chore: tflint and cleanup

humanitec-architecture · Jun 6, 2024 · cd79909 · cd79909
1 parent 60e55c7
commit cd79909
Show file tree

Hide file tree

Showing 15 changed files with 178 additions and 156 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -20,7 +20,7 @@ jobs:
       - name: Install terraform-docs
         run: |
           WORK_DIR=$(mktemp -d)
-          curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz
+          curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.18.0/terraform-docs-v0.18.0-$(uname)-amd64.tar.gz
           cd ${WORK_DIR}
           tar -xzf terraform-docs.tar.gz
           chmod +x terraform-docs
@@ -31,8 +31,11 @@ jobs:
       - name: Check git diff is clean (all files generated should be committed)
         run: git diff --exit-code
 
-      - name: Terraform Format Check
-        run: make fmt-check
+      - uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.51.1
+      - name: Terraform Lint
+        run: make lint
 
       - name: Stub GitHub App credentials (required for validation)
         run: cd ./examples/with-backstage && STUB_FILE=1 node create-gh-app/index.js

diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,10 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.31.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
diff --git a/Makefile b/Makefile
@@ -1,14 +1,18 @@
 TF_DIRS = $(patsubst %/main.tf, %, $(shell find . -type d -name .terraform -prune -o -name 'main.tf' -print))
 VALIDATE_TF_DIRS = $(addprefix validate-,$(TF_DIRS))
+LINT_TF_DIRS = $(addprefix lint-,$(TF_DIRS))
+DOCS_TF_DIRS = $(addprefix docs-,$(TF_DIRS))
+
+# Generate docs for a terraform directories
+$(DOCS_TF_DIRS): docs-%:
+	@echo "Docs $*"
+	terraform-docs --config docs/.terraform-docs.yaml $*
+	terraform-docs --config docs/.terraform-docs-example.yaml $*
 
 # Generate docs
 .PHONY: docs
-docs:
-	terraform-docs --lockfile=false ./modules/base
-	terraform-docs --config docs/.terraform-docs.yaml .
-	terraform-docs --config docs/.terraform-docs-example.yaml .
-	terraform-docs --config docs/.terraform-docs.yaml ./examples/with-backstage
-	terraform-docs --config docs/.terraform-docs-example.yaml ./examples/with-backstage
+docs: $(DOCS_TF_DIRS)
+	@echo "All docs generated"
 
 # Format all terraform files
 fmt:
@@ -27,3 +31,16 @@ $(VALIDATE_TF_DIRS): validate-%:
 # Validate all terraform directories
 validate: $(VALIDATE_TF_DIRS)
 	@echo "All validated"
+
+# Lint a terraform directories
+$(LINT_TF_DIRS): lint-%:
+	@echo "Lint $*"
+	tflint --config "$(PWD)/.tflint.hcl" --chdir="$*"
+
+# Initialize tflint
+lint-init:
+	tflint --init
+
+# Lint all terraform directories
+lint: lint-init $(LINT_TF_DIRS) fmt-check
+	@echo "All linted"
diff --git a/README.md b/README.md
@@ -184,7 +184,9 @@ Once you are finished with the reference architecture, you can remove all provis
 |------|---------|
 | terraform | >= 1.3.0 |
 | aws | ~> 5.17 |
+| helm | ~> 2.12 |
 | humanitec | ~> 1.0 |
+| kubernetes | ~> 2.25 |
 
 ### Modules
 

diff --git a/examples/with-backstage/README.md b/examples/with-backstage/README.md
@@ -72,10 +72,13 @@ Once you are finished with the reference architecture, you can remove all provis
 
 | Name | Version |
 |------|---------|
+| terraform | >= 1.0.0 |
 | terraform | >= 1.3.0 |
 | aws | ~> 5.17 |
 | github | ~> 5.38 |
+| helm | ~> 2.12 |
 | humanitec | ~> 1.0 |
+| kubernetes | ~> 2.25 |
 | random | ~> 3.5 |
 
 ### Providers
@@ -92,15 +95,12 @@ Once you are finished with the reference architecture, you can remove all provis
 | Name | Source | Version |
 |------|--------|---------|
 | backstage\_ecr | terraform-aws-modules/ecr/aws | ~> 1.6 |
-| backstage\_iam\_policy\_ecr\_create\_repository | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository | n/a |
-| backstage\_iam\_role\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account | n/a |
-| backstage\_k8s\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account | n/a |
-| backstage\_mysql | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic | n/a |
-| backstage\_postgres | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic | n/a |
-| backstage\_workload | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account | n/a |
+| backstage\_mysql | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/mysql/basic |
+| backstage\_postgres | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/postgres/basic |
 | base | ../../modules/base | n/a |
 | iam\_github\_oidc\_provider | terraform-aws-modules/iam/aws//modules/iam-github-oidc-provider | ~> 5.30 |
 | iam\_github\_oidc\_role | terraform-aws-modules/iam/aws//modules/iam-github-oidc-role | ~> 5.30 |
+| terraform\_state\_backend | cloudposse/tfstate-backend/aws | 1.1.1 |
 
