Merge pull request #317 from sassoftware/staging

7.0.0 - May 25, 2023
sassoftware · May 25, 2023 · 4410138 · 4410138
2 parents 35dd33e + 7e1444a
commit 4410138
Show file tree

Hide file tree

Showing 24 changed files with 183 additions and 139 deletions.
diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml
@@ -0,0 +1,59 @@
+name: Linter Analysis
+on:
+  push:
+    branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
+
+jobs:
+  # Hadolint: Job-1
+  Hadolint:
+    name: Hadolint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run Hadolint Action
+        uses: jbergstroem/[email protected]
+        with:
+          dockerfile: ./Dockerfile
+          config_file: linting-configs/.hadolint.yaml
+          error_level: 1 # Fail CI based on hadolint output (-1: never, 0: error, 1: warning, 2: info)
+
+  # ShellCheck: Job-2
+  ShellCheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run ShellCheck Action
+        uses: ludeeus/action-shellcheck@master
+        with:
+          severity: error
+
+  # TFLint: Job-3
+  TFLint:
+    name: TFLint
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v3
+
+    - name: Cache Plugin Directory
+      uses: actions/cache@v3
+      with:
+        path: ~/.tflint.d/plugins
+        key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - name: Setup TFLint
+      uses: terraform-linters/[email protected]
+      with:
+        tflint_version: latest
+        github_token: ${{ secrets.LINTER_TEST_TOKEN }}
+
+    - name: Initializing TFLint
+      run: TFLINT_LOG=info tflint --init -c .tflint.hcl 
+
+    - name: Run TFLint Action
+      run: TFLINT_LOG=info tflint -c .tflint.hcl
diff --git a/.tflint.hcl b/.tflint.hcl
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
-ARG TERRAFORM_VERSION=1.0.0
-ARG AZURECLI_VERSION=2.45.0
+ARG TERRAFORM_VERSION=1.4.5
+ARG AZURECLI_VERSION=2.48.1
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
@@ -10,7 +10,8 @@ WORKDIR /viya4-iac-azure
 COPY --from=terraform /bin/terraform /bin/terraform
 COPY . .
 
-RUN apk --update --no-cache add git openssh \
+RUN apk update \
+  && apk --no-cache add git openssh \
   && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
   && chmod 755 ./kubectl /viya4-iac-azure/docker-entrypoint.sh \
   && mv ./kubectl /usr/local/bin/kubectl \

diff --git a/README.md b/README.md
@@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
 Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.
 
 #### Terraform Requirements:
-- [Terraform](https://www.terraform.io/downloads.html) - v1.0.0
+- [Terraform](https://www.terraform.io/downloads.html) - v1.4.5
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.25
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.45.0
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.48.1
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

diff --git a/container-structure-test.yaml b/container-structure-test.yaml
@@ -17,7 +17,7 @@ commandTests:
   - name: "terraform version"
     command: "terraform"
     args: ["--version"]
-    expectedOutput: ["Terraform v1.0.0"]
+    expectedOutput: ["Terraform v1.4.5"]
   - name: "python version"
     command: "python3"
     args: ["--version"]
@@ -29,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.45.0\t2.45.0\t1.0.8"]
+    expectedOutput: ["2.48.1\t2.48.1\t1.0.8"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -175,7 +175,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
 | aks_identity | Use UserAssignedIdentity or Service Principal as  [AKS identity](https://docs.microsoft.com/en-us/azure/aks/concepts-identity) | string | "uai" | A value of `uai` wil create a Managed Identity based on the permissions of the authenticated user or use [`AKS_UAI_NAME`](#use-existing), if set. A value of `sp` will use values from [`CLIENT_ID`/`CLIENT_SECRET`](#azure-authentication), if set. |
 | ssh_public_key | File name of public ssh key for jump and nfs VM | string | "~/.ssh/id_rsa.pub" | Required with `create_jump_vm=true` or `storage_type=standard` |
 | cluster_api_mode | Public or private IP for the cluster api | string | "public" | Valid Values: "public", "private" |
-| aks_cluster_sku_tier | Optimizes api server for cost vs availability | string | "Free" | Valid Values:  "Free", "Paid" | 
+| aks_cluster_sku_tier | Optimizes api server for cost vs availability | string | "Free" | Valid Values:  "Free", "Standard" | 
 
