moving modules to source resources to simplify

terraform-cisco-modules · Apr 7, 2022 · df8b0f2 · df8b0f2
1 parent 6c63309
commit df8b0f2
Show file tree

Hide file tree

Showing 48 changed files with 1,467 additions and 716 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
-# Local .terraform directories
+ Local .terraform directories
 **/.terraform/*
 **/.secret
 
@@ -15,11 +15,8 @@ crash.log
 #
 # example.tfvars
 
-modules/app_hello/terraform.tfvars
-modules/iks/terraform.tfvars
-modules/iwo/terraform.tfvars
-modules/k8s_policies/terraform.tfvars
-modules/kubeconfig/terraform.tfvars
+**/terraform.tfvars
+**/terraform.logs
 **/.terraform.lock.hcl
 
 # Ignore override files as they are usually used to override resources locally and so

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -5,4 +5,7 @@ repos:
     - id: terraform_fmt
     - id: terraform_docs
     - id: terraform_tflint
-    - id: terraform_tfsec
+    - id: terraform_tfsec
+      args:
+        - >
+          --args=-e general-secrets-sensitive-in-variable
diff --git a/modules/app_hello/README.md b/modules/app_hello/README.md
@@ -25,14 +25,14 @@ No modules.
 | Name | Type |
 |------|------|
 | [helm_release.hello_iks_app](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [terraform_remote_state.kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.local_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.remote_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_tfc_organization"></a> [tfc\_organization](#input\_tfc\_organization) | Terraform Cloud Organization. | `string` | `"CiscoDevNet"` | no |
-| <a name="input_tfc_workspace"></a> [tfc\_workspace](#input\_tfc\_workspace) | Terraform Cloud Workspace Name. | `string` | `""` | no |
+| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend      = string<br>      organization = optional(string)<br>      policies_dir = optional(string)<br>      workspace    = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "organization": "default",<br>    "policies_dir": "../kubeconfig/",<br>    "workspace": "kubeconfig"<br>  }<br>]</pre> | no |
 
 ## Outputs
 

diff --git a/modules/app_hello/main.auto.tfvars b/modules/app_hello/main.auto.tfvars
diff --git a/modules/app_hello/main.tf b/modules/app_hello/main.tf
@@ -3,23 +3,46 @@
 # Get Outputs from the kubeconfig Workspace
 #__________________________________________________________
 
-data "terraform_remote_state" "kubeconfig" {
-  backend = "remote"
+data "terraform_remote_state" "local_kubeconfig" {
+  for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "local" }
+  backend  = each.value.backend
   config = {
-    organization = var.tfc_organization
+    path = "${each.value.kubeconfig_dir}terraform.tfstate"
+  }
+}
+
+data "terraform_remote_state" "remote_kubeconfig" {
+  for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "remote" }
+  backend  = each.value.backend
+  config = {
+    organization = var.organization
     workspaces = {
-      name = var.tfc_workspace
+      name = var.workspace
     }
   }
 }
 
 locals {
+  # Output Sources for Policies and Pools
+  tfc_workspaces = {
+    for k, v in var.tfc_workspaces : k => {
+      backend      = v.backend
+      organization = v.organization != null ? v.organization : "default"
+      policies_dir = v.policies_dir != null ? v.policies_dir : "../kubeconfig/"
+      workspace    = v.workspace != null ? v.workspace : "kubeconfig"
+    }
+  }
   # IKS Cluster Name
-  cluster_name = data.terraform_remote_state.kubeconfig.outputs.cluster_name
+  cluster_name = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name
+  ) : lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {})
   # Kubernetes Configuration File
-  kubeconfig = yamldecode(data.terraform_remote_state.kubeconfig.outputs.kubeconfig)
+  kubeconfig = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    yamldecode(data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name)
+  ) : yamldecode(lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {}))
 }
 
