Merge pull request #345 from sassoftware/IAC-1196

riragh · web-flow · commit c3e8b704c510 · 2024-01-09T12:35:08.000-06:00
chore: (IAC-1196) Update path pattern to support additional branches
diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml
@@ -1,7 +1,7 @@
 name: Linter Analysis
 on:
   push:
-    branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
+    branches: ['**'] # '*' will cause the workflow to run on all commits to all branches.
 
 jobs:
   # Hadolint: Job-1
@@ -52,8 +52,11 @@ jobs:
         tflint_version: latest
         github_token: ${{ secrets.LINTER_TOKEN }}
 
+    - name: Initializing viya4-iac-azure
+      run: terraform init
+
     - name: Initializing TFLint
-      run: TFLINT_LOG=info tflint --init -c .tflint.hcl 
+      run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" 
 
     - name: Run TFLint Action
-      run: TFLINT_LOG=info tflint -c .tflint.hcl
+      run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive
diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl
@@ -26,3 +26,14 @@ plugin "terraform" {
 rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
   enabled = false
 }
+
+# We specify the versions and providers in the top level versions.tf.
+# This stops it from throwing a warning when scanning our modules
+# in viya4-iac-azure/modules/
+rule "terraform_required_version" {
+  enabled = false
+}
+
+rule "terraform_required_providers" {
+  enabled = false
+}
diff --git a/locals.tf b/locals.tf
@@ -5,7 +5,7 @@ locals {
 
   # Useful flags
   ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
-    ? file(var.ssh_public_key)
+    ? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null
     : null
   )
 
diff --git a/main.tf b/main.tf
@@ -131,7 +131,6 @@ module "aks" {
 
   aks_cluster_name                         = "${var.prefix}-aks"
   aks_cluster_rg                           = local.aks_rg.name
-  aks_cluster_rg_id                        = local.aks_rg.id
   aks_cluster_dns_prefix                   = "${var.prefix}-aks"
   aks_cluster_sku_tier                     = var.aks_cluster_sku_tier
   aks_cluster_location                     = var.location
@@ -241,7 +240,6 @@ module "netapp" {
   prefix              = var.prefix
   resource_group_name = local.aks_rg.name
   location            = var.location
-  vnet_name           = module.vnet.name
   subnet_id           = module.vnet.subnets["netapp"].id
   network_features    = var.netapp_network_features
   service_level       = var.netapp_service_level
diff --git a/modules/aks_node_pool/variables.tf b/modules/aks_node_pool/variables.tf
@@ -85,8 +85,8 @@ variable "min_nodes" {
 
 variable "node_taints" {
   description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
-  type    = list(any)
-  default = []
+  type        = list(any)
+  default     = []
 }
 
 variable "node_labels" {
diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf
@@ -3,22 +3,22 @@
 
 # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
 resource "azurerm_kubernetes_cluster" "aks" {
-  name                               = var.aks_cluster_name
-  location                           = var.aks_cluster_location
-  resource_group_name                = var.aks_cluster_rg
-  dns_prefix                         = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
-  dns_prefix_private_cluster         = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null
-
-  sku_tier                           = var.aks_cluster_sku_tier
-  role_based_access_control_enabled  = true
-  http_application_routing_enabled   = false
-  
+  name                       = var.aks_cluster_name
+  location                   = var.aks_cluster_location
+  resource_group_name        = var.aks_cluster_rg
+  dns_prefix                 = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
+  dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null
+
+  sku_tier                          = var.aks_cluster_sku_tier
+  role_based_access_control_enabled = true
+  http_application_routing_enabled  = false
+
   # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
   # az aks get-versions --location eastus -o table
-  kubernetes_version                 = var.kubernetes_version
-  api_server_authorized_ip_ranges    = var.aks_cluster_endpoint_public_access_cidrs
-  private_cluster_enabled            = var.aks_private_cluster
-  private_dns_zone_id                = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
+  kubernetes_version              = var.kubernetes_version
+  api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
+  private_cluster_enabled         = var.aks_private_cluster
+  private_dns_zone_id             = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
 
   network_profile {
     network_plugin = var.aks_network_plugin
@@ -45,7 +45,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
     content {
       admin_username = var.aks_cluster_node_admin
       ssh_key {
-         key_data = var.aks_cluster_ssh_public_key
+        key_data = var.aks_cluster_ssh_public_key
       }
     }
   }
@@ -80,7 +80,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   dynamic "identity" {
     for_each = var.aks_uai_id == null ? [] : [1]
     content {
-      type = "UserAssigned"
+      type         = "UserAssigned"
       identity_ids = [var.aks_uai_id]
     }
   }
@@ -108,8 +108,8 @@ resource "azurerm_kubernetes_cluster" "aks" {
 
 }
 
- data "azurerm_public_ip" "cluster_public_ip" {
-  count               = var.cluster_egress_type == "loadBalancer" ? 1 : 0
+data "azurerm_public_ip" "cluster_public_ip" {
+  count = var.cluster_egress_type == "loadBalancer" ? 1 : 0
 
