Update to support terraform 0.12

gruntwork-io · Jun 5, 2019 · d509b79 · d509b79
1 parent 1a06c66
commit d509b79
Show file tree

Hide file tree

Showing 29 changed files with 625 additions and 565 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -8,7 +8,7 @@ defaults: &defaults
     KUBERGRUNT_VERSION: v0.3.8
     HELM_VERSION: v2.12.2
     MODULE_CI_VERSION: v0.13.12
-    TERRAFORM_VERSION: 0.11.11
+    TERRAFORM_VERSION: 0.12.0
     TERRAGRUNT_VERSION: NONE
     PACKER_VERSION: NONE
     GOLANG_VERSION: 1.11.2

diff --git a/examples/k8s-namespace-with-service-account/main.tf b/examples/k8s-namespace-with-service-account/main.tf
@@ -4,14 +4,18 @@
 # ServiceAccounts that are bound to each default role.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+terraform {
+  required_version = ">= 0.12"
+}
+
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # CONFIGURE OUR KUBERNETES CONNECTIONS
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 provider "kubernetes" {
   version        = "~> 1.5"
-  config_context = "${var.kubectl_config_context_name}"
-  config_path    = "${var.kubectl_config_path}"
+  config_context = var.kubectl_config_context_name
+  config_path    = var.kubectl_config_path
 }
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -24,7 +28,7 @@ module "namespace" {
   # source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.0.1"
   source = "../../modules/k8s-namespace"
 
-  name = "${var.name}"
+  name = var.name
 }
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -38,13 +42,15 @@ module "service_account_access_all" {
   source = "../../modules/k8s-service-account"
 
   name           = "${var.name}-admin"
-  namespace      = "${module.namespace.name}"
+  namespace      = module.namespace.name
   num_rbac_roles = 1
 
-  rbac_roles = [{
-    name      = "${module.namespace.rbac_access_all_role}"
-    namespace = "${module.namespace.name}"
-  }]
+  rbac_roles = [
+    {
+      name      = module.namespace.rbac_access_all_role
+      namespace = module.namespace.name
+    },
+  ]
 
   # How to tag the service account with a label
   labels = {
@@ -59,13 +65,15 @@ module "service_account_access_read_only" {
   source = "../../modules/k8s-service-account"
 
   name           = "${var.name}-read-only"
-  namespace      = "${module.namespace.name}"
+  namespace      = module.namespace.name
   num_rbac_roles = 1
 
-  rbac_roles = [{
-    name      = "${module.namespace.rbac_access_read_only_role}"
-    namespace = "${module.namespace.name}"
-  }]
+  rbac_roles = [
+    {
+      name      = module.namespace.rbac_access_read_only_role
+      namespace = module.namespace.name
+    },
+  ]
 
   # How to tag the service account with a label
   labels = {

diff --git a/examples/k8s-namespace-with-service-account/outputs.tf b/examples/k8s-namespace-with-service-account/outputs.tf
@@ -1,24 +1,24 @@
 output "name" {
   description = "Name of the created namespace"
-  value       = "${module.namespace.name}"
+  value       = module.namespace.name
 }
 
 output "rbac_access_all_role" {
   description = "The name of the RBAC role that grants admin level permissions on the namespace."
-  value       = "${module.namespace.rbac_access_all_role}"
+  value       = module.namespace.rbac_access_all_role
 }
 
 output "rbac_access_read_only_role" {
   description = "The name of the RBAC role that grants read only permissions on the namespace."
-  value       = "${module.namespace.rbac_access_read_only_role}"
+  value       = module.namespace.rbac_access_read_only_role
 }
 
 output "service_account_access_all" {
   description = "The name of the ServiceAccount that has admin level permissions."
-  value       = "${module.service_account_access_all.name}"
+  value       = module.service_account_access_all.name
 }
 
 output "service_account_access_read_only" {
   description = "The name of the ServiceAccount that has read only level permissions."
-  value       = "${module.service_account_access_read_only.name}"
+  value       = module.service_account_access_read_only.name
 }
diff --git a/examples/k8s-tiller-kubergrunt-minikube/main.tf b/examples/k8s-tiller-kubergrunt-minikube/main.tf
@@ -6,13 +6,17 @@
 # - Using kubergrunt to deploy Tiller with TLS management
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+terraform {
+  required_version = ">= 0.12"
+}
+
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # CONFIGURE OUR KUBERNETES CONNECTIONS
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 provider "kubernetes" {
-  config_context = "${var.kubectl_config_context_name}"
-  config_path    = "${var.kubectl_config_path}"
+  config_context = var.kubectl_config_context_name
+  config_path    = var.kubectl_config_path
 }
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -25,7 +29,7 @@ module "tiller_namespace" {
   # source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.3.0"
   source = "../../modules/k8s-namespace"
 
