Merge pull request #317 from sassoftware/staging

7.0.0 - May 25, 2023

Author: riragh

.github/workflows/linter-analysis.yaml

@@ -0,0 +1,59 @@
+name: Linter Analysis
+on:
+  push:
+    branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
+
+jobs:
+  # Hadolint: Job-1
+  Hadolint:
+    name: Hadolint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run Hadolint Action
+        uses: jbergstroem/[email protected]
+        with:
+          dockerfile: ./Dockerfile
+          config_file: linting-configs/.hadolint.yaml
+          error_level: 1 # Fail CI based on hadolint output (-1: never, 0: error, 1: warning, 2: info)
+
+  # ShellCheck: Job-2
+  ShellCheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run ShellCheck Action
+        uses: ludeeus/action-shellcheck@master
+        with:
+          severity: error
+
+  # TFLint: Job-3
+  TFLint:
+    name: TFLint
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v3
+
+    - name: Cache Plugin Directory
+      uses: actions/cache@v3
+      with:
+        path: ~/.tflint.d/plugins
+        key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Setup TFLint
+      uses: terraform-linters/[email protected]
+      with:
+        tflint_version: latest
+        github_token: ${{ secrets.LINTER_TEST_TOKEN }}
+
+    - name: Initializing TFLint
+      run: TFLINT_LOG=info tflint --init -c .tflint.hcl 
+
+    - name: Run TFLint Action
+      run: TFLINT_LOG=info tflint -c .tflint.hcl

.tflint.hcl

@@ -1,5 +1,5 @@
-ARG TERRAFORM_VERSION=1.0.0
-ARG AZURECLI_VERSION=2.45.0
+ARG TERRAFORM_VERSION=1.4.5
+ARG AZURECLI_VERSION=2.48.1
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
@@ -10,7 +10,8 @@ WORKDIR /viya4-iac-azure
 COPY --from=terraform /bin/terraform /bin/terraform
 COPY . .
 
-RUN apk --update --no-cache add git openssh \
+RUN apk update \
+  && apk --no-cache add git openssh \
   && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
   && chmod 755 ./kubectl /viya4-iac-azure/docker-entrypoint.sh \
   && mv ./kubectl /usr/local/bin/kubectl \

Dockerfile

@@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
 Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.
 
 #### Terraform Requirements:
-- [Terraform](https://www.terraform.io/downloads.html) - v1.0.0
+- [Terraform](https://www.terraform.io/downloads.html) - v1.4.5
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.25
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.45.0
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.48.1
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

README.md

@@ -17,7 +17,7 @@ commandTests:
   - name: "terraform version"
     command: "terraform"
     args: ["--version"]
-    expectedOutput: ["Terraform v1.0.0"]
+    expectedOutput: ["Terraform v1.4.5"]
   - name: "python version"
     command: "python3"
     args: ["--version"]
@@ -29,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.45.0\t2.45.0\t1.0.8"]
+    expectedOutput: ["2.48.1\t2.48.1\t1.0.8"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

container-structure-test.yaml

@@ -175,7 +175,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
 | aks_identity | Use UserAssignedIdentity or Service Principal as  [AKS identity](https://docs.microsoft.com/en-us/azure/aks/concepts-identity) | string | "uai" | A value of `uai` wil create a Managed Identity based on the permissions of the authenticated user or use [`AKS_UAI_NAME`](#use-existing), if set. A value of `sp` will use values from [`CLIENT_ID`/`CLIENT_SECRET`](#azure-authentication), if set. |
 | ssh_public_key | File name of public ssh key for jump and nfs VM | string | "~/.ssh/id_rsa.pub" | Required with `create_jump_vm=true` or `storage_type=standard` |
 | cluster_api_mode | Public or private IP for the cluster api | string | "public" | Valid Values: "public", "private" |
-| aks_cluster_sku_tier | Optimizes api server for cost vs availability | string | "Free" | Valid Values:  "Free", "Paid" | 
+| aks_cluster_sku_tier | Optimizes api server for cost vs availability | string | "Free" | Valid Values:  "Free", "Standard" | 
 
 ## Node Pools
 

docs/CONFIG-VARS.md

@@ -0,0 +1,28 @@
+
+# For more information on configuring TFlint; see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md
+
+# For more information on plugins see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md
+
+# For more information on TFlint Ruleset for Terraform; see https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.3.0/docs/rules/README.md
+
+# For more information on TFlint Ruleset for Azure, see https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/master/docs/README.md
+
+config {
+  # Enables module inspection.
+  module = true
+}
+
+plugin "azurerm" {
+    enabled = true
+    version = "0.23.0"
+    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+}
+
+plugin "terraform" {
+  enabled = true
+  preset = "recommended"
+}
+
+rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
+  enabled = false
+}

.hadolint.yaml renamed to linting-configs/.hadolint.yaml

@@ -43,23 +43,23 @@ locals {
   container_registry_sku = title(var.container_registry_sku)
 
   aks_rg = (var.resource_group_name == null
-    ? azurerm_resource_group.aks_rg.0
-    : data.azurerm_resource_group.aks_rg.0
+    ? azurerm_resource_group.aks_rg[0]
+    : data.azurerm_resource_group.aks_rg[0]
   )
 
   network_rg = (var.vnet_resource_group_name == null
     ? local.aks_rg
-    : data.azurerm_resource_group.network_rg.0
+    : data.azurerm_resource_group.network_rg[0]
   )
 
-  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg.0 : data.azurerm_network_security_group.nsg.0
+  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg[0] : data.azurerm_network_security_group.nsg[0]
   nsg_rg_name = var.nsg_name == null ? local.aks_rg.name : local.network_rg.name
 
   # Use BYO UAI if given, else create a UAI
   aks_uai_id = (var.aks_identity == "uai"
     ? (var.aks_uai_name == null
-      ? azurerm_user_assigned_identity.uai.0.id
-      : data.azurerm_user_assigned_identity.uai.0.id
+      ? azurerm_user_assigned_identity.uai[0].id
+      : data.azurerm_user_assigned_identity.uai[0].id
     )
     : null
   )