fmt fixes and deprecation removal

Justin-DynamicD · Sep 6, 2023 · 80e0ae2 · 80e0ae2
1 parent 5f7cc80
commit 80e0ae2
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 92 deletions.
diff --git a/aks.tf b/aks.tf
@@ -3,7 +3,7 @@
 # details: https://docs.microsoft.com/en-us/azure/aks/spot-node-pool
 
 locals {
-  aks_node_extra ={
+  aks_node_extra = {
     Regular = {
       labels = {}
       taints = []
@@ -12,7 +12,7 @@ locals {
       labels = {
         "kubernetes.azure.com/scalesetpriority" = "spot"
       }
-      taints =  [
+      taints = [
         "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
       ]
     }
@@ -39,16 +39,16 @@ resource "azurerm_kubernetes_cluster" "main" {
   dynamic "ingress_application_gateway" {
     for_each = local.app_gateway.enabled == true ? ["ingress_application_gateway"] : []
     content {
-      gateway_id                    = azurerm_application_gateway.main[0].id
+      gateway_id = azurerm_application_gateway.main[0].id
     }
   }
   key_vault_secrets_provider {
-    secret_rotation_enabled  = false
+    secret_rotation_enabled = false
   }
   dynamic "oms_agent" {
     for_each = local.oms.enabled == true ? ["oms_agent"] : []
     content {
-      log_analytics_workspace_id   = local.oms.workspace_id
+      log_analytics_workspace_id = local.oms.workspace_id
     }
   }
   default_node_pool {
@@ -70,7 +70,7 @@ resource "azurerm_kubernetes_cluster" "main" {
     identity_ids = [azurerm_user_assigned_identity.main.id]
   }
   network_profile {
-    network_plugin     = "azure"
+    network_plugin = "azure"
   }
   tags = local.tags
 }

diff --git a/diagnostics.tf b/diagnostics.tf
@@ -6,13 +6,12 @@ resource "azurerm_monitor_diagnostic_setting" "aks" {
   storage_account_id         = local.oms.storage_account_id
   log_analytics_workspace_id = local.oms.workspace_id
 
-  dynamic "log" {
+  dynamic "enabled_log" {
     for_each = local.oms.aks_logs
     content {
-      category = log.key
-      enabled  = log.value
+      category = enabled_log.key
       retention_policy {
-        enabled = log.value
+        enabled = enabled_log.value
         days    = local.oms.retention_days
       }
     }
@@ -36,13 +35,12 @@ resource "azurerm_monitor_diagnostic_setting" "agw" {
   storage_account_id         = local.oms.storage_account_id
   log_analytics_workspace_id = local.oms.workspace_id
 
-  dynamic "log" {
+  dynamic "enabled_log" {
     for_each = local.oms.agw_logs
     content {
-      category = log.key
-      enabled  = log.value
+      category = enabled_log.key
       retention_policy {
-        enabled = log.value
+        enabled = enabled_log.value
         days    = local.oms.retention_days
       }
     }

diff --git a/identity.tf b/identity.tf
@@ -19,15 +19,15 @@ resource "azurerm_role_assignment" "attach_acr" {
 
 # grants rights to the built role as well as the subnet (only needed for kubenet, but added for completeness)
 resource "azurerm_role_assignment" "subnet" {
-    scope                = local.subnet_id
-    role_definition_name = "Network Contributor"
-    principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
+  scope                = local.subnet_id
+  role_definition_name = "Network Contributor"
+  principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
 }
 
 resource "azurerm_role_assignment" "identity" {
-    scope                = azurerm_user_assigned_identity.main.id
-    role_definition_name = "Managed Identity Operator"
-    principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
+  scope                = azurerm_user_assigned_identity.main.id
+  role_definition_name = "Managed Identity Operator"
+  principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
 }
 
 # This assigns permissions to the AGW using discovered Idenitity

diff --git a/main.tf b/main.tf
@@ -7,7 +7,7 @@ locals {
   # ensure agw priority is set if sku is of type "v2"
   # if  nothing is provided, we will set to 1 for v2, or -1 to omit
   detect_priority = length(regexall("v2$", var.app_gateway.sku_tier)) > 0 ? 10 : null
-  priority = coalesce(var.app_gateway.priority, local.detect_priority, -1)
+  priority        = coalesce(var.app_gateway.priority, local.detect_priority, -1)
 
   # generate the resource names for everything based on the values offered
   names = {

diff --git a/test/main.tf b/test/main.tf
@@ -1,4 +1,4 @@
-provider azurerm {
+provider "azurerm" {
   features {
     resource_group {
       prevent_deletion_if_contains_resources = false
@@ -7,8 +7,8 @@ provider azurerm {
 }
 
