fix: remove un-used variables and update linting checks to ensure thi…

…s is catched in the future
terraform-aws-modules · Nov 17, 2021 · affe754 · affe754
1 parent 9c80ff9
commit affe754
Show file tree

Hide file tree

Showing 20 changed files with 60 additions and 105 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,13 +1,27 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.55.0
+    rev: v1.56.0
     hooks:
       - id: terraform_fmt
+      - id: terraform_validate
       - id: terraform_docs
         args:
           - '--args=--lockfile=false'
-      - id: terraform_validate
       - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:

diff --git a/README.md b/README.md
@@ -114,21 +114,17 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_auth"></a> [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | `map(string)` | `{}` | no |
 | <a name="input_auth_scheme"></a> [auth\_scheme](#input\_auth\_scheme) | The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS` | `string` | `"SECRETS"` | no |
 | <a name="input_connection_borrow_timeout"></a> [connection\_borrow\_timeout](#input\_connection\_borrow\_timeout) | The number of seconds for a proxy to wait for a connection to become available in the connection pool | `number` | `null` | no |
 | <a name="input_create_iam_policy"></a> [create\_iam\_policy](#input\_create\_iam\_policy) | Determines whether an IAM policy is created | `bool` | `true` | no |
 | <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created | `bool` | `true` | no |
 | <a name="input_create_proxy"></a> [create\_proxy](#input\_create\_proxy) | Determines whether a proxy and its resources will be created | `bool` | `true` | no |
 | <a name="input_db_cluster_identifier"></a> [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
-| <a name="input_db_host"></a> [db\_host](#input\_db\_host) | The identifier to use for the database endpoint | `string` | `""` | no |
 | <a name="input_db_instance_identifier"></a> [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
-| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | The name of the database | `string` | `""` | no |
 | <a name="input_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#input\_db\_proxy\_endpoints) | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no |
 | <a name="input_debug_logging"></a> [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
 | <a name="input_engine_family"></a> [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
 | <a name="input_iam_auth"></a> [iam\_auth](#input\_iam\_auth) | Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED` | `string` | `"REQUIRED"` | no |
-| <a name="input_iam_creation_wait_duration"></a> [iam\_creation\_wait\_duration](#input\_iam\_creation\_wait\_duration) | Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay. | `string` | `"30s"` | no |
 | <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | The description of the role | `string` | `""` | no |
 | <a name="input_iam_role_force_detach_policies"></a> [iam\_role\_force\_detach\_policies](#input\_iam\_role\_force\_detach\_policies) | Specifies to force detaching any policies the role has before destroying it | `bool` | `true` | no |

diff --git a/examples/mysql_iam_cluster/README.md b/examples/mysql_iam_cluster/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
@@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

diff --git a/examples/mysql_iam_cluster/main.tf b/examples/mysql_iam_cluster/main.tf
@@ -3,25 +3,17 @@ provider "aws" {
 }
 
 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result
 
   tags = {
     Example     = local.name
     Environment = "dev"
   }
 }
 
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -72,7 +64,7 @@ module "rds" {
   version = "~> 6.0"
 
   name            = local.name
-  database_name   = local.db_name
+  database_name   = "example"
   master_username = local.db_username
   master_password = local.db_password
 
@@ -213,8 +205,6 @@ module "rds_proxy" {
   }
 
   engine_family = "MYSQL"
-  db_host       = module.rds.cluster_endpoint
-  db_name       = module.rds.cluster_database_name
   debug_logging = true
 
   # Target Aurora cluster

diff --git a/examples/mysql_iam_cluster/variables.tf b/examples/mysql_iam_cluster/variables.tf
diff --git a/examples/mysql_iam_cluster/versions.tf b/examples/mysql_iam_cluster/versions.tf
@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 3.38"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
   }
 }
diff --git a/examples/mysql_iam_instance/README.md b/examples/mysql_iam_instance/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
@@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

diff --git a/examples/mysql_iam_instance/main.tf b/examples/mysql_iam_instance/main.tf
@@ -3,25 +3,17 @@ provider "aws" {
 }
 
