0.12upgrade (#24)

* Run terraform 0.12upgrade on atc mod

* Add type info and use proper types for ATC

* Use latest verison of ASG module

* Use latest version of loadbalancer mod

* Upgrade worker module

* Fix all protocols flag for sg rule

* Update default example

* Fix args that should be lists

* Use templatefile function instead of data source

* Upgrade travis test env

* Set AWS_REGION in travis to satisfy terraform

.travis.yml

@@ -1,15 +1,14 @@
 dist: trusty
 sudo: true
 
+env:
+  - AWS_REGION=eu-west-1
+
 before_install:
-  - curl -fSL "https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip" -o terraform.zip
+  - curl -fSL "https://releases.hashicorp.com/terraform/0.12.3/terraform_0.12.3_linux_amd64.zip" -o terraform.zip
   - sudo unzip terraform.zip -d /opt/terraform
   - sudo ln -s /opt/terraform/terraform /usr/bin/terraform
   - rm -f terraform.zip
-  - curl -fSL https://github.com/wata727/tflint/releases/download/v0.7.0/tflint_linux_amd64.zip -o tflint.zip
-  - sudo unzip tflint.zip -d /opt/tflint
-  - sudo ln -s /opt/tflint/tflint /usr/bin/tflint
-  - rm -f tflint.zip
 
 notifications:
   email: false

Makefile

@@ -19,7 +19,7 @@ test:
 	@for d in $$(find . -type f -name '*.tf' -path "./modules/*" -not -path "**/.terraform/*" -exec dirname {} \; | sort -u); do \
 		cd $$d; \
 		terraform init -backend=false >> /dev/null; \
-		terraform validate -check-variables=false; \
+		terraform validate; \
 		if [ $$? -eq 1 ]; then \
 			echo "✗ terraform validate failed: $$d"; \
 			exit 1; \

examples/default/example.tf

@@ -1,3 +1,7 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
 provider "aws" {
   region = "eu-west-1"
 }
@@ -7,7 +11,7 @@ data "aws_vpc" "main" {
 }
 
 data "aws_subnet_ids" "main" {
-  vpc_id = "${data.aws_vpc.main.id}"
+  vpc_id = data.aws_vpc.main.id
 }
 
 locals {
@@ -18,48 +22,48 @@ locals {
 
 module "postgres" {
   source  = "telia-oss/rds-cluster/aws"
-  version = "0.3.0"
+  version = "2.0.0"
 
-  name_prefix = "${local.name_prefix}"
+  name_prefix = local.name_prefix
   username    = "superuser"
-  password    = "${local.postgres_password}"
+  password    = local.postgres_password
   engine      = "aurora-postgresql"
-  port        = "5439"
-  vpc_id      = "${data.aws_vpc.main.id}"
-  subnet_ids  = ["${data.aws_subnet_ids.main.ids}"]
+  port        = 5439
+  vpc_id      = data.aws_vpc.main.id
+  subnet_ids  = data.aws_subnet_ids.main.ids
 
-  tags {
-    environment = "prod"
+  tags = {
+    environment = "dev"
     terraform   = "True"
   }
 }
 
 module "concourse_atc" {
   source = "../../modules/atc"
 
