From 69dc4429e7188f34bbd790e544e4842e657130f0 Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Thu, 12 Sep 2024 11:40:09 +0200 Subject: [PATCH 1/2] Remove obsolete variables --- Makefile | 8 +-- README.md | 9 ++- data.tf | 2 +- examples/complete/README.md | 7 ++- examples/complete/main.tf | 25 +++++---- examples/complete/outputs.tf | 5 ++ examples/complete/variables.auto.tfvars | 3 +- examples/complete/variables.tf | 73 ++++++++++++++++++++++++- examples/complete/versions.tf | 9 +++ variables.tf | 20 +++---- versions.tf | 4 +- 11 files changed, 126 insertions(+), 39 deletions(-) mode change 120000 => 100644 examples/complete/variables.tf create mode 100644 examples/complete/versions.tf diff --git a/Makefile b/Makefile index 55a3e50..7fc6f36 100644 --- a/Makefile +++ b/Makefile @@ -11,10 +11,10 @@ TF_MODULES = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/))) # ------------------------------------------------------------------------------------------------- # Container versions # ------------------------------------------------------------------------------------------------- -TF_VERSION = 0.13.7 -TFDOCS_VERSION = 0.16.0-0.31 -FL_VERSION = 0.4 -JL_VERSION = 1.6.0-0.5 +TF_VERSION = 1.5.7 +TFDOCS_VERSION = 0.16.0-0.34 +FL_VERSION = latest-0.8 +JL_VERSION = 1.6.0-0.14 # ------------------------------------------------------------------------------------------------- diff --git a/README.md b/README.md index 2a56655..dc15ff3 100644 --- a/README.md +++ b/README.md @@ -45,14 +45,14 @@ Obviously, all the [supported authentication][6] methods can also be used. | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 4 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4 | +| [aws](#provider\_aws) | >= 5 | ## Modules @@ -75,12 +75,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [allowed\_account\_id](#input\_allowed\_account\_id) | AWS account ID for which this module can be executed | `string` | n/a | yes | | [cgw\_bgp\_asn](#input\_cgw\_bgp\_asn) | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). | `string` | n/a | yes | | [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes | | [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes | +| [transit\_gateway\_hub\_account\_id](#input\_transit\_gateway\_hub\_account\_id) | AWS account ID of Transit Gateway owner | `string` | n/a | yes | | [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes | -| [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no | | [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no | | [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no | | [tags](#input\_tags) | Map of custom tags for the provisioned resources | `map(string)` | `{}` | no | diff --git a/data.tf b/data.tf index 7eb5c85..a67bfb3 100644 --- a/data.tf +++ b/data.tf @@ -11,7 +11,7 @@ data "aws_ec2_transit_gateway" "this" { filter { name = "owner-id" - values = [var.allowed_account_id] + values = [var.transit_gateway_hub_account_id] } filter { diff --git a/examples/complete/README.md b/examples/complete/README.md index 778b516..44bb12b 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -3,7 +3,10 @@ ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5 | ## Providers @@ -13,6 +16,7 @@ No providers. | Name | Source | Version | |------|--------|---------| +| [tgw](#module\_tgw) | github.com/flaconi/terraform-aws-transit-gateway-hub.git | v1.6.0 | | [vpn](#module\_vpn) | ../../ | n/a | ## Resources @@ -42,6 +46,7 @@ No resources. | Name | Description | |------|-------------| | [customer\_gateway\_id](#output\_customer\_gateway\_id) | ID of the Customer Gateway | +| [transit\_gateway\_id](#output\_transit\_gateway\_id) | ID of the used Transit Gateway | | [vpn\_connection](#output\_vpn\_connection) | VPN connection details | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a450a67..2000756 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,21 +1,24 @@ -# The Transit Gateway (hub) has already been created in AWS, as a fixture for -# this test case due to not being able to use 'depends_on' on Terraform modules -module "vpn" { - source = "../../" +module "tgw" { + source = "github.com/flaconi/terraform-aws-transit-gateway-hub.git?ref=v1.6.0" - providers = { aws = aws } + name = var.transit_gateway_hub_name - role_to_assume = var.role_to_assume - allowed_account_id = var.allowed_account_id + aws_account_id_hub = var.allowed_account_id + aws_account_id_satellite = [] +} + +module "vpn" { + source = "../../" name = var.name cgw_bgp_asn = var.cgw_bgp_asn cgw_ip_address = var.cgw_ip_address - transit_gateway_hub_name = var.transit_gateway_hub_name - static_routes_only = var.static_routes_only - static_routes_destinations = var.static_routes_destinations + transit_gateway_hub_name = var.transit_gateway_hub_name + transit_gateway_hub_account_id = var.allowed_account_id + static_routes_only = var.static_routes_only + static_routes_destinations = var.static_routes_destinations tunnel1_inside_cidr = var.tunnel1_inside_cidr tunnel2_inside_cidr = var.tunnel2_inside_cidr @@ -23,4 +26,6 @@ module "vpn" { tunnel2_preshared_key = var.tunnel2_preshared_key tags = var.tags + + depends_on = [module.tgw] } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 04e2d89..ab50ed5 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,3 +1,8 @@ +output "transit_gateway_id" { + description = "ID of the used Transit Gateway" + value = module.tgw.transit_gateway_id +} + output "customer_gateway_id" { description = "ID of the Customer Gateway" value = module.vpn.customer_gateway_id diff --git a/examples/complete/variables.auto.tfvars b/examples/complete/variables.auto.tfvars index aba6164..150e3d8 100644 --- a/examples/complete/variables.auto.tfvars +++ b/examples/complete/variables.auto.tfvars @@ -3,7 +3,7 @@ name = "test-vpn" cgw_bgp_asn = 65000 cgw_ip_address = "1.1.1.1" -transit_gateway_hub_name = "test-tgw-fixture" +transit_gateway_hub_name = "test-vpn-tgw" static_routes_only = true static_routes_destinations = [ "192.168.0.0/24", @@ -15,7 +15,6 @@ tunnel2_inside_cidr = "169.254.7.0/30" tunnel1_preshared_key = "heregoessomesupersecure.pre_shar3d_k3y" tunnel2_preshared_key = "Andwehaveanother._0n3" - tags = { purpose = "testing-vpn" } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf deleted file mode 120000 index 505ce0c..0000000 --- a/examples/complete/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../../variables.tf \ No newline at end of file diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf new file mode 100644 