feat: (IAC-872) Using GitHub Actions add hadolint, shellcheck and tflint checks (#312)

riragh · web-flow · commit 90427f90b48a · 2023-05-17T10:55:16.000-05:00
diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml
@@ -0,0 +1,59 @@
+name: Linter Analysis
+on:
+  push:
+    branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
+
+jobs:
+  # Hadolint: Job-1
+  Hadolint:
+    name: Hadolint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run Hadolint Action
+        uses: jbergstroem/hadolint-gh-action@v1.11.0
+        with:
+          dockerfile: ./Dockerfile
+          config_file: linting-configs/.hadolint.yaml
+          error_level: 1 # Fail CI based on hadolint output (-1: never, 0: error, 1: warning, 2: info)
+
+  # ShellCheck: Job-2
+  ShellCheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run ShellCheck Action
+        uses: ludeeus/action-shellcheck@master
+        with:
+          severity: error
+
+  # TFLint: Job-3
+  TFLint:
+    name: TFLint
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v3
+
+    - name: Cache Plugin Directory
+      uses: actions/cache@v3
+      with:
+        path: ~/.tflint.d/plugins
+        key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Setup TFLint
+      uses: terraform-linters/setup-tflint@v3.0.0
+      with:
+        tflint_version: latest
+        github_token: ${{ secrets.LINTER_TEST_TOKEN }}
+
+    - name: Initializing TFLint
+      run: TFLINT_LOG=info tflint --init -c .tflint.hcl 
+
+    - name: Run TFLint Action
+      run: TFLINT_LOG=info tflint -c .tflint.hcl
diff --git a/.tflint.hcl b/.tflint.hcl
diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml
diff --git a/linting-configs/.shellcheckrc b/linting-configs/.shellcheckrc
diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl
@@ -0,0 +1,28 @@
+
+# For more information on configuring TFlint; see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md
+
+# For more information on plugins see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md
+
+# For more information on TFlint Ruleset for Terraform; see https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.3.0/docs/rules/README.md
+
+# For more information on TFlint Ruleset for Azure, see https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/master/docs/README.md
+
+config {
+  # Enables module inspection.
+  module = true
+}
+
+plugin "azurerm" {
+    enabled = true
+    version = "0.23.0"
+    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+}
+
+plugin "terraform" {
+  enabled = true
+  preset = "recommended"
+}
+
+rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
+  enabled = false
+}
diff --git a/locals.tf b/locals.tf
@@ -43,23 +43,23 @@ locals {
   container_registry_sku = title(var.container_registry_sku)
 
   aks_rg = (var.resource_group_name == null
-    ? azurerm_resource_group.aks_rg.0
-    : data.azurerm_resource_group.aks_rg.0
+    ? azurerm_resource_group.aks_rg[0]
+    : data.azurerm_resource_group.aks_rg[0]
   )
 
   network_rg = (var.vnet_resource_group_name == null
     ? local.aks_rg
-    : data.azurerm_resource_group.network_rg.0
+    : data.azurerm_resource_group.network_rg[0]
   )
 
-  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg.0 : data.azurerm_network_security_group.nsg.0
+  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg[0] : data.azurerm_network_security_group.nsg[0]
   nsg_rg_name = var.nsg_name == null ? local.aks_rg.name : local.network_rg.name
 
   # Use BYO UAI if given, else create a UAI
   aks_uai_id = (var.aks_identity == "uai"
     ? (var.aks_uai_name == null
-      ? azurerm_user_assigned_identity.uai.0.id
-      : data.azurerm_user_assigned_identity.uai.0.id
+      ? azurerm_user_assigned_identity.uai[0].id
+      : data.azurerm_user_assigned_identity.uai[0].id
     )
     : null
   )
diff --git a/main.tf b/main.tf
@@ -202,7 +202,7 @@ module "node_pools" {
   node_taints                  = each.value.node_taints
   node_labels                  = each.value.node_labels
   zones                        = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]
-  proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity.*.id, [""]), 0)
+  proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)
   orchestrator_version         = var.kubernetes_version
   tags                         = var.tags
 }
diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf
@@ -99,7 +99,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   }
 
