fix: tflint fixes (#909)

Author: daniel-cit

0-bootstrap/cb.tf

@@ -22,6 +22,7 @@ locals {
 
   cicd_project_id = module.tf_source.cloudbuild_project_id
 
+  bucket_self_link_prefix             = "https://www.googleapis.com/storage/v1/b/"
   default_state_bucket_self_link      = "${local.bucket_self_link_prefix}${module.seed_bootstrap.gcs_bucket_tfstate}"
   gcp_projects_state_bucket_self_link = module.gcp_projects_state_bucket.bucket.self_link
 

0-bootstrap/groups.tf

@@ -33,9 +33,9 @@ data "google_organization" "org" {
 }
 
 module "required_group" {
-  for_each = local.required_groups_to_create
   source   = "terraform-google-modules/group/google"
   version  = "~> 0.4"
+  for_each = local.required_groups_to_create
 
   id                   = each.value
   display_name         = each.key
@@ -45,9 +45,9 @@ module "required_group" {
 }
 
 module "optional_group" {
-  for_each = local.optional_groups_to_create
   source   = "terraform-google-modules/group/google"
   version  = "~> 0.4"
+  for_each = local.optional_groups_to_create
 
   id                   = each.value
   display_name         = each.key

0-bootstrap/jenkins.tf.example

@@ -21,7 +21,8 @@ locals {
 }
 
 module "jenkins_bootstrap" {
-  source                                   = "./modules/jenkins-agent"
+  source = "./modules/jenkins-agent"
+
   org_id                                   = var.org_id
   folder_id                                = google_folder.bootstrap.id
   billing_account                          = var.billing_account

0-bootstrap/main.tf

@@ -33,9 +33,8 @@ locals {
   org_admins_org_iam_permissions = var.org_policy_admin_role == true ? [
     "roles/orgpolicy.policyAdmin", "roles/resourcemanager.organizationAdmin", "roles/billing.user"
   ] : ["roles/resourcemanager.organizationAdmin", "roles/billing.user"]
-  bucket_self_link_prefix = "https://www.googleapis.com/storage/v1/b/"
-  group_org_admins        = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
-  group_billing_admins    = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
+  group_org_admins     = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
+  group_billing_admins = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
 }
 
 resource "google_folder" "bootstrap" {

0-bootstrap/modules/cb-private-pool/vpn_ha.tf

@@ -31,7 +31,6 @@ module "vpn_ha_cb_to_onprem" {
   version = "~> 2.3"
   count   = var.vpn_configuration.enable_vpn ? 1 : 0
 
-
   project_id = var.project_id
   region     = var.private_worker_pool.region
   network    = local.peered_network_id

0-bootstrap/modules/jenkins-agent/README.md

@@ -61,7 +61,6 @@ module "jenkins_bootstrap" {
 | jenkins\_agent\_gce\_name | Jenkins Agent GCE Instance name. | `string` | `"jenkins-agent-01"` | no |
 | jenkins\_agent\_gce\_private\_ip\_address | The private IP Address of the Jenkins Agent. This IP Address must be in the CIDR range of `jenkins_agent_gce_subnetwork_cidr_range` and be reachable through the VPN that exists between on-prem (Jenkins Controller) and GCP (CICD Project, where the Jenkins Agent is located). | `string` | n/a | yes |
 | jenkins\_agent\_gce\_ssh\_pub\_key | SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'` | `string` | n/a | yes |
-| jenkins\_agent\_gce\_ssh\_user | Jenkins Agent GCE Instance SSH username. | `string` | `"jenkins"` | no |
 | jenkins\_agent\_gce\_subnetwork\_cidr\_range | The subnetwork to which the Jenkins Agent will be connected to (in CIDR range 0.0.0.0/0) | `string` | n/a | yes |
 | jenkins\_agent\_sa\_email | Email for Jenkins Agent service account. | `string` | `"jenkins-agent-gce"` | no |
 | jenkins\_controller\_subnetwork\_cidr\_range | A list of CIDR IP ranges of the Jenkins Controller in the form ['0.0.0.0/0']. Usually only one IP in the form '0.0.0.0/32'. Needed to create a FW rule that allows communication with the Jenkins Agent GCE Instance. | `list(string)` | n/a | yes |

