Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: (IAC-1196) Update path pattern to support additional branches #345

Merged
merged 12 commits into from
Jan 9, 2024
Merged
9 changes: 6 additions & 3 deletions .github/workflows/linter-analysis.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Linter Analysis
on:
push:
branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
branches: ['**'] # '*' will cause the workflow to run on all commits to all branches.

jobs:
# Hadolint: Job-1
Expand Down Expand Up @@ -52,8 +52,11 @@ jobs:
tflint_version: latest
github_token: ${{ secrets.LINTER_TOKEN }}

- name: Initializing viya4-iac-azure
run: terraform init

- name: Initializing TFLint
run: TFLINT_LOG=info tflint --init -c .tflint.hcl
run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl"

- name: Run TFLint Action
run: TFLINT_LOG=info tflint -c .tflint.hcl
run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive
11 changes: 11 additions & 0 deletions linting-configs/.tflint.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,14 @@ plugin "terraform" {
rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
enabled = false
}

# We specify the versions and providers in the top level versions.tf.
# This stops it from throwing a warning when scanning our modules
# in viya4-iac-azure/modules/
rule "terraform_required_version" {
enabled = false
}

rule "terraform_required_providers" {
enabled = false
}
2 changes: 1 addition & 1 deletion locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ locals {

# Useful flags
ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
? file(var.ssh_public_key)
? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null
: null
)

Expand Down
2 changes: 0 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ module "aks" {

aks_cluster_name = "${var.prefix}-aks"
aks_cluster_rg = local.aks_rg.name
aks_cluster_rg_id = local.aks_rg.id
thpang marked this conversation as resolved.
Show resolved Hide resolved
aks_cluster_dns_prefix = "${var.prefix}-aks"
aks_cluster_sku_tier = var.aks_cluster_sku_tier
aks_cluster_location = var.location
Expand Down Expand Up @@ -241,7 +240,6 @@ module "netapp" {
prefix = var.prefix
resource_group_name = local.aks_rg.name
location = var.location
vnet_name = module.vnet.name
thpang marked this conversation as resolved.
Show resolved Hide resolved
subnet_id = module.vnet.subnets["netapp"].id
network_features = var.netapp_network_features
service_level = var.netapp_service_level
Expand Down
4 changes: 2 additions & 2 deletions modules/aks_node_pool/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,8 @@ variable "min_nodes" {

variable "node_taints" {
description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
type = list(any)
default = []
type = list(any)
default = []
}

variable "node_labels" {
Expand Down
36 changes: 18 additions & 18 deletions modules/azure_aks/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@

# Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = var.aks_cluster_name
location = var.aks_cluster_location
resource_group_name = var.aks_cluster_rg
dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null

sku_tier = var.aks_cluster_sku_tier
role_based_access_control_enabled = true
http_application_routing_enabled = false
name = var.aks_cluster_name
location = var.aks_cluster_location
resource_group_name = var.aks_cluster_rg
dns_prefix = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null

sku_tier = var.aks_cluster_sku_tier
role_based_access_control_enabled = true
http_application_routing_enabled = false

# https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
# az aks get-versions --location eastus -o table
kubernetes_version = var.kubernetes_version
api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
private_cluster_enabled = var.aks_private_cluster
private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
kubernetes_version = var.kubernetes_version
api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
private_cluster_enabled = var.aks_private_cluster
private_dns_zone_id = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)

network_profile {
network_plugin = var.aks_network_plugin
Expand All @@ -45,7 +45,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
content {
admin_username = var.aks_cluster_node_admin
ssh_key {
key_data = var.aks_cluster_ssh_public_key
key_data = var.aks_cluster_ssh_public_key
}
}
}
Expand Down Expand Up @@ -80,7 +80,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
dynamic "identity" {
for_each = var.aks_uai_id == null ? [] : [1]
content {
type = "UserAssigned"
type = "UserAssigned"
identity_ids = [var.aks_uai_id]
}
}
Expand Down Expand Up @@ -108,8 +108,8 @@ resource "azurerm_kubernetes_cluster" "aks" {

}

data "azurerm_public_ip" "cluster_public_ip" {
count = var.cluster_egress_type == "loadBalancer" ? 1 : 0
data "azurerm_public_ip" "cluster_public_ip" {
count = var.cluster_egress_type == "loadBalancer" ? 1 : 0

# effective_outbound_ips is a set of strings, that needs to be converted to a list type
name = split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile[0].load_balancer_profile[0].effective_outbound_ips)[0])[8]
Expand Down
9 changes: 2 additions & 7 deletions modules/azure_aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,6 @@ variable "aks_cluster_rg" {
type = string
}

variable "aks_cluster_rg_id" {
description = "The `azurerm_kubernetes_cluster`'s id."
type = string
}

thpang marked this conversation as resolved.
Show resolved Hide resolved
variable "aks_cluster_dns_prefix" {
description = "DNS prefix specified when creating the managed cluster."
type = string
Expand Down Expand Up @@ -146,7 +141,7 @@ variable "aks_dns_service_ip" {
type = string
default = "10.0.0.10"
validation {
condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false
error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
}

