From 1da0e1bd0ede56fb5a3ba7b60579e3c05f90d1f7 Mon Sep 17 00:00:00 2001 From: Jon Ryser <241263+jonryser@users.noreply.github.com> Date: Tue, 10 Feb 2026 02:16:23 +0000 Subject: [PATCH] [TerraformState] Updated cloudposse version --- .github/workflows/code-quality.yml | 2 +- .tool-versions | 3 +- TerraformState/README.md | 1 + TerraformState/SPECS.md | 13 +++-- TerraformState/context.tf | 89 ++++++++++++++++++++++++++++++ TerraformState/example/SPECS.md | 10 ++-- TerraformState/example/context.tf | 89 ++++++++++++++++++++++++++++++ TerraformState/example/main.tf | 67 +--------------------- TerraformState/main.tf | 8 +-- TerraformState/project.json | 2 +- TerraformState/variables.tf | 73 ------------------------ TerraformState/versions.tf | 6 +- 12 files changed, 206 insertions(+), 157 deletions(-) create mode 100644 TerraformState/context.tf create mode 100644 TerraformState/example/context.tf diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 9506b63..f03115c 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.tool-versions b/.tool-versions index ab01bc0..d82269b 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,2 @@ -terraform 1.5.6 \ No newline at end of file +markdownlint-cli2 0.20.0 +terraform 1.5.6 diff --git a/TerraformState/README.md b/TerraformState/README.md index 03cc32f..e99c18e 100644 --- a/TerraformState/README.md +++ b/TerraformState/README.md @@ -75,6 +75,7 @@ Follow this procedure just once to create your deployment. } ``` + Remove the value from `profile` so it is like `profile = ""`. Moving forward, Terraform will read this newly-created backend definition file. If an error is returned with diff --git a/TerraformState/SPECS.md b/TerraformState/SPECS.md index f96f0e7..0fb6756 100644 --- a/TerraformState/SPECS.md +++ b/TerraformState/SPECS.md @@ -4,8 +4,9 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.1.0 | -| [aws](#requirement\_aws) | >= 4.9.0 | +| [aws](#requirement\_aws) | >= 6.0.0 | | [local](#requirement\_local) | >= 2.0 | +| [time](#requirement\_time) | >= 0.7.1 | ## Providers @@ -15,7 +16,8 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [terraform\_state\_backend](#module\_terraform\_state\_backend) | cloudposse/tfstate-backend/aws | 1.3.0 | +| [terraform\_state\_backend](#module\_terraform\_state\_backend) | cloudposse/tfstate-backend/aws | 1.8.0 | +| [this](#module\_this) | git::git@github.com:generalui/terraform-accelerator.git//Label | 1.0.1-Label | ## Resources @@ -27,21 +29,20 @@ No resources. |------|-------------|------|---------|:--------:| | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [billing\_mode](#input\_billing\_mode) | DynamoDB billing mode | `string` | `"PAY_PER_REQUEST"` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "attributes": [],
  "enabled": true,
  "name": null,
  "namespace": null,
  "stage": null,
  "tags": {}
}
| no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes and tags, which are merged. | `any` | 
{
  "attributes": [],
  "enabled": true,
  "name": null,
  "namespace": null,
  "stage": null,
  "tags": {}
}
| no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| [environment](#input\_environment) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [environment\_name](#input\_environment\_name) | Environment name, e.g. prod, staging, dev. | `string` | `null` | no | | [force\_destroy](#input\_force\_destroy) | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | `bool` | `false` | no | | [logging](#input\_logging) | Destination (S3 bucket name and prefix) for S3 Server Access Logs for the S3 bucket. | 
list(object({
    target_bucket = string
    target_prefix = string
  }))
| `[]` | no | -| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [permissions\_boundary](#input\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM replication role | `string` | `""` | no | | [profile](#input\_profile) | AWS profile name as set in the shared credentials file | `string` | `""` | no | +| [project](#input\_project) | Project name. | `string` | `null` | no | | [role\_arn](#input\_role\_arn) | The role to be assumed | `string` | `null` | no | | [s3\_bucket\_name](#input\_s3\_bucket\_name) | S3 bucket name. If not provided, the name will be generated from the context by the label module. | `string` | `""` | no | | [s3\_replica\_bucket\_arn](#input\_s3\_replica\_bucket\_arn) | The ARN of the S3 replica bucket (destination) | `string` | `""` | no | | [s3\_replication\_enabled](#input\_s3\_replication\_enabled) | Set this to true and specify `s3_replica_bucket_arn` to enable replication | `bool` | `false` | no | | [source\_policy\_documents](#input\_source\_policy\_documents) | List of IAM policy documents (in JSON format) that are merged together into the generated S3 bucket policy.
Statements must have unique SIDs.
