Update to terraform 0.12.x (#18)

colincoleman · Kristian · commit 8b3a7389da84 · 2019-08-30T11:38:31.000+02:00
* Updated to terraform 0.12.x * remove random extra line (#1) * remove random extra line (#2) * Remove unnecessary quotes from example (#3)
diff --git a/.travis.yml b/.travis.yml
@@ -2,7 +2,7 @@ dist: trusty
 sudo: false
 
 before_install:
-  - curl -fSL "https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip" -o terraform.zip
+  - curl -fSL "https://releases.hashicorp.com/terraform/0.12.6/terraform_0.12.6_linux_amd64.zip" -o terraform.zip
   - sudo unzip terraform.zip -d /opt/terraform
   - sudo ln -s /opt/terraform/terraform /usr/bin/terraform
   - rm -f terraform.zip
diff --git a/Makefile b/Makefile
@@ -5,7 +5,7 @@ default: test
 
 test:
 	@echo "== Test =="
-	@if ! terraform fmt -write=false -check=true >> /dev/null; then \
+	@if ! terraform fmt -recursive -write=false -check=true >> /dev/null; then \
 		echo "✗ terraform fmt (Some files need to be formatted, run 'terraform fmt' to fix.)"; \
 		exit 1; \
 	else \
diff --git a/examples/default/example.tf b/examples/default/example.tf
@@ -15,51 +15,51 @@ data "aws_vpc" "main" {
 }
 
 data "aws_subnet_ids" "main" {
-  vpc_id = "${data.aws_vpc.main.id}"
+  vpc_id = data.aws_vpc.main.id
 }
 
 module "fargate_alb" {
   source  = "telia-oss/loadbalancer/aws"
-  version = "0.1.0"
+  version = "3.0.0"
 
   name_prefix = "example-ecs-cluster"
   type        = "application"
   internal    = "false"
-  vpc_id      = "${data.aws_vpc.main.id}"
-  subnet_ids  = ["${data.aws_subnet_ids.main.ids}"]
+  vpc_id      = data.aws_vpc.main.id
+  subnet_ids  = data.aws_subnet_ids.main.ids
 
-  tags {
+  tags = {
     environment = "test"
     terraform   = "true"
   }
 }
 
 resource "aws_lb_listener" "alb" {
-  load_balancer_arn = "${module.fargate_alb.arn}"
-  port              = "80"
+  load_balancer_arn = module.fargate_alb.arn
+  port              = 80
   protocol          = "HTTP"
 
   default_action {
-    target_group_arn = "${module.fargate.target_group_arn}"
+    target_group_arn = module.fargate.target_group_arn
     type             = "forward"
   }
 }
 
 resource "aws_security_group_rule" "task_ingress_8000" {
-  security_group_id        = "${module.fargate.service_sg_id}"
+  security_group_id        = module.fargate.service_sg_id
   type                     = "ingress"
   protocol                 = "tcp"
-  from_port                = "8000"
-  to_port                  = "8000"
-  source_security_group_id = "${module.fargate_alb.security_group_id}"
+  from_port                = 8000
+  to_port                  = 8000
+  source_security_group_id = module.fargate_alb.security_group_id
 }
 
 resource "aws_security_group_rule" "alb_ingress_80" {
-  security_group_id = "${module.fargate_alb.security_group_id}"
+  security_group_id = module.fargate_alb.security_group_id
   type              = "ingress"
   protocol          = "tcp"
-  from_port         = "80"
-  to_port           = "80"
+  from_port         = 80
+  to_port           = 80
   cidr_blocks       = ["0.0.0.0/0"]
   ipv6_cidr_blocks  = ["::/0"]
 }
@@ -68,26 +68,27 @@ module "fargate" {
   source = "../../"
 
   name_prefix          = "example-app"
-  vpc_id               = "${data.aws_vpc.main.id}"
-  private_subnet_ids   = "${data.aws_subnet_ids.main.ids}"
-  cluster_id           = "${aws_ecs_cluster.cluster.id}"
+  vpc_id               = data.aws_vpc.main.id
+  private_subnet_ids   = data.aws_subnet_ids.main.ids
+  cluster_id           = aws_ecs_cluster.cluster.id
   task_container_image = "crccheck/hello-world:latest"
 
   // public ip is needed for default vpc, default is false
-  task_container_assign_public_ip = "true"
+  task_container_assign_public_ip = true
 
   // port, default protocol is HTTP
-  task_container_port = "8000"
+  task_container_port = 8000
 
