From a23146d4ef4c0ebee0389a646749f9158ca49f04 Mon Sep 17 00:00:00 2001 From: Martin Dojcak Date: Wed, 10 Mar 2021 10:44:24 +0100 Subject: [PATCH] minimum required Terraform version bumped to 0.13.0 (#4) * Github workflow improvements & add gitignore * minimum required Terraform version bumped to 0.13.0 * Update exmaple * Change default chart version --- .github/workflows/main.yml | 65 ++++++++++++++++++++++++------------- .gitignore | 37 ++++++++++++++++++++- .pre-commit-config.yaml | 43 ++++++++++++------------ README.md | 29 +++++++++++++---- examples/basic/README.md | 23 +++++++++---- examples/basic/main.tf | 6 ++-- examples/basic/providers.tf | 6 +--- variables.tf | 4 +-- versions.tf | 17 +++++++--- 9 files changed, 155 insertions(+), 75 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fbfa584..2409b24 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,27 +7,24 @@ on: branches: [ master ] env: - TERRAFORM_DOCS_VERSION: "v0.9.1" - TFLINT_VERSION: "v0.16.2" + TERRAFORM_DOCS_VERSION: "v0.11.2" + TFLINT_VERSION: "v0.25.0" + TFSEC_VERSION: "v0.39.6" jobs: terraform-validation: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 name: "SETUP: Python" - - uses: actions/setup-go@v2 - name: "SETUP: Go" - - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2.0.0 id: cache-terraform-docs - name: "CACHE: terraform-docs Go module" + name: "CACHE: terraform-docs" with: path: | - ~/go/pkg/mod - ~/go/bin/terraform-docs + ~/terraform-docs/bin/ key: ${{ runner.os }}-terraform_docs-${{ env.TERRAFORM_DOCS_VERSION }} restore-keys: | ${{ runner.os}}-terraform_docs- @@ -35,19 +32,20 @@ jobs: - shell: bash name: "INSTALL: terraform-docs" if: steps.cache-terraform-docs.output.cache-hit != 'true' - env: - GO111MODULE: "on" run: | - go get github.com/segmentio/terraform-docs@${{ env.TERRAFORM_DOCS_VERSION }} + wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz + tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz + mkdir -p ~/terraform-docs/bin/ + install terraform-docs ~/terraform-docs/bin/ - shell: bash - name: "SETUP: Go path" - run: echo '::add-path::~/go/bin/' + name: "SETUP: terraform-docs path" + run: echo '~/terraform-docs/bin/' >> $GITHUB_PATH - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 name: Checkout source code - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2 id: cache-pre-commit-dependencies name: "CACHE: pip and pre-commit dependencies" with: @@ -58,9 +56,9 @@ jobs: restore-keys: | ${{ runner.os }}-pip-pre-commit- - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2 id: cache-tflint - name: "CACHE: TFLint" + name: "CACHE: tflint" with: path: | ~/tflint/bin/ @@ -74,7 +72,7 @@ jobs: pip install detect-secrets - shell: bash - name: "INSTALL: TFLint" + name: "INSTALL: tflint" if: steps.cache-tflint.outputs.cache-hit != 'true' run: | wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip @@ -83,9 +81,30 @@ jobs: install tflint ~/tflint/bin/ - shell: bash - name: "SETUP: TFLint path" + name: "SETUP: tflint path" + run: echo '~/tflint/bin/' >> $GITHUB_PATH + + - uses: actions/cache@v2 + id: cache-tfsec + name: "CACHE: tfsec" + with: + path: | + ~/tfsec/bin/ + key: ${{ runner.os }}-tfsec-${{ env.TFSEC_VERSION }} + restore-keys: | + ${{ runner.os }}-tfsec- + + - shell: bash + name: "INSTALL: tfsec" + if: steps.cache-tfsec.outputs.cache-hit != 'true' run: | - echo '::add-path::~/tflint/bin/' + wget https://github.com/tfsec/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-linux-amd64 + mkdir -p ~/tfsec/bin/ + install tfsec-linux-amd64 ~/tfsec/bin/ + + - shell: bash + name: "SETUP: tfsec path" + run: echo '~/tfsec/bin/' >> $GITHUB_PATH - uses: pre-commit/action@v2.0.0 name: "RUN: pre-commit" diff --git a/.gitignore b/.gitignore index 3fa8c86..dd32dc8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,36 @@ -.terraform +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +.terraform.lock.hcl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 947b2d3..3976243 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,40 +1,37 @@ repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.39.0 - hooks: - - id: terraform_fmt - - id: terraform_docs - args: - - '--args=--no-providers --sort-by-required' - - - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars - rev: 8e947e99c45314397a8caacebefab44d74227b6b - hooks: - - id: terraform-vars - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v3.4.0 hooks: - - id: check-merge-conflict - id: trailing-whitespace - - id: check-yaml - - id: check-added-large-files + - id: check-merge-conflict - id: detect-aws-credentials - args: - - '--allow-missing-credentials' + args: ['--allow-missing-credentials'] - id: detect-private-key - id: end-of-file-fixer - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.10 + rev: v0.1.12 hooks: - id: tflint - id: terraform-validate + - repo: git://github.com/antonbabenko/pre-commit-terraform + rev: v1.47.0 + hooks: + - id: terraform_fmt + - id: terraform_tflint +# - id: terraform_tfsec + - id: terraform_docs + args: + - '--args=--hide providers --sort-by-required' + + - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars + rev: