minimum required Terraform version bumped to 0.13.0 (#19)

- tf 0.13 as minimum required version - cleanup workflow & update workflow components
lablabs · Mar 9, 2021 · 945fee2 · 945fee2
1 parent 3221fa4
commit 945fee2
Show file tree

Hide file tree

Showing 9 changed files with 149 additions and 56 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -7,47 +7,45 @@ on:
     branches: [ master ]
 
 env:
-  TERRAFORM_DOCS_VERSION: "v0.9.1"
-  TFLINT_VERSION: "v0.16.2"
+  TERRAFORM_DOCS_VERSION: "v0.11.2"
+  TFLINT_VERSION: "v0.25.0"
+  TFSEC_VERSION: "v0.39.6"
 
 jobs:
   terraform-validation:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/setup-python@v1
+      - uses: actions/setup-python@v2
         name: "SETUP: Python"
 
-      - uses: actions/setup-go@v2
-        name: "SETUP: Go"
-
-      - uses: pat-s/always-upload-cache@v2.0.0
+      - uses: actions/cache@v2.0.0
         id: cache-terraform-docs
-        name: "CACHE: terraform-docs Go module"
+        name: "CACHE: terraform-docs"
         with:
           path: |
-            ~/go/pkg/mod
-            ~/go/bin/terraform-docs
+            ~/terraform-docs/bin/
           key: ${{ runner.os }}-terraform_docs-${{ env.TERRAFORM_DOCS_VERSION }}
           restore-keys: |
             ${{ runner.os}}-terraform_docs-
 
       - shell: bash
         name: "INSTALL: terraform-docs"
         if: steps.cache-terraform-docs.output.cache-hit != 'true'
-        env:
-          GO111MODULE: "on"
         run: |
-          go get github.com/segmentio/terraform-docs@${{ env.TERRAFORM_DOCS_VERSION }}
+          wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
+          tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
+          mkdir -p ~/terraform-docs/bin/
+          install terraform-docs ~/terraform-docs/bin/
 
       - shell: bash
-        name: "SETUP: Go path"
-        run: echo '~/go/bin/' >> $GITHUB_PATH
+        name: "SETUP: terraform-docs path"
+        run: echo '~/terraform-docs/bin/' >> $GITHUB_PATH
 
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
         name: Checkout source code
 
-      - uses: pat-s/always-upload-cache@v2.0.0
+      - uses: actions/cache@v2
         id: cache-pre-commit-dependencies
         name: "CACHE: pip and pre-commit dependencies"
         with:
@@ -58,9 +56,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-pip-pre-commit-
 
-      - uses: pat-s/always-upload-cache@v2.0.0
+      - uses: actions/cache@v2
         id: cache-tflint
-        name: "CACHE: TFLint"
+        name: "CACHE: tflint"
         with:
           path: |
             ~/tflint/bin/
@@ -74,7 +72,7 @@ jobs:
           pip install detect-secrets
 
       - shell: bash
-        name: "INSTALL: TFLint"
+        name: "INSTALL: tflint"
         if: steps.cache-tflint.outputs.cache-hit != 'true'
         run: |
           wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip
@@ -83,9 +81,31 @@ jobs:
           install tflint ~/tflint/bin/
 
       - shell: bash
-        name: "SETUP: TFLint path"
+        name: "SETUP: tflint path"
         run: echo '~/tflint/bin/' >> $GITHUB_PATH
 
+      - uses: actions/cache@v2
+        id: cache-tfsec
+        name: "CACHE: tfsec"
+        with:
+          path: |
+            ~/tfsec/bin/
+          key: ${{ runner.os }}-tfsec-${{ env.TFSEC_VERSION }}
+          restore-keys: |
+            ${{ runner.os }}-tfsec-
+
+      - shell: bash
+        name: "INSTALL: tfsec"
+        if: steps.cache-tfsec.outputs.cache-hit != 'true'
+        run: |
+          wget https://github.com/tfsec/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-linux-amd64
+          mkdir -p ~/tfsec/bin/
+          install tfsec-linux-amd64 ~/tfsec/bin/
+
+      - shell: bash
+        name: "SETUP: tfsec path"
+        run: echo '~/tfsec/bin/' >> $GITHUB_PATH
+
       - uses: pre-commit/action@v2.0.0
         name: "RUN: pre-commit"
         env:

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,36 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+.terraform.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+    rev: v3.4.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -10,21 +10,23 @@ repos:
       - id: end-of-file-fixer
 
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: v0.1.10
+    rev: v0.1.12
     hooks:
       - id: tflint
       - id: terraform-validate
 