Expand Down Expand Up @@ -225,6 +220,6 @@ variable "cluster_egress_type" {
}

variable "aks_cluster_private_dns_zone_id" {
type = string
type = string
default = ""
}
2 changes: 1 addition & 1 deletion modules/azurerm_netapp/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ output "netapp_pool_id" {
}

output "netapp_endpoint" {
value = azurerm_netapp_volume.anf.mount_ip_addresses.0
value = azurerm_netapp_volume.anf.mount_ip_addresses[0]
}

output "netapp_path" {
Expand Down
11 changes: 0 additions & 11 deletions modules/azurerm_netapp/variables.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

variable create_netapp {
description = "Boolean flag to create Azure NetApp Files"
type = bool
default = false
}

variable "prefix" {
thpang marked this conversation as resolved.
Show resolved Hide resolved
description = "A prefix used in the name for all the Azure resources created by this script."
type = string
Expand All @@ -22,11 +16,6 @@ variable "location" {
type = string
}

variable "vnet_name" {
description = "Azure Virtual Network"
type = string
}

thpang marked this conversation as resolved.
Show resolved Hide resolved
variable "subnet_id" {
description = "Azure subnet id for Azure NetApp Files"
type = string
Expand Down
12 changes: 6 additions & 6 deletions modules/azurerm_postgresql_flex/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
}

resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" {
for_each = {
for config in var.postgresql_configurations:
config.name => config
for_each = {
for config in var.postgresql_configurations :
config.name => config
}

name = each.value.name
server_id = azurerm_postgresql_flexible_server.flexpsql.id
value = each.value.value
name = each.value.name
server_id = azurerm_postgresql_flexible_server.flexpsql.id
value = each.value.value
}

resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" {
Expand Down
6 changes: 0 additions & 6 deletions modules/azurerm_postgresql_flex/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,3 @@ variable "delegated_subnet_id" {
description = "The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created."
type = string
}

variable "private_dns_zone_id" {
description = "The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created."
type = string
default = null
}
thpang marked this conversation as resolved.
Show resolved Hide resolved
22 changes: 11 additions & 11 deletions modules/azurerm_vnet/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
# Sourced and modified from https://github.com/Azure/terraform-azurerm-vnet
locals {
vnet_name = coalesce(var.name, "${var.prefix}-vnet")
subnets = ( length(var.existing_subnets) == 0
? [ for k, v in azurerm_subnet.subnet[*] :{ for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
: [ for k, v in data.azurerm_subnet.subnet[*] :{for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
subnets = (length(var.existing_subnets) == 0
? [for k, v in azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
: [for k, v in data.azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
)
}

Expand Down Expand Up @@ -35,14 +35,14 @@ data "azurerm_subnet" "subnet" {
}

resource "azurerm_subnet" "subnet" {
for_each = length(var.existing_subnets) == 0 ? var.subnets : {}
name = "${var.prefix}-${each.key}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = local.vnet_name
address_prefixes = each.value.prefixes
service_endpoints = each.value.service_endpoints
private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled
private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
for_each = length(var.existing_subnets) == 0 ? var.subnets : {}
name = "${var.prefix}-${each.key}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = local.vnet_name
address_prefixes = each.value.prefixes
service_endpoints = each.value.service_endpoints
private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled
private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
dynamic "delegation" {
for_each = each.value.service_delegations
content {
Expand Down
8 changes: 4 additions & 4 deletions modules/kubeconfig/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ locals {
cluster_name = var.cluster_name
endpoint = var.endpoint
name = local.service_account_name
ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data,"ca.crt", ""))
token = lookup(data.kubernetes_secret.sa_secret[0].data,"token", "")
ca_crt = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data, "ca.crt", ""))
token = lookup(data.kubernetes_secret.sa_secret[0].data, "token", "")
namespace = var.namespace
}) : null
}
Expand All @@ -33,7 +33,7 @@ data "kubernetes_secret" "sa_secret" {
name = kubernetes_secret.sa_secret[0].metadata[0].name
namespace = var.namespace
}

depends_on = [kubernetes_secret.sa_secret]
}

Expand Down Expand Up @@ -66,7 +66,7 @@ resource "kubernetes_service_account" "kubernetes_sa" {
resource "kubernetes_cluster_role_binding" "kubernetes_crb" {
count = var.create_static_kubeconfig ? 1 : 0
metadata {
name = local.cluster_role_binding_name
name = local.cluster_role_binding_name
}
role_ref {
api_group = "rbac.authorization.k8s.io"
Expand Down
2 changes: 1 addition & 1 deletion modules/kubeconfig/output.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@
# SPDX-License-Identifier: Apache-2.0

output "kube_config" {
value = local_file.kubeconfig.content
value = local_file.kubeconfig.content
sensitive = true
}
4 changes: 2 additions & 2 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -756,8 +756,8 @@ variable "aks_identity" {

variable "aks_cluster_private_dns_zone_id" {
description = "Specify private DNS zone resource ID for AKS private cluster to use."
type = string
default = ""
type = string
default = ""
}

## Message Broker - Azure Service Bus - Experimental
Expand Down