+
 #_____________________________________________________________________
 #
 # Deploy the Hello-Kubernetes Application Pod using the Helm Provider

diff --git a/modules/app_hello/terraform.log b/modules/app_hello/terraform.log
diff --git a/modules/app_hello/variables.tf b/modules/app_hello/variables.tf
@@ -1,22 +1,35 @@
-#__________________________________________________________
-#
-# Terraform Cloud Organization
-#__________________________________________________________
-
-variable "tfc_organization" {
-  default     = "CiscoDevNet"
-  description = "Terraform Cloud Organization."
-  type        = string
+terraform {
+  experiments = [module_variable_optional_attrs]
 }
 
-
-#______________________________________________
+#__________________________________________________________
 #
-# Terraform Cloud kubeconfig Workspace
-#______________________________________________
+# Terraform Cloud Variables
+#__________________________________________________________
 
-variable "tfc_workspace" {
-  default     = ""
-  description = "Terraform Cloud Workspace Name."
-  type        = string
+variable "tfc_workspaces" {
+  default = [
+    {
+      backend      = "remote"
+      organization = "default"
+      policies_dir = "../kubeconfig/"
+      workspace    = "kubeconfig"
+    }
+  ]
+  description = <<-EOT
+  * backend: Options are:
+    - local - The backend is on the Local Machine
+    - Remote - The backend is in TFCB.
+  * kubeconfig_dir: Name of the Policies directory when the backend is local.
+  * organization: Name of the Terraform Cloud Organization when backend is remote.
+  * workspace: Name of the workspace in Terraform Cloud.
+  EOT
+  type = list(object(
+    {
+      backend      = string
+      organization = optional(string)
+      policies_dir = optional(string)
+      workspace    = optional(string)
+    }
+  ))
 }
diff --git a/modules/applications/README.md b/modules/applications/README.md
@@ -7,13 +7,16 @@ Run the plan from the Terraform cloud workspace.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | 1.11.3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
+| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | 1.11.3 |
 | <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
 
 ## Modules
@@ -24,15 +27,18 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [helm_release.iwo_k8s_collector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [terraform_remote_state.kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [helm_release.helm_chart](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubectl_manifest.manifest](https://registry.terraform.io/providers/gavinbunney/kubectl/1.11.3/docs/resources/manifest) | resource |
+| [terraform_remote_state.local_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.remote_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_tfc_organization"></a> [tfc\_organization](#input\_tfc\_organization) | Terraform Cloud Organization. | `string` | `"CiscoDevNet"` | no |
-| <a name="input_tfc_workspace"></a> [tfc\_workspace](#input\_tfc\_workspace) | Terraform Cloud Workspace Name. | `string` | `""` | no |
+| <a name="input_helm_chart"></a> [helm\_chart](#input\_helm\_chart) | Key - Name of the Helm Chart<br>* chart - location to find the chart<br>* namespace - Kubernetes Namespace to assign to the pod<br>* set - List of Parameters for deployment | <pre>map(object(<br>    {<br>      chart     = string<br>      namespace = string<br>      set       = list(map(string))<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_kubectl_manifest"></a> [kubectl\_manifest](#input\_kubectl\_manifest) | n/a | <pre>map(object(<br>    {<br>      yaml_body = string<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend      = string<br>      organization = optional(string)<br>      policies_dir = optional(string)<br>      workspace    = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "organization": "default",<br>    "policies_dir": "../kubeconfig/",<br>    "workspace": "kubeconfig"<br>  }<br>]</pre> | no |
 
 ## Outputs
 

diff --git a/modules/applications/main.auto.tfvars b/modules/applications/main.auto.tfvars
diff --git a/modules/applications/main.tf b/modules/applications/main.tf
@@ -3,21 +3,43 @@
 # Get Outputs from the kubeconfig Workspace
 #__________________________________________________________
 
