From 964873244337b27646cf5989c569430c8245765e Mon Sep 17 00:00:00 2001 From: umarali-nagoor Date: Thu, 29 Jul 2021 21:10:07 +0530 Subject: [PATCH 1/4] Roks-on-vpc repo developed by Jennifer, imported to use terraformibm-modules --- examples/roks-on-vpc/README.md | 44 ++++++ examples/roks-on-vpc/input.tfvars | 7 + examples/roks-on-vpc/main.tf | 147 +++++++++++++++++++ examples/roks-on-vpc/provider.tf | 3 + examples/roks-on-vpc/variables.tf | 234 ++++++++++++++++++++++++++++++ examples/roks-on-vpc/versions.tf | 29 ++++ 6 files changed, 464 insertions(+) create mode 100644 examples/roks-on-vpc/README.md create mode 100644 examples/roks-on-vpc/input.tfvars create mode 100644 examples/roks-on-vpc/main.tf create mode 100644 examples/roks-on-vpc/provider.tf create mode 100644 examples/roks-on-vpc/variables.tf create mode 100644 examples/roks-on-vpc/versions.tf diff --git a/examples/roks-on-vpc/README.md b/examples/roks-on-vpc/README.md new file mode 100644 index 0000000..ee47523 --- /dev/null +++ b/examples/roks-on-vpc/README.md @@ -0,0 +1,44 @@ +# Module classic-free-cluster + +This example is used to to provision an free IKS cluster on IBM Cloud Infrastructure - classic + +## Example Usage +``` +provider "ibm" { +} + +module "classic_free_cluster" { + //Uncomment the following line to make the source point to registry level + //source = "terraform-ibm-modules/cluster/ibm//modules/classic-free" + + source = "../../modules/classic-free" + + cluster_name = var.cluster_name + worker_zone = var.worker_zone + hardware = var.hardware + create_timeout = var.create_timeout + update_timeout = var.update_timeout + delete_timeout = var.delete_timeout +} +``` +## NOTE: +If we want to make use of a particular version of module, then set the "version" argument to respective module version. + + + +## Inputs + +| Name | Description | Type | Default | Required | +|-----------------------------------|-------------------------------------------------------|--------|---------|----------| +| cluster\_name | Name of the cluster | string | n/a | yes | +| worker\_zone | The zone where the worker node is created. | string | n/a | yes | +| hardware | The level of hardware isolation for your worker node. | string | n/a | yes | +| create_timeout | Timeout duration for create | string | n/a | no | +| update_timeout | Timeout duration for update | string | n/a | no | +| delete_timeout | Timeout duration for delete | string | n/a | no | + + + +## Usage + +terraform apply diff --git a/examples/roks-on-vpc/input.tfvars b/examples/roks-on-vpc/input.tfvars new file mode 100644 index 0000000..e4829ba --- /dev/null +++ b/examples/roks-on-vpc/input.tfvars @@ -0,0 +1,7 @@ + + +########## COS inputs ########### +/*parameters = { + service-endpoints = "private" +}*/ + diff --git a/examples/roks-on-vpc/main.tf b/examples/roks-on-vpc/main.tf new file mode 100644 index 0000000..cb387cc --- /dev/null +++ b/examples/roks-on-vpc/main.tf @@ -0,0 +1,147 @@ +locals { + worker_zones = { for subnet in data.ibm_is_subnet.subnets : subnet.zone => { "subnet_id" = subnet.id } } + + kms_config = [{ + instance_id = module.kms.kms_instance_guid + crk_id = module.kms.kms_key_id + private_endpoint = false + }, + ] +} + +############################################################################## +# Resource Group +############################################################################## + +data ibm_resource_group resource_group { + name = var.resource_group +} + +############################################################################## + +############################################################################## +# VPC Data +############################################################################# + +data ibm_is_vpc vpc { + name = var.vpc_name +} + +############################################################################# +# Get Subnet Data +# > If the subnets cannot all be gotten by name, replace the `name` +# field with the `identifier` field and get the subnets by ID instead +# of by name. +############################################################################# + +data ibm_is_subnet subnets { + count = length(var.subnet_names) + name = var.subnet_names[count.index] +} + +############################################################################## +# KMS +############################################################################## + +module kms { + source = "terraform-ibm-modules/kms/ibm//modules/key-protect" + + is_kp_instance_exist = false + resource_group_id = data.ibm_resource_group.resource_group.id + service_name = var.service_name + location = var.location + plan = "tiered-pricing" + tags = var.kms_tags + allowed_network_policy = var.allowed_network_policy + key_name = var.key_name + standard_key_type = var.standard_key_type + force_delete = var.force_delete + network_access_allowed = var.network_access_allowed +} + +############################################################################## + +############################################################################## +# COS Instance +############################################################################## + +module cos { + source = "terraform-ibm-modules/cos/ibm//modules/instance" + + service_name = var.cos_instance_name + resource_group_id = data.ibm_resource_group.resource_group.id + plan = var.plan + region = var.region + parameters = var.parameters + create_timeout = var.create_timeout + update_timeout = var.update_timeout + delete_timeout = var.delete_timeout +} + +############################################################################## + +############################################################################## +# IAM Authorization +############################################################################## + +module "authorization_policy" { + + source = "terraform-ibm-modules/iam/ibm//modules/service-authorization" + + source_service_name = "cloud-object-storage" + target_service_name = "kms" + roles = var.iam_roles + source_resource_instance_id = module.cos.cos_instance_id + target_resource_instance_id = module.kms.kms_key_crn +} + +############################################################################## + +############################################################################## +# Container VPC Cluster +############################################################################## + +module "container_vpc_cluster" { + + source = "terraform-ibm-modules/cluster/ibm//modules/vpc-openshift" + + cluster_name = "${var.unique_id}-roks-cluster" + vpc_id = data.ibm_is_vpc.vpc.id + resource_group_id = data.ibm_resource_group.resource_group.id + worker_pool_flavor = var.worker_pool_flavor + worker_nodes_per_zone = var.worker_nodes_per_zone + kube_version = var.kube_version + tags = var.cluster_tags + wait_till = var.wait_till + cos_instance_crn = module.cos.cos_instance_id + entitlement = var.entitlement + worker_zones = local.worker_zones + disable_public_service_endpoint = var.disable_public_service_endpoint + kms_config = local.kms_config + create_timeout = var.create_timeout + update_timeout = var.update_timeout + delete_timeout = var.delete_timeout + +} + +############################################################################## +# Worker pool +############################################################################## + + +module "vpc_cluster_worker_pool" { + + source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-worker-pool" + + for_each = { for wp in var.worker_pool_data : wp.pool_name => wp } + worker_pool_name = each.value.pool_name + flavor = each.value.machine_type + worker_nodes_per_zone = each.value.workers_per_zone + + cluster_name = module.container_vpc_cluster.vpc_openshift_cluster_id + resource_group_id = data.ibm_resource_group.resource_group.id + virtual_private_cloud = data.ibm_is_vpc.vpc.id + worker_zones = local.worker_zones + entitlement = var.entitlement +} + diff --git a/examples/roks-on-vpc/provider.tf b/examples/roks-on-vpc/provider.tf new file mode 100644 index 0000000..48abcf4 --- /dev/null +++ b/examples/roks-on-vpc/provider.tf @@ -0,0 +1,3 @@ +provider "ibm" { + +} \ No newline at end of file diff --git a/examples/roks-on-vpc/variables.tf b/examples/roks-on-vpc/variables.tf new file mode 100644 index 0000000..823bc16 --- /dev/null +++ b/examples/roks-on-vpc/variables.tf @@ -0,0 +1,234 @@ +######################################################################################### +# IBM Cloud Key Management Services Provisioning and Managing Keys +# Copyright 2021 IBM +######################################################################################### + +########################### KMS ######################################################### + +variable "resource_group" { + type = string + description = "Resource group of instance" +} + +variable "vpc_name" { + type = string + description = "Name of the VPC" +} + +variable "service_name" { + type = string + description = "Name of KMS Instance" +} +variable "location" { + type = string + description = "Location of KMS Instance" +} +variable "allowed_network_policy" { + default = null + type = string + description = "Types of the service endpoints. Possible values are 'private', 'public-and-private'." +} +variable "kms_tags" { + default = ["T1", "T2"] + type = set(string) + description = "Tags for the cms" +} +variable "key_name" { + description = "Name of the Key" + type = string +} +variable "network_access_allowed" { + description = "Endpoint type of the Key" + type = string + default = null +} +variable "standard_key_type" { + description = "Determines if it is a standard key or not" + default = null + type = bool +} +variable "force_delete" { + description = "Determines if it has to be force deleted" + default = null + type = bool +} + +######################################################################### +# cos +######################################################################### + +variable "cos_instance_name" { + description = "Enter Name of the cos instance" + type = string +} + +variable "plan" { + description = "Enter COS plan type" + type = string +} + +variable "region" { + description = " Enter Region for COS" + type = string +} + +variable "parameters" { + type = map(string) + description = "Arbitrary parameters to pass cos instance" + default = { + service-endpoints = "private" + } +} + +variable "create_timeout" { + type = string + description = "Timeout duration for create." + default = null +} + +variable "update_timeout" { + type = string + description = "Timeout duration for update." + default = null +} + +variable "delete_timeout" { + type = string + description = "Timeout duration for delete." + default = null +} + +######################################################################### +# IAM Authorization +######################################################################### + +variable "iam_roles" { + type = list(string) + description = "Enter comma separated list of roles." + default = ["Reader"] +} + +######################################################################### +# VPC Cluster +######################################################################### + +variable unique_id { + description = "A unique identifier need to provision resources. Must begin with a letter" + type = string + default = "asset-roks" + + validation { + error_message = "Unique ID must begin and end with a letter and contain only letters, numbers, and - characters." + condition = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.unique_id)) + } +} + +variable "cluster_name" { + description = "Name of the cluster" + type = string +} + +variable "worker_pool_flavor" { + description = " The flavor of the VPC worker node that you want to use." + type = string +} + +variable "worker_nodes_per_zone" { + description = "The number of worker nodes per zone in the default worker pool." + type = number +} + +variable "kube_version" { + description = "The Kubernetes or OpenShift version that you want to set up in your cluster." + type = string + default = "4.6.38_openshift" +} + +variable "wait_till" { + description = "specify the stage when Terraform to mark the cluster creation as completed." + type = string + default = "IngressReady" +} + +variable "disable_public_service_endpoint" { + description = "Boolean value true if Public service endpoint to be disabled." + type = bool + default = false +} + +variable "cluster_tags" { + description = "List of tags." + type = list(string) + default = [] +} + +variable "entitlement" { + description = "If you purchased an IBM Cloud Cloud Pak that includes an entitlement to run worker nodes that are installed with OpenShift Container Platform, enter entitlement to create your cluster with that entitlement so that you are not charged twice for the OpenShift license. Note that this option can be set only when you create the cluster. After the cluster is created, the cost for the OpenShift license occurred and you cannot disable this charge." + type = string + default = "cloud_pak" +} + +###################### Worker Pool ################################ + +variable worker_pool_data { + description = "List of maps describing worker pools" + + type = list(object({ + pool_name = string + machine_type = string + workers_per_zone = number + })) + + default = [ + { + pool_name = "dev" + machine_type = "cx2.8x16" + workers_per_zone = 2 + }, + { + pool_name = "test" + machine_type = "mx2.4x32" + workers_per_zone = 2 + } + ] + + validation { + error_message = "Worker pool names must match the regex `^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$`." + condition = length([ + for pool in var.worker_pool_data : + false if ! can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", pool.pool_name)) + ]) == 0 + } + + validation { + error_message = "Worker pools cannot have duplicate names." + condition = length(distinct([ + for pool in var.worker_pool_data : + pool.pool_name + ])) == length(var.worker_pool_data) + } + +} + +variable subnet_names { + description = "List of subnet names or IDs" + type = list(string) + validation { + error_message = "Subnet names must match the regex `^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$`." + condition = length([ + for name in var.subnet_names : + false if ! can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", name)) + ]) == 0 + } + + validation { + error_message = "Subnet names must include at least one subnet." + condition = length(var.subnet_names) > 0 + } + + validation { + error_message = "Subnet names cannot contain any duplicate names." + condition = length(distinct(var.subnet_names)) == length(var.subnet_names) + } + +} \ No newline at end of file diff --git a/examples/roks-on-vpc/versions.tf b/examples/roks-on-vpc/versions.tf new file mode 100644 index 0000000..6d2e96c --- /dev/null +++ b/examples/roks-on-vpc/versions.tf @@ -0,0 +1,29 @@ +##################################################### +# Kubernetes classic free cluster +# Copyright 2020 IBM +##################################################### + +/*************************************************** +NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows + +terraform { + required_version = ">=0.13" + required_providers { + ibm = { + source = "IBM-Cloud/ibm" + version = "1.21.0" + } + } +} + +If we dont configure the version parameter, it fetches the latest provider version. +****************************************************/ + +terraform { + required_version = ">=0.13" + required_providers { + ibm = { + source = "IBM-Cloud/ibm" + } + } +} \ No newline at end of file From 29ccc50fffd4ce81817ba1a506b51b2e1ba5b2b9 Mon Sep 17 00:00:00 2001 From: umarali-nagoor Date: Fri, 13 Aug 2021 18:29:00 +0530 Subject: [PATCH 2/4] Removed jennifer changes --- examples/roks-on-vpc/README.md | 44 ------ examples/roks-on-vpc/input.tfvars | 7 - examples/roks-on-vpc/main.tf | 147 ------------------- examples/roks-on-vpc/provider.tf | 3 - examples/roks-on-vpc/variables.tf | 234 ------------------------------ examples/roks-on-vpc/versions.tf | 29 ---- 6 files changed, 464 deletions(-) delete mode 100644 examples/roks-on-vpc/README.md delete mode 100644 examples/roks-on-vpc/input.tfvars delete mode 100644 examples/roks-on-vpc/main.tf delete mode 100644 examples/roks-on-vpc/provider.tf delete mode 100644 examples/roks-on-vpc/variables.tf delete mode 100644 examples/roks-on-vpc/versions.tf diff --git a/examples/roks-on-vpc/README.md b/examples/roks-on-vpc/README.md deleted file mode 100644 index ee47523..0000000 --- a/examples/roks-on-vpc/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Module classic-free-cluster - -This example is used to to provision an free IKS cluster on IBM Cloud Infrastructure - classic - -## Example Usage -``` -provider "ibm" { -} - -module "classic_free_cluster" { - //Uncomment the following line to make the source point to registry level - //source = "terraform-ibm-modules/cluster/ibm//modules/classic-free" - - source = "../../modules/classic-free" - - cluster_name = var.cluster_name - worker_zone = var.worker_zone - hardware = var.hardware - create_timeout = var.create_timeout - update_timeout = var.update_timeout - delete_timeout = var.delete_timeout -} -``` -## NOTE: -If we want to make use of a particular version of module, then set the "version" argument to respective module version. - - - -## Inputs - -| Name | Description | Type | Default | Required | -|-----------------------------------|-------------------------------------------------------|--------|---------|----------| -| cluster\_name | Name of the cluster | string | n/a | yes | -| worker\_zone | The zone where the worker node is created. | string | n/a | yes | -| hardware | The level of hardware isolation for your worker node. | string | n/a | yes | -| create_timeout | Timeout duration for create | string | n/a | no | -| update_timeout | Timeout duration for update | string | n/a | no | -| delete_timeout | Timeout duration for delete | string | n/a | no | - - - -## Usage - -terraform apply diff --git a/examples/roks-on-vpc/input.tfvars b/examples/roks-on-vpc/input.tfvars deleted file mode 100644 index e4829ba..0000000 --- a/examples/roks-on-vpc/input.tfvars +++ /dev/null @@ -1,7 +0,0 @@ - - -########## COS inputs ########### -/*parameters = { - service-endpoints = "private" -}*/ - diff --git a/examples/roks-on-vpc/main.tf b/examples/roks-on-vpc/main.tf deleted file mode 100644 index cb387cc..0000000 --- a/examples/roks-on-vpc/main.tf +++ /dev/null @@ -1,147 +0,0 @@ -locals { - worker_zones = { for subnet in data.ibm_is_subnet.subnets : subnet.zone => { "subnet_id" = subnet.id } } - - kms_config = [{ - instance_id = module.kms.kms_instance_guid - crk_id = module.kms.kms_key_id - private_endpoint = false - }, - ] -} - -############################################################################## -# Resource Group -############################################################################## - -data ibm_resource_group resource_group { - name = var.resource_group -} - -############################################################################## - -############################################################################## -# VPC Data -############################################################################# - -data ibm_is_vpc vpc { - name = var.vpc_name -} - -############################################################################# -# Get Subnet Data -# > If the subnets cannot all be gotten by name, replace the `name` -# field with the `identifier` field and get the subnets by ID instead -# of by name. -############################################################################# - -data ibm_is_subnet subnets { - count = length(var.subnet_names) - name = var.subnet_names[count.index] -} - -############################################################################## -# KMS -############################################################################## - -module kms { - source = "terraform-ibm-modules/kms/ibm//modules/key-protect" - - is_kp_instance_exist = false - resource_group_id = data.ibm_resource_group.resource_group.id - service_name = var.service_name - location = var.location - plan = "tiered-pricing" - tags = var.kms_tags - allowed_network_policy = var.allowed_network_policy - key_name = var.key_name - standard_key_type = var.standard_key_type - force_delete = var.force_delete - network_access_allowed = var.network_access_allowed -} - -############################################################################## - -############################################################################## -# COS Instance -############################################################################## - -module cos { - source = "terraform-ibm-modules/cos/ibm//modules/instance" - - service_name = var.cos_instance_name - resource_group_id = data.ibm_resource_group.resource_group.id - plan = var.plan - region = var.region - parameters = var.parameters - create_timeout = var.create_timeout - update_timeout = var.update_timeout - delete_timeout = var.delete_timeout -} - -############################################################################## - -############################################################################## -# IAM Authorization -############################################################################## - -module "authorization_policy" { - - source = "terraform-ibm-modules/iam/ibm//modules/service-authorization" - - source_service_name = "cloud-object-storage" - target_service_name = "kms" - roles = var.iam_roles - source_resource_instance_id = module.cos.cos_instance_id - target_resource_instance_id = module.kms.kms_key_crn -} - -############################################################################## - -############################################################################## -# Container VPC Cluster -############################################################################## - -module "container_vpc_cluster" { - - source = "terraform-ibm-modules/cluster/ibm//modules/vpc-openshift" - - cluster_name = "${var.unique_id}-roks-cluster" - vpc_id = data.ibm_is_vpc.vpc.id - resource_group_id = data.ibm_resource_group.resource_group.id - worker_pool_flavor = var.worker_pool_flavor - worker_nodes_per_zone = var.worker_nodes_per_zone - kube_version = var.kube_version - tags = var.cluster_tags - wait_till = var.wait_till - cos_instance_crn = module.cos.cos_instance_id - entitlement = var.entitlement - worker_zones = local.worker_zones - disable_public_service_endpoint = var.disable_public_service_endpoint - kms_config = local.kms_config - create_timeout = var.create_timeout - update_timeout = var.update_timeout - delete_timeout = var.delete_timeout - -} - -############################################################################## -# Worker pool -############################################################################## - - -module "vpc_cluster_worker_pool" { - - source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-worker-pool" - - for_each = { for wp in var.worker_pool_data : wp.pool_name => wp } - worker_pool_name = each.value.pool_name - flavor = each.value.machine_type - worker_nodes_per_zone = each.value.workers_per_zone - - cluster_name = module.container_vpc_cluster.vpc_openshift_cluster_id - resource_group_id = data.ibm_resource_group.resource_group.id - virtual_private_cloud = data.ibm_is_vpc.vpc.id - worker_zones = local.worker_zones - entitlement = var.entitlement -} - diff --git a/examples/roks-on-vpc/provider.tf b/examples/roks-on-vpc/provider.tf deleted file mode 100644 index 48abcf4..0000000 --- a/examples/roks-on-vpc/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "ibm" { - -} \ No newline at end of file diff --git a/examples/roks-on-vpc/variables.tf b/examples/roks-on-vpc/variables.tf deleted file mode 100644 index 823bc16..0000000 --- a/examples/roks-on-vpc/variables.tf +++ /dev/null @@ -1,234 +0,0 @@ -######################################################################################### -# IBM Cloud Key Management Services Provisioning and Managing Keys -# Copyright 2021 IBM -######################################################################################### - -########################### KMS ######################################################### - -variable "resource_group" { - type = string - description = "Resource group of instance" -} - -variable "vpc_name" { - type = string - description = "Name of the VPC" -} - -variable "service_name" { - type = string - description = "Name of KMS Instance" -} -variable "location" { - type = string - description = "Location of KMS Instance" -} -variable "allowed_network_policy" { - default = null - type = string - description = "Types of the service endpoints. Possible values are 'private', 'public-and-private'." -} -variable "kms_tags" { - default = ["T1", "T2"] - type = set(string) - description = "Tags for the cms" -} -variable "key_name" { - description = "Name of the Key" - type = string -} -variable "network_access_allowed" { - description = "Endpoint type of the Key" - type = string - default = null -} -variable "standard_key_type" { - description = "Determines if it is a standard key or not" - default = null - type = bool -} -variable "force_delete" { - description = "Determines if it has to be force deleted" - default = null - type = bool -} - -######################################################################### -# cos -######################################################################### - -variable "cos_instance_name" { - description = "Enter Name of the cos instance" - type = string -} - -variable "plan" { - description = "Enter COS plan type" - type = string -} - -variable "region" { - description = " Enter Region for COS" - type = string -} - -variable "parameters" { - type = map(string) - description = "Arbitrary parameters to pass cos instance" - default = { - service-endpoints = "private" - } -} - -variable "create_timeout" { - type = string - description = "Timeout duration for create." - default = null -} - -variable "update_timeout" { - type = string - description = "Timeout duration for update." - default = null -} - -variable "delete_timeout" { - type = string - description = "Timeout duration for delete." - default = null -} - -######################################################################### -# IAM Authorization -######################################################################### - -variable "iam_roles" { - type = list(string) - description = "Enter comma separated list of roles." - default = ["Reader"] -} - -######################################################################### -# VPC Cluster -######################################################################### - -variable unique_id { - description = "A unique identifier need to provision resources. Must begin with a letter" - type = string - default = "asset-roks" - - validation { - error_message = "Unique ID must begin and end