   # effective_outbound_ips is a set of strings, that needs to be converted to a list type
   name                = split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile[0].load_balancer_profile[0].effective_outbound_ips)[0])[8]
diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf
@@ -11,11 +11,6 @@ variable "aks_cluster_rg" {
   type        = string
 }
 
-variable "aks_cluster_rg_id" {
-  description = "The `azurerm_kubernetes_cluster`'s id."
-  type        = string
-}
-
 variable "aks_cluster_dns_prefix" {
   description = "DNS prefix specified when creating the managed cluster."
   type        = string
@@ -146,7 +141,7 @@ variable "aks_dns_service_ip" {
   type        = string
   default     = "10.0.0.10"
   validation {
-    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
+    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false
     error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
   }
 
@@ -225,6 +220,6 @@ variable "cluster_egress_type" {
 }
 
 variable "aks_cluster_private_dns_zone_id" {
-  type = string
+  type    = string
   default = ""
 }
diff --git a/modules/azurerm_netapp/outputs.tf b/modules/azurerm_netapp/outputs.tf
@@ -10,7 +10,7 @@ output "netapp_pool_id" {
 }
 
 output "netapp_endpoint" {
-  value = azurerm_netapp_volume.anf.mount_ip_addresses.0
+  value = azurerm_netapp_volume.anf.mount_ip_addresses[0]
 }
 
 output "netapp_path" {
diff --git a/modules/azurerm_netapp/variables.tf b/modules/azurerm_netapp/variables.tf
@@ -1,12 +1,6 @@
 # Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-variable create_netapp {
-  description = "Boolean flag to create Azure NetApp Files"
-  type        = bool
-  default     = false
-}
-
 variable "prefix" {
   description = "A prefix used in the name for all the Azure resources created by this script."
   type        = string
@@ -22,11 +16,6 @@ variable "location" {
   type        = string
 }
 
-variable "vnet_name" {
-  description = "Azure Virtual Network"
-  type        = string
-}
-
 variable "subnet_id" {
   description = "Azure subnet id for Azure NetApp Files"
   type        = string
diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf
@@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
 }
 
 resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" {
-  for_each   = {
-    for config in var.postgresql_configurations:
-      config.name => config
+  for_each = {
+    for config in var.postgresql_configurations :
+    config.name => config
   }
 
-  name       = each.value.name
-  server_id  = azurerm_postgresql_flexible_server.flexpsql.id
-  value      = each.value.value
+  name      = each.value.name
+  server_id = azurerm_postgresql_flexible_server.flexpsql.id
+  value     = each.value.value
 }
 
 resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" {
diff --git a/modules/azurerm_postgresql_flex/variables.tf b/modules/azurerm_postgresql_flex/variables.tf
@@ -98,9 +98,3 @@ variable "delegated_subnet_id" {
   description = "The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created."
   type        = string
 }
-
-variable "private_dns_zone_id" {
-  description = "The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created."
-  type        = string
-  default     = null
-}
diff --git a/modules/azurerm_vnet/main.tf b/modules/azurerm_vnet/main.tf
@@ -4,9 +4,9 @@
 # Sourced and modified from https://github.com/Azure/terraform-azurerm-vnet
 locals {
   vnet_name = coalesce(var.name, "${var.prefix}-vnet")
-  subnets = ( length(var.existing_subnets) == 0
-              ? [ for k, v in azurerm_subnet.subnet[*] :{ for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
-              : [ for k, v in data.azurerm_subnet.subnet[*] :{for kk, vv in v: kk => {"id": vv.id, "address_prefixes": vv.address_prefixes }}][0]
+  subnets = (length(var.existing_subnets) == 0
+    ? [for k, v in azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
+    : [for k, v in data.azurerm_subnet.subnet[*] : { for kk, vv in v : kk => { "id" : vv.id, "address_prefixes" : vv.address_prefixes } }][0]
   )
 }
 
@@ -35,14 +35,14 @@ data "azurerm_subnet" "subnet" {
 }
 
 resource "azurerm_subnet" "subnet" {
-  for_each                                       = length(var.existing_subnets) == 0 ? var.subnets : {}
-  name                                           = "${var.prefix}-${each.key}-subnet"
-  resource_group_name                            = var.resource_group_name
-  virtual_network_name                           = local.vnet_name
-  address_prefixes                               = each.value.prefixes
-  service_endpoints                              = each.value.service_endpoints
-  private_endpoint_network_policies_enabled      = each.value.private_endpoint_network_policies_enabled
-  private_link_service_network_policies_enabled  = each.value.private_link_service_network_policies_enabled
+  for_each                                      = length(var.existing_subnets) == 0 ? var.subnets : {}
+  name                                          = "${var.prefix}-${each.key}-subnet"
+  resource_group_name                           = var.resource_group_name
+  virtual_network_name                          = local.vnet_name
+  address_prefixes                              = each.value.prefixes
+  service_endpoints                             = each.value.service_endpoints
+  private_endpoint_network_policies_enabled     = each.value.private_endpoint_network_policies_enabled
+  private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
   dynamic "delegation" {
     for_each = each.value.service_delegations
     content {
diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf
@@ -21,8 +21,8 @@ locals {
     cluster_name = var.cluster_name
     endpoint     = var.endpoint
     name         = local.service_account_name
-    ca_crt       = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data,"ca.crt", ""))
-    token        = lookup(data.kubernetes_secret.sa_secret[0].data,"token", "")
+    ca_crt       = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data, "ca.crt", ""))
+    token        = lookup(data.kubernetes_secret.sa_secret[0].data, "token", "")
     namespace    = var.namespace
   }) : null
 }
@@ -33,7 +33,7 @@ data "kubernetes_secret" "sa_secret" {
     name      = kubernetes_secret.sa_secret[0].metadata[0].name
     namespace = var.namespace
   }
-  
+
   depends_on = [kubernetes_secret.sa_secret]
 }
 
