From dade31d23c9c3464eb1c803b166519636334d656 Mon Sep 17 00:00:00 2001 From: vijay-veeranki-moj Date: Tue, 26 Nov 2019 10:13:37 +0000 Subject: [PATCH 1/3] Upgrade RDS module to terraform 0.12 Applied the changes from release TF12-DO_NOT-USE Applied "path" issue fixed in v4.8 by removing team_name --- main.tf | 119 ++++++++++++++++++++++++++------------------------- output.tf | 18 ++++---- variables.tf | 5 ++- versions.tf | 4 ++ 4 files changed, 76 insertions(+), 70 deletions(-) create mode 100644 versions.tf diff --git a/main.tf b/main.tf index 7456771..d41528a 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,12 @@ data "aws_caller_identity" "current" {} + data "aws_region" "current" {} data "terraform_remote_state" "cluster" { backend = "s3" - config { - bucket = "${var.cluster_state_bucket}" + config = { + bucket = var.cluster_state_bucket region = "eu-west-1" key = "cloud-platform/${var.cluster_name}/terraform.tfstate" } @@ -17,7 +18,7 @@ resource "random_id" "id" { locals { identifier = "cloud-platform-${random_id.id.hex}" - db_name = "${var.db_name != "" ? var.db_name : "db${random_id.id.hex}"}" + db_name = var.db_name != "" ? var.db_name : "db${random_id.id.hex}" } resource "random_string" "username" { @@ -31,41 +32,41 @@ resource "random_string" "password" { } resource "aws_kms_key" "kms" { - description = "${local.identifier}" - - tags { - business-unit = "${var.business-unit}" - application = "${var.application}" - is-production = "${var.is-production}" - environment-name = "${var.environment-name}" - owner = "${var.team_name}" - infrastructure-support = "${var.infrastructure-support}" + description = local.identifier + + tags = { + business-unit = var.business-unit + application = var.application + is-production = var.is-production + environment-name = var.environment-name + owner = var.team_name + infrastructure-support = var.infrastructure-support } } resource "aws_kms_alias" "alias" { name = "alias/${local.identifier}" - target_key_id = "${aws_kms_key.kms.key_id}" + target_key_id = aws_kms_key.kms.key_id } resource "aws_db_subnet_group" "db_subnet" { - name = "${local.identifier}" - subnet_ids = ["${data.terraform_remote_state.cluster.internal_subnets_ids}"] - - tags { - business-unit = "${var.business-unit}" - application = "${var.application}" - is-production = "${var.is-production}" - environment-name = "${var.environment-name}" - owner = "${var.team_name}" - infrastructure-support = "${var.infrastructure-support}" + name = local.identifier + subnet_ids = data.terraform_remote_state.cluster.outputs.internal_subnets_ids + + tags = { + business-unit = var.business-unit + application = var.application + is-production = var.is-production + environment-name = var.environment-name + owner = var.team_name + infrastructure-support = var.infrastructure-support } } resource "aws_security_group" "rds-sg" { - name = "${local.identifier}" + name = local.identifier description = "Allow all inbound traffic" - vpc_id = "${data.terraform_remote_state.cluster.vpc_id}" + vpc_id = data.terraform_remote_state.cluster.outputs.vpc_id // We cannot use `${aws_db_instance.rds.port}` here because it creates a // cyclic dependency. Rather than resorting to `aws_security_group_rule` which @@ -75,59 +76,59 @@ resource "aws_security_group" "rds-sg" { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = ["${data.terraform_remote_state.cluster.internal_subnets}"] + cidr_blocks = data.terraform_remote_state.cluster.outputs.internal_subnets } egress { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = ["${data.terraform_remote_state.cluster.internal_subnets}"] + cidr_blocks = data.terraform_remote_state.cluster.outputs.internal_subnets } } resource "aws_db_instance" "rds" { - identifier = "${local.identifier}" + identifier = local.identifier final_snapshot_identifier = "${local.identifier}-finalsnapshot" - allocated_storage = "${var.db_allocated_storage}" + allocated_storage = var.db_allocated_storage apply_immediately = true - engine = "${var.db_engine}" - engine_version = "${var.db_engine_version}" - instance_class = "${var.db_instance_class}" - name = "${local.db_name}" + engine = var.db_engine + engine_version = var.db_engine_version + instance_class = var.db_instance_class + name = local.db_name username = "cp${random_string.username.result}" - password = "${random_string.password.result}" - backup_retention_period = "${var.db_backup_retention_period}" - storage_type = "${var.db_iops == 0 ? "gp2" : "io1" }" - iops = "${var.db_iops}" + password = random_string.password.result + backup_retention_period = var.db_backup_retention_period + storage_type = var.db_iops == 0 ? "gp2" : "io1" + iops = var.db_iops storage_encrypted = true - db_subnet_group_name = "${aws_db_subnet_group.db_subnet.name}" - vpc_security_group_ids = ["${aws_security_group.rds-sg.id }"] - kms_key_id = "${aws_kms_key.kms.arn}" + db_subnet_group_name = aws_db_subnet_group.db_subnet.name + vpc_security_group_ids = [aws_security_group.rds-sg.id] + kms_key_id = aws_kms_key.kms.arn multi_az = true copy_tags_to_snapshot = true - snapshot_identifier = "${var.snapshot_identifier}" - allow_major_version_upgrade = "${var.allow_major_version_upgrade}" - parameter_group_name = "${aws_db_parameter_group.custom_parameters.name}" - - tags { - business-unit = "${var.business-unit}" - application = "${var.application}" - is-production = "${var.is-production}" - environment-name = "${var.environment-name}" - owner = "${var.team_name}" - infrastructure-support = "${var.infrastructure-support}" + snapshot_identifier = var.snapshot_identifier + allow_major_version_upgrade = var.allow_major_version_upgrade + parameter_group_name = aws_db_parameter_group.custom_parameters.name + + tags = { + business-unit = var.business-unit + application = var.application + is-production = var.is-production + environment-name = var.environment-name + owner = var.team_name + infrastructure-support = var.infrastructure-support } } resource "aws_db_parameter_group" "custom_parameters" { - name = "${local.identifier}" - family = "${var.rds_family}" + name = local.identifier + family = var.rds_family parameter { name = "rds.force_ssl" - value = "${var.force_ssl ? 1 : 0}" - apply_method = "${var.apply_method}" + value = var.force_ssl ? 1 : 0 + apply_method = var.apply_method } } @@ -137,7 +138,7 @@ resource "aws_iam_user" "user" { } resource "aws_iam_access_key" "user" { - user = "${aws_iam_user.user.name}" + user = aws_iam_user.user.name } data "aws_iam_policy_document" "policy" { @@ -154,7 +155,7 @@ data "aws_iam_policy_document" "policy" { ] resources = [ - "${aws_db_instance.rds.arn}", + aws_db_instance.rds.arn, "arn:aws:rds:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:snapshot:*", ] } @@ -162,6 +163,6 @@ data "aws_iam_policy_document" "policy" { resource "aws_iam_user_policy" "policy" { name = "rds-snapshots-read-write" - policy = "${data.aws_iam_policy_document.policy.json}" - user = "${aws_iam_user.user.name}" + policy = data.aws_iam_policy_document.policy.json + user = aws_iam_user.user.name } diff --git a/output.tf b/output.tf index 2093d2c..c2b7ae8 100644 --- a/output.tf +++ b/output.tf @@ -1,39 +1,39 @@ output "rds_instance_endpoint" { description = "The connection endpoint in address:port format" - value = "${aws_db_instance.rds.endpoint}" + value = aws_db_instance.rds.endpoint } output "rds_instance_address" { description = "The hostname of the RDS instance" - value = "${aws_db_instance.rds.address}" + value = aws_db_instance.rds.address } output "rds_instance_port" { description = "The database port" - value = "${aws_db_instance.rds.port}" + value = aws_db_instance.rds.port } output "database_name" { description = "Name of the database" - value = "${aws_db_instance.rds.name}" + value = aws_db_instance.rds.name } output "database_username" { description = "Database Username" - value = "${aws_db_instance.rds.username}" + value = aws_db_instance.rds.username } output "database_password" { description = "Database Password" - value = "${aws_db_instance.rds.password}" + value = aws_db_instance.rds.password } output "access_key_id" { description = "Access key id for RDS IAM user" - value = "${aws_iam_access_key.user.id}" + value = aws_iam_access_key.user.id } output "secret_access_key" { description = "Secret key for RDS IAM user" - value = "${aws_iam_access_key.user.secret}" -} + value = aws_iam_access_key.user.secret +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index b540b63..37ade1e 100644 --- a/variables.tf +++ b/variables.tf @@ -57,7 +57,8 @@ variable "db_backup_retention_period" { variable "db_iops" { description = "The amount of provisioned IOPS. Setting this to a value other than 0 implies a storage_type of io1" - default = "0" + default = 0 + type = number } variable "db_name" { @@ -83,4 +84,4 @@ variable "rds_family" { variable "apply_method" { description = "Indicates when to apply parameter updates, some engines can't apply some parameters without a reboot, so set to pending-reboot" default = "immediate" -} +} \ No newline at end of file diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..c142339 --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} \ No newline at end of file From 5c6e4e660728a637c30fe667de390a3fdf084db9 Mon Sep 17 00:00:00 2001 From: vijay-veeranki-moj Date: Tue, 26 Nov 2019 17:28:42 +0000 Subject: [PATCH 2/3] Run tf 0.12upgrade for RDS example --- example/main.tf | 4 +++- example/rds.tf | 34 ++++++++++++++++++---------------- example/versions.tf | 4 ++++ 3 files changed, 25 insertions(+), 17 deletions(-) create mode 100644 example/versions.tf diff --git a/example/main.tf b/example/main.tf index e4a3040..ea9e548 100644 --- a/example/main.tf +++ b/example/main.tf @@ -1,5 +1,6 @@ terraform { - backend "s3" {} + backend "s3" { + } } provider "aws" { @@ -15,3 +16,4 @@ provider "aws" { alias = "ireland" region = "eu-west-1" } + diff --git a/example/rds.tf b/example/rds.tf index 7b4669e..1acbdc6 100644 --- a/example/rds.tf +++ b/example/rds.tf @@ -4,9 +4,11 @@ * */ -variable "cluster_name" {} +variable "cluster_name" { +} -variable "cluster_state_bucket" {} +variable "cluster_state_bucket" { +} /* * Make sure that you use the latest version of the module by changing the @@ -16,8 +18,8 @@ variable "cluster_state_bucket" {} */ module "example_team_rds" { source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.8" - cluster_name = "${var.cluster_name}" - cluster_state_bucket = "${var.cluster_state_bucket}" + cluster_name = var.cluster_name + cluster_state_bucket = var.cluster_state_bucket team_name = "example-repo" business-unit = "example-bu" application = "exampleapp" @@ -41,7 +43,7 @@ module "example_team_rds" { providers = { # Can be either "aws.london" or "aws.ireland" - aws = "aws.london" + aws = aws.london } } @@ -51,20 +53,20 @@ resource "kubernetes_secret" "example_team_rds" { namespace = "my-namespace" } - data { - rds_instance_endpoint = "${module.example_team_rds.rds_instance_endpoint}" - database_name = "${module.example_team_rds.database_name}" - database_username = "${module.example_team_rds.database_username}" - database_password = "${module.example_team_rds.database_password}" - rds_instance_address = "${module.example_team_rds.rds_instance_address}" - access_key_id = "${module.example_team_rds.access_key_id}" - secret_access_key = "${module.example_team_rds.secret_access_key}" - - /* You can replace all of the above with the following, if you prefer to + data = { + rds_instance_endpoint = module.example_team_rds.rds_instance_endpoint + database_name = module.example_team_rds.database_name + database_username = module.example_team_rds.database_username + database_password = module.example_team_rds.database_password + rds_instance_address = module.example_team_rds.rds_instance_address + access_key_id = module.example_team_rds.access_key_id + secret_access_key = module.example_team_rds.secret_access_key + } + /* You can replace all of the above with the following, if you prefer to * use a single database URL value in your application code: * * url = "postgres://${module.example_team_rds.database_username}:${module.example_team_rds.database_password}@${module.example_team_rds.rds_instance_endpoint}/${module.example_team_rds.database_name}" * */ - } } + diff --git a/example/versions.tf b/example/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/example/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From 57b1f0a4d9dace5077c670f6fc2e61ac6ebc9cfe Mon Sep 17 00:00:00 2001 From: vijay-veeranki-moj Date: Tue, 26 Nov 2019 17:29:31 +0000 Subject: [PATCH 3/3] Updated the release version as 5.0 for tf0.12 --- example/rds.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/rds.tf b/example/rds.tf index 1acbdc6..d91d31c 100644 --- a/example/rds.tf +++ b/example/rds.tf @@ -17,7 +17,7 @@ variable "cluster_state_bucket" { * */ module "example_team_rds" { - source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.8" + source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=5.0" cluster_name = var.cluster_name cluster_state_bucket = var.cluster_state_bucket team_name = "example-repo"