Merge pull request #154 from hashicorp/feature/tf12-upgrade

Terraform 0.12.x Upgrade
hashicorp · Jul 1, 2019 · 088ccbb · 088ccbb
2 parents bcc8da6 + 4db50ec
commit 088ccbb
Show file tree

Hide file tree

Showing 37 changed files with 1,497 additions and 831 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
       - checkout
       - run:
           name: Validate Terraform Formatting
-          command: "[ -z \"$(terraform fmt -write=false)\" ] || { terraform fmt -write=false -diff; exit 1; }"
+          command: '[ -z "$(terraform fmt -write=false)" ] || { terraform fmt -write=false -diff; exit 1; }'
 
   build:
     machine: true
@@ -24,11 +24,11 @@ jobs:
 
       # Install the gruntwork-module-circleci-helpers and use it to configure the build environment and run tests.
       - run: curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version v0.0.21
-      - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.13.9"
-      - run: gruntwork-install --module-name "build-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.13.9"
-      - run: gruntwork-install --module-name "aws-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.13.9"
-      - run: gruntwork-install --module-name "git-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.13.9"
-      - run: gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag v0.13.10
+      - run: gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.14.0"
+      - run: gruntwork-install --module-name "build-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.14.0"
+      - run: gruntwork-install --module-name "aws-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.14.0"
+      - run: gruntwork-install --module-name "git-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "v0.14.0"
+      - run: gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag v0.17.4
       - run: configure-environment-for-gruntwork-module --go-src-path test --use-go-dep --circle-ci-2 --circle-ci-2-machine-executor
 
       - save_cache:

diff --git a/examples/vault-agent/main.tf b/examples/vault-agent/main.tf
@@ -1,33 +1,32 @@
-# ---------------------------------------------------------------------------------------------------------------------
-# DEPLOY A VAULT SERVER CLUSTER AND A CONSUL SERVER CLUSTER IN AWS
-# This is an example of how to launch a vault cluster and then authenticate an instance to the cluster
-# ---------------------------------------------------------------------------------------------------------------------
-
+# ----------------------------------------------------------------------------------------------------------------------
+# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER
+# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12.
+# ----------------------------------------------------------------------------------------------------------------------
 terraform {
-  required_version = ">= 0.11.0"
+  required_version = ">= 0.12"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
 # INSTANCE THAT WILL AUTHENTICATE TO VAULT USING VAULT AGENT
 # ---------------------------------------------------------------------------------------------------------------------
 resource "aws_instance" "example_auth_to_vault" {
-  ami           = "${var.ami_id}"
+  ami           = var.ami_id
   instance_type = "t2.micro"
-  subnet_id     = "${data.aws_subnet_ids.default.ids[0]}"
-  key_name      = "${var.ssh_key_name}"
+  subnet_id     = tolist(data.aws_subnet_ids.default.ids)[0]
+  key_name      = var.ssh_key_name
 
   # Security group that opens the necessary ports for consul
   # And security group that opens the port to our simple web server
   security_groups = [
-    "${module.consul_cluster.security_group_id}",
-    "${aws_security_group.auth_instance.id}",
+    module.consul_cluster.security_group_id,
+    aws_security_group.auth_instance.id,
   ]
 
-  user_data            = "${data.template_file.user_data_auth_client.rendered}"
-  iam_instance_profile = "${aws_iam_instance_profile.example_instance_profile.name}"
+  user_data            = data.template_file.user_data_auth_client.rendered
+  iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name
 
-  tags {
-    Name = "${var.auth_server_name}"
+  tags = {
+    Name = var.auth_server_name
   }
 }
 
@@ -38,12 +37,12 @@ resource "aws_instance" "example_auth_to_vault" {
 # ---------------------------------------------------------------------------------------------------------------------
 resource "aws_iam_instance_profile" "example_instance_profile" {
   path = "/"
-  role = "${aws_iam_role.example_instance_role.name}"
+  role = aws_iam_role.example_instance_role.name
 }
 
 resource "aws_iam_role" "example_instance_role" {
   name_prefix        = "${var.auth_server_name}-role"
-  assume_role_policy = "${data.aws_iam_policy_document.example_instance_role.json}"
+  assume_role_policy = data.aws_iam_policy_document.example_instance_role.json
 }
 
 data "aws_iam_policy_document" "example_instance_role" {
@@ -60,9 +59,9 @@ data "aws_iam_policy_document" "example_instance_role" {
 
