From affe75472781ed865bdad2928ef336164f7d8c47 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Wed, 17 Nov 2021 08:04:41 -0500 Subject: [PATCH] fix: remove un-used variables and update linting checks to ensure this is catched in the future --- .pre-commit-config.yaml | 18 ++++++++++++-- README.md | 4 ---- examples/mysql_iam_cluster/README.md | 5 ++-- examples/mysql_iam_cluster/main.tf | 20 ++++------------ examples/mysql_iam_cluster/variables.tf | 0 examples/mysql_iam_cluster/versions.tf | 4 ++++ examples/mysql_iam_instance/README.md | 5 ++-- examples/mysql_iam_instance/main.tf | 20 ++++------------ examples/mysql_iam_instance/variables.tf | 0 examples/mysql_iam_instance/versions.tf | 4 ++++ examples/postgresql_iam_cluster/README.md | 5 ++-- examples/postgresql_iam_cluster/main.tf | 20 ++++------------ examples/postgresql_iam_cluster/variables.tf | 0 examples/postgresql_iam_cluster/versions.tf | 4 ++++ examples/postgresql_iam_instance/README.md | 5 ++-- examples/postgresql_iam_instance/main.tf | 20 ++++------------ examples/postgresql_iam_instance/variables.tf | 0 examples/postgresql_iam_instance/versions.tf | 4 ++++ main.tf | 3 --- variables.tf | 24 ------------------- 20 files changed, 60 insertions(+), 105 deletions(-) create mode 100644 examples/mysql_iam_cluster/variables.tf create mode 100644 examples/mysql_iam_instance/variables.tf create mode 100644 examples/postgresql_iam_cluster/variables.tf create mode 100644 examples/postgresql_iam_instance/variables.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3bc131b..ad121ba 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,27 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.55.0 + rev: v1.56.0 hooks: - id: terraform_fmt + - id: terraform_validate - id: terraform_docs args: - '--args=--lockfile=false' - - id: terraform_validate - id: terraform_tflint + args: + - '--args=--only=terraform_deprecated_interpolation' + - '--args=--only=terraform_deprecated_index' + - '--args=--only=terraform_unused_declarations' + - '--args=--only=terraform_comment_syntax' + - '--args=--only=terraform_documented_outputs' + - '--args=--only=terraform_documented_variables' + - '--args=--only=terraform_typed_variables' + - '--args=--only=terraform_module_pinned_source' + - '--args=--only=terraform_naming_convention' + - '--args=--only=terraform_required_version' + - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_standard_module_structure' + - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: diff --git a/README.md b/README.md index d648522..3015ace 100644 --- a/README.md +++ b/README.md @@ -114,21 +114,17 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | `map(string)` | `{}` | no | | [auth\_scheme](#input\_auth\_scheme) | The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS` | `string` | `"SECRETS"` | no | | [connection\_borrow\_timeout](#input\_connection\_borrow\_timeout) | The number of seconds for a proxy to wait for a connection to become available in the connection pool | `number` | `null` | no | | [create\_iam\_policy](#input\_create\_iam\_policy) | Determines whether an IAM policy is created | `bool` | `true` | no | | [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created | `bool` | `true` | no | | [create\_proxy](#input\_create\_proxy) | Determines whether a proxy and its resources will be created | `bool` | `true` | no | | [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no | -| [db\_host](#input\_db\_host) | The identifier to use for the database endpoint | `string` | `""` | no | | [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no | -| [db\_name](#input\_db\_name) | The name of the database | `string` | `""` | no | | [db\_proxy\_endpoints](#input\_db\_proxy\_endpoints) | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no | | [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no | | [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no | | [iam\_auth](#input\_iam\_auth) | Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED` | `string` | `"REQUIRED"` | no | -| [iam\_creation\_wait\_duration](#input\_iam\_creation\_wait\_duration) | Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay. | `string` | `"30s"` | no | | [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no | | [iam\_role\_description](#input\_iam\_role\_description) | The description of the role | `string` | `""` | no | | [iam\_role\_force\_detach\_policies](#input\_iam\_role\_force\_detach\_policies) | Specifies to force detaching any policies the role has before destroying it | `bool` | `true` | no | diff --git a/examples/mysql_iam_cluster/README.md b/examples/mysql_iam_cluster/README.md index 8c13127..8eece2f 100644 --- a/examples/mysql_iam_cluster/README.md +++ b/examples/mysql_iam_cluster/README.md @@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.38 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.38 | -| [random](#provider\_random) | n/a | +| [random](#provider\_random) | >= 2.0 | ## Modules @@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/mysql_iam_cluster/main.tf b/examples/mysql_iam_cluster/main.tf index 64a812d..a3e86c2 100644 --- a/examples/mysql_iam_cluster/main.tf +++ b/examples/mysql_iam_cluster/main.tf @@ -3,14 +3,10 @@ provider "aws" { } locals { - region = "us-east-1" - name = "example-${replace(basename(path.cwd), "_", "-")}" - - db_name = "example" - db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account - db_password = random_password.password.result - db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6) - db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}" + region = "us-east-1" + name = "example-${replace(basename(path.cwd), "_", "-")}" + db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account + db_password = random_password.password.result tags = { Example = local.name @@ -18,10 +14,6 @@ locals { } } -data "aws_region" "current" {} - -data "aws_caller_identity" "current" {} - ################################################################################ # Supporting Resources ################################################################################ @@ -72,7 +64,7 @@ module "rds" { version = "~> 6.0" name = local.name - database_name = local.db_name + database_name = "example" master_username = local.db_username master_password = local.db_password @@ -213,8 +205,6 @@ module "rds_proxy" { } engine_family = "MYSQL" - db_host = module.rds.cluster_endpoint - db_name = module.rds.cluster_database_name debug_logging = true # Target Aurora cluster diff --git a/examples/mysql_iam_cluster/variables.tf b/examples/mysql_iam_cluster/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/mysql_iam_cluster/versions.tf b/examples/mysql_iam_cluster/versions.tf index 7f7a34a..31a0e14 100644 --- a/examples/mysql_iam_cluster/versions.tf +++ b/examples/mysql_iam_cluster/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 3.38" } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/mysql_iam_instance/README.md b/examples/mysql_iam_instance/README.md index 363ba2d..25de7f2 100644 --- a/examples/mysql_iam_instance/README.md +++ b/examples/mysql_iam_instance/README.md @@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.38 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.38 | -| [random](#provider\_random) | n/a | +| [random](#provider\_random) | >= 2.0 | ## Modules @@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/mysql_iam_instance/main.tf b/examples/mysql_iam_instance/main.tf index 64b52f2..461a65e 100644 --- a/examples/mysql_iam_instance/main.tf +++ b/examples/mysql_iam_instance/main.tf @@ -3,14 +3,10 @@ provider "aws" { } locals { - region = "us-east-1" - name = "example-${replace(basename(path.cwd), "_", "-")}" - - db_name = "example" - db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account - db_password = random_password.password.result - db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6) - db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}" + region = "us-east-1" + name = "example-${replace(basename(path.cwd), "_", "-")}" + db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account + db_password = random_password.password.result tags = { Example = local.name @@ -18,10 +14,6 @@ locals { } } -data "aws_region" "current" {} - -data "aws_caller_identity" "current" {} - ################################################################################ # Supporting Resources ################################################################################ @@ -92,7 +84,7 @@ module "rds" { source = "terraform-aws-modules/rds/aws" version = "~> 3.0" - name = local.db_name + name = "example" username = local.db_username password = local.db_password @@ -218,8 +210,6 @@ module "rds_proxy" { } engine_family = "MYSQL" - db_host = module.rds.db_instance_address - db_name = module.rds.db_instance_name debug_logging = true # Target RDS instance diff --git a/examples/mysql_iam_instance/variables.tf b/examples/mysql_iam_instance/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/mysql_iam_instance/versions.tf b/examples/mysql_iam_instance/versions.tf index 7f7a34a..31a0e14 100644 --- a/examples/mysql_iam_instance/versions.tf +++ b/examples/mysql_iam_instance/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 3.38" } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/postgresql_iam_cluster/README.md b/examples/postgresql_iam_cluster/README.md index 764caf0..4d59d79 100644 --- a/examples/postgresql_iam_cluster/README.md +++ b/examples/postgresql_iam_cluster/README.md @@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.38 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.38 | -| [random](#provider\_random) | n/a | +| [random](#provider\_random) | >= 2.0 | ## Modules @@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/postgresql_iam_cluster/main.tf b/examples/postgresql_iam_cluster/main.tf index e2b3bf9..8f7a5f1 100644 --- a/examples/postgresql_iam_cluster/main.tf +++ b/examples/postgresql_iam_cluster/main.tf @@ -3,14 +3,10 @@ provider "aws" { } locals { - region = "us-east-1" - name = "example-${replace(basename(path.cwd), "_", "-")}" - - db_name = "example" - db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account - db_password = random_password.password.result - db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6) - db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}" + region = "us-east-1" + name = "example-${replace(basename(path.cwd), "_", "-")}" + db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account + db_password = random_password.password.result tags = { Example = local.name @@ -18,10 +14,6 @@ locals { } } -data "aws_region" "current" {} - -data "aws_caller_identity" "current" {} - ################################################################################ # Supporting Resources ################################################################################ @@ -72,7 +64,7 @@ module "rds" { version = "~> 6.0" name = local.name - database_name = local.db_name + database_name = "example" master_username = local.db_username master_password = local.db_password @@ -213,8 +205,6 @@ module "rds_proxy" { } engine_family = "POSTGRESQL" - db_host = module.rds.cluster_endpoint - db_name = module.rds.cluster_database_name debug_logging = true # Target Aurora cluster diff --git a/examples/postgresql_iam_cluster/variables.tf b/examples/postgresql_iam_cluster/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/postgresql_iam_cluster/versions.tf b/examples/postgresql_iam_cluster/versions.tf index 7f7a34a..31a0e14 100644 --- a/examples/postgresql_iam_cluster/versions.tf +++ b/examples/postgresql_iam_cluster/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 3.38" } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/examples/postgresql_iam_instance/README.md b/examples/postgresql_iam_instance/README.md index 40cad3c..ba0b04f 100644 --- a/examples/postgresql_iam_instance/README.md +++ b/examples/postgresql_iam_instance/README.md @@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.38 | +| [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.38 | -| [random](#provider\_random) | n/a | +| [random](#provider\_random) | >= 2.0 | ## Modules @@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/postgresql_iam_instance/main.tf b/examples/postgresql_iam_instance/main.tf index 826040a..07b56d2 100644 --- a/examples/postgresql_iam_instance/main.tf +++ b/examples/postgresql_iam_instance/main.tf @@ -3,14 +3,10 @@ provider "aws" { } locals { - region = "us-east-1" - name = "example-${replace(basename(path.cwd), "_", "-")}" - - db_name = "example" - db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account - db_password = random_password.password.result - db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6) - db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}" + region = "us-east-1" + name = "example-${replace(basename(path.cwd), "_", "-")}" + db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account + db_password = random_password.password.result tags = { Example = local.name @@ -18,10 +14,6 @@ locals { } } -data "aws_region" "current" {} - -data "aws_caller_identity" "current" {} - ################################################################################ # Supporting Resources ################################################################################ @@ -92,7 +84,7 @@ module "rds" { source = "terraform-aws-modules/rds/aws" version = "~> 3.0" - name = local.db_name + name = "example" username = local.db_username password = local.db_password @@ -218,8 +210,6 @@ module "rds_proxy" { } engine_family = "POSTGRESQL" - db_host = module.rds.db_instance_address - db_name = module.rds.db_instance_name debug_logging = true # Target RDS instance diff --git a/examples/postgresql_iam_instance/variables.tf b/examples/postgresql_iam_instance/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/postgresql_iam_instance/versions.tf b/examples/postgresql_iam_instance/versions.tf index 7f7a34a..31a0e14 100644 --- a/examples/postgresql_iam_instance/versions.tf +++ b/examples/postgresql_iam_instance/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 3.38" } + random = { + source = "hashicorp/random" + version = ">= 2.0" + } } } diff --git a/main.tf b/main.tf index 42e51cc..656d23a 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,4 @@ locals { - db_identifier_key = var.db_instance_identifier != "" ? "dbInstanceIdentifier" : "dbClusterIdentifier" - db_identifier_value = var.db_instance_identifier != "" ? var.db_instance_identifier : var.db_cluster_identifier - role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn role_name = coalesce(var.iam_role_name, var.name) policy_name = coalesce(var.iam_policy_name, var.name) diff --git a/variables.tf b/variables.tf index 1547bfd..cb4254f 100644 --- a/variables.tf +++ b/variables.tf @@ -17,12 +17,6 @@ variable "name" { default = "" } -variable "auth" { - description = "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters" - type = map(string) - default = {} -} - variable "debug_logging" { description = "Whether the proxy includes detailed information about SQL statements in its logs" type = bool @@ -89,18 +83,6 @@ variable "secrets" { default = {} } -variable "db_host" { - description = "The identifier to use for the database endpoint" - type = string - default = "" -} - -variable "db_name" { - description = "The name of the database" - type = string - default = "" -} - # Proxy Default Target Group variable "connection_borrow_timeout" { description = "The number of seconds for a proxy to wait for a connection to become available in the connection pool" @@ -262,9 +244,3 @@ variable "use_policy_name_prefix" { type = bool default = false } - -variable "iam_creation_wait_duration" { - description = "Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay." - type = string - default = "30s" -}