.tf b/modules/azurerm_netapp/variables.tf index 719a6d60..c52fc787 100644 --- a/modules/azurerm_netapp/variables.tf +++ b/modules/azurerm_netapp/variables.tf @@ -1,12 +1,6 @@ # Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -variable create_netapp { - description = "Boolean flag to create Azure NetApp Files" - type = bool - default = false -} - variable "prefix" { description = "A prefix used in the name for all the Azure resources created by this script." type = string @@ -22,11 +16,6 @@ variable "location" { type = string } -variable "vnet_name" { - description = "Azure Virtual Network" - type = string -} - variable "subnet_id" { description = "Azure subnet id for Azure NetApp Files" type = string diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf index 54ef2695..e2e12523 100644 --- a/modules/azurerm_postgresql_flex/main.tf +++ b/modules/azurerm_postgresql_flex/main.tf @@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" { } resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" { - for_each = { - for config in var.postgresql_configurations: - config.name => config + for_each = { + for config in var.postgresql_configurations : + config.name => config } - name = each.value.name - server_id = azurerm_postgresql_flexible_server.flexpsql.id - value = each.value.value + name = each.value.name + server_id = azurerm_postgresql_flexible_server.flexpsql.id + value = each.value.value } resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" { diff --git a/modules/azurerm_postgresql_flex/variables.tf b/modules/azurerm_postgresql_flex/variables.tf index 6e43fdc2..68ef4bfc 100644 --- a/modules/azurerm_postgresql_flex/variables.tf +++ b/modules/azurerm_postgresql_flex/variables.tf @@ -98,9 +98,3 @@ variable "delegated_subnet_id" { description = "The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created." type = string } - -variable "private_dns_zone_id" { - description = "The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created." - type = string - default = null -} diff --git a/modules/azurerm_vnet/main.tf b/modules/azurerm_vnet/main.tf index 7a0a1387..f27a7a28 100644 --- a/modules/azurerm_vnet/main.tf +++ b/modules/azurerm_vnet/main.tf @@ -4,9 +4,9 @@ # Sourced and modified from https://github.com/Azure/terraform-azurerm-vnet locals { vnet_name = coalesce(var.name, "${var.prefix}-vnet") - subnets = ( length(var.existing_subnets) == 0 - ? [ for k, v in azurerm_subnet.subnet[*] :{ for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0] - : [ for k, v in data.azurerm_subnet.subnet[*] :{for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0] + subnets = (length(var.existing_subnets) == 0 + ? [for k, v in azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0] + : [for k, v in data.azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0] ) } @@ -35,14 +35,14 @@ data "azurerm_subnet" "subnet" { } resource "azurerm_subnet" "subnet" { - for_each = length(var.existing_subnets) == 0 ? var.subnets : {} - name = "${var.prefix}-${each.key}-subnet" - resource_group_name = var.resource_group_name - virtual_network_name = local.vnet_name - address_prefixes = each.value.prefixes - service_endpoints = each.value.service_endpoints - private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled - private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled + for_each = length(var.existing_subnets) == 0 ? var.subnets : {} + name = "${var.prefix}-${each.key}-subnet" + resource_group_name = var.resource_group_name + virtual_network_name = local.vnet_name + address_prefixes = each.value.prefixes + service_endpoints = each.value.service_endpoints + private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled + private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled dynamic "delegation" { for_each = each.value.service_delegations content { diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf index f4361123..88d40a9e 100644 --- a/modules/kubeconfig/main.tf +++ b/modules/kubeconfig/main.tf @@ -21,8 +21,8 @@ locals { cluster_name = var.cluster_name endpoint = var.endpoint name = local.service_account_name - ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data,"ca.crt", "")) - token = lookup(data.kubernetes_secret.sa_secret[0].data,"token", "") + ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data, "ca.crt", "")) + token = lookup(data.kubernetes_secret.sa_secret[0].data, "token", "") namespace = var.namespace }) : null } @@ -33,7 +33,7 @@ data "kubernetes_secret" "sa_secret" { name = kubernetes_secret.sa_secret[0].metadata[0].name namespace = var.namespace } - + depends_on = [kubernetes_secret.sa_secret] } @@ -66,7 +66,7 @@ resource "kubernetes_service_account" "kubernetes_sa" { resource "kubernetes_cluster_role_binding" "kubernetes_crb" { count = var.create_static_kubeconfig ? 1 : 0 metadata { - name = local.cluster_role_binding_name + name = local.cluster_role_binding_name } role_ref { api_group = "rbac.authorization.k8s.io" diff --git a/modules/kubeconfig/output.tf b/modules/kubeconfig/output.tf index c9de0960..a7a3877d 100644 --- a/modules/kubeconfig/output.tf +++ b/modules/kubeconfig/output.tf @@ -2,6 +2,6 @@ # SPDX-License-Identifier: Apache-2.0 output "kube_config" { - value = local_file.kubeconfig.content + value = local_file.kubeconfig.content sensitive = true } diff --git a/variables.tf b/variables.tf index ee188417..0bf409b3 100644 --- a/variables.tf +++ b/variables.tf @@ -756,8 +756,8 @@ variable "aks_identity" { variable "aks_cluster_private_dns_zone_id" { description = "Specify private DNS zone resource ID for AKS private cluster to use." - type = string - default = "" + type = string + default = "" } ## Message Broker - Azure Service Bus - Experimental