Updates for latest Terraform (#4)

* Use string literal for credential Signed-off-by: Dale Haiducek <[email protected]> * Update `.gitignore` Signed-off-by: Dale Haiducek <[email protected]> * Update for latest Terraform version Signed-off-by: Dale Haiducek <[email protected]>
dhaiducek · Jan 18, 2022 · 3afbaa7 · 3afbaa7
1 parent 03fa8e1
commit 3afbaa7
Show file tree

Hide file tree

Showing 8 changed files with 108 additions and 103 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,6 @@
 .DS_Store
+*.code-workspace
+.terraform.lock.hcl
 
 # Local .terraform directories
 **/.terraform/*

diff --git a/cloud-init.sh b/cloud-init.sh
@@ -5,7 +5,7 @@ sudo yum -y update
 
 # Register system with Red Hat
 sudo subscription-manager unregister
-sudo subscription-manager register --username ${rh_subscription_username} --password ${rh_subscription_password}
+sudo subscription-manager register --username ${rh_subscription_username} --password '${rh_subscription_password}'
 sudo subscription-manager refresh
 sudo subscription-manager attach --pool ${rh_subscription_pool_id}
 sudo subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ansible-2.9-rpms" --enable="rhel-server-rhscl-7-rpms" --enable="rhel-7-server-ose-3.11-rpms"
@@ -16,4 +16,4 @@ touch /home/ec2-user/cloud-init-complete
 # Signal to Terraform to skip the OCP install steps (prerequisites and deploy_cluster)
 ${skip_install ? "" : "#"}touch /home/ec2-user/ocp-prereq-complete
 ${skip_install ? "" : "#"}touch /home/ec2-user/ocp-install-complete
-reboot
+reboot
diff --git a/ec2.tf b/ec2.tf
@@ -38,9 +38,9 @@ resource "aws_instance" "bastion" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-bastion"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-bastion"
+    })
   )
 
   connection {
@@ -87,9 +87,9 @@ resource "aws_instance" "master" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-master"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-master"
+    })
   )
 }
 
@@ -119,8 +119,8 @@ resource "aws_instance" "node" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-node"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-node"
+    })
   )
 }
diff --git a/elb.tf b/elb.tf
@@ -11,9 +11,9 @@ resource "aws_lb" "master_elb" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-master-elb"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-master-elb"
+    })
   )
 }
 
@@ -57,9 +57,9 @@ resource "aws_lb_target_group" "group_master_elb" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-master-elb-group"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-master-elb-group"
+    })
   )
 }
 # Create Master target group for port 80
@@ -71,9 +71,9 @@ resource "aws_lb_target_group" "group_http_elb" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-http-group"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-http-group"
+    })
   )
 }
 # Create Master target group for port 443
@@ -85,9 +85,9 @@ resource "aws_lb_target_group" "group_https_elb" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-https-group"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-https-group"
+    })
   )
 }
 

diff --git a/iam.tf b/iam.tf
@@ -1,6 +1,6 @@
 # Create Master IAM role
 resource "aws_iam_role" "ocp311_master_role" {
-  name = "${local.cluster_id}_master_role"
+  name               = "${local.cluster_id}_master_role"
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -16,18 +16,18 @@ resource "aws_iam_role" "ocp311_master_role" {
   ]
 }
 EOF
-  
-  tags =merge(
+
+  tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-master-role"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-master-role"
+    })
   )
 }
 
 # Create Worker IAM role
 resource "aws_iam_role" "ocp311_worker_role" {
-  name = "${local.cluster_id}_worker_role"
+  name               = "${local.cluster_id}_worker_role"
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -44,17 +44,17 @@ resource "aws_iam_role" "ocp311_worker_role" {
 }
 EOF
 
-  tags =merge(
+  tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-worker-role"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-worker-role"
+    })
   )
 }
 
 # Create Master IAM policy
 resource "aws_iam_policy" "ocp311_master_policy" {
-  name = "${local.cluster_id}_master_policy"
+  name   = "${local.cluster_id}_master_policy"
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -86,7 +86,7 @@ EOF
 
 # Create Worker IAM policy
 resource "aws_iam_policy" "ocp311_worker_policy" {
-  name = "${local.cluster_id}_worker_policy"
+  name   = "${local.cluster_id}_worker_policy"
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -103,26 +103,26 @@ EOF
 