 # Adds policies necessary for running consul
 module "consul_iam_policies_for_client" {
-  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-iam-policies?ref=v0.4.0"
+  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-iam-policies?ref=v0.7.0"
 
-  iam_role_id = "${aws_iam_role.example_instance_role.id}"
+  iam_role_id = aws_iam_role.example_instance_role.id
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -72,12 +71,12 @@ module "consul_iam_policies_for_client" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 data "template_file" "user_data_auth_client" {
-  template = "${file("${path.module}/user-data-auth-client.sh")}"
+  template = file("${path.module}/user-data-auth-client.sh")
 
-  vars {
-    consul_cluster_tag_key   = "${var.consul_cluster_tag_key}"
-    consul_cluster_tag_value = "${var.consul_cluster_name}"
-    example_role_name        = "${var.example_role_name}"
+  vars = {
+    consul_cluster_tag_key   = var.consul_cluster_tag_key
+    consul_cluster_tag_value = var.consul_cluster_name
+    example_role_name        = var.example_role_name
   }
 }
 
@@ -87,9 +86,9 @@ data "template_file" "user_data_auth_client" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 resource "aws_security_group" "auth_instance" {
-  name        = "${var.auth_server_name}"
+  name        = var.auth_server_name
   description = "Security group for ${var.auth_server_name}"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id
 }
 
 resource "aws_security_group_rule" "allow_inbound_api" {
@@ -99,7 +98,7 @@ resource "aws_security_group_rule" "allow_inbound_api" {
   protocol    = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
 
-  security_group_id = "${aws_security_group.auth_instance.id}"
+  security_group_id = aws_security_group.auth_instance.id
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -108,8 +107,8 @@ resource "aws_security_group_rule" "allow_inbound_api" {
 
 resource "aws_iam_role_policy" "vault_iam" {
   name   = "vault_iam"
-  role   = "${module.vault_cluster.iam_role_id}"
-  policy = "${data.aws_iam_policy_document.vault_iam.json}"
+  role   = module.vault_cluster.iam_role_id
+  policy = data.aws_iam_policy_document.vault_iam.json
 }
 
 data "aws_iam_policy_document" "vault_iam" {
@@ -118,7 +117,7 @@ data "aws_iam_policy_document" "vault_iam" {
     actions = ["iam:GetRole", "iam:GetUser"]
 
     # List of arns it can query, for more security, it could be set to specific roles or user
-    # resources = ["${aws_iam_role.example_instance_role.arn}"]
+    # resources = ["aws_iam_role.example_instance_role.arn"]
     resources = [
       "arn:aws:iam::*:user/*",
       "arn:aws:iam::*:role/*",
@@ -142,15 +141,15 @@ module "vault_cluster" {
   # source = "github.com/hashicorp/terraform-aws-consul.git/modules/vault-cluster?ref=v0.0.1"
   source = "../../modules/vault-cluster"
 
-  cluster_name  = "${var.vault_cluster_name}"
-  cluster_size  = "${var.vault_cluster_size}"
-  instance_type = "${var.vault_instance_type}"
+  cluster_name  = var.vault_cluster_name
+  cluster_size  = var.vault_cluster_size
+  instance_type = var.vault_instance_type
 
-  ami_id    = "${var.ami_id}"
-  user_data = "${data.template_file.user_data_vault_cluster.rendered}"
+  ami_id    = var.ami_id
+  user_data = data.template_file.user_data_vault_cluster.rendered
 
-  vpc_id     = "${data.aws_vpc.default.id}"
-  subnet_ids = "${data.aws_subnet_ids.default.ids}"
+  vpc_id     = data.aws_vpc.default.id
+  subnet_ids = data.aws_subnet_ids.default.ids
 
   # To make testing easier, we allow requests from any IP address here but in a production deployment, we *strongly*
   # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC.
@@ -159,7 +158,7 @@ module "vault_cluster" {
   allowed_inbound_cidr_blocks          = ["0.0.0.0/0"]
   allowed_inbound_security_group_ids   = []
   allowed_inbound_security_group_count = 0
-  ssh_key_name                         = "${var.ssh_key_name}"
+  ssh_key_name                         = var.ssh_key_name
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -169,9 +168,9 @@ module "vault_cluster" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "consul_iam_policies_servers" {
-  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-iam-policies?ref=v0.4.0"
+  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-iam-policies?ref=v0.7.0"
 