   lifecycle {
-    ignore_changes = [default_node_pool.0.node_count]
+    ignore_changes = [default_node_pool[0].node_count]
   }
 
   tags = var.aks_cluster_tags
diff --git a/modules/azure_aks/outputs.tf b/modules/azure_aks/outputs.tf
@@ -2,39 +2,39 @@
 # SPDX-License-Identifier: Apache-2.0
 
 output "client_key" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.client_key
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].client_key
 }
 
 output "client_certificate" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].client_certificate
 }
 
 output "cluster_ca_certificate" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].cluster_ca_certificate
 }
 
 output "cluster_username" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.username
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].username
 }
 
 output "cluster_password" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.password
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].password
 }
 
 output "kube_config" {
   value = azurerm_kubernetes_cluster.aks.kube_config_raw
 }
 
 output "host" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.host
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].host
 }
 
 output "cluster_id" {
   value = azurerm_kubernetes_cluster.aks.id
 }
 
 output "cluster_public_ip" {
-  value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip.0.ip_address : null
+  value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip[0].ip_address : null
 }
 
 output "name" {
diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf
@@ -18,7 +18,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "flexpsql" {
   count = var.connectivity_method == "private" ? 1 : 0
 
   name                  = var.server_name
-  private_dns_zone_name = azurerm_private_dns_zone.flexpsql.0.name
+  private_dns_zone_name = azurerm_private_dns_zone.flexpsql[0].name
   virtual_network_id    = var.virtual_network_id
   resource_group_name   = var.resource_group_name
 }
@@ -36,7 +36,7 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
   version                      = var.server_version
   tags                         = var.tags
   delegated_subnet_id          = var.delegated_subnet_id
-  private_dns_zone_id          = try(azurerm_private_dns_zone.flexpsql.0.id, null)
+  private_dns_zone_id          = try(azurerm_private_dns_zone.flexpsql[0].id, null)
 
   depends_on = [azurerm_private_dns_zone_virtual_network_link.flexpsql]
 
diff --git a/modules/azurerm_postgresql_flex/outputs.tf b/modules/azurerm_postgresql_flex/outputs.tf
@@ -27,5 +27,5 @@ output "server_id" {
 
 output "firewall_rule_ids" {
   description = "The list of all firewall rule resource ids"
-  value       = [azurerm_postgresql_flexible_server_firewall_rule.flexpsql.*.id]
+  value       = [azurerm_postgresql_flexible_server_firewall_rule.flexpsql[*].id]
 }
diff --git a/modules/azurerm_vm/main.tf b/modules/azurerm_vm/main.tf
@@ -23,7 +23,7 @@ resource "azurerm_network_interface" "vm_nic" {
     name                          = "${var.name}-ip_config"
     subnet_id                     = var.vnet_subnet_id
     private_ip_address_allocation = "Dynamic"
-    public_ip_address_id          = var.create_public_ip ? azurerm_public_ip.vm_ip.0.id : null
+    public_ip_address_id          = var.create_public_ip ? azurerm_public_ip.vm_ip[0].id : null
   }
   tags = var.tags
 }
diff --git a/modules/azurerm_vnet/outputs.tf b/modules/azurerm_vnet/outputs.tf
@@ -3,7 +3,7 @@
 
 output "id" {
   description = "The id of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.id : data.azurerm_virtual_network.vnet.0.id
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].id : data.azurerm_virtual_network.vnet[0].id
 }
 
 output "name" {
@@ -13,12 +13,12 @@ output "name" {
 
 output "location" {
   description = "The location of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.location : data.azurerm_virtual_network.vnet.0.location
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].location : data.azurerm_virtual_network.vnet[0].location
 }
 
 output "address_space" {
   description = "The address space of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.address_space : data.azurerm_virtual_network.vnet.0.address_space
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].address_space : data.azurerm_virtual_network.vnet[0].address_space
 }
 
 output "subnets" {
diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf
@@ -21,16 +21,16 @@ locals {
     cluster_name = var.cluster_name
     endpoint     = var.endpoint
     name         = local.service_account_name
-    ca_crt       = base64encode(lookup(data.kubernetes_secret.sa_secret.0.data,"ca.crt", ""))
-    token        = lookup(data.kubernetes_secret.sa_secret.0.data,"token", "")
+    ca_crt       = base64encode(lookup(data.kubernetes_secret.sa_secret[0].data,"ca.crt", ""))
+    token        = lookup(data.kubernetes_secret.sa_secret[0].data,"token", "")
     namespace    = var.namespace
   }) : null
 }
 