 # Attach Master IAM policy to the role
 resource "aws_iam_policy_attachment" "ocp311_attach_master_policy" {
-  name = "${local.cluster_id}_attach_master_policy"
-  roles = [ aws_iam_role.ocp311_master_role.name ]
+  name       = "${local.cluster_id}_attach_master_policy"
+  roles      = [aws_iam_role.ocp311_master_role.name]
   policy_arn = aws_iam_policy.ocp311_master_policy.arn
 }
 
 # Attach Worker IAM policy to the role
 resource "aws_iam_policy_attachment" "ocp311_attach_worker_policy" {
-  name = "${local.cluster_id}_attach_worker_policy"
-  roles = [ aws_iam_role.ocp311_worker_role.name ]
+  name       = "${local.cluster_id}_attach_worker_policy"
+  roles      = [aws_iam_role.ocp311_worker_role.name]
   policy_arn = aws_iam_policy.ocp311_worker_policy.arn
 }
 
 # Create Master IAM instance profile
 resource "aws_iam_instance_profile" "ocp311_master_profile" {
-  name  = "${local.cluster_id}_master_profile"
+  name = "${local.cluster_id}_master_profile"
   role = aws_iam_role.ocp311_master_role.name
 }
 
 # Create Worker IAM instance profile
 resource "aws_iam_instance_profile" "ocp311_worker_profile" {
-  name  = "${local.cluster_id}_worker_profile"
+  name = "${local.cluster_id}_worker_profile"
   role = aws_iam_role.ocp311_worker_role.name
 }
diff --git a/main.tf b/main.tf
@@ -11,10 +11,10 @@ provider "aws" {
 # Create local variables for tags and cluster ID
 locals {
   cluster_id = "${var.cluster_user_id}-${var.cluster_name}"
-  common_tags = map(
-    "Cluster", local.cluster_id,
-    "kubernetes.io/cluster/${local.cluster_id}", "owned"
-  )
+  common_tags = tomap({
+    "Cluster"                                   = local.cluster_id,
+    "kubernetes.io/cluster/${local.cluster_id}" = "owned"
+  })
   cluster_domain        = "${local.cluster_id}.${var.aws_base_dns_domain}"
   cluster_master_domain = "master.${local.cluster_domain}"
   cluster_subdomain     = "apps.${local.cluster_domain}"
@@ -164,7 +164,8 @@ resource "null_resource" "unregister_master" {
     on_failure = continue
     inline = [
       "sudo subscription-manager remove --all",
-      "sudo subscription-manager unregister"
+      "sudo subscription-manager unregister",
+      "sudo subscription-manager clean"
     ]
   }
 }
@@ -191,7 +192,8 @@ resource "null_resource" "unregister_node" {
     on_failure = continue
     inline = [
       "sudo subscription-manager remove --all",
-      "sudo subscription-manager unregister"
+      "sudo subscription-manager unregister",
+      "sudo subscription-manager clean"
     ]
   }
 }
@@ -220,7 +222,8 @@ resource "null_resource" "unregister_bastion" {
     on_failure = continue
     inline = [
       "sudo subscription-manager remove --all",
-      "sudo subscription-manager unregister"
+      "sudo subscription-manager unregister",
+      "sudo subscription-manager clean"
     ]
   }
 }

diff --git a/security_groups.tf b/security_groups.tf
@@ -12,9 +12,9 @@ resource "aws_security_group" "ocp311_ssh" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-ssh-group"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-ssh-group"
+    })
   )
 }
 
@@ -38,9 +38,9 @@ resource "aws_security_group" "ocp311_vpc" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-internal-vpc-group"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-internal-vpc-group"
+    })
   )
 }
 
@@ -81,9 +81,9 @@ resource "aws_security_group" "ocp311_public_ingress" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-public-ingress"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-public-ingress"
+    })
   )
 }
 
@@ -131,8 +131,8 @@ resource "aws_security_group" "ocp311_public_egress" {
 
   tags = merge(
     local.common_tags,
-    map(
-      "Name", "${local.cluster_id}-public-egress"
-    )
+    tomap({
+      "Name" = "${local.cluster_id}-public-egress"
+    })
   )
-}
+}