v1.0.0 + hooks: + - id: terraform-vars + - repo: https://github.com/Yelp/detect-secrets rev: v0.14.3 hooks: - id: detect-secrets - args: - - '--baseline' - - '.secrets.baseline' + args: ['--baseline', '.secrets.baseline'] diff --git a/README.md b/README.md index dc383b6..68b951f 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,26 @@ See [Basic example](examples/basic/README.md) for further information. | Name | Version | |------|---------| -| terraform | >= 0.12.26, < 0.14.0 | -| aws | >= 2.0, < 4.0 | -| helm | >= 1.0, < 1.4.0 | -| kubernetes | >=1.10.0 | +| terraform | >= 0.13 | +| aws | >= 2.0 | +| helm | >= 1.0 | +| kubernetes | >= 1.10 | + +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| [helm_release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | +| [kubernetes_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | ## Inputs @@ -47,8 +63,8 @@ See [Basic example](examples/basic/README.md) for further information. | cluster\_identity\_oidc\_issuer\_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | n/a | yes | | cluster\_name | The name of the cluster | `string` | n/a | yes | | enabled | Variable indicating whether deployment is enabled | `bool` | `true` | no | -| helm\_chart\_name | Helm chart name to be installed | `string` | `"cluster-autoscaler-chart"` | no | -| helm\_chart\_version | Version of the Helm chart | `string` | `"1.0.3"` | no | +| helm\_chart\_name | Helm chart name to be installed | `string` | `"cluster-autoscaler"` | no | +| helm\_chart\_version | Version of the Helm chart | `string` | `"9.7.0"` | no | | helm\_release\_name | Helm release name | `string` | `"cluster-autoscaler"` | no | | helm\_repo\_url | Helm repository | `string` | `"https://kubernetes.github.io/autoscaler"` | no | | k8s\_namespace | The K8s namespace in which the node-problem-detector service account has been created | `string` | `"cluster-autoscaler"` | no | @@ -59,7 +75,6 @@ See [Basic example](examples/basic/README.md) for further information. ## Outputs No output. - ## Contributing and reporting issues diff --git a/examples/basic/README.md b/examples/basic/README.md index efe60a9..2acd399 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -5,11 +5,23 @@ The code in this example shows how to use the module with basic configuration an ## Requirements -| Name | Version | -|------|---------| -| aws | >= 2.0, < 4.0 | -| helm | >= 1.0, < 1.4.0 | -| kubernetes | >=1.10.0 | +No requirements. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| cluster_autoscaler | ../../ | | +| eks_cluster | cloudposse/eks-cluster/aws | | +| eks_workers | cloudposse/eks-workers/aws | | +| vpc | terraform-aws-modules/vpc/aws | | + +## Resources + +| Name | +|------| +| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | +| [aws_eks_cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | ## Inputs @@ -18,5 +30,4 @@ No input. ## Outputs No output. - diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 04e1945..e3f5cd9 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -9,8 +9,7 @@ module "vpc" { } module "eks_cluster" { - source = "cloudposse/eks-cluster/aws" - version = "0.28.0" + source = "cloudposse/eks-cluster/aws" region = "eu-central-1" subnet_ids = module.vpc.public_subnets @@ -22,8 +21,7 @@ module "eks_cluster" { } module "eks_workers" { - source = "cloudposse/eks-workers/aws" - version = "0.15.2" + source = "cloudposse/eks-workers/aws" cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data cluster_endpoint = module.eks_cluster.eks_cluster_endpoint diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf index 50ccf6e..3e4443a 100644 --- a/examples/basic/providers.tf +++ b/examples/basic/providers.tf @@ -1,6 +1,5 @@ provider "aws" { - version = ">= 2.0, < 4.0" - region = "eu-central-1" + region = "eu-central-1" } data "aws_eks_cluster" "this" { @@ -12,15 +11,12 @@ data "aws_eks_cluster_auth" "this" { } provider "kubernetes" { - version = ">=1.10.0" host = data.aws_eks_cluster.this.endpoint cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data) token = data.aws_eks_cluster_auth.this.token - load_config_file = false } provider "helm" { - version = ">= 1.0, < 1.4.0" kubernetes { host = data.aws_eks_cluster.this.endpoint token = data.aws_eks_cluster_auth.this.token diff --git a/variables.tf b/variables.tf index 80f5dd2..4b3fea0 100644 --- a/variables.tf +++ b/variables.tf @@ -27,13 +27,13 @@ variable "enabled" { variable "helm_chart_name" { type = string - default = "cluster-autoscaler-chart" + default = "cluster-autoscaler" description = "Helm chart name to be installed" } variable "helm_chart_version" { type = string - default = "1.0.3" + default = "9.7.0" description = "Version of the Helm chart" } diff --git a/versions.tf b/versions.tf index dfdd1fa..607b5db 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,18 @@ terraform { - required_version = ">= 0.12.26, < 0.14.0" + required_version = ">= 0.13" required_providers { - aws = ">= 2.0, < 4.0" - helm = ">= 1.0, < 1.4.0" - kubernetes = ">=1.10.0" + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 1.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 1.10" + } } }