with a letter and contain only letters, numbers, and - characters." - condition = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.unique_id)) - } -} - -variable "cluster_name" { - description = "Name of the cluster" - type = string -} - -variable "worker_pool_flavor" { - description = " The flavor of the VPC worker node that you want to use." - type = string -} - -variable "worker_nodes_per_zone" { - description = "The number of worker nodes per zone in the default worker pool." - type = number -} - -variable "kube_version" { - description = "The Kubernetes or OpenShift version that you want to set up in your cluster." - type = string - default = "4.6.38_openshift" -} - -variable "wait_till" { - description = "specify the stage when Terraform to mark the cluster creation as completed." - type = string - default = "IngressReady" -} - -variable "disable_public_service_endpoint" { - description = "Boolean value true if Public service endpoint to be disabled." - type = bool - default = false -} - -variable "cluster_tags" { - description = "List of tags." - type = list(string) - default = [] -} - -variable "entitlement" { - description = "If you purchased an IBM Cloud Cloud Pak that includes an entitlement to run worker nodes that are installed with OpenShift Container Platform, enter entitlement to create your cluster with that entitlement so that you are not charged twice for the OpenShift license. Note that this option can be set only when you create the cluster. After the cluster is created, the cost for the OpenShift license occurred and you cannot disable this charge." - type = string - default = "cloud_pak" -} - -###################### Worker Pool ################################ - -variable worker_pool_data { - description = "List of maps describing worker pools" - - type = list(object({ - pool_name = string - machine_type = string - workers_per_zone = number - })) - - default = [ - { - pool_name = "dev" - machine_type = "cx2.8x16" - workers_per_zone = 2 - }, - { - pool_name = "test" - machine_type = "mx2.4x32" - workers_per_zone = 2 - } - ] - - validation { - error_message = "Worker pool names must match the regex `^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$`." - condition = length([ - for pool in var.worker_pool_data : - false if ! can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", pool.pool_name)) - ]) == 0 - } - - validation { - error_message = "Worker pools cannot have duplicate names." - condition = length(distinct([ - for pool in var.worker_pool_data : - pool.pool_name - ])) == length(var.worker_pool_data) - } - -} - -variable subnet_names { - description = "List of subnet names or IDs" - type = list(string) - validation { - error_message = "Subnet names must match the regex `^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$`." - condition = length([ - for name in var.subnet_names : - false if ! can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", name)) - ]) == 0 - } - - validation { - error_message = "Subnet names must include at least one subnet." - condition = length(var.subnet_names) > 0 - } - - validation { - error_message = "Subnet names cannot contain any duplicate names." - condition = length(distinct(var.subnet_names)) == length(var.subnet_names) - } - -} \ No newline at end of file diff --git a/examples/roks-on-vpc/versions.tf b/examples/roks-on-vpc/versions.tf deleted file mode 100644 index 6d2e96c..0000000 --- a/examples/roks-on-vpc/versions.tf +++ /dev/null @@ -1,29 +0,0 @@ -##################################################### -# Kubernetes classic free cluster -# Copyright 2020 IBM -##################################################### - -/*************************************************** -NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows - -terraform { - required_version = ">=0.13" - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - version = "1.21.0" - } - } -} - -If we dont configure the version parameter, it fetches the latest provider version. -****************************************************/ - -terraform { - required_version = ">=0.13" - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - } - } -} \ No newline at end of file From b1c2a2f46758cd12f772fe827a6321d6741242e6 Mon Sep 17 00:00:00 2001 From: umarali-nagoor Date: Fri, 13 Aug 2021 18:47:34 +0530 Subject: [PATCH 3/4] Added private_vlan_id to test file --- .github/workflows/validate_terraform.yml | 9 --------- test/cluster_e2e_test.go | 1 + 