-  name_prefix          = "${local.name_prefix}"
+  name_prefix          = local.name_prefix
   web_protocol         = "HTTP"
   web_port             = "80"
   authorized_cidr      = ["0.0.0.0/0"]
   concourse_keys       = "${path.root}/keys"
-  vpc_id               = "${data.aws_vpc.main.id}"
-  public_subnet_ids    = ["${data.aws_subnet_ids.main.ids}"]
-  private_subnet_ids   = ["${data.aws_subnet_ids.main.ids}"]
-  postgres_host        = "${module.postgres.endpoint}"
-  postgres_port        = "${module.postgres.port}"
-  postgres_username    = "${module.postgres.username}"
-  postgres_password    = "${local.postgres_password}"
-  postgres_database    = "${module.postgres.database_name}"
+  vpc_id               = data.aws_vpc.main.id
+  public_subnet_ids    = data.aws_subnet_ids.main.ids
+  private_subnet_ids   = data.aws_subnet_ids.main.ids
+  postgres_host        = module.postgres.endpoint
+  postgres_port        = module.postgres.port
+  postgres_username    = module.postgres.username
+  postgres_password    = local.postgres_password
+  postgres_database    = module.postgres.database_name
   encryption_key       = ""
-  instance_ami         = "${local.instance_ami}"
+  instance_ami         = local.instance_ami
   github_client_id     = "sm:///concourse-deployment/github-oauth-client-id"
   github_client_secret = "sm:///concourse-deployment/github-oauth-client-secret"
   github_users         = ["itsdalmo"]
   github_teams         = ["telia-oss:concourse-owners"]
   local_user           = "sm:///concourse-deployment/admin-user"
   local_admin_user     = "admin"
 
-  tags {
+  tags = {
     environment = "dev"
     terraform   = "True"
   }
@@ -68,36 +72,36 @@ module "concourse_atc" {
 module "concourse_worker" {
   source = "../../modules/worker"
 
-  name_prefix        = "${local.name_prefix}"
+  name_prefix        = local.name_prefix
   concourse_keys     = "${path.root}/keys"
-  vpc_id             = "${data.aws_vpc.main.id}"
-  private_subnet_ids = ["${data.aws_subnet_ids.main.ids}"]
-  atc_sg             = "${module.concourse_atc.security_group_id}"
-  tsa_host           = "${module.concourse_atc.tsa_host}"
-  tsa_port           = "${module.concourse_atc.tsa_port}"
-  instance_ami       = "${local.instance_ami}"
-
-  tags {
+  vpc_id             = data.aws_vpc.main.id
+  private_subnet_ids = data.aws_subnet_ids.main.ids
+  atc_sg             = module.concourse_atc.security_group_id
+  tsa_host           = module.concourse_atc.tsa_host
+  tsa_port           = module.concourse_atc.tsa_port
+  instance_ami       = local.instance_ami
+
+  tags = {
     environment = "dev"
     terraform   = "True"
   }
 }
 
 # ATC ingress postgres
 resource "aws_security_group_rule" "atc_ingress_postgres" {
-  security_group_id        = "${module.postgres.security_group_id}"
+  security_group_id        = module.postgres.security_group_id
   type                     = "ingress"
   protocol                 = "tcp"
-  from_port                = "${module.postgres.port}"
-  to_port                  = "${module.postgres.port}"
-  source_security_group_id = "${module.concourse_atc.security_group_id}"
+  from_port                = module.postgres.port
+  to_port                  = module.postgres.port
+  source_security_group_id = module.concourse_atc.security_group_id
 }
 
 # Allow workers to fetch ECR images
 resource "aws_iam_role_policy" "main" {
   name   = "${local.name_prefix}-worker-ecr-policy"
-  role   = "${module.concourse_worker.role_name}"
-  policy = "${data.aws_iam_policy_document.worker.json}"
+  role   = module.concourse_worker.role_name
+  policy = data.aws_iam_policy_document.worker.json
 }
 
 data "aws_iam_policy_document" "worker" {
@@ -125,18 +129,19 @@ module "atc_ssm_agent" {
   version = "0.1.0"
 
   name_prefix = "${local.name_prefix}-atc"
-  role        = "${module.concourse_atc.role_name}"
+  role        = module.concourse_atc.role_name
 }
 
 module "worker_ssm_agent" {
   source  = "telia-oss/ssm-agent-policy/aws"
   version = "0.1.0"
 
   name_prefix = "${local.name_prefix}-worker"
-  role        = "${module.concourse_worker.role_name}"
+  role        = module.concourse_worker.role_name
 }
 
 output "endpoint" {
   description = "The Concourse web interface."
-  value       = "${module.concourse_atc.endpoint}"
+  value       = module.concourse_atc.endpoint
 }
+