 ### Resources
 
@@ -114,12 +114,8 @@ Once you are finished with the reference architecture, you can remove all provis
 | [github_actions_organization_variable.backstage_humanitec_org_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
 | [github_repository.backstage](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [humanitec_application.backstage](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource |
-| [humanitec_resource_definition_criteria.backstage_iam_policy_ecr_create_repository](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
-| [humanitec_resource_definition_criteria.backstage_iam_role_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
-| [humanitec_resource_definition_criteria.backstage_k8s_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.backstage_mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.backstage_postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
-| [humanitec_resource_definition_criteria.backstage_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_value.app_config_backend_auth_keys](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.aws_default_region](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_cloud_provider](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
@@ -144,5 +140,4 @@ Once you are finished with the reference architecture, you can remove all provis
 | humanitec\_org\_id | Humanitec Organization ID | `string` | n/a | yes |
 | disk\_size | Disk size in GB to use for EKS nodes | `number` | `20` | no |
 | instance\_types | List of EC2 instances types to use for EKS nodes | `list(string)` | <pre>[<br>  "t3.large"<br>]</pre> | no |
-| resource\_packs\_aws\_rev | Revision of the resource-packs-aws repository to use | `string` | `"refs/heads/main"` | no |
 <!-- END_TF_DOCS -->
diff --git a/examples/with-backstage/backstage-humanitec.tf b/examples/with-backstage/backstage-humanitec.tf
@@ -108,7 +108,7 @@ locals {
 # in-cluster postgres
 
 module "backstage_postgres" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic"
+  source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/postgres/basic"
 
   prefix = local.res_def_prefix
 }
@@ -120,84 +120,12 @@ resource "humanitec_resource_definition_criteria" "backstage_postgres" {
   force_delete = true
 }
 
-# k8s service account (to assume an AWS role)
-
-module "backstage_k8s_service_account" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account"
-
-  prefix = local.res_def_prefix
-}
-
-resource "humanitec_resource_definition_criteria" "backstage_k8s_service_account" {
-  resource_definition_id = module.backstage_k8s_service_account.id
-  app_id                 = humanitec_application.backstage.id
-
-  force_delete = true
-}
-
-# AWS policy to create ECR repositories (required to scaffold apps)
-
-module "backstage_iam_policy_ecr_create_repository" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository"
-
-  driver_account         = module.base.humanitec_resource_account_id
-  resource_packs_aws_rev = var.resource_packs_aws_rev
-  region                 = var.aws_region
-
-  prefix = local.res_def_prefix
-}
-
-resource "humanitec_resource_definition_criteria" "backstage_iam_policy_ecr_create_repository" {
-  resource_definition_id = module.backstage_iam_policy_ecr_create_repository.id
-  app_id                 = humanitec_application.backstage.id
-
-  force_delete = true
-}
-
-# AWS role assumable by the k8s service account
-
-module "backstage_iam_role_service_account" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account"
-
-  driver_account         = module.base.humanitec_resource_account_id
-  resource_packs_aws_rev = var.resource_packs_aws_rev
-  region                 = var.aws_region
-
-  policy_classes = ["default"]
-
-  cluster_name = module.base.eks_cluster_name
-  prefix       = local.res_def_prefix
-}
-
-resource "humanitec_resource_definition_criteria" "backstage_iam_role_service_account" {
-  resource_definition_id = module.backstage_iam_role_service_account.id
-  app_id                 = humanitec_application.backstage.id
-
-  force_delete = true
-}
-
-# Workload resource that sets the service account
-
-module "backstage_workload" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account"
-
-  prefix = local.res_def_prefix
-}
-
-resource "humanitec_resource_definition_criteria" "backstage_workload" {
-  resource_definition_id = module.backstage_workload.id
-  app_id                 = humanitec_application.backstage.id
-
-  force_delete = true
-}
-
-
 # Configure required resources for scaffolded apps
 
 # in-cluster mysql
 
 module "backstage_mysql" {
-  source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic"
+  source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/mysql/basic"
 
   prefix = local.res_def_prefix
 }

diff --git a/examples/with-backstage/provider.tf b/examples/with-backstage/provider.tf
@@ -4,13 +4,21 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.17"
     }
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.38"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.12"
+    }
     humanitec = {
       source  = "humanitec/humanitec"
       version = "~> 1.0"
     }
-    github = {
-      source  = "integrations/github"
-      version = "~> 5.38"
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.25"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/examples/with-backstage/terraform.tfvars.example b/examples/with-backstage/terraform.tfvars.example
@@ -20,7 +20,4 @@ humanitec_org_id = ""
 # List of EC2 instances types to use for EKS nodes
 instance_types = [
   "t3.large"
-]
-
-# Revision of the resource-packs-aws repository to use
-resource_packs_aws_rev = "refs/heads/main"
+]
diff --git a/examples/with-backstage/variables.tf b/examples/with-backstage/variables.tf
@@ -24,12 +24,6 @@ variable "humanitec_ci_service_user_token" {
   sensitive   = true
 }
 
-variable "resource_packs_aws_rev" {
-  description = "Revision of the resource-packs-aws repository to use"
-  type        = string
-  default     = "refs/heads/main"
-}
-
 variable "instance_types" {
   description = "List of EC2 instances types to use for EKS nodes"
   type        = list(string)

diff --git a/main.tf b/main.tf
@@ -5,10 +5,18 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.17"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.12"
+    }
     humanitec = {
       source  = "humanitec/humanitec"
       version = "~> 1.0"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.25"
+    }
   }
   required_version = ">= 1.3.0"
 }