From 945fee211c9c05203d4464e9a1e6d0360f2c4df3 Mon Sep 17 00:00:00 2001 From: Martin Dojcak Date: Tue, 9 Mar 2021 20:35:50 +0100 Subject: [PATCH] minimum required Terraform version bumped to 0.13.0 (#19) - tf 0.13 as minimum required version - cleanup workflow & update workflow components --- .github/workflows/main.yml | 64 ++++++++++++++++++++++++------------- .gitignore | 36 +++++++++++++++++++++ .pre-commit-config.yaml | 12 ++++--- README.md | 29 +++++++++++++---- examples/basic/README.md | 23 +++++++++---- examples/basic/main.tf | 6 ++-- examples/basic/providers.tf | 6 +--- iam.tf | 2 +- versions.tf | 27 ++++++++++++---- 9 files changed, 149 insertions(+), 56 deletions(-) create mode 100644 .gitignore diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bd312e6..2409b24 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,27 +7,24 @@ on: branches: [ master ] env: - TERRAFORM_DOCS_VERSION: "v0.9.1" - TFLINT_VERSION: "v0.16.2" + TERRAFORM_DOCS_VERSION: "v0.11.2" + TFLINT_VERSION: "v0.25.0" + TFSEC_VERSION: "v0.39.6" jobs: terraform-validation: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 name: "SETUP: Python" - - uses: actions/setup-go@v2 - name: "SETUP: Go" - - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2.0.0 id: cache-terraform-docs - name: "CACHE: terraform-docs Go module" + name: "CACHE: terraform-docs" with: path: | - ~/go/pkg/mod - ~/go/bin/terraform-docs + ~/terraform-docs/bin/ key: ${{ runner.os }}-terraform_docs-${{ env.TERRAFORM_DOCS_VERSION }} restore-keys: | ${{ runner.os}}-terraform_docs- @@ -35,19 +32,20 @@ jobs: - shell: bash name: "INSTALL: terraform-docs" if: steps.cache-terraform-docs.output.cache-hit != 'true' - env: - GO111MODULE: "on" run: | - go get github.com/segmentio/terraform-docs@${{ env.TERRAFORM_DOCS_VERSION }} + wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz + tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz + mkdir -p ~/terraform-docs/bin/ + install terraform-docs ~/terraform-docs/bin/ - shell: bash - name: "SETUP: Go path" - run: echo '~/go/bin/' >> $GITHUB_PATH + name: "SETUP: terraform-docs path" + run: echo '~/terraform-docs/bin/' >> $GITHUB_PATH - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 name: Checkout source code - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2 id: cache-pre-commit-dependencies name: "CACHE: pip and pre-commit dependencies" with: @@ -58,9 +56,9 @@ jobs: restore-keys: | ${{ runner.os }}-pip-pre-commit- - - uses: pat-s/always-upload-cache@v2.0.0 + - uses: actions/cache@v2 id: cache-tflint - name: "CACHE: TFLint" + name: "CACHE: tflint" with: path: | ~/tflint/bin/ @@ -74,7 +72,7 @@ jobs: pip install detect-secrets - shell: bash - name: "INSTALL: TFLint" + name: "INSTALL: tflint" if: steps.cache-tflint.outputs.cache-hit != 'true' run: | wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip @@ -83,9 +81,31 @@ jobs: install tflint ~/tflint/bin/ - shell: bash - name: "SETUP: TFLint path" + name: "SETUP: tflint path" run: echo '~/tflint/bin/' >> $GITHUB_PATH + - uses: actions/cache@v2 + id: cache-tfsec + name: "CACHE: tfsec" + with: + path: | + ~/tfsec/bin/ + key: ${{ runner.os }}-tfsec-${{ env.TFSEC_VERSION }} + restore-keys: | + ${{ runner.os }}-tfsec- + + - shell: bash + name: "INSTALL: tfsec" + if: steps.cache-tfsec.outputs.cache-hit != 'true' + run: | + wget https://github.com/tfsec/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-linux-amd64 + mkdir -p ~/tfsec/bin/ + install tfsec-linux-amd64 ~/tfsec/bin/ + + - shell: bash + name: "SETUP: tfsec path" + run: echo '~/tfsec/bin/' >> $GITHUB_PATH + - uses: pre-commit/action@v2.0.0 name: "RUN: pre-commit" env: diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dd32dc8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,36 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +.terraform.lock.hcl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b0ec8d8..3976243 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v3.4.0 hooks: - id: trailing-whitespace - id: check-merge-conflict @@ -10,21 +10,23 @@ repos: - id: end-of-file-fixer - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.10 + rev: v0.1.12 hooks: - id: tflint - id: terraform-validate - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.39.0 + rev: v1.47.0 hooks: - id: terraform_fmt + - id: terraform_tflint +# - id: terraform_tfsec - id: terraform_docs args: - - '--args=--no-providers --sort-by-required' + - '--args=--hide providers --sort-by-required' - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars - rev: 8e947e99c45314397a8caacebefab44d74227b6b + rev: v1.0.0 hooks: - id: terraform-vars diff --git a/README.md b/README.md index 852e32f..602b6e7 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,28 @@ See [Basic example](examples/basic/README.md) for further information. | Name | Version | |------|---------| -| terraform | >= 0.12.26, < 0.14.0 | -| aws | >= 2.0, < 4.0 | -| helm | >= 1.0, < 1.4.0 | -| kubernetes | >=1.10.0 | -| local | ~> 1.2 | -| null | ~> 2.0 | +| terraform | >= 0.13 | +| aws | >= 2.0 | +| helm | >= 1.0 | +| kubernetes | >= 1.10 | +| local | >= 1.3 | +| null | >= 2.0 | + +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| [helm_release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | +| [kubernetes_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | ## Inputs @@ -64,7 +80,6 @@ See [Basic example](examples/basic/README.md) for further information. ## Outputs No output. - ## Contributing and reporting issues diff --git a/examples/basic/README.md b/examples/basic/README.md index efe60a9..4605dd8 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -5,11 +5,23 @@ The code in this example shows how to use the module with basic configuration an ## Requirements -| Name | Version | -|------|---------| -| aws | >= 2.0, < 4.0 | -| helm | >= 1.0, < 1.4.0 | -| kubernetes | >=1.10.0 | +No requirements. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| eks_cluster | cloudposse/eks-cluster/aws | | +| eks_workers | cloudposse/eks-workers/aws | | +| extenral_dns | ../../ | | +| vpc | terraform-aws-modules/vpc/aws | | + +## Resources + +| Name | +|------| +| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | +| [aws_eks_cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | ## Inputs @@ -18,5 +30,4 @@ No input. ## Outputs No output. - diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 126b2a7..eb21cc9 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -9,8 +9,7 @@ module "vpc" { } module "eks_cluster" { - source = "cloudposse/eks-cluster/aws" - version = "0.28.0" + source = "cloudposse/eks-cluster/aws" region = "eu-central-1" subnet_ids = module.vpc.public_subnets @@ -22,8 +21,7 @@ module "eks_cluster" { } module "eks_workers" { - source = "cloudposse/eks-workers/aws" - version = "0.15.2" + source = "cloudposse/eks-workers/aws" cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data cluster_endpoint = module.eks_cluster.eks_cluster_endpoint diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf index 50ccf6e..3e4443a 100644 --- a/examples/basic/providers.tf +++ b/examples/basic/providers.tf @@ -1,6 +1,5 @@ provider "aws" { - version = ">= 2.0, < 4.0" - region = "eu-central-1" + region = "eu-central-1" } data "aws_eks_cluster" "this" { @@ -12,15 +11,12 @@ data "aws_eks_cluster_auth" "this" { } provider "kubernetes" { - version = ">=1.10.0" host = data.aws_eks_cluster.this.endpoint cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data) token = data.aws_eks_cluster_auth.this.token - load_config_file = false } provider "helm" { - version = ">= 1.0, < 1.4.0" kubernetes { host = data.aws_eks_cluster.this.endpoint token = data.aws_eks_cluster_auth.this.token diff --git a/iam.tf b/iam.tf index 6e9e7ca..4902758 100644 --- a/iam.tf +++ b/iam.tf @@ -16,7 +16,7 @@ resource "kubernetes_namespace" "external_dns" { ### iam ### # Policy data "aws_iam_policy_document" "external_dns" { - count = var.enabled && ! local.assume_role ? 1 : 0 + count = var.enabled && !local.assume_role ? 1 : 0 statement { sid = "ChangeResourceRecordSets" diff --git a/versions.tf b/versions.tf index d58c5e5..43b1f37 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,26 @@ terraform { - required_version = ">= 0.12.26, < 0.14.0" + required_version = ">= 0.13" required_providers { - aws = ">= 2.0, < 4.0" - helm = ">= 1.0, < 1.4.0" - kubernetes = ">=1.10.0" - local = "~> 1.2" - null = "~> 2.0" + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 1.0" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.3" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 1.10" + } } }