@@ -66,7 +66,7 @@ resource "kubernetes_service_account" "kubernetes_sa" {
 resource "kubernetes_cluster_role_binding" "kubernetes_crb" {
   count = var.create_static_kubeconfig ? 1 : 0
   metadata {
-    name      = local.cluster_role_binding_name
+    name = local.cluster_role_binding_name
   }
   role_ref {
     api_group = "rbac.authorization.k8s.io"
diff --git a/modules/kubeconfig/output.tf b/modules/kubeconfig/output.tf
@@ -2,6 +2,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 output "kube_config" {
-  value = local_file.kubeconfig.content
+  value     = local_file.kubeconfig.content
   sensitive = true
 }
diff --git a/variables.tf b/variables.tf
@@ -756,8 +756,8 @@ variable "aks_identity" {
 
 variable "aks_cluster_private_dns_zone_id" {
   description = "Specify private DNS zone resource ID for AKS private cluster to use."
-  type = string
-  default = ""
+  type        = string
+  default     = ""
 }
 
 ## Message Broker - Azure Service Bus - Experimental

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ locals {`
`5`	`5`
`6`	`6`	`# Useful flags`
`7`	`7`	`ssh_public_key = (var.create_jump_vm \|\| var.storage_type == "standard"`
`8`		`- ? file(var.ssh_public_key)`
	`8`	`+ ? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null`
`9`	`9`	`: null`
`10`	`10`	`)`
`11`	`11`
Original file line number	Diff line number	Diff line change
`@@ -85,8 +85,8 @@ variable "min_nodes" {`
`85`	`85`
`86`	`86`	`variable "node_taints" {`
`87`	`87`	`description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."`
`88`		`- type = list(any)`
`89`		`- default = []`
	`88`	`+ type = list(any)`
	`89`	`+ default = []`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`variable "node_labels" {`
Original file line number	Diff line number	Diff line change
`@@ -11,11 +11,6 @@ variable "aks_cluster_rg" {`
`11`	`11`	`type = string`
`12`	`12`	`}`
`13`	`13`
`14`		`-variable "aks_cluster_rg_id" {`
`15`		- description = "The `azurerm_kubernetes_cluster`'s id."
`16`		`- type = string`
`17`		`-}`
`18`		`-`
`19`	`14`	`variable "aks_cluster_dns_prefix" {`
`20`	`15`	`description = "DNS prefix specified when creating the managed cluster."`
`21`	`16`	`type = string`
`@@ -146,7 +141,7 @@ variable "aks_dns_service_ip" {`
`146`	`141`	`type = string`
`147`	`142`	`default = "10.0.0.10"`
`148`	`143`	`validation {`
`149`		`- condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false`
	`144`	`+ condition = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false`
`150`	`145`	`error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."`
`151`	`146`	`}`
`152`	`147`
`@@ -225,6 +220,6 @@ variable "cluster_egress_type" {`
`225`	`220`	`}`
`226`	`221`
`227`	`222`	`variable "aks_cluster_private_dns_zone_id" {`
`228`		`- type = string`
	`223`	`+ type = string`
`229`	`224`	`default = ""`
`230`	`225`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ output "netapp_pool_id" {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`output "netapp_endpoint" {`
`13`		`- value = azurerm_netapp_volume.anf.mount_ip_addresses.0`
	`13`	`+ value = azurerm_netapp_volume.anf.mount_ip_addresses[0]`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`output "netapp_path" {`
Original file line number	Diff line number	Diff line change
`@@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" {`
`52`		`- for_each = {`
`53`		`- for config in var.postgresql_configurations:`
`54`		`- config.name => config`
	`52`	`+ for_each = {`
	`53`	`+ for config in var.postgresql_configurations :`
	`54`	`+ config.name => config`
`55`	`55`	`}`
`56`	`56`
`57`		`- name = each.value.name`
`58`		`- server_id = azurerm_postgresql_flexible_server.flexpsql.id`
`59`		`- value = each.value.value`
	`57`	`+ name = each.value.name`
	`58`	`+ server_id = azurerm_postgresql_flexible_server.flexpsql.id`
	`59`	`+ value = each.value.value`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" {`