Merge pull request #35 from SmartColumbusOS/common-512

Common#512 Migrate ALM to Terraform 0.12

certs.tf

@@ -1,14 +1,24 @@
 # FUTURE FOOTGUN - THIS AND NEWER AWS PROVIDER DO NOT PLAY NICE, BUT TO UPDATE THE CERT NEEDS TO BE REBUILT
 module "tls_certificate" {
-  source = "github.com/azavea/terraform-aws-acm-certificate?ref=0.1.0"
+  source = "github.com/azavea/terraform-aws-acm-certificate?ref=3.0.0"
+
+  providers = {
+    aws.acm_account     = aws
+    aws.route53_account = aws
+  }
 
   domain_name               = "*.${aws_route53_zone.public_hosted_zone.name}"
   subject_alternative_names = []
-  hosted_zone_id            = "${aws_route53_zone.public_hosted_zone.zone_id}"
+  hosted_zone_id            = aws_route53_zone.public_hosted_zone.zone_id
   validation_record_ttl     = "60"
+
+  tags = {
+    Name = "ALM Wildcard Certificate"
+  }
 }
 
 output "tls_certificate_arn" {
   description = "ARN of the generated TLS certificate for the environment."
-  value = "${module.tls_certificate.arn}"
-}
+  value       = module.tls_certificate.arn
+}
+

dns.tf

@@ -3,24 +3,24 @@ locals {
 }
 
 data "aws_route53_zone" "root_zone" {
-  name = "${var.root_dns_zone}"
+  name = var.root_dns_zone
 }
 
 resource "aws_route53_zone" "public_hosted_zone" {
-  name          = "${local.internal_public_hosted_zone_name}"
+  name          = local.internal_public_hosted_zone_name
   force_destroy = true
 
   tags = {
-    Environment = "${var.environment}"
+    Environment = var.environment
   }
 }
 
 resource "aws_route53_record" "alm_ns_record" {
-  name = "${terraform.workspace}"
-  zone_id = "${data.aws_route53_zone.root_zone.zone_id}"
-  type = "NS"
-  ttl = 300
-  records = ["${aws_route53_zone.public_hosted_zone.name_servers}"]
+  name    = terraform.workspace
+  zone_id = data.aws_route53_zone.root_zone.zone_id
+  type    = "NS"
+  ttl     = 300
+  records = aws_route53_zone.public_hosted_zone.name_servers
 }
 
 variable "root_dns_zone" {
@@ -32,13 +32,14 @@ variable "prod_role_arn" {
 }
 
 output "name_servers" {
-  value = "${aws_route53_zone.public_hosted_zone.name_servers}"
+  value = aws_route53_zone.public_hosted_zone.name_servers
 }
 
 output "public_hosted_zone_id" {
-  value = "${aws_route53_zone.public_hosted_zone.zone_id}"
+  value = aws_route53_zone.public_hosted_zone.zone_id
 }
 
 output "public_hosted_zone_name" {
-  value = "${aws_route53_zone.public_hosted_zone.name}"
+  value = aws_route53_zone.public_hosted_zone.name
 }
+

iam.tf

@@ -1,35 +1,36 @@
 module "iam_stack" {
-  source                  = "[email protected]:SmartColumbusOS/scos-tf-iam?ref=1.2.0"
-  vpc_id                  = "${module.vpc.vpc_id}"
-  subnet_ids              = ["${module.vpc.private_subnets}"]
-  ssh_key                 = "${aws_key_pair.cloud_key.key_name}"
-  management_cidr         = "${var.vpc_cidr}"
+  source                  = "[email protected]:SmartColumbusOS/scos-tf-iam?ref=2.0.0"
+  vpc_id                  = module.vpc.vpc_id
+  subnet_ids              = module.vpc.private_subnets
+  ssh_key                 = aws_key_pair.cloud_key.key_name
+  management_cidr         = var.vpc_cidr
   realm_cidr              = "10.0.0.0/8"
   iam_hostname_prefix     = "iam"
-  zone_id                 = "${aws_route53_zone.public_hosted_zone.zone_id}"
-  zone_name               = "${replace(aws_route53_zone.public_hosted_zone.name, "/\\.$/", "")}"
-  realm_name              = "${var.kerberos_realm_name}"
-  vpc_cidr                = "${var.vpc_cidr}"
-  freeipa_replica_count   = "${var.freeipa_replica_count}"
-  recovery_window_in_days = "${var.recovery_window_in_days}"
-  alb_certificate         = "${module.tls_certificate.arn}"
-
-  extra_users_count       = 2
-  extra_users             = [
+  zone_id                 = aws_route53_zone.public_hosted_zone.zone_id
+  zone_name               = replace(aws_route53_zone.public_hosted_zone.name, "/\\.$/", "")
+  realm_name              = var.kerberos_realm_name
+  vpc_cidr                = var.vpc_cidr
+  freeipa_replica_count   = var.freeipa_replica_count
+  recovery_window_in_days = var.recovery_window_in_days
+  alb_certificate         = module.tls_certificate.arn
+  freeipa_version         = "4.8.6-1.fc32"
+
+  extra_users_count = 2
+  extra_users = [
     {
       username   = "binduser"
-      password   = "${random_string.bind_user_password.result}"
+      password   = random_string.bind_user_password.result
       first_name = "bind"
       last_name  = "user"
       groups     = ""
     },
     {
       username   = "sa-discovery-api"
-      password   = "${random_string.discovery_api_user_password.result}"
+      password   = random_string.discovery_api_user_password.result
       first_name = "sa"
       last_name  = "discovery-api"
       groups     = "user,admin"
-    }
+    },
   ]
 }
 