Statement having SIDs that match policy SIDs generated by this module will override them. | `list(string)` | `[]` | no | -| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [terraform\_backend\_config\_file\_path](#input\_terraform\_backend\_config\_file\_path) | Directory for the terraform backend config file, usually `.`. The default is to create no file. | `string` | `""` | no | | [terraform\_state\_file](#input\_terraform\_state\_file) | The path to the state file inside the bucket | `string` | `"terraform.tfstate"` | no | diff --git a/TerraformState/context.tf b/TerraformState/context.tf new file mode 100644 index 0000000..6e9c379 --- /dev/null +++ b/TerraformState/context.tf @@ -0,0 +1,89 @@ +# Module should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# + +module "this" { + source = "git::git@github.com:generalui/terraform-accelerator.git//Label?ref=1.0.1-Label" + + attributes = var.attributes + enabled = var.enabled + name = var.project + namespace = var.namespace + stage = var.environment_name + tags = var.tags + + context = var.context +} + +variable "attributes" { + type = list(string) + default = [] + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "context" { + type = any + default = { + attributes = [] + enabled = true + name = null + namespace = null + stage = null + tags = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0. + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes and tags, which are merged. + EOT +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "environment_name" { + type = string + default = null + description = "Environment name, e.g. prod, staging, dev." + validation { + condition = var.environment_name == null || length(var.environment_name == null ? "value_not_null" : var.environment_name) < 8 + error_message = "environment_name must be null or less than 8 characters." + } +} + +variable "namespace" { + type = string + default = null + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "project" { + type = string + default = null + description = "Project name." +} + +variable "tags" { + type = map(string) + default = {} + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT +} diff --git a/TerraformState/example/SPECS.md b/TerraformState/example/SPECS.md index e4419f3..5149274 100644 --- a/TerraformState/example/SPECS.md +++ b/TerraformState/example/SPECS.md @@ -15,6 +15,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [state\_backend](#module\_state\_backend) | ../ | n/a | +| [this](#module\_this) | git::git@github.com:generalui/terraform-accelerator.git//Label | 1.0.1-Label | ## Resources @@ -26,11 +27,12 @@ No resources. |------|-------------|------|---------|:--------:| | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [aws\_profile](#input\_aws\_profile) | The AWS profile name as set in the shared credentials file. | `string` | `"default"` | no | -| [aws\_region](#input\_aws\_region) | The AWS region. | `string` | `"us-east-2"` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "attributes": [],
  "name": null,
  "namespace": null,
  "stage": null,
  "tags": {}
}
| no | -| [environment\_name](#input\_environment\_name) | Current environment, e.g. 'prod', 'staging', 'dev', 'QA', 'performance' | `string` | `"example"` | no | +| [aws\_region](#input\_aws\_region) | The AWS region. | `string` | `"us-west-2"` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes and tags, which are merged. | `any` | 
{
  "attributes": [],
  "enabled": true,
  "name": null,
  "namespace": null,
  "stage": null,
  "tags": {}
}
| no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [environment\_name](#input\_environment\_name) | Environment name, e.g. prod, staging, dev. | `string` | `"test"` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `"xmpl"` | no | -| [project](#input\_project) | Name of the project as a whole | `string` | `"MyProject"` | no | +| [project](#input\_project) | Project name. | `string` | `"terraformstate"` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | ## Outputs diff --git a/TerraformState/example/context.tf b/TerraformState/example/context.tf new file mode 100644 index 0000000..30f102a --- /dev/null +++ b/TerraformState/example/context.tf @@ -0,0 +1,89 @@ +# Module should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# + +module "this" { + source = "git::git@github.com:generalui/terraform-accelerator.git//Label?ref=1.0.1-Label" + + attributes = var.attributes + enabled = var.enabled + name = var.project + namespace = var.namespace + stage = var.environment_name + tags = var.tags + + context = var.context +} + +variable "attributes" { + type = list(string) + default = [] + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "context" { + type = any + default = { + attributes = [] + enabled = true + name = null + namespace = null + stage = null + tags = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0. + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes and tags, which are merged. + EOT +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "environment_name" { + type = string + default = "test" + description = "Environment name, e.g. prod, staging, dev." + validation { + condition = length(var.environment_name) < 8 + error_message = "environment_name must be less than 8 characters." + } +} + +variable "namespace" { + type = string + default = "xmpl" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "project" { + type = string + default = "terraformstate" + description = "Project name." +} + +variable "tags" { + type = map(string) + default = {} + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT +} diff --git a/TerraformState/example/main.tf b/TerraformState/example/main.tf index f6f9e79..ec28a0a 100644 --- a/TerraformState/example/main.tf +++ b/TerraformState/example/main.tf @@ -32,26 +32,14 @@ module "state_backend" { enabled = true context = module.this.context - force_destroy = false + force_destroy = true profile = var.aws_profile - role_arn = "arn:aws:iam::123456789876:role/SomeDevOpsRole" - terraform_backend_config_file_path = "." + terraform_backend_config_file_path = "" terraform_state_file = "${var.namespace}-${var.project}.terraform.tfstate" } # Variables -variable "attributes" { - type = list(string) - default = [] - description = <<-EOT - ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, - in the order they appear in the list. New attributes are appended to the - end of the list. The elements of the list are joined by the `delimiter` - and treated as a single ID element. - EOT -} - variable "aws_profile" { type = string description = "The AWS profile name as set in the shared credentials file." @@ -61,54 +49,5 @@ variable "aws_profile" { variable "aws_region" { type = string description = "The AWS region." - default = "us-east-2" -} - -variable "context" { - type = any - default = { - attributes = [] - name = null - namespace = null - stage = null - tags = {} - } - description = <<-EOT - Single object for setting entire context at once. - See description of individual variables for details. - Leave string and numeric variables as `null` to use default value. - Individual variable settings (non-null) override settings in context object, - except for attributes, tags, and additional_tag_map, which are merged. - EOT -} - -variable "environment_name" { - type = string - description = "Current environment, e.g. 'prod', 'staging', 'dev', 'QA', 'performance'" - default = "example" - validation { - condition = length(var.environment_name) < 8 - error_message = "The environment_name value must be less than 8 characters" - } -} - -variable "namespace" { - type = string - default = "xmpl" - description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" -} - -variable "project" { - type = string - description = "Name of the project as a whole" - default = "MyProject" -} - -variable "tags" { - type = map(string) - default = {} - description = <<-EOT - Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). - Neither the tag keys nor the tag values will be modified by this module. - EOT + default = "us-west-2" } diff --git a/TerraformState/main.tf b/TerraformState/main.tf index f3eb83d..e55d713 100644 --- a/TerraformState/main.tf +++ b/TerraformState/main.tf @@ -7,13 +7,9 @@ # https://github.com/cloudposse/terraform-aws-tfstate-backend#usage module "terraform_state_backend" { source = "cloudposse/tfstate-backend/aws" - version = "1.3.0" + version = "1.8.0" - attributes = var.attributes == null ? var.context.attributes : var.attributes - enabled = var.enabled == null ? var.context.enabled : var.enabled - name = var.name == null ? var.context.name : var.name - namespace = var.namespace == null ? var.context.namespace : var.namespace - stage = var.stage == null ? var.context.stage : var.stage + context = module.this.context billing_mode = var.billing_mode force_destroy = var.force_destroy diff --git a/TerraformState/project.json b/TerraformState/project.json index b0ff0a6..b74ddb0 100644 --- a/TerraformState/project.json +++ b/TerraformState/project.json @@ -1,3 +1,3 @@ { - "version": "1.0.1" + "version": "1.1.0" } \ No newline at end of file diff --git a/TerraformState/variables.tf b/TerraformState/variables.tf index d375dd1..195eeb3 100644 --- a/TerraformState/variables.tf +++ b/TerraformState/variables.tf @@ -1,51 +1,9 @@ -variable "attributes" { - type = list(string) - default = [] - description = <<-EOT - ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, - in the order they appear in the list. New attributes are appended to the - end of the list. The elements of the list are joined by the `delimiter` - and treated as a single ID element. - EOT -} - variable "billing_mode" { type = string description = "DynamoDB billing mode" default = "PAY_PER_REQUEST" } -variable "context" { - type = any - default = { - attributes = [] - enabled = true - name = null - namespace = null - stage = null - tags = {} - } - description = <<-EOT - Single object for setting entire context at once. - See description of individual variables for details. - Leave string and numeric variables as `null` to use default value. - Individual variable settings (non-null) override settings in context object, - except for attributes, tags, and additional_tag_map, which are merged. - EOT -} - -variable "enabled" { - type = bool - default = null - description = "Set to false to prevent the module from creating any resources" -} - -variable "environment" { - type = string - default = null - description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" -} - variable "force_destroy" { type = bool description = "A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable" @@ -65,22 +23,6 @@ variable "logging" { } } -variable "name" { - type = string - default = null - description = <<-EOT - ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. - This is the only ID element not also included as a `tag`. - The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. - EOT -} - -variable "namespace" { - type = string - default = null - description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" -} - variable "permissions_boundary" { type = string default = "" @@ -132,21 +74,6 @@ variable "source_policy_documents" { EOT } -variable "stage" { - type = string - default = null - description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" -} - -variable "tags" { - type = map(string) - default = {} - description = <<-EOT - Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). - Neither the tag keys nor the tag values will be modified by this module. - EOT -} - variable "terraform_backend_config_file_path" { type = string default = "" diff --git a/TerraformState/versions.tf b/TerraformState/versions.tf index 2622c99..c133975 100644 --- a/TerraformState/versions.tf +++ b/TerraformState/versions.tf @@ -4,7 +4,11 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.9.0" + version = ">= 6.0.0" + } + time = { + source = "hashicorp/time" + version = ">= 0.7.1" } local = { source = "hashicorp/local"