-data "terraform_remote_state" "kubeconfig" {
-  backend = "remote"
+data "terraform_remote_state" "local_kubeconfig" {
+  for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "local" }
+  backend  = each.value.backend
   config = {
-    organization = var.tfc_organization
+    path = "${each.value.kubeconfig_dir}terraform.tfstate"
+  }
+}
+
+data "terraform_remote_state" "remote_kubeconfig" {
+  for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "remote" }
+  backend  = each.value.backend
+  config = {
+    organization = var.organization
     workspaces = {
-      name = var.tfc_workspace
+      name = var.workspace
     }
   }
 }
 
 locals {
+  # Output Sources for Policies and Pools
+  tfc_workspaces = {
+    for k, v in var.tfc_workspaces : k => {
+      backend      = v.backend
+      organization = v.organization != null ? v.organization : "default"
+      policies_dir = v.policies_dir != null ? v.policies_dir : "../kubeconfig/"
+      workspace    = v.workspace != null ? v.workspace : "kubeconfig"
+    }
+  }
   # IKS Cluster Name
-  cluster_name = data.terraform_remote_state.kubeconfig.outputs.cluster_name
+  cluster_name = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name
+  ) : lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {})
   # Kubernetes Configuration File
-  kubeconfig = yamldecode(data.terraform_remote_state.kubeconfig.outputs.kubeconfig)
+  kubeconfig = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    yamldecode(data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name)
+  ) : yamldecode(lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {}))
 }
 
 #_____________________________________________________________________

diff --git a/modules/applications/variables.tf b/modules/applications/variables.tf
@@ -1,26 +1,40 @@
+terraform {
+  experiments = [module_variable_optional_attrs]
+}
+
 #__________________________________________________________
 #
-# Terraform Cloud Organization
+# Terraform Cloud Variables
 #__________________________________________________________
 
-variable "tfc_organization" {
-  default     = "CiscoDevNet"
-  description = "Terraform Cloud Organization."
-  type        = string
+variable "tfc_workspaces" {
+  default = [
+    {
+      backend      = "remote"
+      organization = "default"
+      policies_dir = "../kubeconfig/"
+      workspace    = "kubeconfig"
+    }
+  ]
+  description = <<-EOT
+  * backend: Options are:
+    - local - The backend is on the Local Machine
+    - Remote - The backend is in TFCB.
+  * kubeconfig_dir: Name of the Policies directory when the backend is local.
+  * organization: Name of the Terraform Cloud Organization when backend is remote.
+  * workspace: Name of the workspace in Terraform Cloud.
+  EOT
+  type = list(object(
+    {
+      backend      = string
+      organization = optional(string)
+      policies_dir = optional(string)
+      workspace    = optional(string)
+    }
+  ))
 }
 
 
-#______________________________________________
-#
-# Terraform Cloud kubeconfig Workspace
-#______________________________________________
-
-variable "tfc_workspace" {
-  default     = ""
-  description = "Terraform Cloud Workspace Name."
-  type        = string
-}
-
 #______________________________________________
 #
 # Helm Chart Variables

diff --git a/modules/hipsterstore/README.md b/modules/hipsterstore/README.md
@@ -27,14 +27,14 @@ No modules.
 | Name | Type |
 |------|------|
 | [kubectl_manifest.hipster](https://registry.terraform.io/providers/gavinbunney/kubectl/1.11.3/docs/resources/manifest) | resource |
-| [terraform_remote_state.kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.local_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.remote_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_tfc_organization"></a> [tfc\_organization](#input\_tfc\_organization) | Terraform Cloud Organization. | `string` | `"CiscoDevNet"` | no |
-| <a name="input_tfc_workspace"></a> [tfc\_workspace](#input\_tfc\_workspace) | Terraform Cloud Workspace Name. | `string` | `""` | no |
+| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend      = string<br>      organization = optional(string)<br>      policies_dir = optional(string)<br>      workspace    = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "organization": "default",<br>    "policies_dir": "../kubeconfig/",<br>    "workspace": "kubeconfig"<br>  }<br>]</pre> | no |
 
 ## Outputs