minimum required Terraform version bumped to 0.13.0 (#4)

* Github workflow improvements & add gitignore * minimum required Terraform version bumped to 0.13.0 * Update exmaple * Change default chart version
lablabs · Mar 10, 2021 · a23146d · a23146d
1 parent cb29c7b
commit a23146d
Show file tree

Hide file tree

Showing 9 changed files with 155 additions and 75 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -7,47 +7,45 @@ on:
     branches: [ master ]
 
 env:
-  TERRAFORM_DOCS_VERSION: "v0.9.1"
-  TFLINT_VERSION: "v0.16.2"
+  TERRAFORM_DOCS_VERSION: "v0.11.2"
+  TFLINT_VERSION: "v0.25.0"
+  TFSEC_VERSION: "v0.39.6"
 
 jobs:
   terraform-validation:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/setup-python@v1
+      - uses: actions/setup-python@v2
         name: "SETUP: Python"
 
-      - uses: actions/setup-go@v2
-        name: "SETUP: Go"
-
-      - uses: pat-s/[email protected]
+      - uses: actions/[email protected]
         id: cache-terraform-docs
-        name: "CACHE: terraform-docs Go module"
+        name: "CACHE: terraform-docs"
         with:
           path: |
-            ~/go/pkg/mod
-            ~/go/bin/terraform-docs
+            ~/terraform-docs/bin/
           key: ${{ runner.os }}-terraform_docs-${{ env.TERRAFORM_DOCS_VERSION }}
           restore-keys: |
             ${{ runner.os}}-terraform_docs-
 
       - shell: bash
         name: "INSTALL: terraform-docs"
         if: steps.cache-terraform-docs.output.cache-hit != 'true'
-        env:
-          GO111MODULE: "on"
         run: |
-          go get github.com/segmentio/terraform-docs@${{ env.TERRAFORM_DOCS_VERSION }}
+          wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
+          tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
+          mkdir -p ~/terraform-docs/bin/
+          install terraform-docs ~/terraform-docs/bin/
 
       - shell: bash
-        name: "SETUP: Go path"
-        run: echo '::add-path::~/go/bin/'
+        name: "SETUP: terraform-docs path"
+        run: echo '~/terraform-docs/bin/' >> $GITHUB_PATH
 
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
         name: Checkout source code
 
-      - uses: pat-s/always-upload-cache@v2.0.0
+      - uses: actions/cache@v2
         id: cache-pre-commit-dependencies
         name: "CACHE: pip and pre-commit dependencies"
         with:
@@ -58,9 +56,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-pip-pre-commit-
 
-      - uses: pat-s/always-upload-cache@v2.0.0
+      - uses: actions/cache@v2
         id: cache-tflint
-        name: "CACHE: TFLint"
+        name: "CACHE: tflint"
         with:
           path: |
             ~/tflint/bin/
@@ -74,7 +72,7 @@ jobs:
           pip install detect-secrets
 
       - shell: bash
-        name: "INSTALL: TFLint"
+        name: "INSTALL: tflint"
         if: steps.cache-tflint.outputs.cache-hit != 'true'
         run: |
           wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip
@@ -83,9 +81,30 @@ jobs:
           install tflint ~/tflint/bin/
 
       - shell: bash
-        name: "SETUP: TFLint path"
+        name: "SETUP: tflint path"
+        run: echo '~/tflint/bin/' >> $GITHUB_PATH
+
+      - uses: actions/cache@v2
+        id: cache-tfsec
+        name: "CACHE: tfsec"
+        with:
+          path: |
+            ~/tfsec/bin/
+          key: ${{ runner.os }}-tfsec-${{ env.TFSEC_VERSION }}
+          restore-keys: |
+            ${{ runner.os }}-tfsec-
+
+      - shell: bash
+        name: "INSTALL: tfsec"
+        if: steps.cache-tfsec.outputs.cache-hit != 'true'
         run: |
-          echo '::add-path::~/tflint/bin/'
+          wget https://github.com/tfsec/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-linux-amd64
+          mkdir -p ~/tfsec/bin/
+          install tfsec-linux-amd64 ~/tfsec/bin/
+
+      - shell: bash
+        name: "SETUP: tfsec path"
+        run: echo '~/tfsec/bin/' >> $GITHUB_PATH
 
       - uses: pre-commit/[email protected]
         name: "RUN: pre-commit"

diff --git a/.gitignore b/.gitignore
@@ -1 +1,36 @@
-.terraform
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+.terraform.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,40 +1,37 @@
 repos:
-  - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.39.0
-    hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-      args:
-        - '--args=--no-providers --sort-by-required'
-
-  - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: 8e947e99c45314397a8caacebefab44d74227b6b
-    hooks:
-    - id: terraform-vars
-
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+    rev: v3.4.0
     hooks:
-      - id: check-merge-conflict
       - id: trailing-whitespace
-      - id: check-yaml
-      - id: check-added-large-files
+      - id: check-merge-conflict
       - id: detect-aws-credentials
-        args:
-          - '--allow-missing-credentials'
+        args: ['--allow-missing-credentials']
       - id: detect-private-key
       - id: end-of-file-fixer
 
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: v0.1.10
+    rev: v0.1.12
     hooks:
       - id: tflint
       - id: terraform-validate
 