index 0000000..8f338ef --- /dev/null +++ b/examples/complete/variables.tf @@ -0,0 +1,72 @@ +variable "allowed_account_id" { + description = "AWS account ID for which this module can be executed" + type = string +} + +variable "role_to_assume" { + description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)" + type = string + default = "" +} + +variable "name" { + description = "Generic name to be given to the provisioned resources" + type = string +} +variable "tags" { + description = "Map of custom tags for the provisioned resources" + type = map(string) + default = {} +} + +variable "cgw_bgp_asn" { + description = "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)." + type = string +} + +variable "cgw_ip_address" { + description = "IP address of the client VPN endpoint" + type = string +} + +variable "transit_gateway_hub_name" { + description = "Name of the Transit Gateway to attach the VPN to" + type = string +} + +variable "static_routes_only" { + description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP" + type = bool + default = false +} + +variable "static_routes_destinations" { + description = "List of CIDRs to be routed into the VPN tunnel." + type = list(string) + default = [] +} + +# https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnTunnelOptionsSpecification.html +variable "tunnel1_inside_cidr" { + description = "A size /30 CIDR block from the 169.254.0.0/16 range" + type = string + default = null +} + +variable "tunnel2_inside_cidr" { + description = "A size /30 CIDR block from the 169.254.0.0/16 range" + type = string + default = null +} + +variable "tunnel1_preshared_key" { + description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)" + type = string + default = null +} + +variable "tunnel2_preshared_key" { + description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)" + type = string + default = null +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 0000000..5ef3c40 --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5" + } + } + required_version = ">= 1.0" +} diff --git a/variables.tf b/variables.tf index ff8f1dd..02a212d 100644 --- a/variables.tf +++ b/variables.tf @@ -1,14 +1,3 @@ -variable "allowed_account_id" { - description = "AWS account ID for which this module can be executed" - type = string -} - -variable "role_to_assume" { - description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)" - type = string - default = "" -} - variable "name" { description = "Generic name to be given to the provisioned resources" type = string @@ -34,6 +23,11 @@ variable "transit_gateway_hub_name" { type = string } +variable "transit_gateway_hub_account_id" { + description = "AWS account ID of Transit Gateway owner" + type = string +} + variable "static_routes_only" { description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP" type = bool @@ -61,12 +55,12 @@ variable "tunnel2_inside_cidr" { variable "tunnel1_preshared_key" { description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)" - default = null type = string + default = null } variable "tunnel2_preshared_key" { description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)" - default = null type = string + default = null } diff --git a/versions.tf b/versions.tf index 716ce4e..5ef3c40 100644 --- a/versions.tf +++ b/versions.tf @@ -2,8 +2,8 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4" + version = ">= 5" } } - required_version = ">= 0.13" + required_version = ">= 1.0" } From 54f6b68333c32952ce133e4e5b06dd49f02898af Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Thu, 12 Sep 2024 13:07:19 +0200 Subject: [PATCH 2/2] Fix examples --- .github/workflows/master.yml | 7 ++++--- .github/workflows/terraform.yml | 7 ++++--- examples/complete/README.md | 1 + examples/complete/main.tf | 2 +- examples/complete/variables.tf | 5 +++++ 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 7e9a6e8..4c21154 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -19,10 +19,11 @@ jobs: - name: "make test" run: | - make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}" + make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}" env: AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }} - TF_VAR_role_to_assume: ${{ secrets.role_to_assume }} + TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }} + TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }} + TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }} diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 5408906..834b9a9 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -40,10 +40,11 @@ jobs: - name: "make test" run: | - make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}" + make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}" env: AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }} - TF_VAR_role_to_assume: ${{ secrets.role_to_assume }} + TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }} + TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }} + TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }} diff --git a/examples/complete/README.md b/examples/complete/README.md index 44bb12b..dd789a0 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -32,6 +32,7 @@ No resources. | [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes | | [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes | | [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes | +| [transit\_gateway\_satellite\_account\_id](#input\_transit\_gateway\_satellite\_account\_id) | AWS account ID for which the module should share TGW resource | `string` | n/a | yes | | [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no | | [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no | | [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 2000756..544db62 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -4,7 +4,7 @@ module "tgw" { name = var.transit_gateway_hub_name aws_account_id_hub = var.allowed_account_id - aws_account_id_satellite = [] + aws_account_id_satellite = [var.transit_gateway_satellite_account_id] } module "vpn" { diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 8f338ef..e222d8c 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -34,6 +34,11 @@ variable "transit_gateway_hub_name" { type = string } +variable "transit_gateway_satellite_account_id" { + description = "AWS account ID for which the module should share TGW resource" + type = string +} + variable "static_routes_only" { description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP" type = bool