-  health_check {
+  health_check = {
     port = "traffic-port"
     path = "/"
   }
 
-  tags {
+  tags = {
     environment = "test"
     terraform   = "true"
   }
 
-  lb_arn = "${module.fargate_alb.arn}"
+  lb_arn = module.fargate_alb.arn
 }
+
diff --git a/examples/default/versions.tf b/examples/default/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/main.tf b/main.tf
@@ -7,30 +7,30 @@ data "aws_region" "current" {}
 # Cloudwatch
 # ------------------------------------------------------------------------------
 resource "aws_cloudwatch_log_group" "main" {
-  name              = "${var.name_prefix}"
-  retention_in_days = "${var.log_retention_in_days}"
-  tags              = "${var.tags}"
+  name              = var.name_prefix
+  retention_in_days = var.log_retention_in_days
+  tags              = var.tags
 }
 
 # ------------------------------------------------------------------------------
 # IAM - Task execution role, needed to pull ECR images etc.
 # ------------------------------------------------------------------------------
 resource "aws_iam_role" "execution" {
   name               = "${var.name_prefix}-task-execution-role"
-  assume_role_policy = "${data.aws_iam_policy_document.task_assume.json}"
+  assume_role_policy = data.aws_iam_policy_document.task_assume.json
 }
 
 resource "aws_iam_role_policy" "task_execution" {
   name   = "${var.name_prefix}-task-execution"
-  role   = "${aws_iam_role.execution.id}"
-  policy = "${data.aws_iam_policy_document.task_execution_permissions.json}"
+  role   = aws_iam_role.execution.id
+  policy = data.aws_iam_policy_document.task_execution_permissions.json
 }
 
 resource "aws_iam_role_policy" "read_repository_credentials" {
-  count  = "${length(var.repository_credentials) != 0 ? 1 : 0}"
+  count  = length(var.repository_credentials) != 0 ? 1 : 0
   name   = "${var.name_prefix}-read-repository-credentials"
-  role   = "${aws_iam_role.execution.id}"
-  policy = "${data.aws_iam_policy_document.read_repository_credentials.json}"
+  role   = aws_iam_role.execution.id
+  policy = data.aws_iam_policy_document.read_repository_credentials.json
 }
 
 # ------------------------------------------------------------------------------
@@ -39,27 +39,32 @@ resource "aws_iam_role_policy" "read_repository_credentials" {
 # ------------------------------------------------------------------------------
 resource "aws_iam_role" "task" {
   name               = "${var.name_prefix}-task-role"
-  assume_role_policy = "${data.aws_iam_policy_document.task_assume.json}"
+  assume_role_policy = data.aws_iam_policy_document.task_assume.json
 }
 
 resource "aws_iam_role_policy" "log_agent" {
   name   = "${var.name_prefix}-log-permissions"
-  role   = "${aws_iam_role.task.id}"
-  policy = "${data.aws_iam_policy_document.task_permissions.json}"
+  role   = aws_iam_role.task.id
+  policy = data.aws_iam_policy_document.task_permissions.json
 }
 
 # ------------------------------------------------------------------------------
 # Security groups
 # ------------------------------------------------------------------------------
 resource "aws_security_group" "ecs_service" {
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
   name        = "${var.name_prefix}-ecs-service-sg"
   description = "Fargate service security group"
-  tags        = "${merge(var.tags, map("Name", "${var.name_prefix}-sg"))}"
+  tags = merge(
+    var.tags,
+    {
+      Name = "${var.name_prefix}-sg"
+    },
+  )
 }
 
 resource "aws_security_group_rule" "egress_service" {
-  security_group_id = "${aws_security_group.ecs_service.id}"
+  security_group_id = aws_security_group.ecs_service.id
   type              = "egress"
   protocol          = "-1"
   from_port         = 0
@@ -72,11 +77,24 @@ resource "aws_security_group_rule" "egress_service" {
 # LB Target group
 # ------------------------------------------------------------------------------
 resource "aws_lb_target_group" "task" {
-  vpc_id       = "${var.vpc_id}"
-  protocol     = "${var.task_container_protocol}"
-  port         = "${var.task_container_port}"
-  target_type  = "ip"
-  health_check = ["${var.health_check}"]
+  vpc_id      = var.vpc_id
+  protocol    = var.task_container_protocol
+  port        = var.task_container_port
+  target_type = "ip"
+  dynamic "health_check" {
+    for_each = [var.health_check]
+    content {
+      enabled             = lookup(health_check.value, "enabled", null)
+      healthy_threshold   = lookup(health_check.value, "healthy_threshold", null)
+      interval            = lookup(health_check.value, "interval", null)
+      matcher             = lookup(health_check.value, "matcher", null)
+      path                = lookup(health_check.value, "path", null)
+      port                = lookup(health_check.value, "port", null)
+      protocol            = lookup(health_check.value, "protocol", null)
+      timeout             = lookup(health_check.value, "timeout", null)
+      unhealthy_threshold = lookup(health_check.value, "unhealthy_threshold", null)
+    }
+  }
 