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.47.0
+    hooks:
+    - id: terraform_fmt
+    - id: terraform_tflint
+#    - id: terraform_tfsec
+    - id: terraform_docs
+      args:
+        - '--args=--hide providers --sort-by-required'
+
+  - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars
+    rev: v1.0.0
+    hooks:
+    - id: terraform-vars
+
   - repo: https://github.com/Yelp/detect-secrets
     rev: v0.14.3
     hooks:
       - id: detect-secrets
-        args:
-          - '--baseline'
-          - '.secrets.baseline'
+        args: ['--baseline', '.secrets.baseline']
diff --git a/README.md b/README.md
@@ -34,10 +34,26 @@ See [Basic example](examples/basic/README.md) for further information.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.26, < 0.14.0 |
-| aws | >= 2.0, < 4.0 |
-| helm | >= 1.0, < 1.4.0 |
-| kubernetes | >=1.10.0 |
+| terraform | >= 0.13 |
+| aws | >= 2.0 |
+| helm | >= 1.0 |
+| kubernetes | >= 1.10 |
+
+## Modules
+
+No Modules.
+
+## Resources
+
+| Name |
+|------|
+| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) |
+| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
+| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
+| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
+| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
+| [helm_release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) |
+| [kubernetes_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) |
 
 ## Inputs
 
@@ -47,8 +63,8 @@ See [Basic example](examples/basic/README.md) for further information.
 | cluster\_identity\_oidc\_issuer\_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | n/a | yes |
 | cluster\_name | The name of the cluster | `string` | n/a | yes |
 | enabled | Variable indicating whether deployment is enabled | `bool` | `true` | no |
-| helm\_chart\_name | Helm chart name to be installed | `string` | `"cluster-autoscaler-chart"` | no |
-| helm\_chart\_version | Version of the Helm chart | `string` | `"1.0.3"` | no |
+| helm\_chart\_name | Helm chart name to be installed | `string` | `"cluster-autoscaler"` | no |
+| helm\_chart\_version | Version of the Helm chart | `string` | `"9.7.0"` | no |
 | helm\_release\_name | Helm release name | `string` | `"cluster-autoscaler"` | no |
 | helm\_repo\_url | Helm repository | `string` | `"https://kubernetes.github.io/autoscaler"` | no |
 | k8s\_namespace | The K8s namespace in which the node-problem-detector service account has been created | `string` | `"cluster-autoscaler"` | no |
@@ -59,7 +75,6 @@ See [Basic example](examples/basic/README.md) for further information.
 ## Outputs
 
 No output.
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contributing and reporting issues

diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -5,11 +5,23 @@ The code in this example shows how to use the module with basic configuration an
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| aws | >= 2.0, < 4.0 |
-| helm | >= 1.0, < 1.4.0 |
-| kubernetes | >=1.10.0 |
+No requirements.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| cluster_autoscaler | ../../ |  |
+| eks_cluster | cloudposse/eks-cluster/aws |  |
+| eks_workers | cloudposse/eks-workers/aws |  |
+| vpc | terraform-aws-modules/vpc/aws |  |
+
+## Resources
+
+| Name |
+|------|
+| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) |
+| [aws_eks_cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) |
 
 ## Inputs
 
@@ -18,5 +30,4 @@ No input.
 ## Outputs
 
 No output.
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -9,8 +9,7 @@ module "vpc" {
 }
 
 module "eks_cluster" {
-  source  = "cloudposse/eks-cluster/aws"
-  version = "0.28.0"
+  source = "cloudposse/eks-cluster/aws"
 
   region     = "eu-central-1"
   subnet_ids = module.vpc.public_subnets
@@ -22,8 +21,7 @@ module "eks_cluster" {
 }
 
 module "eks_workers" {
-  source  = "cloudposse/eks-workers/aws"
-  version = "0.15.2"
+  source = "cloudposse/eks-workers/aws"
 
   cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data
   cluster_endpoint                   = module.eks_cluster.eks_cluster_endpoint

diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
@@ -1,6 +1,5 @@
 provider "aws" {
-  version = ">= 2.0, < 4.0"
-  region  = "eu-central-1"
+  region = "eu-central-1"
 }
 
 data "aws_eks_cluster" "this" {
@@ -12,15 +11,12 @@ data "aws_eks_cluster_auth" "this" {
 }
 
 provider "kubernetes" {
-  version                = ">=1.10.0"
   host                   = data.aws_eks_cluster.this.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.this.token
-  load_config_file       = false
 }
 
 provider "helm" {
-  version = ">= 1.0, < 1.4.0"
   kubernetes {
     host                   = data.aws_eks_cluster.this.endpoint
     token                  = data.aws_eks_cluster_auth.this.token

diff --git a/variables.tf b/variables.tf
@@ -27,13 +27,13 @@ variable "enabled" {
 
 variable "helm_chart_name" {
   type        = string
-  default     = "cluster-autoscaler-chart"
+  default     = "cluster-autoscaler"
   description = "Helm chart name to be installed"
 }
 
 variable "helm_chart_version" {
   type        = string
-  default     = "1.0.3"
+  default     = "9.7.0"
   description = "Version of the Helm chart"
 }
 

diff --git a/versions.tf b/versions.tf
@@ -1,9 +1,18 @@
 terraform {
-  required_version = ">= 0.12.26, < 0.14.0"
+  required_version = ">= 0.13"
 
   required_providers {
-    aws        = ">= 2.0, < 4.0"
-    helm       = ">= 1.0, < 1.4.0"
-    kubernetes = ">=1.10.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 2.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 1.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 1.10"
+    }
   }
 }