Merge pull request #164 from stepanstipl/add-terraform-fmt-check-to-p…

…ipeline GPII-3334: Add terraform fmt check to pipeline
gpii-ops · Oct 8, 2018 · 18d76f5 · 18d76f5
2 parents 35bf4dd + d249f95
commit 18d76f5
Show file tree

Hide file tree

Showing 14 changed files with 85 additions and 65 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
 stages:
   - setup
+  - lint
   - unit-tests
   - common-stg
   - common-stg-test
@@ -62,6 +63,13 @@ gcp-setup:
   only:
     - master@gpii-ops/gpii-infra
 
+terraform-fmt-check:
+  stage: lint
+  script:
+    - docker run --rm -v "$(pwd):/data" -w /data gpii/exekube:0.4.0-google -- terraform fmt --check=true
+  only:
+    - master@gpii-ops/gpii-infra
+
 aws-unit-tests:
   stage: unit-tests
   tags:

diff --git a/aws/modules/k8s-cluster-dns/main.tf b/aws/modules/k8s-cluster-dns/main.tf
@@ -1,15 +1,15 @@
 resource "aws_route53_zone" "main" {
-  name = "${var.environment}.gpii.net"
+  name          = "${var.environment}.gpii.net"
   force_destroy = true
 
   tags {
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
 
 resource "aws_route53_record" "main_ns" {
-  zone_id = "Z26C1YEN96KOGI"  # Unmanaged route53 zone for gpii.net
+  zone_id = "Z26C1YEN96KOGI"                # Unmanaged route53 zone for gpii.net
   name    = "${aws_route53_zone.main.name}"
   type    = "NS"
   ttl     = "60"

diff --git a/aws/modules/k8s-cluster-dns/provider.tf b/aws/modules/k8s-cluster-dns/provider.tf
@@ -6,5 +6,5 @@
 # data stanza that would fill in these values?
 provider "aws" {
   version = "~> 1.8"
-  region = "us-east-2"
+  region  = "us-east-2"
 }
diff --git a/aws/modules/volume/main.tf b/aws/modules/volume/main.tf
@@ -1,54 +1,59 @@
 resource "aws_ebs_volume" "couchdb_us-east-2a" {
   availability_zone = "us-east-2a"
-  size = 5
-  encrypted = true
+  size              = 5
+  encrypted         = true
+
   tags {
-    Name = "${var.environment} couchdb us-east-2a pv"
+    Name        = "${var.environment} couchdb us-east-2a pv"
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
 
 resource "aws_ebs_volume" "couchdb_us-east-2b" {
   availability_zone = "us-east-2b"
-  size = 5
-  encrypted = true
+  size              = 5
+  encrypted         = true
+
   tags {
-    Name = "${var.environment} couchdb us-east-2b pv"
+    Name        = "${var.environment} couchdb us-east-2b pv"
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
 
 resource "aws_ebs_volume" "couchdb_us-east-2c" {
   availability_zone = "us-east-2c"
-  size = 5
-  encrypted = true
+  size              = 5
+  encrypted         = true
+
   tags {
-    Name = "${var.environment} couchdb us-east-2c pv"
+    Name        = "${var.environment} couchdb us-east-2c pv"
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
 
 resource "aws_ebs_volume" "prometheus_us-east-2b" {
   availability_zone = "us-east-2b"
-  size = 15
-  encrypted = true
+  size              = 15
+  encrypted         = true
+
   tags {
-    Name = "${var.environment} prometheus us-east-2b pv"
+    Name        = "${var.environment} prometheus us-east-2b pv"
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
 
 resource "aws_ebs_volume" "prometheus_us-east-2c" {
   availability_zone = "us-east-2c"
-  size = 15
-  encrypted = true
+  size              = 15
+  encrypted         = true
+
   tags {
-    Name = "${var.environment} prometheus us-east-2c pv"
+    Name        = "${var.environment} prometheus us-east-2c pv"
     Environment = "${var.environment}"
-    Terraform = true
+    Terraform   = true
   }
 }
diff --git a/aws/modules/volume/provider.tf b/aws/modules/volume/provider.tf
@@ -6,5 +6,5 @@
 # data stanza that would fill in these values?
 provider "aws" {
   version = "~> 1.8"
-  region = "us-east-2"
+  region  = "us-east-2"
 }
diff --git a/common/modules/aws-gcp-dns/aws-dns-zone/main.tf b/common/modules/aws-gcp-dns/aws-dns-zone/main.tf
@@ -5,35 +5,36 @@ variable "record_name" {}
 variable "aws_zone_id" {}
 
 variable "ns_records" {
-  type        = "list"
-  default     = []
+  type    = "list"
+  default = []
 }
 
