terraform fmt

3dd5e8f5 · Jason Krause · 775a4b37 · 3dd5e8f5 · 3dd5e8f5 · 3dd5e8f5
Commit 3dd5e8f5 authored Aug 12, 2021 by Jason Krause 🎱
20 changed files
--- a/terraform/modules/bastion/main.tf
+++ b/terraform/modules/bastion/main.tf
@@ -7,14 +7,14 @@
 resource "aws_security_group" "bastion_sg" {
  name_prefix = "${var.name}-bastion-"
  description = "${var.name} bastion"
-  vpc_id = "${var.vpc_id}"
+  vpc_id      = var.vpc_id

  # Allow all egress
  egress {
-    from_port        = 0
-    to_port          = 0
-    protocol         = "-1"
-    cidr_blocks      = ["0.0.0.0/0"]
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = var.tags
@@ -23,37 +23,37 @@ resource "aws_security_group" "bastion_sg" {
 # Bastion Launch Template
 resource "aws_launch_template" "bastion" {

-  name_prefix                   = "${var.name}-bastion-"
-  description                   = "Bastion launch template for ${var.name} cluster"
-  image_id                      = "${var.ami}"
-  instance_type                 = "${var.instance_type}"
-  key_name                      = "${var.key_name}"
+  name_prefix   = "${var.name}-bastion-"
+  description   = "Bastion launch template for ${var.name} cluster"
+  image_id      = var.ami
+  instance_type = var.instance_type
+  key_name      = var.key_name

  network_interfaces {
    associate_public_ip_address = true
    security_groups             = ["${aws_security_group.bastion_sg.id}"]
  }

-  update_default_version        = true
-  user_data                     = filebase64("${path.module}/dependencies/install_python.sh")
+  update_default_version = true
+  user_data              = filebase64("${path.module}/dependencies/install_python.sh")

  tag_specifications {
-    resource_type               = "instance"
-    tags                        = merge({"Name" = "${var.name}-bastion"}, var.tags)
+    resource_type = "instance"
+    tags          = merge({ "Name" = "${var.name}-bastion" }, var.tags)
  }
 }

 # Bastion Auto-Scaling Group
 resource "aws_autoscaling_group" "bastion" {
-  name_prefix          = "${var.name}-bastion-"
-  max_size             = 2
-  min_size             = 1
-  desired_capacity     = 1
+  name_prefix      = "${var.name}-bastion-"
+  max_size         = 2
+  min_size         = 1
+  desired_capacity = 1

-  vpc_zone_identifier  = var.subnet_ids
+  vpc_zone_identifier = var.subnet_ids

  launch_template {
-    id                 = aws_launch_template.bastion.id
-    version            = "$Latest"
+    id      = aws_launch_template.bastion.id
+    version = "$Latest"
  }
 }
\ No newline at end of file
--- a/terraform/modules/bastion/variables.tf
+++ b/terraform/modules/bastion/variables.tf
 variable "name" {
  description = "The project name to prepend to resources"
-  type = string
-  default = "bigbang-dev"
+  type        = string
+  default     = "bigbang-dev"
 }

 variable "vpc_id" {
  description = "The VPC where the bastion should be deployed"
-  type = string
+  type        = string
 }

 variable "subnet_ids" {
  description = "List of subnet ids where the bastion is allowed"
-  type = list(string)
+  type        = list(string)
 }

 variable "ami" {
  description = "The image to use for the bastion"
-  type    = string
-  default = "ami-017e342d9500ef3b2" # RKE2 RHEL8 STIG (even though we don't need RHEL8, it is hardened)
+  type        = string
+  default     = "ami-017e342d9500ef3b2" # RKE2 RHEL8 STIG (even though we don't need RHEL8, it is hardened)
 }

 variable "instance_type" {
  description = "The AWS EC2 instance type for the bastion"
  type        = string
-  default = "t2.micro"
+  default     = "t2.micro"
 }

 variable "key_name" {
  description = "The key pair name to install on the bastion"
  type        = string
-  default = ""
+  default     = ""
 }
 variable "tags" {
  description = "The tags to apply to resources"
-  type = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }
\ No newline at end of file
--- a/terraform/modules/elb/main.tf
+++ b/terraform/modules/elb/main.tf
@@ -21,8 +21,8 @@ resource "aws_lb_target_group" "public_nlb_http" {
  vpc_id   = var.vpc_id

  health_check {
-    port           = var.node_port_health_checks
-    path           = "/healthz/ready"
+    port = var.node_port_health_checks
+    path = "/healthz/ready"
  }
  lifecycle {
    create_before_destroy = true
@@ -37,8 +37,8 @@ resource "aws_lb_target_group" "public_nlb_https" {
  vpc_id   = var.vpc_id