 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result
 
   tags = {
     Example     = local.name
     Environment = "dev"
   }
 }
 
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -92,7 +84,7 @@ module "rds" {
   source  = "terraform-aws-modules/rds/aws"
   version = "~> 3.0"
 
-  name     = local.db_name
+  name     = "example"
   username = local.db_username
   password = local.db_password
 
@@ -218,8 +210,6 @@ module "rds_proxy" {
   }
 
   engine_family = "MYSQL"
-  db_host       = module.rds.db_instance_address
-  db_name       = module.rds.db_instance_name
   debug_logging = true
 
   # Target RDS instance

diff --git a/examples/mysql_iam_instance/variables.tf b/examples/mysql_iam_instance/variables.tf
diff --git a/examples/mysql_iam_instance/versions.tf b/examples/mysql_iam_instance/versions.tf
@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 3.38"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
   }
 }
diff --git a/examples/postgresql_iam_cluster/README.md b/examples/postgresql_iam_cluster/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
@@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

diff --git a/examples/postgresql_iam_cluster/main.tf b/examples/postgresql_iam_cluster/main.tf
@@ -3,25 +3,17 @@ provider "aws" {
 }
 
 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result
 
   tags = {
     Example     = local.name
     Environment = "dev"
   }
 }
 
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -72,7 +64,7 @@ module "rds" {
   version = "~> 6.0"
 
   name            = local.name
-  database_name   = local.db_name
+  database_name   = "example"
   master_username = local.db_username
   master_password = local.db_password
 
@@ -213,8 +205,6 @@ module "rds_proxy" {
   }
 
   engine_family = "POSTGRESQL"
-  db_host       = module.rds.cluster_endpoint
-  db_name       = module.rds.cluster_database_name
   debug_logging = true
 
   # Target Aurora cluster

diff --git a/examples/postgresql_iam_cluster/variables.tf b/examples/postgresql_iam_cluster/variables.tf
diff --git a/examples/postgresql_iam_cluster/versions.tf b/examples/postgresql_iam_cluster/versions.tf
@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 3.38"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
   }
 }
diff --git a/examples/postgresql_iam_instance/README.md b/examples/postgresql_iam_instance/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
@@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

diff --git a/examples/postgresql_iam_instance/main.tf b/examples/postgresql_iam_instance/main.tf
@@ -3,25 +3,17 @@ provider "aws" {
 }
 
 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result
 
   tags = {
     Example     = local.name
     Environment = "dev"
   }
 }
 
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -92,7 +84,7 @@ module "rds" {
   source  = "terraform-aws-modules/rds/aws"
   version = "~> 3.0"
 
-  name     = local.db_name
+  name     = "example"
   username = local.db_username
   password = local.db_password
 
@@ -218,8 +210,6 @@ module "rds_proxy" {
   }
 
   engine_family = "POSTGRESQL"
-  db_host       = module.rds.db_instance_address
-  db_name       = module.rds.db_instance_name
   debug_logging = true
 
   # Target RDS instance

diff --git a/examples/postgresql_iam_instance/variables.tf b/examples/postgresql_iam_instance/variables.tf
diff --git a/examples/postgresql_iam_instance/versions.tf b/examples/postgresql_iam_instance/versions.tf
@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 3.38"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
   }
 }
diff --git a/main.tf b/main.tf
@@ -1,7 +1,4 @@
 locals {
-  db_identifier_key   = var.db_instance_identifier != "" ? "dbInstanceIdentifier" : "dbClusterIdentifier"
-  db_identifier_value = var.db_instance_identifier != "" ? var.db_instance_identifier : var.db_cluster_identifier
-
   role_arn    = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn
   role_name   = coalesce(var.iam_role_name, var.name)
   policy_name = coalesce(var.iam_policy_name, var.name)