refactor: Refactoring to match the rest of terraform-aws-modules (#1583)

Author: antonbabenko

.pre-commit-config.yaml

@@ -1,8 +1,26 @@
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.50.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-    - id: terraform_validate
-    - id: terraform_tflint
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.50.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+#           - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: check-merge-conflict

README.md

@@ -18,7 +18,7 @@ locals {
   ]
 
   auth_worker_roles = [
-    for index in range(0, var.create_eks ? local.worker_group_count : 0) : {
+    for index in range(0, var.create_eks ? local.worker_group_launch_configuration_count : 0) : {
       worker_role_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/${element(
         coalescelist(
           aws_iam_instance_profile.workers.*.role,
@@ -61,8 +61,7 @@ locals {
 }
 
 resource "kubernetes_config_map" "aws_auth" {
-  count      = var.create_eks && var.manage_aws_auth ? 1 : 0
-  depends_on = [data.http.wait_for_cluster[0]]
+  count = var.create_eks && var.manage_aws_auth ? 1 : 0
 
   metadata {
     name      = "aws-auth"
@@ -88,4 +87,6 @@ resource "kubernetes_config_map" "aws_auth" {
     mapUsers    = yamlencode(var.map_users)
     mapAccounts = yamlencode(var.map_accounts)
   }
+
+  depends_on = [data.http.wait_for_cluster[0]]
 }

aws_auth.tf

@@ -18,7 +18,7 @@ data "aws_iam_policy_document" "workers_assume_role_policy" {
 }
 
 data "aws_ami" "eks_worker" {
-  count = local.worker_has_linux_ami ? 1 : 0
+  count = contains(local.worker_groups_platforms, "linux") ? 1 : 0
 
   filter {
     name   = "name"
@@ -31,7 +31,7 @@ data "aws_ami" "eks_worker" {
 }
 
 data "aws_ami" "eks_worker_windows" {
-  count = local.worker_has_windows_ami ? 1 : 0
+  count = contains(local.worker_groups_platforms, "windows") ? 1 : 0
 
   filter {
     name   = "name"
@@ -65,11 +65,13 @@ data "aws_iam_policy_document" "cluster_assume_role_policy" {
 
 data "aws_iam_role" "custom_cluster_iam_role" {
   count = var.manage_cluster_iam_resources ? 0 : 1
-  name  = var.cluster_iam_role_name
+
+  name = var.cluster_iam_role_name
 }
 
 data "aws_iam_instance_profile" "custom_worker_group_iam_instance_profile" {
-  count = var.manage_worker_iam_resources ? 0 : local.worker_group_count
+  count = var.manage_worker_iam_resources ? 0 : local.worker_group_launch_configuration_count
+
   name = lookup(
     var.worker_groups[count.index],
     "iam_instance_profile_name",
@@ -79,6 +81,7 @@ data "aws_iam_instance_profile" "custom_worker_group_iam_instance_profile" {
 
 data "aws_iam_instance_profile" "custom_worker_group_launch_template_iam_instance_profile" {
   count = var.manage_worker_iam_resources ? 0 : local.worker_group_launch_template_count
+
   name = lookup(
     var.worker_groups_launch_template[count.index],
     "iam_instance_profile_name",
@@ -87,9 +90,10 @@ data "aws_iam_instance_profile" "custom_worker_group_launch_template_iam_instanc
 }
 
 data "http" "wait_for_cluster" {
-  count          = var.create_eks && var.manage_aws_auth ? 1 : 0
+  count = var.create_eks && var.manage_aws_auth ? 1 : 0
+
   url            = format("%s/healthz", aws_eks_cluster.this[0].endpoint)
-  ca_certificate = base64decode(coalescelist(aws_eks_cluster.this[*].certificate_authority[0].data, [""])[0])
+  ca_certificate = base64decode(local.cluster_auth_base64)
   timeout        = var.wait_for_cluster_timeout
 
   depends_on = [

data.tf

@@ -0,0 +1,60 @@
+# Various bootstrap resources required for  other EKS examples
+
+Configuration in this directory creates some resources required in other EKS examples (such as VPC).
+
+The resources created here are free (no NAT gateways here) and they can reside in test AWS account.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.22.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 1.11 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.22.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | Name of EKS Cluster used in tags for subnets |
+| <a name="output_region"></a> [region](#output\_region) | AWS region |
+| <a name="output_vpc"></a> [vpc](#output\_vpc) | Complete output of VPC module |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/README.md

@@ -0,0 +1,50 @@
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  region   = "eu-west-1"
+  name     = "bootstrap-example"
+  vpc_cidr = "10.0.0.0/16"
+
+  cluster_name = "test-eks-${random_string.suffix.result}"
+}
+
+data "aws_availability_zones" "available" {}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 3.0"
+
+  name = local.name
+  cidr = "10.0.0.0/16"
+
+  azs             = data.aws_availability_zones.available.names
+  public_subnets  = [for k, v in data.aws_availability_zones.available.names : cidrsubnet(local.vpc_cidr, 8, k)]
+  private_subnets = [for k, v in data.aws_availability_zones.available.names : cidrsubnet(local.vpc_cidr, 8, k + 10)]
+
+  # NAT Gateway is disabled in the examples primarily to save costs and be able to recreate VPC faster.
+  enable_nat_gateway = false
+  single_nat_gateway = false
+
+  enable_dns_hostnames = true
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                      = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"             = "1"
+  }
+}

examples/_bootstrap/README.md

@@ -0,0 +1,14 @@
+output "region" {
+  description = "AWS region"
+  value       = local.region
+}
+
+output "cluster_name" {
+  description = "Name of EKS Cluster used in tags for subnets"
+  value       = local.cluster_name
+}
+
+output "vpc" {
+  description = "Complete output of VPC module"
+  value       = module.vpc
+}

examples/_bootstrap/main.tf

@@ -3,8 +3,7 @@ terraform {
 
   required_providers {
     aws        = ">= 3.22.0"
-    local      = ">= 1.4"
     random     = ">= 2.1"
-    kubernetes = "~> 1.11"
+    kubernetes = ">= 1.11"
   }
 }