  health_check {
-    port           = var.node_port_health_checks
-    path           = "/healthz/ready"
+    port = var.node_port_health_checks
+    path = "/healthz/ready"
  }
  lifecycle {
    create_before_destroy = true
@@ -53,8 +53,8 @@ resource "aws_lb_target_group" "public_nlb_sni" {
  vpc_id   = var.vpc_id

  health_check {
-    port           = var.node_port_health_checks
-    path           = "/healthz/ready"
+    port = var.node_port_health_checks
+    path = "/healthz/ready"
  }
  lifecycle {
    create_before_destroy = true
@@ -114,39 +114,39 @@ data "aws_network_interface" "public_nlb" {
 resource "aws_security_group" "public_nlb_pool" {
  name_prefix = "${var.name}-public-nlb-to-pool-"
  description = "${var.name} Traffic from public Network Load Balancer to server pool"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id

  # Allow all traffic from load balancer
  ingress {
-    description       = "Allow public Network Load Balancer traffic to health check"
-    from_port         = var.node_port_health_checks
-    to_port           = var.node_port_health_checks
-    protocol          = "tcp"
-    cidr_blocks       = formatlist("%s/32", [for eni in data.aws_network_interface.public_nlb : eni.private_ip])
+    description = "Allow public Network Load Balancer traffic to health check"
+    from_port   = var.node_port_health_checks
+    to_port     = var.node_port_health_checks
+    protocol    = "tcp"
+    cidr_blocks = formatlist("%s/32", [for eni in data.aws_network_interface.public_nlb : eni.private_ip])
  }

  ingress {
-    description       = "Allow internet traffic to HTTP node port"
-    from_port         = var.node_port_http
-    to_port           = var.node_port_http
-    protocol          = "tcp"
-    cidr_blocks       = ["0.0.0.0/0"]
+    description = "Allow internet traffic to HTTP node port"
+    from_port   = var.node_port_http
+    to_port     = var.node_port_http
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
-    description       = "Allow internet traffic to HTTPS node port"
-    from_port         = var.node_port_https
-    to_port           = var.node_port_https
-    protocol          = "tcp"
-    cidr_blocks       = ["0.0.0.0/0"]
+    description = "Allow internet traffic to HTTPS node port"
+    from_port   = var.node_port_https
+    to_port     = var.node_port_https
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
-    description       = "Allow internet traffic to SNI node port"
-    from_port         = var.node_port_sni
-    to_port           = var.node_port_sni
-    protocol          = "tcp"
-    cidr_blocks       = ["0.0.0.0/0"]
+    description = "Allow internet traffic to SNI node port"
+    from_port   = var.node_port_sni
+    to_port     = var.node_port_sni
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = var.tags

--- a/terraform/modules/elb/outputs.tf
+++ b/terraform/modules/elb/outputs.tf
 output "pool_sg_id" {
  description = "The ID of the security group used as an inbound rule for load balancer's back-end server pool"
-  value = aws_security_group.public_nlb_pool.id
+  value       = aws_security_group.public_nlb_pool.id
 }

 output "elb_target_group_arns" {
  description = "The load balancer target group ARNs"
-  value = [aws_lb_target_group.public_nlb_http.arn, aws_lb_target_group.public_nlb_https.arn, aws_lb_target_group.public_nlb_sni.arn]
+  value       = [aws_lb_target_group.public_nlb_http.arn, aws_lb_target_group.public_nlb_https.arn, aws_lb_target_group.public_nlb_sni.arn]
 }
\ No newline at end of file
--- a/terraform/modules/elb/variables.tf
+++ b/terraform/modules/elb/variables.tf
 variable "name" {
  description = "The name to apply to the external load balancer resources"
-  type    = string
-  default = "bigbang-dev"
+  type        = string
+  default     = "bigbang-dev"
 }

 variable "vpc_id" {
  description = "The VPC where the load balancer should be deployed"
-  type = string
+  type        = string
 }

 variable "subnet_ids" {
  description = "The subnet ids to load balance"
-  type = list(string)
+  type        = list(string)
 }

 variable "node_port_health_checks" {
  description = "The node port to use for Istio health check traffic"
-  type = string
-  default = "30000"
+  type        = string
+  default     = "30000"
 }
 variable "node_port_http" {
  description = "The node port to use for HTTP traffic"
-  type = string
-  default = "30001"
+  type        = string
+  default     = "30001"
 }

 variable "node_port_https" {
  description = "The node port to use for HTTPS traffic"
-  type = string
-  default = "30002"
+  type        = string
+  default     = "30002"
 }

 variable "node_port_sni" {
  description = "The node port to use for Istio SNI traffic"
-  type = string
-  default = "30003"
+  type        = string
+  default     = "30003"
 }