   # NOTE: TF is unable to destroy a target group while a listener is attached,
   # therefor we have to create a new one before destroying the old. This also means
@@ -85,29 +103,34 @@ resource "aws_lb_target_group" "task" {
     create_before_destroy = true
   }
 
-  tags = "${merge(var.tags, map("Name", "${var.name_prefix}-target-${var.task_container_port}"))}"
+  tags = merge(
+    var.tags,
+    {
+      Name = "${var.name_prefix}-target-${var.task_container_port}"
+    },
+  )
 }
 
 # ------------------------------------------------------------------------------
 # ECS Task/Service
 # ------------------------------------------------------------------------------
 data "null_data_source" "task_environment" {
-  count = "${var.task_container_environment_count}"
+  count = var.task_container_environment_count
 
   inputs = {
-    name  = "${element(keys(var.task_container_environment), count.index)}"
-    value = "${element(values(var.task_container_environment), count.index)}"
+    name  = element(keys(var.task_container_environment), count.index)
+    value = element(values(var.task_container_environment), count.index)
   }
 }
 
 resource "aws_ecs_task_definition" "task" {
-  family                   = "${var.name_prefix}"
-  execution_role_arn       = "${aws_iam_role.execution.arn}"
+  family                   = var.name_prefix
+  execution_role_arn       = aws_iam_role.execution.arn
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
-  cpu                      = "${var.task_definition_cpu}"
-  memory                   = "${var.task_definition_memory}"
-  task_role_arn            = "${aws_iam_role.task.arn}"
+  cpu                      = var.task_definition_cpu
+  memory                   = var.task_definition_memory
+  task_role_arn            = aws_iam_role.task.arn
 
   container_definitions = <<EOF
 [{
@@ -134,34 +157,35 @@ resource "aws_ecs_task_definition" "task" {
     "environment": ${jsonencode(data.null_data_source.task_environment.*.outputs)}
 }]
 EOF
+
 }
 
 resource "aws_ecs_service" "service" {
-  depends_on                         = ["null_resource.lb_exists"]
-  name                               = "${var.name_prefix}"
-  cluster                            = "${var.cluster_id}"
-  task_definition                    = "${aws_ecs_task_definition.task.arn}"
-  desired_count                      = "${var.desired_count}"
+  depends_on                         = [null_resource.lb_exists]
+  name                               = var.name_prefix
+  cluster                            = var.cluster_id
+  task_definition                    = aws_ecs_task_definition.task.arn
+  desired_count                      = var.desired_count
   launch_type                        = "FARGATE"
-  deployment_minimum_healthy_percent = "${var.deployment_minimum_healthy_percent}"
-  deployment_maximum_percent         = "${var.deployment_maximum_percent}"
-  health_check_grace_period_seconds  = "${var.health_check_grace_period_seconds}"
+  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+  deployment_maximum_percent         = var.deployment_maximum_percent
+  health_check_grace_period_seconds  = var.health_check_grace_period_seconds
 
   network_configuration {
-    subnets          = ["${var.private_subnet_ids}"]
-    security_groups  = ["${aws_security_group.ecs_service.id}"]
-    assign_public_ip = "${var.task_container_assign_public_ip}"
+    subnets          = var.private_subnet_ids
+    security_groups  = [aws_security_group.ecs_service.id]
+    assign_public_ip = var.task_container_assign_public_ip
   }
 
   load_balancer {
-    container_name   = "${var.container_name != "" ? var.container_name : var.name_prefix}"
-    container_port   = "${var.task_container_port}"
-    target_group_arn = "${aws_lb_target_group.task.arn}"
+    container_name   = var.container_name != "" ? var.container_name : var.name_prefix
+    container_port   = var.task_container_port
+    target_group_arn = aws_lb_target_group.task.arn
   }
 
   deployment_controller {
     # The deployment controller type to use. Valid values: CODE_DEPLOY, ECS.
-    type = "${var.deployment_controller_type}"
+    type = var.deployment_controller_type
   }
 }
 
