Merge pull request #6 from Kong/pre-commit

pre-commit fixes

.github/workflows/pre-commit.yaml

@@ -0,0 +1,77 @@
+name: Pre-Commit
+
+on:
+  pull_request:
+    branches:
+    - '**'
+
+env:
+  TERRAFORM_DOCS_VERSION: v0.16.0
+
+jobs:
+  collectInputs:
+    name: Collect workflow inputs
+    runs-on: ubuntu-latest
+    outputs:
+      directories: ${{ steps.dirs.outputs.directories }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Get root directories
+        id: dirs
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+
+  preCommitMinVersions:
+    name: Min TF pre-commit
+    needs: collectInputs
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+        with:
+          directory: ${{ matrix.directory }}
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory !=  '.' }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory ==  '.' }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+
+  preCommitMaxVersion:
+    name: Max TF pre-commit
+    runs-on: ubuntu-latest
+    needs: collectInputs
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}

.pre-commit-config.yaml

@@ -0,0 +1,30 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.80.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          #- '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
+          - '--args=--minimum-failure-severity=error'
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: end-of-file-fixer

LICENSE

@@ -201,4 +201,4 @@ Copyright (c) 2022 Kong Inc.
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -1,22 +1,25 @@
-<!-- BEGIN_TF_DOCS -->
-# Kong Helm Chart
+
+# Kong Konnect - Gateway - EKS Blueprint AddOn
 
 <p align="center">
   <img src="https://konghq.com/wp-content/uploads/2018/08/kong-combination-mark-color-256px.png" /></div>
 </p>
 
-## Introduction 
+## Introduction
 
 Kong Konnect is an API lifecycle management platform designed from the ground up for the cloud native era and delivered as a service. This platform lets you build modern applications better, faster, and more securely. The management plane is hosted in the cloud by Kong, while the runtime engine, Kong Gateway — Kong’s lightweight, fast, and flexible API gateway — is managed by you within your preferred network environment.
 
-
-
 ## Helm Chart
+
 ### Instructions to use the Helm Chart
 
 See the [Kong Helm Chart](https://github.com/Kong/charts)
 
+## Examples
+
+See [blueprint-kong-samples](https://github.com/aws-samples/terraform-eks-blueprints-kong-samples).
 
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
@@ -40,18 +43,21 @@ See the [Kong Helm Chart](https://github.com/Kong/charts)
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_kong"></a> [kong](#module\_kong) | aws-ia/eks-blueprints-addon/aws | n/a |
+| <a name="module_add_ons"></a> [add\_ons](#module\_add\_ons) | aws-ia/eks-blueprints-addons/aws | 1.1.0 |
+| <a name="module_external_secret_irsa"></a> [external\_secret\_irsa](#module\_external\_secret\_irsa) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
+| <a name="module_kong_helm"></a> [kong\_helm](#module\_kong\_helm) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [kubectl_manifest.secret](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.secretstore](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubernetes_service_account_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
+| [kubernetes_namespace_v1.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [kubernetes_service_account_v1.external_secret_sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
 | [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.kong_secretstore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.kong_external_secret_secretstore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_alias.secret_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -65,7 +71,6 @@ See the [Kong Helm Chart](https://github.com/Kong/charts)
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`) | `string` | n/a | yes |
 | <a name="input_create_delay_dependencies"></a> [create\_delay\_dependencies](#input\_create\_delay\_dependencies) | Dependency attribute which must be resolved before starting the `create_delay_duration` | `list(string)` | `[]` | no |
 | <a name="input_create_delay_duration"></a> [create\_delay\_duration](#input\_create\_delay\_duration) | The duration to wait before creating resources | `string` | `"30s"` | no |
-| <a name="input_enable_kong_konnect"></a> [enable\_kong\_konnect](#input\_enable\_kong\_konnect) | Enable Kong add-on | `bool` | `false` | no |
 | <a name="input_kong_config"></a> [kong\_config](#input\_kong\_config) | Kong addon configuration values | `any` | `{}` | no |
 | <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the cluster OIDC Provider | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
@@ -75,4 +80,4 @@ See the [Kong Helm Chart](https://github.com/Kong/charts)
 | Name | Description |
 |------|-------------|
 | <a name="output_namespace"></a> [namespace](#output\_namespace) | Namespace in which kong is being created |
-<!-- END_TF_DOCS -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

data.tf

@@ -22,7 +22,7 @@ data "aws_iam_policy_document" "kong_external_secret_secretstore" {
   statement {
     sid = "1"
 
-    actions   = [
+    actions = [
       "secretsmanager:GetResourcePolicy",
       "secretsmanager:GetSecretValue",
       "secretsmanager:DescribeSecret",
@@ -42,4 +42,4 @@ data "aws_iam_policy_document" "kong_external_secret_secretstore" {
       "${data.aws_kms_alias.secret_manager.arn}"
     ]
   }
-}
+}

locals.tf

@@ -5,22 +5,22 @@ locals {
   cluster_name      = time_sleep.this.triggers["cluster_name"]
   oidc_provider_arn = time_sleep.this.triggers["oidc_provider_arn"]
 