-
 resource "aws_route53_zone" "main" {
   name = "${var.record_name}.${var.organization_domain}"
-  lifecycle   {
-     prevent_destroy = "true"
+
+  lifecycle {
+    prevent_destroy = "true"
   }
+
   tags {
     Terraform = true
   }
 }
 
-
 resource "aws_route53_record" "main_ns" {
   zone_id = "${var.aws_zone_id}"
   name    = "${aws_route53_zone.main.name}"
   type    = "NS"
   ttl     = "60"
+
   # Tricky list assignement, more info: https://github.com/hashicorp/terraform/issues/13733
   records = ["${split(",", length(var.ns_records) == 0 ? join(",",aws_route53_zone.main.name_servers) : join(",",var.ns_records))}"]
-  lifecycle   {
-     prevent_destroy = "true"
+
+  lifecycle {
+    prevent_destroy = "true"
   }
 }
 
 output "aws_name" {
   value = "${aws_route53_zone.main.name}"
 }
-
diff --git a/common/modules/aws-gcp-dns/gcp-dns-zone/main.tf b/common/modules/aws-gcp-dns/gcp-dns-zone/main.tf
@@ -1,23 +1,21 @@
 variable "record_name" {}
 
 variable "organization_domain" {}
-
 
 resource "google_dns_managed_zone" "main" {
   name        = "${var.record_name}-${replace(var.organization_domain, ".", "-")}"
   dns_name    = "${var.record_name}.${var.organization_domain}."
   description = "${var.record_name} DNS zone"
-  lifecycle   {
-     prevent_destroy = "true"
+
+  lifecycle {
+    prevent_destroy = "true"
   }
 }
 
-
 output "gcp_name_servers" {
   value = "${google_dns_managed_zone.main.name_servers}"
 }
 
 output "gcp_name" {
   value = "${google_dns_managed_zone.main.name}"
 }
-
diff --git a/common/modules/aws-gcp-dns/main.tf b/common/modules/aws-gcp-dns/main.tf
@@ -15,14 +15,13 @@ variable "project_id" {}
 variable "serviceaccount_key" {}
 
 variable "organization_domain" {
-  default     = "gpii.net"
+  default = "gpii.net"
 }
 
 variable "aws_zone_id" {
-  default     = "Z26C1YEN96KOGI" # Unmanaged route53 zone for gpii.net
+  default = "Z26C1YEN96KOGI" # Unmanaged route53 zone for gpii.net
 }
 
-
 provider "google" {
   credentials = "${var.serviceaccount_key}"
   project     = "${var.project_id}"
@@ -31,28 +30,26 @@ provider "google" {
 
 provider "aws" {
   version = "~> 1.8"
-  region = "us-east-2"
+  region  = "us-east-2"
 }
 
-
 module "aws_zone" {
-  source = "./aws-dns-zone"
-  record_name = "aws"
-  aws_zone_id = "${var.aws_zone_id}"
+  source              = "./aws-dns-zone"
+  record_name         = "aws"
+  aws_zone_id         = "${var.aws_zone_id}"
   organization_domain = "${var.organization_domain}"
 }
 
 module "gcp_zone" {
-  source = "./gcp-dns-zone"
-  record_name = "gcp"
+  source              = "./gcp-dns-zone"
+  record_name         = "gcp"
   organization_domain = "${var.organization_domain}"
 }
 
 module "gcp_zone_in_aws" {
-  source = "./aws-dns-zone"
-  record_name = "gcp"
-  ns_records = "${module.gcp_zone.gcp_name_servers}"
-  aws_zone_id = "${var.aws_zone_id}"
+  source              = "./aws-dns-zone"
+  record_name         = "gcp"
+  ns_records          = "${module.gcp_zone.gcp_name_servers}"
+  aws_zone_id         = "${var.aws_zone_id}"
   organization_domain = "${var.organization_domain}"
 }
-
diff --git a/common/modules/gcp-project/main.tf b/common/modules/gcp-project/main.tf
@@ -25,7 +25,6 @@ variable "serviceaccount_key" {}
 
 variable "project_id" {} # id of the project which owns the credentials used by the provider
 