@@ -170,7 +194,8 @@ resource "aws_ecs_service" "service" {
 # see https://github.com/hashicorp/terraform/issues/12634.
 # Service depends on this resources which prevents it from being created until the LB is ready
 resource "null_resource" "lb_exists" {
-  triggers {
-    alb_name = "${var.lb_arn}"
+  triggers = {
+    alb_name = var.lb_arn
   }
 }
+
diff --git a/outputs.tf b/outputs.tf
@@ -3,40 +3,41 @@
 # ------------------------------------------------------------------------------
 output "service_arn" {
   description = "The Amazon Resource Name (ARN) that identifies the service."
-  value       = "${aws_ecs_service.service.id}"
+  value       = aws_ecs_service.service.id
 }
 
 output "target_group_arn" {
   description = "The ARN of the Target Group."
-  value       = "${aws_lb_target_group.task.arn}"
+  value       = aws_lb_target_group.task.arn
 }
 
 output "target_group_name" {
   description = "The Name of the Target Group."
-  value       = "${aws_lb_target_group.task.name}"
+  value       = aws_lb_target_group.task.name
 }
 
 output "task_role_arn" {
   description = "The Amazon Resource Name (ARN) specifying the service role."
-  value       = "${aws_iam_role.task.arn}"
+  value       = aws_iam_role.task.arn
 }
 
 output "task_role_name" {
   description = "The name of the service role."
-  value       = "${aws_iam_role.task.name}"
+  value       = aws_iam_role.task.name
 }
 
 output "service_sg_id" {
   description = "The Amazon Resource Name (ARN) that identifies the service security group."
-  value       = "${aws_security_group.ecs_service.id}"
+  value       = aws_security_group.ecs_service.id
 }
 
 output "service_name" {
   description = "The name of the service."
-  value       = "${aws_ecs_service.service.name}"
+  value       = aws_ecs_service.service.name
 }
 
 output "log_group_name" {
   description = "The name of the Cloudwatch log group for the task."
-  value       = "${aws_cloudwatch_log_group.main.name}"
+  value       = aws_cloudwatch_log_group.main.name
 }
+
diff --git a/policies.tf b/policies.tf
diff --git a/variables.tf b/variables.tf
diff --git a/versions.tf b/versions.tf

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +terraform {
 +  required_version = ">= 0.12"
 +}
Original file line number	Diff line number	Diff line change
`@@ -3,40 +3,41 @@`
`3`	`3`	`# ------------------------------------------------------------------------------`
`4`	`4`	`output "service_arn" {`
`5`	`5`	`description = "The Amazon Resource Name (ARN) that identifies the service."`
`6`		`- value = "${aws_ecs_service.service.id}"`
	`6`	`+ value = aws_ecs_service.service.id`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`output "target_group_arn" {`
`10`	`10`	`description = "The ARN of the Target Group."`
`11`		`- value = "${aws_lb_target_group.task.arn}"`
	`11`	`+ value = aws_lb_target_group.task.arn`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`output "target_group_name" {`
`15`	`15`	`description = "The Name of the Target Group."`
`16`		`- value = "${aws_lb_target_group.task.name}"`
	`16`	`+ value = aws_lb_target_group.task.name`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`output "task_role_arn" {`
`20`	`20`	`description = "The Amazon Resource Name (ARN) specifying the service role."`
`21`		`- value = "${aws_iam_role.task.arn}"`
	`21`	`+ value = aws_iam_role.task.arn`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`output "task_role_name" {`
`25`	`25`	`description = "The name of the service role."`
`26`		`- value = "${aws_iam_role.task.name}"`
	`26`	`+ value = aws_iam_role.task.name`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`output "service_sg_id" {`
`30`	`30`	`description = "The Amazon Resource Name (ARN) that identifies the service security group."`
`31`		`- value = "${aws_security_group.ecs_service.id}"`
	`31`	`+ value = aws_security_group.ecs_service.id`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`output "service_name" {`
`35`	`35`	`description = "The name of the service."`
`36`		`- value = "${aws_ecs_service.service.name}"`
	`36`	`+ value = aws_ecs_service.service.name`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`output "log_group_name" {`
`40`	`40`	`description = "The name of the Cloudwatch log group for the task."`
`41`		`- value = "${aws_cloudwatch_log_group.main.name}"`
	`41`	`+ value = aws_cloudwatch_log_group.main.name`
`42`	`42`	`}`
	`43`	`+`