-  name                  = try(var.kong_config.name, "kong")
-  namespace             = try(var.kong_config.namespace, "kong")
-  create_namespace      = try(var.kong_config.create_namespace, true)
-  chart                 = "kong"
-  chart_version         = try(var.kong_config.chart_version, null)
-  repository            = try(var.kong_config.repository, "https://charts.konghq.com")
-  values                = try(var.kong_config.values, [])
+  name             = try(var.kong_config.name, "kong")
+  namespace        = try(var.kong_config.namespace, "kong")
+  create_namespace = try(var.kong_config.create_namespace, true)
+  chart            = "kong"
+  chart_version    = try(var.kong_config.chart_version, null)
+  repository       = try(var.kong_config.repository, "https://charts.konghq.com")
+  values           = try(var.kong_config.values, [])
 
-  cluster_dns           = try(var.kong_config.cluster_dns, null)
-  telemetry_dns         = try(var.kong_config.telemetry_dns, null)
-  cert_secret_name      = try(var.kong_config.cert_secret_name, null)
-  key_secret_name       = try(var.kong_config.key_secret_name, null)
-  kong_external_secrets = try(var.kong_config.kong_external_secrets, "konnect-client-tls")
+  cluster_dns                                         = try(var.kong_config.cluster_dns, null)
+  telemetry_dns                                       = try(var.kong_config.telemetry_dns, null)
+  cert_secret_name                                    = try(var.kong_config.cert_secret_name, null)
+  key_secret_name                                     = try(var.kong_config.key_secret_name, null)
+  kong_external_secrets                               = try(var.kong_config.kong_external_secrets, "konnect-client-tls")
   tls_cert                                            = "tls.crt"
   tls_key                                             = "tls.key"
-  secret_volume_length  = try(length(yamldecode(var.kong_config.values[0])["secretVolumes"]), 0)
+  secret_volume_length                                = try(length(yamldecode(var.kong_config.values[0])["secretVolumes"]), 0)
   external_secret_service_account_name                = "external-secret-irsa"
   external_secrets_irsa_role_name                     = "external-secret-irsa"
   external_secrets_irsa_role_name_use_prefix          = true
@@ -105,4 +105,3 @@ locals {
     }
   ]
 }
-

main.tf

@@ -22,7 +22,7 @@ resource "kubernetes_namespace_v1" "kong" {
 ###########AddOns for Cluster. Note the module name has addon"s"###########
 
 module "add_ons" {
-  source = "aws-ia/eks-blueprints-addons/aws"
+  source  = "aws-ia/eks-blueprints-addons/aws"
   version = "1.1.0"
 
   cluster_name      = var.cluster_name
@@ -35,16 +35,16 @@ module "add_ons" {
   // Following to ensure that the IRSA with which the External Secret Pod is running does not have any access. 
   // Ideally, this should not use IRSA at all as its the property of `SecretStore` CRD
   external_secrets_secrets_manager_arns = []
-  external_secrets_ssm_parameter_arns = []
+  external_secrets_ssm_parameter_arns   = []
   //Changing the default port to avoid port conflict during fargate specially.
   // Setting Wait to true as found during fargate testing
-  external_secrets = { 
+  external_secrets = {
     wait = true
     set = [
-        {
-            name = "webhook.port"
-            value = "9443"
-        }
+      {
+        name  = "webhook.port"
+        value = "9443"
+      }
     ]
   }
 }
@@ -66,7 +66,6 @@ resource "kubernetes_service_account_v1" "external_secret_sa" {
 # Note, this source module does not has "s" in eks-blueprints-addon
 
 module "external_secret_irsa" {
-  # count   = var.enable_kong_konnect ? 1 : 0
   source  = "aws-ia/eks-blueprints-addon/aws"
   version = "1.1.0"
 
@@ -103,8 +102,7 @@ module "external_secret_irsa" {
 ###########Secret Store###########
 
 resource "kubectl_manifest" "secretstore" {
-  # count = var.enable_kong_konnect ? 1 : 0
-  yaml_body  = <<YAML
+  yaml_body = <<YAML
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
@@ -130,7 +128,6 @@ YAML
 ###########External Secret###########
 
 resource "kubectl_manifest" "secret" {
-  # count = var.enable_kong_konnect ? 1 : 0
   yaml_body  = <<YAML
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -162,8 +159,8 @@ YAML
 # Note, this source module does not has "s" in eks-blueprints-addon
 
 module "kong_helm" {
-  source           = "aws-ia/eks-blueprints-addon/aws"
-  version          = "1.1.0"
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.1.0"
 
   create           = true
   chart            = local.chart
@@ -173,8 +170,8 @@ module "kong_helm" {
   namespace        = local.namespace
   create_namespace = false
 
-  set              = local.set_values
-  values           = local.values
+  set    = local.set_values
+  values = local.values
 
   tags = var.tags
   depends_on = [
@@ -191,4 +188,4 @@ module "kong_helm" {
 
 # data "aws_secretsmanager_secret" "key_secret_name" {
 #   name = local.key_secret_name
-# }
+# }

output.tf

@@ -1,4 +1,4 @@
 output "namespace" {
-  value = module.kong_helm.namespace
+  value       = module.kong_helm.namespace
   description = "Namespace in which kong is being created"
-}
+}

version.tf

@@ -19,4 +19,4 @@ terraform {
       version = ">= 1.14"
     }
   }
-}
+}