0-bootstrap/modules/jenkins-agent/main.tf

@@ -29,8 +29,9 @@ resource "random_id" "suffix" {
   CICD project
 *******************************************/
 module "cicd_project" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   name                        = local.cicd_project_name
   random_project_id           = true
   random_project_id_length    = 4

0-bootstrap/modules/jenkins-agent/variables.tf

@@ -64,12 +64,6 @@ variable "jenkins_agent_gce_private_ip_address" {
   type        = string
 }
 
-variable "jenkins_agent_gce_ssh_user" {
-  description = "Jenkins Agent GCE Instance SSH username."
-  type        = string
-  default     = "jenkins"
-}
-
 variable "jenkins_agent_gce_ssh_pub_key" {
   description = "SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'`"
   type        = string

0-bootstrap/modules/jenkins-agent/vpn_ha.tf

@@ -15,8 +15,9 @@
  */
 
 module "vpn_ha_agent_to_onprem" {
-  source     = "terraform-google-modules/vpn/google//modules/vpn_ha"
-  version    = "~> 2.0"
+  source  = "terraform-google-modules/vpn/google//modules/vpn_ha"
+  version = "~> 2.0"
+
   project_id = module.cicd_project.project_id
   region     = var.default_region
   network    = google_compute_network.jenkins_agents.name

1-org/envs/shared/org_policy.tf

@@ -20,7 +20,7 @@ locals {
   policy_for      = local.parent_folder != "" ? "folder" : "organization"
 
   essential_contacts_domains_to_allow = concat(
-    [for domain in var.essential_contacts_domains_to_allow : "${domain}" if can(regex("^@.*$", domain)) == true],
+    [for domain in var.essential_contacts_domains_to_allow : domain if can(regex("^@.*$", domain)) == true],
     [for domain in var.essential_contacts_domains_to_allow : "@${domain}" if can(regex("^@.*$", domain)) == false]
   )
 
@@ -46,9 +46,10 @@ locals {
 }
 
 module "organization_policies_type_boolean" {
-  for_each        = local.boolean_type_organization_policies
-  source          = "terraform-google-modules/org-policy/google"
-  version         = "~> 5.1"
+  source   = "terraform-google-modules/org-policy/google"
+  version  = "~> 5.1"
+  for_each = local.boolean_type_organization_policies
+
   organization_id = local.organization_id
   folder_id       = local.folder_id
   policy_for      = local.policy_for
@@ -62,8 +63,9 @@ module "organization_policies_type_boolean" {
 *******************************************/
 
 module "org_vm_external_ip_access" {
-  source          = "terraform-google-modules/org-policy/google"
-  version         = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id = local.organization_id
   folder_id       = local.folder_id
   policy_for      = local.policy_for
@@ -73,8 +75,9 @@ module "org_vm_external_ip_access" {
 }
 
 module "restrict_protocol_fowarding" {
-  source            = "terraform-google-modules/org-policy/google"
-  version           = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id   = local.organization_id
   folder_id         = local.folder_id
   policy_for        = local.policy_for
@@ -89,8 +92,9 @@ module "restrict_protocol_fowarding" {
 *******************************************/
 
 module "org_domain_restricted_sharing" {
-  source           = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
-  version          = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
+  version = "~> 5.1"
+
   organization_id  = local.organization_id
   folder_id        = local.folder_id
   policy_for       = local.policy_for
@@ -102,8 +106,9 @@ module "org_domain_restricted_sharing" {
 *******************************************/
 
 module "domain_restricted_contacts" {
-  source            = "terraform-google-modules/org-policy/google"
-  version           = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id   = local.organization_id
   folder_id         = local.folder_id
   policy_for        = local.policy_for