-
 provider "google" {
   credentials = "${var.serviceaccount_key}"
   project     = "${var.project_id}"
@@ -54,6 +53,7 @@ resource "google_project" "project" {
 
 resource "google_project_services" "project" {
   project = "${google_project.project.project_id}"
+
   services = [
     "bigquery-json.googleapis.com",
     "cloudbilling.googleapis.com",
@@ -87,6 +87,7 @@ resource "google_service_account" "project" {
 resource "google_project_iam_binding" "project" {
   project = "${google_project.project.project_id}"
   role    = "roles/owner"
+
   members = [
     "${var.project_owner}",
     "serviceAccount:${google_service_account.project.email}",
@@ -95,11 +96,13 @@ resource "google_project_iam_binding" "project" {
 }
 
 resource "google_dns_managed_zone" "project" {
-  project     = "${google_project.project.project_id}"
-  name        = "${replace(local.dnsname, ".", "-")}"
-  dns_name    = "${local.dnsname}."
-  depends_on  = ["google_project_services.project",
-                 "google_project_iam_binding.project"]
+  project  = "${google_project.project.project_id}"
+  name     = "${replace(local.dnsname, ".", "-")}"
+  dns_name = "${local.dnsname}."
+
+  depends_on = ["google_project_services.project",
+    "google_project_iam_binding.project",
+  ]
 }
 
 # Set the NS records in the parent zone of the parent project if the
@@ -127,9 +130,10 @@ resource "google_dns_record_set" "ns-root" {
 }
 
 resource "google_storage_bucket" "project-tfstate" {
-  project     = "${google_project.project.project_id}"
-  name        = "${var.organization_name}-gcp-${var.project_name}-tfstate"
-  versioning  = {
+  project = "${google_project.project.project_id}"
+  name    = "${var.organization_name}-gcp-${var.project_name}-tfstate"
+
+  versioning = {
     enabled = "true"
   }
 }
diff --git a/gcp/modules/couchdb/main.tf b/gcp/modules/couchdb/main.tf
@@ -8,6 +8,7 @@ variable "nonce" {}
 
 # Terragrunt variables
 variable "replica_count" {}
+
 variable "backup_deltas" {}
 variable "release_namespace" {}
 variable "requests_cpu" {}
@@ -17,6 +18,7 @@ variable "limits_memory" {}
 
 # Secret variables
 variable "secret_couchdb_admin_username" {}
+
 variable "secret_couchdb_admin_password" {}
 variable "secret_couchdb_auth_cookie" {}
 

diff --git a/gcp/modules/gcp-stackdriver-exclusion/main.tf b/gcp/modules/gcp-stackdriver-exclusion/main.tf
@@ -4,6 +4,7 @@ terraform {
 
 variable "project_id" {}
 variable "serviceaccount_key" {}
+
 variable "exclusions" {
   default = {
     # Calico logs don't always set 'severity' correctly, so instead we match on

diff --git a/gcp/modules/gke-cluster/main.tf b/gcp/modules/gke-cluster/main.tf
@@ -17,8 +17,8 @@ module "gke_cluster" {
   node_type          = "${var.node_type}"
   kubernetes_version = "1.10.7-gke.2"
 
-  main_compute_zone  = "us-central1-a"
-  additional_zones   = ["us-central1-b", "us-central1-c", "us-central1-f"]
+  main_compute_zone = "us-central1-a"
+  additional_zones  = ["us-central1-b", "us-central1-c", "us-central1-f"]
 
   monitoring_service = "monitoring.googleapis.com/kubernetes"
   logging_service    = "logging.googleapis.com/kubernetes"

diff --git a/gcp/modules/gpii-flowmanager/main.tf b/gcp/modules/gpii-flowmanager/main.tf
@@ -11,6 +11,7 @@ variable "flowmanager_checksum" {}
 
 # Terragrunt variables
 variable "cert_issuer_name" {}
+
 variable "disable_ssl_redirect" {}
 variable "replica_count" {}
 variable "requests_cpu" {}
@@ -20,6 +21,7 @@ variable "limits_memory" {}
 
 # Secret variables
 variable "secret_couchdb_admin_username" {}
+
 variable "secret_couchdb_admin_password" {}
 
 data "template_file" "flowmanager_values" {

diff --git a/gcp/modules/gpii-preferences/main.tf b/gcp/modules/gpii-preferences/main.tf
@@ -11,6 +11,7 @@ variable "preferences_checksum" {}
 
 # Terragrunt variables
 variable "cert_issuer_name" {}
+
 variable "disable_ssl_redirect" {}
 variable "replica_count" {}
 variable "requests_cpu" {}
@@ -20,6 +21,7 @@ variable "limits_memory" {}
 
 # Secret variables
 variable "secret_couchdb_admin_username" {}
+
 variable "secret_couchdb_admin_password" {}
 
 data "template_file" "preferences_values" {