 ## Node Pools
 

diff --git a/.hadolint.yaml → linting-configs/.hadolint.yaml b/.hadolint.yaml → linting-configs/.hadolint.yaml
diff --git a/.shellcheckrc → linting-configs/.shellcheckrc b/.shellcheckrc → linting-configs/.shellcheckrc
diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl
@@ -0,0 +1,28 @@
+
+# For more information on configuring TFlint; see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md
+
+# For more information on plugins see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md
+
+# For more information on TFlint Ruleset for Terraform; see https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.3.0/docs/rules/README.md
+
+# For more information on TFlint Ruleset for Azure, see https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/master/docs/README.md
+
+config {
+  # Enables module inspection.
+  module = true
+}
+
+plugin "azurerm" {
+    enabled = true
+    version = "0.23.0"
+    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+}
+
+plugin "terraform" {
+  enabled = true
+  preset = "recommended"
+}
+
+rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
+  enabled = false
+}
diff --git a/locals.tf b/locals.tf
@@ -43,23 +43,23 @@ locals {
   container_registry_sku = title(var.container_registry_sku)
 
   aks_rg = (var.resource_group_name == null
-    ? azurerm_resource_group.aks_rg.0
-    : data.azurerm_resource_group.aks_rg.0
+    ? azurerm_resource_group.aks_rg[0]
+    : data.azurerm_resource_group.aks_rg[0]
   )
 
   network_rg = (var.vnet_resource_group_name == null
     ? local.aks_rg
-    : data.azurerm_resource_group.network_rg.0
+    : data.azurerm_resource_group.network_rg[0]
   )
 
-  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg.0 : data.azurerm_network_security_group.nsg.0
+  nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg[0] : data.azurerm_network_security_group.nsg[0]
   nsg_rg_name = var.nsg_name == null ? local.aks_rg.name : local.network_rg.name
 
   # Use BYO UAI if given, else create a UAI
   aks_uai_id = (var.aks_identity == "uai"
     ? (var.aks_uai_name == null
-      ? azurerm_user_assigned_identity.uai.0.id
-      : data.azurerm_user_assigned_identity.uai.0.id
+      ? azurerm_user_assigned_identity.uai[0].id
+      : data.azurerm_user_assigned_identity.uai[0].id
     )
     : null
   )

diff --git a/main.tf b/main.tf
@@ -202,7 +202,7 @@ module "node_pools" {
   node_taints                  = each.value.node_taints
   node_labels                  = each.value.node_labels
   zones                        = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]
-  proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity.*.id, [""]), 0)
+  proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)
   orchestrator_version         = var.kubernetes_version
   tags                         = var.tags
 }

diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf
@@ -99,7 +99,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   }
 
   lifecycle {
-    ignore_changes = [default_node_pool.0.node_count]
+    ignore_changes = [default_node_pool[0].node_count]
   }
 
   tags = var.aks_cluster_tags

diff --git a/modules/azure_aks/outputs.tf b/modules/azure_aks/outputs.tf
@@ -2,39 +2,39 @@
 # SPDX-License-Identifier: Apache-2.0
 
 output "client_key" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.client_key
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].client_key
 }
 
 output "client_certificate" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].client_certificate
 }
 
 output "cluster_ca_certificate" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].cluster_ca_certificate
 }
 
 output "cluster_username" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.username
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].username
 }
 
 output "cluster_password" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.password
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].password
 }
 
 output "kube_config" {
   value = azurerm_kubernetes_cluster.aks.kube_config_raw
 }
 
 output "host" {
-  value = azurerm_kubernetes_cluster.aks.kube_config.0.host
+  value = azurerm_kubernetes_cluster.aks.kube_config[0].host
 }
 
