From 59b6f1bd343caadef7e56ab4055ce10d9c0871cb Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Thu, 18 Apr 2024 11:06:24 +0300 Subject: [PATCH] Enable TFLint in FAST stages (#2221) --- .github/workflows/linting.yml | 16 ++++++++++++++++ fast/stages/2-networking-c-nva/README.md | 17 ++++++++--------- fast/stages/2-networking-c-nva/variables.tf | 8 -------- fast/stages/2-networking-e-nva-bgp/README.md | 19 +++++++++---------- fast/stages/2-networking-e-nva-bgp/ncc.tf | 14 +++++++------- .../2-networking-e-nva-bgp/variables.tf | 8 -------- 6 files changed, 40 insertions(+), 42 deletions(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index d0aec4e4a4..c9b92cf1c8 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -66,6 +66,22 @@ jobs: - name: TFLint Modules run: cd modules && tflint --recursive -f compact + - name: TFLint FAST + run: | + # TODO: try to generalize this + tflint --chdir fast/stages/0-bootstrap --var-file ../../../tests/fast/stages/s0_bootstrap/simple.tfvars + tflint --chdir fast/stages/1-resman --var-file ../../../tests/fast/stages/s1_resman/simple.tfvars + tflint --chdir fast/stages/2-networking-a-peering --var-file ../../../tests/fast/stages/s2_networking_a_peering/common.tfvars + tflint --chdir fast/stages/2-networking-b-vpn --var-file ../../../tests/fast/stages/s2_networking_b_vpn/common.tfvars + tflint --chdir fast/stages/2-networking-c-nva --var-file ../../../tests/fast/stages/s2_networking_c_nva/common.tfvars + tflint --chdir fast/stages/2-networking-d-separate-envs --var-file ../../../tests/fast/stages/s2_networking_d_separate_envs/common.tfvars + tflint --chdir fast/stages/2-security --var-file ../../../tests/fast/stages/s2_security/common.tfvars + tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars + tflint --chdir fast/stages/3-gcve/prod/ --var-file ../../../../tests/fast/stages/s3_gcve_minimal/simple.tfvars + tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars + tflint --chdir fast/stages/3-gke-multitenant/dev --var-file ../../../../tests/fast/stages/s3_gke_multitenant/common.tfvars + tflint --chdir fast/stages/3-project-factory/dev --var-file ../../../../tests/fast/stages/s3_project_factory/common.tfvars + - name: Check documentation id: documentation-fabric run: | diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md index ee19906448..5e466e4d16 100644 --- a/fast/stages/2-networking-c-nva/README.md +++ b/fast/stages/2-networking-c-nva/README.md @@ -459,8 +459,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | | [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | | [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman | -| [organization](variables.tf#L159) | Organization details. | object({…}) | ✓ | | 0-bootstrap | -| [prefix](variables.tf#L175) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [organization](variables.tf#L151) | Organization details. | object({…}) | ✓ | | 0-bootstrap | +| [prefix](variables.tf#L167) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | | [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | @@ -469,13 +469,12 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [factories_config](variables.tf#L95) | Configuration for network resource factories. | object({…}) | | {…} | | | [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap | | [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | map(string) | | {…} | | -| [onprem_cidr](variables.tf#L151) | Onprem addresses in name => range format. | map(string) | | {…} | | -| [outputs_location](variables.tf#L169) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L186) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | -| [regions](variables.tf#L206) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L218) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_primary_config](variables.tf#L232) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | -| [vpn_onprem_secondary_config](variables.tf#L275) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | +| [outputs_location](variables.tf#L161) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [psa_ranges](variables.tf#L178) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | +| [regions](variables.tf#L198) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L210) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_primary_config](variables.tf#L224) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_secondary_config](variables.tf#L267) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | ## Outputs diff --git a/fast/stages/2-networking-c-nva/variables.tf b/fast/stages/2-networking-c-nva/variables.tf index c600271cd5..72fcdb6d47 100644 --- a/fast/stages/2-networking-c-nva/variables.tf +++ b/fast/stages/2-networking-c-nva/variables.tf @@ -148,14 +148,6 @@ variable "gcp_ranges" { } } -variable "onprem_cidr" { - description = "Onprem addresses in name => range format." - type = map(string) - default = { - main = "10.0.0.0/24" - } -} - variable "organization" { # tfdoc:variable:source 0-bootstrap description = "Organization details." diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md index 4e2d7d2587..72f994c41d 100644 --- a/fast/stages/2-networking-e-nva-bgp/README.md +++ b/fast/stages/2-networking-e-nva-bgp/README.md @@ -485,8 +485,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | | [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | | [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman | -| [organization](variables.tf#L170) | Organization details. | object({…}) | ✓ | | 0-bootstrap | -| [prefix](variables.tf#L186) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [organization](variables.tf#L162) | Organization details. | object({…}) | ✓ | | 0-bootstrap | +| [prefix](variables.tf#L178) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | | [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | @@ -496,14 +496,13 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap | | [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | map(string) | | {…} | | | [ncc_asn](variables.tf#L151) | The NCC Cloud Routers ASN configuration. | map(number) | | {…} | | -| [onprem_cidr](variables.tf#L162) | Onprem addresses in name => range format. | map(string) | | {…} | | -| [outputs_location](variables.tf#L180) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [psa_ranges](variables.tf#L197) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | -| [regions](variables.tf#L217) | Region definitions. | object({…}) | | {…} | | -| [service_accounts](variables.tf#L229) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | -| [vpn_onprem_primary_config](variables.tf#L243) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | -| [vpn_onprem_secondary_config](variables.tf#L286) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | -| [zones](variables.tf#L329) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | | +| [outputs_location](variables.tf#L172) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [psa_ranges](variables.tf#L189) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | | +| [regions](variables.tf#L209) | Region definitions. | object({…}) | | {…} | | +| [service_accounts](variables.tf#L221) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman | +| [vpn_onprem_primary_config](variables.tf#L235) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | | +| [vpn_onprem_secondary_config](variables.tf#L278) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | | +| [zones](variables.tf#L321) | Zones in which NVAs are deployed. | list(string) | | ["b", "c"] | | ## Outputs diff --git a/fast/stages/2-networking-e-nva-bgp/ncc.tf b/fast/stages/2-networking-e-nva-bgp/ncc.tf index 0d1f1f5160..dfcceda0d4 100644 --- a/fast/stages/2-networking-e-nva-bgp/ncc.tf +++ b/fast/stages/2-networking-e-nva-bgp/ncc.tf @@ -1,5 +1,5 @@ /** - * Copyright 2023 Google LLC + * Copyright 2024 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -64,12 +64,12 @@ module "spokes-landing" { custom_advertise = { all_subnets = false ip_ranges = { - "${var.gcp_ranges.gcp_landing_primary}" = "GCP landing primary." - "${var.gcp_ranges.gcp_landing_secondary}" = "GCP landing secondary." - "${var.gcp_ranges.gcp_dev_primary}" = "GCP dev primary.", - "${var.gcp_ranges.gcp_dev_secondary}" = "GCP dev secondary.", - "${var.gcp_ranges.gcp_prod_primary}" = "GCP prod primary.", - "${var.gcp_ranges.gcp_prod_secondary}" = "GCP prod secondary.", + (var.gcp_ranges.gcp_landing_primary) = "GCP landing primary." + (var.gcp_ranges.gcp_landing_secondary) = "GCP landing secondary." + (var.gcp_ranges.gcp_dev_primary) = "GCP dev primary.", + (var.gcp_ranges.gcp_dev_secondary) = "GCP dev secondary.", + (var.gcp_ranges.gcp_prod_primary) = "GCP prod primary.", + (var.gcp_ranges.gcp_prod_secondary) = "GCP prod secondary.", } } } diff --git a/fast/stages/2-networking-e-nva-bgp/variables.tf b/fast/stages/2-networking-e-nva-bgp/variables.tf index 6377f6405a..415f02e4cc 100644 --- a/fast/stages/2-networking-e-nva-bgp/variables.tf +++ b/fast/stages/2-networking-e-nva-bgp/variables.tf @@ -159,14 +159,6 @@ variable "ncc_asn" { } } -variable "onprem_cidr" { - description = "Onprem addresses in name => range format." - type = map(string) - default = { - main = "10.0.0.0/24" - } -} - variable "organization" { # tfdoc:variable:source 0-bootstrap description = "Organization details."