 data "kubernetes_secret" "sa_secret" {
   count = var.create_static_kubeconfig ? 1 : 0
   metadata {
-    name      = kubernetes_secret.sa_secret.0.metadata.0.name
+    name      = kubernetes_secret.sa_secret[0].metadata[0].name
     namespace = var.namespace
   }
   
diff --git a/monitor.tf b/monitor.tf
@@ -26,8 +26,8 @@ resource "azurerm_log_analytics_solution" "viya4" {
   solution_name       = var.log_analytics_solution_name
   location            = var.location
   resource_group_name = local.aks_rg.name
-  # workspace_resource_id = element(coalescelist(azurerm_log_analytics_workspace.viya4.*.id, [""]), 0)
-  # workspace_name        = element(coalescelist(azurerm_log_analytics_workspace.viya4.*.name, [""]), 0)
+  # workspace_resource_id = element(coalescelist(azurerm_log_analytics_workspace.viya4[*].id, [""]), 0)
+  # workspace_name        = element(coalescelist(azurerm_log_analytics_workspace.viya4[*].name, [""]), 0)
   workspace_resource_id = azurerm_log_analytics_workspace.viya4[0].id
   workspace_name        = azurerm_log_analytics_workspace.viya4[0].name
 
diff --git a/outputs.tf b/outputs.tf
@@ -8,7 +8,7 @@ output "aks_host" {
 }
 
 output "nat_ip" {
-  value = var.egress_public_ip_name == null ? module.aks.cluster_public_ip : data.azurerm_public_ip.nat-ip.0.ip_address
+  value = var.egress_public_ip_name == null ? module.aks.cluster_public_ip : data.azurerm_public_ip.nat-ip[0].ip_address
 }
 
 output "kube_config" {
@@ -35,15 +35,15 @@ output "postgres_servers" {
 
 # jump server
 output "jump_private_ip" {
-  value = var.create_jump_vm ? module.jump.0.private_ip_address : null
+  value = var.create_jump_vm ? module.jump[0].private_ip_address : null
 }
 
 output "jump_public_ip" {
-  value = var.create_jump_vm && var.create_jump_public_ip ? module.jump.0.public_ip_address : null
+  value = var.create_jump_vm && var.create_jump_public_ip ? module.jump[0].public_ip_address : null
 }
 
 output "jump_admin_username" {
-  value = var.create_jump_vm ? module.jump.0.admin_username : null
+  value = var.create_jump_vm ? module.jump[0].admin_username : null
 }
 
 output "jump_rwx_filestore_path" {
@@ -52,36 +52,36 @@ output "jump_rwx_filestore_path" {
 
 # nfs server
 output "nfs_private_ip" {
-  value = var.storage_type == "standard" ? module.nfs.0.private_ip_address : null
+  value = var.storage_type == "standard" ? module.nfs[0].private_ip_address : null
 }
 
 output "nfs_public_ip" {
-  value = var.storage_type == "standard" && var.create_nfs_public_ip ? module.nfs.0.public_ip_address : null
+  value = var.storage_type == "standard" && var.create_nfs_public_ip ? module.nfs[0].public_ip_address : null
 }
 
 output "nfs_admin_username" {
-  value = var.storage_type == "standard" ? module.nfs.0.admin_username : null
+  value = var.storage_type == "standard" ? module.nfs[0].admin_username : null
 }
 