 variable "tags" {
  description = "The tags to apply to resources"
-  type = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }
\ No newline at end of file
--- a/terraform/modules/pool/main.tf
+++ b/terraform/modules/pool/main.tf
@@ -3,7 +3,7 @@
 # See https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform/-/blob/master/modules/nodepool/main.tf#L113

 resource "aws_autoscaling_attachment" "pool" {
-  for_each = toset(var.elb_target_group_arns)
+  for_each               = toset(var.elb_target_group_arns)
  autoscaling_group_name = var.pool_asg_id
-  alb_target_group_arn = each.value
+  alb_target_group_arn   = each.value
 }
\ No newline at end of file
--- a/terraform/modules/pool/variables.tf
+++ b/terraform/modules/pool/variables.tf
 variable "name" {
  description = "The name to apply to resources"
-  type    = string
-  default = "bigbang-dev"
+  type        = string
+  default     = "bigbang-dev"
 }

 variable "elb_target_group_arns" {
  description = "The load balancer's target group ARNs to attach to the autoscale group"
-  type = list(string)
+  type        = list(string)
 }

 variable "pool_asg_id" {
  description = "The pool's autoscale group ID"
-  type = string
+  type        = string
 }
\ No newline at end of file
--- a/terraform/modules/s3/main.tf
+++ b/terraform/modules/s3/main.tf
@@ -35,7 +35,7 @@ resource "null_resource" "kubeconfig" {

 # Upload SSH private key
 resource "aws_s3_bucket_object" "sshkey" {
-  key                    = "ssh-private-key.pem"
+  key = "ssh-private-key.pem"
  # Get bucket name in middle of s3://<bucket name>/rke2.yaml
  bucket                 = replace(replace(var.kubeconfig_path, "/\\/[^/]*$/", ""), "/^[^/]*\\/\\//", "")
  source                 = pathexpand("${var.private_key_path}/${var.name}.pem")

--- a/terraform/modules/s3/variables.tf
+++ b/terraform/modules/s3/variables.tf
 variable "name" {
  description = "The name of the SSH key"
-  type    = string
-  default = "bigbang-dev"
+  type        = string
+  default     = "bigbang-dev"
 }

 variable "kubeconfig_path" {
  description = "Remote path to kubeconfig"
-  type = string
+  type        = string
 }

 variable "private_key_path" {
  description = "Local path to SSH private key"
-  type = string
-  default = "~/.ssh"
+  type        = string
+  default     = "~/.ssh"
 }
\ No newline at end of file
--- a/terraform/modules/ssh/main.tf
+++ b/terraform/modules/ssh/main.tf
@@ -17,6 +17,6 @@ resource "local_file" "pem" {

 #
 resource "aws_key_pair" "ssh" {
-  key_name   = "${var.name}"
+  key_name   = var.name
  public_key = tls_private_key.ssh.public_key_openssh
 }
\ No newline at end of file
--- a/terraform/modules/ssh/outputs.tf
+++ b/terraform/modules/ssh/outputs.tf
 output "key_name" {
  description = "The name of the AWS SSH key pair"
-  value = aws_key_pair.ssh.key_name
+  value       = aws_key_pair.ssh.key_name
 }

 output "public_key" {
  description = "The public SSH key"
-  value = tls_private_key.ssh.public_key_openssh
+  value       = tls_private_key.ssh.public_key_openssh
 }
\ No newline at end of file
--- a/terraform/modules/ssh/variables.tf
+++ b/terraform/modules/ssh/variables.tf
 variable "private_key_path" {
  description = "Local path to store private key for SSH"
-  type = string
-  default = "~/.ssh"
+  type        = string
+  default     = "~/.ssh"
 }

 variable "name" {
  description = "Name of the SSH keypair to create"
-  type = string
-  default = "bigbang"
+  type        = string
+  default     = "bigbang"
 }
\ No newline at end of file
--- a/terraform/modules/vpc/data.tf
+++ b/terraform/modules/vpc/data.tf
 data "aws_availability_zones" "available" {
  state = "available"
  filter {
-    name = "group-name"
+    name   = "group-name"
    values = [var.aws_region]
  }
 }
\ No newline at end of file
--- a/terraform/modules/vpc/main.tf
+++ b/terraform/modules/vpc/main.tf
@@ -19,9 +19,9 @@ locals {
  cidr_step = max(10, local.num_azs)

  # Based on VPC CIDR, create subnet ranges
-  cidr_index = range(local.num_azs)
-  public_subnet_cidrs = [ for i in local.cidr_index : cidrsubnet(var.vpc_cidr, local.cidr_size, i) ]
-  private_subnet_cidrs = [ for i in local.cidr_index : cidrsubnet(var.vpc_cidr, local.cidr_size, i + local.cidr_step) ]
+  cidr_index           = range(local.num_azs)
+  public_subnet_cidrs  = [for i in local.cidr_index : cidrsubnet(var.vpc_cidr, local.cidr_size, i)]
+  private_subnet_cidrs = [for i in local.cidr_index : cidrsubnet(var.vpc_cidr, local.cidr_size, i + local.cidr_step)]
 }