@@ -39,13 +40,13 @@ resource "random_string" "bind_user_password" {
 }
 
 resource "aws_secretsmanager_secret" "bind_user_password" {
-  name = "${terraform.workspace}-bind-user-password"
-  recovery_window_in_days = "${var.recovery_window_in_days}"
+  name                    = "${terraform.workspace}-bind-user-password"
+  recovery_window_in_days = var.recovery_window_in_days
 }
 
 resource "aws_secretsmanager_secret_version" "bind_user_password" {
-  secret_id     = "${aws_secretsmanager_secret.bind_user_password.id}"
-  secret_string = "${random_string.bind_user_password.result}"
+  secret_id     = aws_secretsmanager_secret.bind_user_password.id
+  secret_string = random_string.bind_user_password.result
 }
 
 resource "random_string" "discovery_api_user_password" {
@@ -54,13 +55,13 @@ resource "random_string" "discovery_api_user_password" {
 }
 
 resource "aws_secretsmanager_secret" "discovery_api_user_password" {
-  name = "${terraform.workspace}-discovery-api-user-password"
-  recovery_window_in_days = "${var.recovery_window_in_days}"
+  name                    = "${terraform.workspace}-discovery-api-user-password"
+  recovery_window_in_days = var.recovery_window_in_days
 }
 
 resource "aws_secretsmanager_secret_version" "discovery_api_user_password" {
-  secret_id     = "${aws_secretsmanager_secret.discovery_api_user_password.id}"
-  secret_string = "${random_string.discovery_api_user_password.result}"
+  secret_id     = aws_secretsmanager_secret.discovery_api_user_password.id
+  secret_string = random_string.discovery_api_user_password.result
 }
 
 variable "kerberos_realm_name" {
@@ -79,33 +80,34 @@ variable "recovery_window_in_days" {
 }
 
 output "freeipa_server_ips" {
-  value = ["${module.iam_stack.freeipa_server_ips}"]
+  value = [module.iam_stack.freeipa_server_ips]
 }
 
 output "keycloak_server_ip" {
-  value = "${module.iam_stack.keycloak_server_ip}"
+  value = module.iam_stack.keycloak_server_ip
 }
 
 output "bind_user_password_secret_id" {
   description = "The SecretsManager ID for the bind user password"
-  value       = "${aws_secretsmanager_secret_version.bind_user_password.arn}"
+  value       = aws_secretsmanager_secret_version.bind_user_password.arn
 }
 
 output "discovery_api_user_password_secret_id" {
   description = "The SecretsManager ID for the discovery-api user password"
-  value       = "${aws_secretsmanager_secret_version.discovery_api_user_password.arn}"
+  value       = aws_secretsmanager_secret_version.discovery_api_user_password.arn
 }
 
 output "reverse_dns_zone_id" {
-  value = "${module.iam_stack.reverse_dns_zone_id}"
+  value = module.iam_stack.reverse_dns_zone_id
 }
 
 output "freeipa_master_instance_id" {
   description = "The instance id the iam-master ec2 instance"
-  value = "${module.iam_stack.freeipa_master_instance_id}"
+  value       = module.iam_stack.freeipa_master_instance_id
 }
 
 output "freeipa_replica_instance_ids" {
   description = "The instance id the iam-master ec2 instance"
-  value = ["${module.iam_stack.freeipa_replica_instance_ids}"]
+  value       = [module.iam_stack.freeipa_replica_instance_ids]
 }
+