 # resource group to place everything in
-resource azurerm_resource_group "test" {
-  name = "test-aks-baseline"
+resource "azurerm_resource_group" "test" {
+  name     = "test-aks-baseline"
   location = "westus2"
 }
 
@@ -36,26 +36,26 @@ resource "azurerm_storage_account" "main" {
 }
 
 resource "azurerm_log_analytics_solution" "containerinsights" {
-    solution_name         = "ContainerInsights"
-    location              = azurerm_log_analytics_workspace.main.location
-    resource_group_name   = azurerm_resource_group.test.name
-    workspace_resource_id = azurerm_log_analytics_workspace.main.id
-    workspace_name        = azurerm_log_analytics_workspace.main.name
-    plan {
-        publisher = "Microsoft"
-        product   = "OMSGallery/ContainerInsights"
-    }
+  solution_name         = "ContainerInsights"
+  location              = azurerm_log_analytics_workspace.main.location
+  resource_group_name   = azurerm_resource_group.test.name
+  workspace_resource_id = azurerm_log_analytics_workspace.main.id
+  workspace_name        = azurerm_log_analytics_workspace.main.name
+  plan {
+    publisher = "Microsoft"
+    product   = "OMSGallery/ContainerInsights"
+  }
 }
 
 module "myvnet" {
   source = "Justin-DynamicD/virtual_network/azurerm"
-  global_settings  = {
+  global_settings = {
     name                = "aks_vnet"
     location            = azurerm_resource_group.test.location
     resource_group_name = azurerm_resource_group.test.name
   }
   network = {
-    address_spaces     = ["10.10.0.0/16"]
+    address_spaces = ["10.10.0.0/16"]
   }
   subnets = {
     agw          = "10.10.10.0/26"
@@ -67,7 +67,7 @@ module "myvnet" {
     private_link = true
   }
   subnet_service_endpoints = {
-    private_link = ["Microsoft.KeyVault","Microsoft.ContainerRegistry"]
+    private_link = ["Microsoft.KeyVault", "Microsoft.ContainerRegistry"]
   }
   tags = {
     Project   = "AKS Baseline"
@@ -101,7 +101,7 @@ module "aks" {
     node_count = 1
   }
   oms = {
-    enabled            = true
+    enabled = true
     # aks_logs = {
     #   guard = true
     # }

diff --git a/variables.tf b/variables.tf
@@ -2,36 +2,36 @@
 # global variables
 ######
 
-variable app_gateway {
-  type        = object ({
-      enabled      = optional(bool, false)
-      name         = optional(string)
-      public_ip_id = optional(string, "")
-      priority     = optional(number)
-      sku_capacity = optional(string, "2")
-      sku_name     = optional(string, "WAF_v2")
-      sku_tier     = optional(string, "WAF_v2")
-      subnet_id    = optional(string, "")
+variable "app_gateway" {
+  type = object({
+    enabled      = optional(bool, false)
+    name         = optional(string)
+    public_ip_id = optional(string, "")
+    priority     = optional(number)
+    sku_capacity = optional(string, "2")
+    sku_name     = optional(string, "WAF_v2")
+    sku_tier     = optional(string, "WAF_v2")
+    subnet_id    = optional(string, "")
   })
   description = "map of all agw variables"
   default     = {}
 }
 
-variable waf_configuration {
-  type        = object ({
-      enabled                  = optional(bool, true)
-      firewall_mode            = optional(string, "Detection")
-      rule_set_type            = optional(string, "OWASP")
-      rule_set_version         = optional(string, "3.2")
-      file_upload_limit_mb     = optional(number, 100)
-      request_body_check       = optional(bool, true)
-      max_request_body_size_kb = optional(number, 128)
+variable "waf_configuration" {
+  type = object({
+    enabled                  = optional(bool, true)
+    firewall_mode            = optional(string, "Detection")
+    rule_set_type            = optional(string, "OWASP")
+    rule_set_version         = optional(string, "3.2")
+    file_upload_limit_mb     = optional(number, 100)
+    request_body_check       = optional(bool, true)
+    max_request_body_size_kb = optional(number, 128)
   })
   description = "map of all waf configuration setting required if WAF is enabled"
   default     = {}
 }
 
-variable node_default_pool {
+variable "node_default_pool" {
   type = object({
     enable_auto_scaling          = optional(bool, true)
     max_count                    = optional(number, 4)
@@ -47,7 +47,7 @@ variable node_default_pool {
   default     = {}
 }
 