 # https://github.com/terraform-aws-modules/terraform-aws-vpc
@@ -39,8 +39,8 @@ module "vpc" {
  # and if the NAT gateway’s Availability Zone is down, resources in the other Availability
  # Zones lose internet access. To create an Availability Zone-independent architecture,
  # create a NAT gateway in each Availability Zone.
-  enable_nat_gateway   = true
-  single_nat_gateway   = false
+  enable_nat_gateway     = true
+  single_nat_gateway     = false
  one_nat_gateway_per_az = true

  enable_dns_hostnames = true
@@ -52,12 +52,12 @@ module "vpc" {
  # Add in required tags for proper AWS CCM integration
  public_subnet_tags = merge({
    "kubernetes.io/cluster/${var.name}" = "shared"
-    "kubernetes.io/role/elb"              = "1"
+    "kubernetes.io/role/elb"            = "1"
  }, var.tags)

  private_subnet_tags = merge({
    "kubernetes.io/cluster/${var.name}" = "shared"
-    "kubernetes.io/role/internal-elb"     = "1"
+    "kubernetes.io/role/internal-elb"   = "1"
  }, var.tags)

  tags = merge({

--- a/terraform/modules/vpc/outputs.tf
+++ b/terraform/modules/vpc/outputs.tf
 output "vpc_id" {
  description = "The Virtual Private Cloud (VPC) ID"
-  value = module.vpc.vpc_id
+  value       = module.vpc.vpc_id
 }

 output "private_subnet_ids" {
  description = "The list of private subnet IDs in the VPC"
-  value = module.vpc.private_subnets
+  value       = module.vpc.private_subnets
 }

 output "public_subnet_ids" {
  description = "Thge list of public subnet IDs in the VPC"
-  value = module.vpc.public_subnets
+  value       = module.vpc.public_subnets
 }
\ No newline at end of file
--- a/terraform/modules/vpc/variables.tf
+++ b/terraform/modules/vpc/variables.tf
 variable "name" {
  description = "The name to apply to the VPC and Subnets"
-  type    = string
-  default = "bigbang-dev"
+  type        = string
+  default     = "bigbang-dev"
 }

 variable "vpc_cidr" {
@@ -11,12 +11,12 @@ variable "vpc_cidr" {

 variable "aws_region" {
  description = "The AWS region to deploy resources"
-  type    = string
-  default = "us-gov-west-1"
+  type        = string
+  default     = "us-gov-west-1"
 }

 variable "tags" {
  description = "The tags to apply to resources"
-  type = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }
\ No newline at end of file
--- a/terraform/options/kms/main.tf
+++ b/terraform/options/kms/main.tf
 resource "aws_kms_key" "this" {
-  description = "${var.name} key"
+  description         = "${var.name} key"
  enable_key_rotation = true
-  key_usage = "ENCRYPT_DECRYPT"
+  key_usage           = "ENCRYPT_DECRYPT"

  tags = merge({}, var.tags)
 }
@@ -10,11 +10,11 @@ resource "aws_kms_grant" "grants" {
  count = length(var.principal_grants)

  grantee_principal = var.principal_grants[count.index]
-  key_id = aws_kms_key.this.key_id
-  operations = ["Decrypt"]
+  key_id            = aws_kms_key.this.key_id
+  operations        = ["Decrypt"]
 }

 resource "aws_kms_alias" "this" {
-  name = "alias/${var.name}"
+  name          = "alias/${var.name}"
  target_key_id = aws_kms_key.this.key_id
 }
--- a/terraform/options/kms/variables.tf
+++ b/terraform/options/kms/variables.tf
 variable "name" {}

 variable "principal_grants" {
-  type = list(string)
+  type        = list(string)
  description = "principals to grant Decrypt to"
-  default = []
+  default     = []
 }

 variable "tags" {
-  type = map(string)
+  type    = map(string)
  default = {}
 }
\ No newline at end of file
--- a/terraform/options/s3/gitlab/variables.tf
+++ b/terraform/options/s3/gitlab/variables.tf
 variable "name" {}

 variable "bucket_force_destroy" {
-  type = bool
+  type    = bool
  default = true
 }

 variable "tags" {
-  type = map(string)
+  type    = map(string)
  default = {}
 }
\ No newline at end of file
--- a/terraform/options/s3/mattermost/variables.tf
+++ b/terraform/options/s3/mattermost/variables.tf
 variable "name" {}

 variable "bucket_force_destroy" {
-  type = bool
+  type    = bool
  default = true
 }

 variable "tags" {
-  type = map(string)
+  type    = map(string)
  default = {}
 }
\ No newline at end of file