 # acr
 output "cr_name" {
-  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr.*.name, [" "]), 0) : null
+  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr[*].name, [" "]), 0) : null
 }
 
 output "cr_id" {
-  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr.*.id, [" "]), 0) : null
+  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr[*].id, [" "]), 0) : null
 }
 
 output "cr_endpoint" {
-  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr.*.login_server, [" "]), 0) : null
+  value = var.create_container_registry ? element(coalescelist(azurerm_container_registry.acr[*].login_server, [" "]), 0) : null
 }
 
 output "cr_admin_user" {
-  value = (var.create_container_registry && var.container_registry_admin_enabled) ? element(coalescelist(azurerm_container_registry.acr.*.admin_username, [" "]), 0) : null
+  value = (var.create_container_registry && var.container_registry_admin_enabled) ? element(coalescelist(azurerm_container_registry.acr[*].admin_username, [" "]), 0) : null
 }
 
 output "cr_admin_password" {
-  value     = (var.create_container_registry && var.container_registry_admin_enabled) ? element(coalescelist(azurerm_container_registry.acr.*.admin_password, [" "]), 0) : null
+  value     = (var.create_container_registry && var.container_registry_admin_enabled) ? element(coalescelist(azurerm_container_registry.acr[*].admin_password, [" "]), 0) : null
   sensitive = true
 }
 
@@ -108,14 +108,14 @@ output "provider" {
 output "rwx_filestore_endpoint" {
   value = (var.storage_type == "none"
     ? null
-    : var.storage_type == "ha" ? module.netapp.0.netapp_endpoint : module.nfs.0.private_ip_address
+    : var.storage_type == "ha" ? module.netapp[0].netapp_endpoint : module.nfs[0].private_ip_address
   )
 }
 
 output "rwx_filestore_path" {
   value = (var.storage_type == "none"
     ? null
-    : var.storage_type == "ha" ? module.netapp.0.netapp_path : "/export"
+    : var.storage_type == "ha" ? module.netapp[0].netapp_path : "/export"
   )
 }
 
diff --git a/variables.tf b/variables.tf
@@ -561,12 +561,6 @@ variable "create_aks_azure_monitor" {
   default     = false
 }
 
-variable "enable_log_analytics_workspace" {
-  type        = bool
-  description = "Enable Azure Log Analytics Solution"
-  default     = true
-}
-
 variable "log_analytics_workspace_sku" {
   description = "Specifies the Sku of the Log Analytics Workspace. Possible values are Free, PerNode, Premium, Standard, Standalone, Unlimited, and PerGB2018 (new Sku as of 2018-04-03)"
   type        = string
diff --git a/vms.tf b/vms.tf

Original file line number	Diff line number	Diff line change
`@@ -202,7 +202,7 @@ module "node_pools" {`
`202`	`202`	`node_taints = each.value.node_taints`
`203`	`203`	`node_labels = each.value.node_labels`
`204`	`204`	`zones = (var.node_pools_availability_zone == "" \|\| var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]`
`205`		`- proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity.*.id, [""]), 0)`
	`205`	`+ proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)`
`206`	`206`	`orchestrator_version = var.kubernetes_version`
`207`	`207`	`tags = var.tags`
`208`	`208`	`}`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ resource "azurerm_kubernetes_cluster" "aks" {`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`lifecycle {`
`102`		`- ignore_changes = [default_node_pool.0.node_count]`
	`102`	`+ ignore_changes = [default_node_pool[0].node_count]`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`tags = var.aks_cluster_tags`
Original file line number	Diff line number	Diff line change
`@@ -2,39 +2,39 @@`
`2`	`2`	`# SPDX-License-Identifier: Apache-2.0`
`3`	`3`
`4`	`4`	`output "client_key" {`
`5`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.client_key`
	`5`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].client_key`
`6`	`6`	`}`
`7`	`7`
`8`	`8`	`output "client_certificate" {`
`9`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate`
	`9`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].client_certificate`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`output "cluster_ca_certificate" {`
`13`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate`
	`13`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].cluster_ca_certificate`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`output "cluster_username" {`
`17`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.username`
	`17`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].username`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`output "cluster_password" {`
`21`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.password`
	`21`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].password`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`output "kube_config" {`
`25`	`25`	`value = azurerm_kubernetes_cluster.aks.kube_config_raw`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`output "host" {`
`29`		`- value = azurerm_kubernetes_cluster.aks.kube_config.0.host`
	`29`	`+ value = azurerm_kubernetes_cluster.aks.kube_config[0].host`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`output "cluster_id" {`
`33`	`33`	`value = azurerm_kubernetes_cluster.aks.id`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`output "cluster_public_ip" {`
`37`		`- value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip.0.ip_address : null`
	`37`	`+ value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip[0].ip_address : null`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`output "name" {`