-  iam_role_id = "${module.vault_cluster.iam_role_id}"
+  iam_role_id = module.vault_cluster.iam_role_id
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -180,18 +179,16 @@ module "consul_iam_policies_servers" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 data "template_file" "user_data_vault_cluster" {
-  template = "${file("${path.module}/user-data-vault.sh")}"
-
-  vars {
-    consul_cluster_tag_key   = "${var.consul_cluster_tag_key}"
-    consul_cluster_tag_value = "${var.consul_cluster_name}"
-    example_role_name        = "${var.example_role_name}"
+  template = file("${path.module}/user-data-vault.sh")
 
+  vars = {
+    consul_cluster_tag_key   = var.consul_cluster_tag_key
+    consul_cluster_tag_value = var.consul_cluster_name
+    example_role_name        = var.example_role_name
     # Please note that normally we would never pass a secret this way
     # This is just for test purposes so we can verify that our example instance is authenticating correctly
-    example_secret = "${var.example_secret}"
-
-    aws_iam_role_arn = "${aws_iam_role.example_instance_role.arn}"
+    example_secret   = var.example_secret
+    aws_iam_role_arn = aws_iam_role.example_instance_role.arn
   }
 }
 
@@ -202,9 +199,9 @@ data "template_file" "user_data_vault_cluster" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "security_group_rules" {
-  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-client-security-group-rules?ref=v0.4.0"
+  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-client-security-group-rules?ref=v0.7.0"
 
-  security_group_id = "${module.vault_cluster.security_group_id}"
+  security_group_id = module.vault_cluster.security_group_id
 
   # To make testing easier, we allow requests from any IP address here but in a production deployment, we *strongly*
   # recommend you limit this to the IP address ranges of known, trusted servers inside your VPC.
@@ -217,28 +214,28 @@ module "security_group_rules" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "consul_cluster" {
-  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-cluster?ref=v0.4.0"
+  source = "github.com/hashicorp/terraform-aws-consul.git//modules/consul-cluster?ref=v0.7.0"
 
-  cluster_name  = "${var.consul_cluster_name}"
-  cluster_size  = "${var.consul_cluster_size}"
-  instance_type = "${var.consul_instance_type}"
+  cluster_name  = var.consul_cluster_name
+  cluster_size  = var.consul_cluster_size
+  instance_type = var.consul_instance_type
 
   # The EC2 Instances will use these tags to automatically discover each other and form a cluster
-  cluster_tag_key   = "${var.consul_cluster_tag_key}"
-  cluster_tag_value = "${var.consul_cluster_name}"
+  cluster_tag_key   = var.consul_cluster_tag_key
+  cluster_tag_value = var.consul_cluster_name
 
-  ami_id    = "${var.ami_id}"
-  user_data = "${data.template_file.user_data_consul.rendered}"
+  ami_id    = var.ami_id
+  user_data = data.template_file.user_data_consul.rendered
 
-  vpc_id     = "${data.aws_vpc.default.id}"
-  subnet_ids = "${data.aws_subnet_ids.default.ids}"
+  vpc_id     = data.aws_vpc.default.id
+  subnet_ids = data.aws_subnet_ids.default.ids
 
   # To make testing easier, we allow Consul and SSH requests from any IP address here but in a production
   # deployment, we strongly recommend you limit this to the IP address ranges of known, trusted servers inside your VPC.
 
   allowed_ssh_cidr_blocks     = ["0.0.0.0/0"]
   allowed_inbound_cidr_blocks = ["0.0.0.0/0"]
-  ssh_key_name                = "${var.ssh_key_name}"
+  ssh_key_name                = var.ssh_key_name
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -247,11 +244,11 @@ module "consul_cluster" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 data "template_file" "user_data_consul" {
-  template = "${file("${path.module}/user-data-consul.sh")}"
+  template = file("${path.module}/user-data-consul.sh")
 
-  vars {
-    consul_cluster_tag_key   = "${var.consul_cluster_tag_key}"
-    consul_cluster_tag_value = "${var.consul_cluster_name}"
+  vars = {
+    consul_cluster_tag_key   = var.consul_cluster_tag_key
+    consul_cluster_tag_value = var.consul_cluster_name
   }
 }
 
@@ -263,12 +260,14 @@ data "template_file" "user_data_consul" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 data "aws_vpc" "default" {
-  default = "${var.vpc_id == "" ? true : false}"
-  id      = "${var.vpc_id}"
+  default = var.vpc_id == null ? true : false
+  id      = var.vpc_id
 }
 
 data "aws_subnet_ids" "default" {
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
+}
+
+data "aws_region" "current" {
 }
 
-data "aws_region" "current" {}