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/validate_terraform.yml b/.github/workflows/validate_terraform.yml index a57a289..64962d4 100644 --- a/.github/workflows/validate_terraform.yml +++ b/.github/workflows/validate_terraform.yml @@ -37,12 +37,3 @@ jobs: - name: terraform fmt check # perform format checks run: terraform fmt -list=true -write=false -check -recursive - - - uses: 8398a7/action-slack@v2 - with: - status: ${{ job.status }} - author_name: Integration Test # default: 8398a7@action-slack - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # optional - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required - if: always() # Pick up events even if the job fails or is canceled. diff --git a/test/cluster_e2e_test.go b/test/cluster_e2e_test.go index a92414e..d3cea46 100644 --- a/test/cluster_e2e_test.go +++ b/test/cluster_e2e_test.go @@ -27,6 +27,7 @@ func TestAccIBMClusterE2E(t *testing.T) { "flavor": "b3c.16x64", "worker_pool_name": "workerPoolDemo", "region": "us-south", + "private_vlan_id": "2988890", }, }) From c5765e42ec5673223e78a035c30bf6b0b0b7aa42 Mon Sep 17 00:00:00 2001 From: umarali-nagoor Date: Tue, 12 Oct 2021 18:11:22 +0530 Subject: [PATCH 4/4] Added detect-secret pre-commit hook --- .github/workflows/validate_terraform.yml | 3 + .pre-commit-config.yaml | 18 ++++- .secrets.baseline | 85 ++++++++++++++++++++++++ README.md | 31 ++++++++- 4 files changed, 134 insertions(+), 3 deletions(-) create mode 100644 .secrets.baseline diff --git a/.github/workflows/validate_terraform.yml b/.github/workflows/validate_terraform.yml index 64962d4..0fdefd4 100644 --- a/.github/workflows/validate_terraform.yml +++ b/.github/workflows/validate_terraform.yml @@ -25,6 +25,9 @@ jobs: - name: Install pre-commit run: pip install pre-commit + - + name: Upgrade hooks + run: pre-commit autoupdate - name: Run pre-commit command run: pre-commit run -a diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 89fca54..007d091 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,12 +6,26 @@ default_stages: [commit] # Terraform Validate : Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.45.0 + rev: v1.52.0 hooks: - id: terraform_fmt - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 + rev: v4.0.1 hooks: - id: check-merge-conflict - id: trailing-whitespace - id: detect-private-key +- repo: https://github.com/ibm/detect-secrets + # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha. + # You are encouraged to use static refs such as tags, instead of branch name + # + # Running "pre-commit autoupdate" would automatically updates rev to latest tag + rev: 0.13.1+ibm.46.dss + hooks: + - id: detect-secrets # pragma: whitelist secret + # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options. + # You may also run `pre-commit run detect-secrets` to preview the scan result. + # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file + # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins + # add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets + args: [--baseline, .secrets.baseline, --use-all-plugins ] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..0262f0f --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,85 @@ +{ + "exclude": { + "files": "^.secrets.baseline$", + "lines": null + }, + "generated_at": "2021-10-12T12:36:29Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": {}, + "version": "0.13.1+ibm.46.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/README.md b/README.md index 9a6b08a..f582b8a 100644 --- a/README.md +++ b/README.md @@ -119,16 +119,45 @@ Be sure you have the compiled plugins on $HOME/.terraform.d/plugins/ ### Pre-commit Hooks Run the following command to execute the pre-commit hooks defined in .pre-commit-config.yaml file - +``` pre-commit run -a +``` We can install pre-coomit tool using +``` pip install pre-commit or pip3 install pre-commit +``` + +### Detect Secret Hook + +Used to detect secrets within a code base. + +To create a secret baseline file run following command + +``` +detect-secrets scan --update .secrets.baseline +``` + +While running the pre-commit hook, if you encounter an error like + +``` +WARNING: You are running an outdated version of detect-secrets. +Your version: 0.13.1+ibm.27.dss +Latest version: 0.13.1+ibm.46.dss +See upgrade guide at https://ibm.biz/detect-secrets-how-to-upgrade +``` + +run below command + +``` +pre-commit autoupdate +``` +which upgrades all the pre-commit hooks present in .pre-commit.yaml file. ## How to input varaible values through a file