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.39.0
+    rev: v1.47.0
     hooks:
     - id: terraform_fmt
+    - id: terraform_tflint
+#    - id: terraform_tfsec
     - id: terraform_docs
       args:
-        - '--args=--no-providers --sort-by-required'
+        - '--args=--hide providers --sort-by-required'
 
   - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: 8e947e99c45314397a8caacebefab44d74227b6b
+    rev: v1.0.0
     hooks:
     - id: terraform-vars
 

diff --git a/README.md b/README.md
@@ -35,12 +35,28 @@ See [Basic example](examples/basic/README.md) for further information.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.26, < 0.14.0 |
-| aws | >= 2.0, < 4.0 |
-| helm | >= 1.0, < 1.4.0 |
-| kubernetes | >=1.10.0 |
-| local | ~> 1.2 |
-| null | ~> 2.0 |
+| terraform | >= 0.13 |
+| aws | >= 2.0 |
+| helm | >= 1.0 |
+| kubernetes | >= 1.10 |
+| local | >= 1.3 |
+| null | >= 2.0 |
+
+## Modules
+
+No Modules.
+
+## Resources
+
+| Name |
+|------|
+| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) |
+| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
+| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
+| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
+| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
+| [helm_release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) |
+| [kubernetes_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) |
 
 ## Inputs
 
@@ -64,7 +80,6 @@ See [Basic example](examples/basic/README.md) for further information.
 ## Outputs
 
 No output.
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contributing and reporting issues

diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -5,11 +5,23 @@ The code in this example shows how to use the module with basic configuration an
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| aws | >= 2.0, < 4.0 |
-| helm | >= 1.0, < 1.4.0 |
-| kubernetes | >=1.10.0 |
+No requirements.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| eks_cluster | cloudposse/eks-cluster/aws |  |
+| eks_workers | cloudposse/eks-workers/aws |  |
+| extenral_dns | ../../ |  |
+| vpc | terraform-aws-modules/vpc/aws |  |
+
+## Resources
+
+| Name |
+|------|
+| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) |
+| [aws_eks_cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) |
 
 ## Inputs
 
@@ -18,5 +30,4 @@ No input.
 ## Outputs
 
 No output.
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -9,8 +9,7 @@ module "vpc" {
 }
 
 module "eks_cluster" {
-  source  = "cloudposse/eks-cluster/aws"
-  version = "0.28.0"
+  source = "cloudposse/eks-cluster/aws"
 
   region     = "eu-central-1"
   subnet_ids = module.vpc.public_subnets
@@ -22,8 +21,7 @@ module "eks_cluster" {
 }
 
 module "eks_workers" {
-  source  = "cloudposse/eks-workers/aws"
-  version = "0.15.2"
+  source = "cloudposse/eks-workers/aws"
 
   cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data
   cluster_endpoint                   = module.eks_cluster.eks_cluster_endpoint

diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
@@ -1,6 +1,5 @@
 provider "aws" {
-  version = ">= 2.0, < 4.0"
-  region  = "eu-central-1"
+  region = "eu-central-1"
 }
 
 data "aws_eks_cluster" "this" {
@@ -12,15 +11,12 @@ data "aws_eks_cluster_auth" "this" {
 }
 
 provider "kubernetes" {
-  version                = ">=1.10.0"
   host                   = data.aws_eks_cluster.this.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.this.token
-  load_config_file       = false
 }
 
 provider "helm" {
-  version = ">= 1.0, < 1.4.0"
   kubernetes {
     host                   = data.aws_eks_cluster.this.endpoint
     token                  = data.aws_eks_cluster_auth.this.token

diff --git a/iam.tf b/iam.tf
@@ -16,7 +16,7 @@ resource "kubernetes_namespace" "external_dns" {
 ### iam ###
 # Policy
 data "aws_iam_policy_document" "external_dns" {
-  count = var.enabled && ! local.assume_role ? 1 : 0
+  count = var.enabled && !local.assume_role ? 1 : 0
 
   statement {
     sid = "ChangeResourceRecordSets"

diff --git a/versions.tf b/versions.tf
@@ -1,11 +1,26 @@
 terraform {
-  required_version = ">= 0.12.26, < 0.14.0"
+  required_version = ">= 0.13"
 
   required_providers {
-    aws        = ">= 2.0, < 4.0"
-    helm       = ">= 1.0, < 1.4.0"
-    kubernetes = ">=1.10.0"
-    local      = "~> 1.2"
-    null       = "~> 2.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 2.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 1.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 2.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 1.3"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 1.10"
+    }
   }
 }