 output "cluster_id" {
   value = azurerm_kubernetes_cluster.aks.id
 }
 
 output "cluster_public_ip" {
-  value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip.0.ip_address : null
+  value = var.cluster_egress_type == "loadBalancer" ? data.azurerm_public_ip.cluster_public_ip[0].ip_address : null
 }
 
 output "name" {

diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf
@@ -28,13 +28,13 @@ variable "aks_cluster_location" {
 }
 
 variable "aks_cluster_sku_tier" {
-  description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free"
+  description = "The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Standard (which includes the Uptime SLA). Defaults to Free"
   type        = string
   default     = "Free"
 
   validation {
-    condition     = contains(["Free", "Paid"], var.aks_cluster_sku_tier)
-    error_message = "ERROR: Valid types are \"Free\" and \"Paid\"!"
+    condition     = contains(["Free", "Standard"], var.aks_cluster_sku_tier)
+    error_message = "ERROR: Valid types are \"Free\" and \"Standard\"!"
   }
 }
 

diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf
@@ -18,7 +18,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "flexpsql" {
   count = var.connectivity_method == "private" ? 1 : 0
 
   name                  = var.server_name
-  private_dns_zone_name = azurerm_private_dns_zone.flexpsql.0.name
+  private_dns_zone_name = azurerm_private_dns_zone.flexpsql[0].name
   virtual_network_id    = var.virtual_network_id
   resource_group_name   = var.resource_group_name
 }
@@ -36,7 +36,7 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
   version                      = var.server_version
   tags                         = var.tags
   delegated_subnet_id          = var.delegated_subnet_id
-  private_dns_zone_id          = try(azurerm_private_dns_zone.flexpsql.0.id, null)
+  private_dns_zone_id          = try(azurerm_private_dns_zone.flexpsql[0].id, null)
 
   depends_on = [azurerm_private_dns_zone_virtual_network_link.flexpsql]
 

diff --git a/modules/azurerm_postgresql_flex/outputs.tf b/modules/azurerm_postgresql_flex/outputs.tf
@@ -27,5 +27,5 @@ output "server_id" {
 
 output "firewall_rule_ids" {
   description = "The list of all firewall rule resource ids"
-  value       = [azurerm_postgresql_flexible_server_firewall_rule.flexpsql.*.id]
+  value       = [azurerm_postgresql_flexible_server_firewall_rule.flexpsql[*].id]
 }
diff --git a/modules/azurerm_vm/main.tf b/modules/azurerm_vm/main.tf
@@ -23,7 +23,7 @@ resource "azurerm_network_interface" "vm_nic" {
     name                          = "${var.name}-ip_config"
     subnet_id                     = var.vnet_subnet_id
     private_ip_address_allocation = "Dynamic"
-    public_ip_address_id          = var.create_public_ip ? azurerm_public_ip.vm_ip.0.id : null
+    public_ip_address_id          = var.create_public_ip ? azurerm_public_ip.vm_ip[0].id : null
   }
   tags = var.tags
 }

diff --git a/modules/azurerm_vnet/outputs.tf b/modules/azurerm_vnet/outputs.tf
@@ -3,7 +3,7 @@
 
 output "id" {
   description = "The id of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.id : data.azurerm_virtual_network.vnet.0.id
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].id : data.azurerm_virtual_network.vnet[0].id
 }
 
 output "name" {
@@ -13,12 +13,12 @@ output "name" {
 
 output "location" {
   description = "The location of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.location : data.azurerm_virtual_network.vnet.0.location
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].location : data.azurerm_virtual_network.vnet[0].location
 }
 
 output "address_space" {
   description = "The address space of the vNet"
-  value       = var.name == null ? azurerm_virtual_network.vnet.0.address_space : data.azurerm_virtual_network.vnet.0.address_space
+  value       = var.name == null ? azurerm_virtual_network.vnet[0].address_space : data.azurerm_virtual_network.vnet[0].address_space
 }
 
 output "subnets" {