-  name = "${var.tiller_namespace}"
+  name = var.tiller_namespace
 }
 
 module "resource_namespace" {
@@ -34,7 +38,7 @@ module "resource_namespace" {
   # source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.3.0"
   source = "../../modules/k8s-namespace"
 
-  name = "${var.resource_namespace}"
+  name = var.resource_namespace
 }
 
 module "tiller_service_account" {
@@ -43,18 +47,18 @@ module "tiller_service_account" {
   # source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-service-account?ref=v0.3.0"
   source = "../../modules/k8s-service-account"
 
-  name           = "${var.service_account_name}"
-  namespace      = "${module.tiller_namespace.name}"
+  name           = var.service_account_name
+  namespace      = module.tiller_namespace.name
   num_rbac_roles = 2
 
   rbac_roles = [
     {
-      name      = "${module.tiller_namespace.rbac_tiller_metadata_access_role}"
-      namespace = "${module.tiller_namespace.name}"
+      name      = module.tiller_namespace.rbac_tiller_metadata_access_role
+      namespace = module.tiller_namespace.name
     },
     {
-      name      = "${module.resource_namespace.rbac_tiller_resource_access_role}"
-      namespace = "${module.resource_namespace.name}"
+      name      = module.resource_namespace.rbac_tiller_resource_access_role
+      namespace = module.resource_namespace.name
     },
   ]
 
@@ -73,31 +77,31 @@ module "tiller" {
   # source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-tiller?ref=v0.3.0"
   source = "../../modules/k8s-tiller"
 
-  tiller_service_account_name              = "${module.tiller_service_account.name}"
-  tiller_service_account_token_secret_name = "${module.tiller_service_account.token_secret_name}"
-  namespace                                = "${module.tiller_namespace.name}"
-  tiller_image_version                     = "${var.tiller_version}"
+  tiller_service_account_name              = module.tiller_service_account.name
+  tiller_service_account_token_secret_name = module.tiller_service_account.token_secret_name
+  namespace                                = module.tiller_namespace.name
+  tiller_image_version                     = var.tiller_version
 
   tiller_tls_gen_method   = "kubergrunt"
-  tiller_tls_subject      = "${var.tls_subject}"
-  private_key_algorithm   = "${var.private_key_algorithm}"
-  private_key_ecdsa_curve = "${var.private_key_ecdsa_curve}"
-  private_key_rsa_bits    = "${var.private_key_rsa_bits}"
+  tiller_tls_subject      = var.tls_subject
+  private_key_algorithm   = var.private_key_algorithm
+  private_key_ecdsa_curve = var.private_key_ecdsa_curve
+  private_key_rsa_bits    = var.private_key_rsa_bits
 
-  kubectl_config_context_name = "${var.kubectl_config_context_name}"
-  kubectl_config_path         = "${var.kubectl_config_path}"
+  kubectl_config_context_name = var.kubectl_config_context_name
+  kubectl_config_path         = var.kubectl_config_path
 }
 
 # We use kubergrunt to wait for Tiller to be deployed. Any resources that depend on this can assume Tiller is
 # successfully deployed and up at that point.
 resource "null_resource" "wait_for_tiller" {
   provisioner "local-exec" {
     command = <<-EOF
-    ${lookup(module.require_executables.executables, "kubergrunt")} helm wait-for-tiller ${local.esc_newl}
-      --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
-      --tiller-deployment-name ${module.tiller.deployment_name} ${local.esc_newl}
-      --expected-tiller-version ${var.tiller_version}
-    EOF
+      ${module.require_executables.executables["kubergrunt"]} helm wait-for-tiller ${local.esc_newl}
+        --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
+        --tiller-deployment-name ${module.tiller.deployment_name} ${local.esc_newl}
+        --expected-tiller-version ${var.tiller_version}
+      EOF
   }
 }
 
@@ -106,24 +110,24 @@ resource "null_resource" "wait_for_tiller" {
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 resource "null_resource" "grant_helm_access" {
-  count      = "${var.configure_helm}"
-  depends_on = ["null_resource.wait_for_tiller"]
+  count = var.configure_helm ? 1 : 0
+  depends_on = [null_resource.wait_for_tiller]
 
