Merge pull request 2i2c-org#2677 from yuvipanda/tflint-fix

Fix tflint job & linting errors in our tf code
yuvipanda · Jun 20, 2023 · f6c0cae · f6c0cae
2 parents b6c7d63 + bc6d215
commit f6c0cae
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 40 deletions.
diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml
@@ -13,6 +13,8 @@ jobs:
       - uses: hashicorp/setup-terraform@v2
       - uses: terraform-linters/setup-tflint@v3
       - name: Run terraform linter
-        run: tflint --chdir terraform
+        run: |
+          cd terraform
+          tflint --recursive
       - name: Check terraform formatting
         run: terraform fmt -check -diff terraform/
diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
@@ -1,4 +1,6 @@
 terraform {
+  required_version = "~> 1.5"
+
   required_providers {
     aws = {
       # ref: https://registry.terraform.io/providers/hashicorp/aws/latest
@@ -12,6 +14,10 @@ terraform {
       version = "~> 3.0"
     }
 
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5.1"
+    }
   }
   backend "gcs" {
     bucket = "two-eye-two-see-org-terraform-state"

diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf
@@ -53,16 +53,6 @@ variable "hub_cloud_permissions" {
   EOT
 }
 
-variable "extra_user_iam_policy" {
-  default     = {}
-  description = <<-EOT
-  Policy JSON to attach to the IAM role assumed by users of the hub.
-
-  Used to grant additional permissions to the IAM role that is assumed by
-  user pods when making requests to AWS services (such as S3)
-  EOT
-}
-
 variable "db_enabled" {
   default     = false
   type        = bool
@@ -73,6 +63,7 @@ variable "db_enabled" {
 
 variable "db_instance_class" {
   default     = "db.t3.micro"
+  type        = string
   description = <<-EOT
   Size (memory & CPU) of the db instance to provision.
 
@@ -82,13 +73,15 @@ variable "db_instance_class" {
 
 variable "db_storage_size" {
   default     = 10
+  type        = number
   description = <<-EOT
   Size (in GiB) of storage to provision for the RDS instance
   EOT
 }
 
 variable "db_engine" {
   default     = "mysql"
+  type        = string
   description = <<-EOT
   AWS RDS database engine to use.
 
@@ -100,6 +93,7 @@ variable "db_engine" {
 
 variable "db_engine_version" {
   default     = "8.0"
+  type        = string
   description = <<-EOT
   Version of database engine to provision.
 
@@ -110,6 +104,7 @@ variable "db_engine_version" {
 
 variable "db_instance_identifier" {
   default     = "shared-db"
+  type        = string
   description = <<-EOT
   Human readable instance name to give the database server.
 
@@ -120,13 +115,15 @@ variable "db_instance_identifier" {
 
 variable "db_mysql_user_grants" {
   default     = ["SELECT", "SHOW VIEW", "SHOW DATABASES", "PROCESS"]
+  type        = list(string)
   description = <<-EOT
   List of privileges to grant the default non-root hub db user if using mysql
   EOT
 }
 
 variable "db_params" {
   default     = {}
+  type        = map(string)
   description = <<-EOT
   Mapping of parameters to set on the RDS instance.
 
@@ -138,6 +135,7 @@ variable "db_params" {
 
 variable "db_user_password_special_chars" {
   default     = true
+  type        = bool
   description = <<-EOT
   Set to True if you don't want special characters in generated user password
   EOT

diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf
@@ -1,5 +1,6 @@
 
 terraform {
+  required_version = "~> 1.5"
   required_providers {
     azurerm = {
       # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest
@@ -16,6 +17,13 @@ terraform {
       source  = "hashicorp/azuread"
       version = "~> 2.35"
     }
+
+    kubernetes = {
+      # ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.18"
+    }
+
   }
   backend "gcs" {
     bucket = "two-eye-two-see-org-terraform-state"
@@ -54,10 +62,10 @@ resource "azurerm_subnet" "node_subnet" {
 }
 
 provider "kubernetes" {
-  host                   = azurerm_kubernetes_cluster.jupyterhub.kube_config.0.host
-  client_certificate     = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config.0.client_certificate)
-  client_key             = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config.0.client_key)
-  cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config.0.cluster_ca_certificate)
+  host                   = azurerm_kubernetes_cluster.jupyterhub.kube_config[0].host
+  client_certificate     = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config[0].client_certificate)
+  client_key             = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config[0].client_key)
+  cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config[0].cluster_ca_certificate)
 }
 
 

diff --git a/terraform/gcp/main.tf b/terraform/gcp/main.tf
@@ -1,4 +1,6 @@
 terraform {
+  required_version = "~> 1.5"
+
   backend "gcs" {}
   required_providers {
     google = {
@@ -13,6 +15,7 @@ terraform {
     }
     kubernetes = {
       # ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest
+      source  = "hashicorp/kubernetes"
       version = "~> 2.18"
     }
   }
@@ -38,7 +41,7 @@ provider "kubernetes" {
   host  = "https://${google_container_cluster.cluster.endpoint}"
   token = data.google_client_config.default.access_token
   cluster_ca_certificate = base64decode(
-    google_container_cluster.cluster.master_auth.0.cluster_ca_certificate
+    google_container_cluster.cluster.master_auth[0].cluster_ca_certificate
   )
 }
 
diff --git a/terraform/gcp/projects/daskhub-template.tfvars b/terraform/gcp/projects/daskhub-template.tfvars
@@ -24,10 +24,6 @@ core_node_machine_type = "n2-highmem-4"
 enable_filestore      = true
 filestore_capacity_gb = 1024
 
-# Config connector is needed on multi-tenant clusters for bucket access 
-# Tip: uncomment the line below if this cluster will be multi-tenant
-# config_connector_enabled = true
-
 user_buckets = {
   "scratch-staging" : {
     "delete_after" : 7

diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars
@@ -14,9 +14,6 @@ regional_cluster = false
 enable_filestore      = true
 filestore_capacity_gb = 2560
 
-# Some hubs want a storage bucket, so we need to have config connector enabled
-config_connector_enabled = true
-
 notebook_nodes = {
   "user" : {
     min : 0,

diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf
@@ -115,23 +115,6 @@ variable "dask_nodes" {
   default     = {}
 }
 
-variable "config_connector_enabled" {
-  type        = bool
-  default     = false
-  description = <<-EOT
-  Enable GKE Config Connector to manage GCP resources via kubernetes.
-
-  GKE Config Connector (https://cloud.google.com/config-connector/docs/overview)
-  allows creating GCP resources (like buckets, VMs, etc) via creating Kubernetes
-  Custom Resources. We use this to create buckets on a per-hub level,
-  and could use it for other purposes in the future.
-
-  Enabling this increases base cost, as config connector related pods
-  needs to run on the cluster.
-  EOT
-}
-
-
 variable "cd_sa_roles" {
   type = set(string)
   default = [

diff --git a/terraform/uptime-checks/main.tf b/terraform/uptime-checks/main.tf
@@ -1,4 +1,5 @@
 terraform {
+  required_version = "~> 1.5"
   backend "gcs" {
     # This is a separate GCS bucket than what we use for our other terraform state
     # This is less sensitive, so let's keep it separate