-variable node_user_pool {
+variable "node_user_pool" {
   type = object({
     enable_auto_scaling = optional(bool, true)
     enabled             = optional(bool, true)
@@ -67,107 +67,107 @@ variable node_user_pool {
   default     = {}
 }
 
-variable oms {
+variable "oms" {
   type = object({
-    enabled              = optional(bool, false)
-    agw_logs             = optional(object({
+    enabled = optional(bool, false)
+    agw_logs = optional(object({
       ApplicationGatewayAccessLog      = optional(bool, true)
       ApplicationGatewayPerformanceLog = optional(bool, true)
       ApplicationGatewayFirewallLog    = optional(bool, true)
     }))
-    agw_metrics          = optional(bool, true)
-    aks_logs             = optional(object({
-      cloud-controller-manager         = optional(bool, false)
-      cluster-autoscaler               = optional(bool, true)
-      csi-azuredisk-controller         = optional(bool, false)
-      csi-azurefile-controller         = optional(bool, false)
-      csi-snapshot-controller          = optional(bool, false)
-      guard                            = optional(bool, false)
-      kube-apiserver                   = optional(bool, true)
-      kube-audit                       = optional(bool, true)
-      kube-audit-admin                 = optional(bool, true)
-      kube-controller-manager          = optional(bool, true)
-      kube-scheduler                   = optional(bool, false)
+    agw_metrics = optional(bool, true)
+    aks_logs = optional(object({
+      cloud-controller-manager = optional(bool, false)
+      cluster-autoscaler       = optional(bool, true)
+      csi-azuredisk-controller = optional(bool, false)
+      csi-azurefile-controller = optional(bool, false)
+      csi-snapshot-controller  = optional(bool, false)
+      guard                    = optional(bool, false)
+      kube-apiserver           = optional(bool, true)
+      kube-audit               = optional(bool, true)
+      kube-audit-admin         = optional(bool, true)
+      kube-controller-manager  = optional(bool, true)
+      kube-scheduler           = optional(bool, false)
     }))
-    aks_metrics          = optional(bool, true)
-    retention_days       = optional(number, 30)
-    storage_account_id   = optional(string)
-    workspace_id         = optional(string)
+    aks_metrics        = optional(bool, true)
+    retention_days     = optional(number, 30)
+    storage_account_id = optional(string)
+    workspace_id       = optional(string)
   })
   description = "custom object defining OMS variables"
-  default = {}
+  default     = {}
 }
 
-variable acr_list {
+variable "acr_list" {
   type        = map(any)
   description = "key/value map of acr name = resource group"
   nullable    = false
   default     = {}
 }
 
-variable automatic_channel_upgrade {
+variable "automatic_channel_upgrade" {
   type        = string
   description = "the upgrade channel for aks"
   nullable    = false
   default     = ""
 }
 
-variable azure_policy {
+variable "azure_policy" {
   type        = bool
   description = "enable azure policies on this cluster"
   nullable    = false
   default     = true
 }
 
-variable docker_bridge_cidr {
+variable "docker_bridge_cidr" {
   type        = string
   description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes."
   nullable    = false
   default     = "172.17.0.1/16"
 }
 
-variable location {
+variable "location" {
   type        = string
   description = "region to build all resources in"
 }
 
-variable name {
+variable "name" {
   type        = string
   description = "If defined, sets the name of the AKS cluster"
   default     = ""
 }
 
-variable name_prefix {
+variable "name_prefix" {
   type        = string
   description = "the prefix used in any generated resource name, if no overriding name is specified"
   nullable    = false
   default     = "aks-baseline"
 }
 
-variable resource_group_name {
+variable "resource_group_name" {
   type        = string
   description = "name of the resource group to provision in"
 }
 
-variable sku_tier {
+variable "sku_tier" {
   type        = string
   description = "Set the SKU for hte aks cluster"
   nullable    = false
   default     = "Free"
 }
 
-variable tags {
+variable "tags" {
   type        = map(any)
   description = "map of tags to apply to all resources"
   default     = null
 }
 
-variable subnet_id {
+variable "subnet_id" {
   type        = string
   description = "ID of the subnet for all node pools"
 }
 
-variable zones {
+variable "zones" {
   type        = list(string)
   description = "list of all supported AZs to deploy to, if available"
   nullable    = false

diff --git a/versions.tf b/versions.tf
@@ -5,6 +5,6 @@ terraform {
   required_version = ">= 1.3.0"
   required_providers {
     azurerm = ">= 3.32.0"
-    random = ">= 3.4.0"
+    random  = ">= 3.4.0"
   }
 }