   provisioner "local-exec" {
     command = <<-EOF
-    ${lookup(module.require_executables.executables, "kubergrunt")} helm grant ${local.esc_newl}
-      --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
-      ${local.kubectl_config_options} ${local.esc_newl}
-      --tls-subject-json '${jsonencode(var.client_tls_subject)}' ${local.esc_newl}
-      ${local.configure_args}
-
-    ${lookup(module.require_executables.executables, "kubergrunt")} helm configure ${local.esc_newl}
-      --helm-home ${local.helm_home_with_default} ${local.esc_newl}
-      --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
-      --resource-namespace ${module.resource_namespace.name} ${local.esc_newl}
-      ${local.kubectl_config_options} ${local.esc_newl}
-      ${local.configure_args}
-    EOF
+      ${module.require_executables.executables["kubergrunt"]} helm grant ${local.esc_newl}
+        --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
+        ${local.kubectl_config_options} ${local.esc_newl}
+        --tls-subject-json '${jsonencode(var.client_tls_subject)}' ${local.esc_newl}
+        ${local.configure_args}
+
+      ${module.require_executables.executables["kubergrunt"]} helm configure ${local.esc_newl}
+        --helm-home ${local.helm_home_with_default} ${local.esc_newl}
+        --tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
+        --resource-namespace ${module.resource_namespace.name} ${local.esc_newl}
+        ${local.kubectl_config_options} ${local.esc_newl}
+        ${local.configure_args}
+      EOF
   }
 }
 
@@ -135,24 +139,19 @@ resource "null_resource" "grant_helm_access" {
 locals {
   kubectl_config_options = "${var.kubectl_config_context_name != "" ? "--kubectl-context-name ${var.kubectl_config_context_name}" : ""} ${var.kubectl_config_path != "" ? "--kubeconfig ${var.kubectl_config_path}" : ""}"
 
-  helm_home_with_default = "${var.helm_home == "" ? pathexpand("~/.helm") : var.helm_home}"
+  helm_home_with_default = var.helm_home == "" ? pathexpand("~/.helm") : var.helm_home
 
-  configure_args = "${
-    var.helm_client_rbac_user != "" ? "--rbac-user ${var.helm_client_rbac_user}"
-      : var.helm_client_rbac_group != "" ? "--rbac-group ${var.helm_client_rbac_group}"
-        : var.helm_client_rbac_service_account != "" ? "--rbac-service-account ${var.helm_client_rbac_service_account}"
-          : ""
-  }"
+  configure_args = var.helm_client_rbac_user != "" ? "--rbac-user ${var.helm_client_rbac_user}" : var.helm_client_rbac_group != "" ? "--rbac-group ${var.helm_client_rbac_group}" : var.helm_client_rbac_service_account != "" ? "--rbac-service-account ${var.helm_client_rbac_service_account}" : ""
 
-  esc_newl = "${module.os.name == "Windows" ? "`" : "\\"}"
+  esc_newl = module.os.name == "Windows" ? "`" : "\\"
 }
 
 module "os" {
-  source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/operating-system?ref=v0.0.8"
+  source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/operating-system?ref=tf12"
 }
 
 module "require_executables" {
-  source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/require-executable?ref=v0.0.8"
+  source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/require-executable?ref=tf12"
 
   required_executables = ["kubergrunt"]
   error_message        = "The __EXECUTABLE_NAME__ binary is not available in your PATH. Install the binary by following the instructions at https://github.com/gruntwork-io/terraform-kubernetes-helm/blob/master/examples/k8s-tiller-kubergrunt-minikube/README.md#installing-necessary-tools, or update your PATH variable to search where you installed __EXECUTABLE_NAME__."

diff --git a/examples/k8s-tiller-kubergrunt-minikube/outputs.tf b/examples/k8s-tiller-kubergrunt-minikube/outputs.tf
@@ -1,9 +1,9 @@
 output "tiller_namespace" {
   description = "The name of the namespace that houses Tiller."
-  value       = "${module.tiller_namespace.name}"
+  value       = module.tiller_namespace.name
 }
 
 output "resource_namespace" {
   description = "The name of the namespace where Tiller will deploy resources into."
-  value       = "${module.resource_namespace.name}"
+  value       = module.resource_namespace.name
 }
diff --git a/examples/k8s-tiller-kubergrunt-minikube/variables.tf b/examples/k8s-tiller-kubergrunt-minikube/variables.tf
@@ -17,13 +17,12 @@ variable "service_account_name" {
 
 variable "tls_subject" {
   description = "The issuer information that contains the identifying information for the Tiller server. Used to generate the TLS certificate keypairs."
-  type        = "map"
+  type        = map(string)
 
   default = {
     common_name = "tiller"
     org         = "Gruntwork"
   }
-
   # Expects the following keys
   # - common_name
   # - org
@@ -35,13 +34,12 @@ variable "tls_subject" {
 
 variable "client_tls_subject" {
   description = "The issuer information that contains the identifying information for the helm client of the operator. Used to generate the TLS certificate keypairs."
-  type        = "map"
+  type        = map(string)
 
   default = {
     common_name = "admin"
     org         = "Gruntwork"
   }
-
   # Expects the following keys
   # - common_name
   # - org