Merge pull request #359 from sassoftware/staging

8.5.0 - January 19, 2024

Author: riragh

.github/workflows/linter-analysis.yaml

@@ -1,7 +1,7 @@
 name: Linter Analysis
 on:
   push:
-    branches: ['*'] # '*' will cause the workflow to run on all commits to all branches.
+    branches: ['**'] # '*' will cause the workflow to run on all commits to all branches.
 
 jobs:
   # Hadolint: Job-1
@@ -52,8 +52,11 @@ jobs:
         tflint_version: latest
         github_token: ${{ secrets.LINTER_TOKEN }}
 
+    - name: Initializing viya4-iac-azure
+      run: terraform init
+
     - name: Initializing TFLint
-      run: TFLINT_LOG=info tflint --init -c .tflint.hcl 
+      run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" 
 
     - name: Run TFLint Action
-      run: TFLINT_LOG=info tflint -c .tflint.hcl
+      run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive

Dockerfile

@@ -1,9 +1,9 @@
-ARG TERRAFORM_VERSION=1.6.4
-ARG AZURECLI_VERSION=2.54.0
+ARG TERRAFORM_VERSION=1.6.6
+ARG AZURECLI_VERSION=2.56.0
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
-ARG KUBECTL_VERSION=1.26.10
+ARG KUBECTL_VERSION=1.27.9
 
 WORKDIR /viya4-iac-azure
 

README.md

@@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
 Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.
 
 #### Terraform Requirements:
-- [Terraform](https://www.terraform.io/downloads.html) - v1.6.4
-- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.26
+- [Terraform](https://www.terraform.io/downloads.html) - v1.6.6
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.27.9
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.54.0
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.56.0
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

container-structure-test.yaml

@@ -17,7 +17,7 @@ commandTests:
   - name: "terraform version"
     command: "terraform"
     args: ["--version"]
-    expectedOutput: ["Terraform v1.6.4"]
+    expectedOutput: ["Terraform v1.6.6"]
   - name: "python version"
     command: "python3"
     args: ["--version"]
@@ -29,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.54.0\t2.54.0\t1.1.0"]
+    expectedOutput: ["2.56.0\t2.56.0\t1.1.0"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

docs/CONFIG-VARS.md

@@ -182,7 +182,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
 | :--- | ---: | ---: | ---: | ---: |
 | partner_id | A GUID that is registered with Microsoft to facilitate partner resource usage attribution | string | "5d27f3ae-e49c-4dea-9aa3-b44e4750cd8c" | Defaults to SAS partner GUID. When you deploy this Terraform configuration, Microsoft can identify the installation of SAS software with the deployed Azure resources. Microsoft can then correlate the resources that are used to support the software. Microsoft collects this information to provide the best experiences with their products and to operate their business. The data is collected and governed by Microsoft's privacy policies, located at https://www.microsoft.com/trustcenter. |
 | create_static_kubeconfig | Allows the user to create a provider / service account-based kubeconfig file | bool | true | A value of `false` will default to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` will create a static kubeconfig that uses a `Service Account` and `Cluster Role Binding` to provide credentials. |
-| kubernetes_version | The AKS cluster Kubernetes version | string | "1.26" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version |
+| kubernetes_version | The AKS cluster Kubernetes version | string | "1.27" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version |
 | create_jump_vm | Create bastion host | bool | true | |
 | create_jump_public_ip | Add public IP address to the jump VM | bool | true | |
 | enable_jump_public_static_ip | Enables `Static` allocation method for the public IP address of Jump Server. Setting false will enable `Dynamic` allocation method. | bool | true | Only used with `create_jump_public_ip=true` |

examples/sample-input-byo.tfvars

@@ -45,7 +45,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input-connect.tfvars

@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input-ha.tfvars

@@ -32,7 +32,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input-minimal.tfvars

@@ -32,7 +32,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D4_v3"
 #v3 still has local temp storage

examples/sample-input-postgres.tfvars

@@ -86,7 +86,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input-ppg.tfvars

@@ -33,7 +33,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input-singlestore.tfvars

@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

examples/sample-input.tfvars

@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.26"
+kubernetes_version         = "1.27"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

linting-configs/.tflint.hcl

@@ -26,3 +26,14 @@ plugin "terraform" {
 rule "azurerm_kubernetes_cluster_default_node_pool_invalid_vm_size" {
   enabled = false
 }
+
+# We specify the versions and providers in the top level versions.tf.
+# This stops it from throwing a warning when scanning our modules
+# in viya4-iac-azure/modules/
+rule "terraform_required_version" {
+  enabled = false
+}
+
+rule "terraform_required_providers" {
+  enabled = false
+}

locals.tf

@@ -5,7 +5,7 @@ locals {
 
   # Useful flags
   ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
-    ? file(var.ssh_public_key)
+    ? can(file(var.ssh_public_key)) ? file(var.ssh_public_key) : var.ssh_public_key != null ? length(var.ssh_public_key) > 0 ? var.ssh_public_key : null : null
     : null
   )
 

main.tf

@@ -131,7 +131,6 @@ module "aks" {
 
   aks_cluster_name                         = "${var.prefix}-aks"
   aks_cluster_rg                           = local.aks_rg.name
-  aks_cluster_rg_id                        = local.aks_rg.id
   aks_cluster_dns_prefix                   = "${var.prefix}-aks"
   aks_cluster_sku_tier                     = var.aks_cluster_sku_tier
   aks_cluster_location                     = var.location
@@ -241,7 +240,6 @@ module "netapp" {
   prefix              = var.prefix
   resource_group_name = local.aks_rg.name
   location            = var.location
-  vnet_name           = module.vnet.name
   subnet_id           = module.vnet.subnets["netapp"].id
   network_features    = var.netapp_network_features
   service_level       = var.netapp_service_level

modules/aks_node_pool/variables.tf

@@ -85,8 +85,8 @@ variable "min_nodes" {
 
 variable "node_taints" {
   description = "A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
-  type    = list(any)
-  default = []
+  type        = list(any)
+  default     = []
 }
 
 variable "node_labels" {

modules/azure_aks/main.tf

@@ -3,22 +3,22 @@
 
 # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
 resource "azurerm_kubernetes_cluster" "aks" {
-  name                               = var.aks_cluster_name
-  location                           = var.aks_cluster_location
-  resource_group_name                = var.aks_cluster_rg
-  dns_prefix                         = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
-  dns_prefix_private_cluster         = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null
-
-  sku_tier                           = var.aks_cluster_sku_tier
-  role_based_access_control_enabled  = true
-  http_application_routing_enabled   = false
-  
+  name                       = var.aks_cluster_name
+  location                   = var.aks_cluster_location
+  resource_group_name        = var.aks_cluster_rg
+  dns_prefix                 = var.aks_private_cluster == false || var.aks_cluster_private_dns_zone_id == "" ? var.aks_cluster_dns_prefix : null
+  dns_prefix_private_cluster = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_dns_prefix : null
+
+  sku_tier                          = var.aks_cluster_sku_tier
+  role_based_access_control_enabled = true
+  http_application_routing_enabled  = false
+
   # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
   # az aks get-versions --location eastus -o table
-  kubernetes_version                 = var.kubernetes_version
-  api_server_authorized_ip_ranges    = var.aks_cluster_endpoint_public_access_cidrs
-  private_cluster_enabled            = var.aks_private_cluster
-  private_dns_zone_id                = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
+  kubernetes_version              = var.kubernetes_version
+  api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
+  private_cluster_enabled         = var.aks_private_cluster
+  private_dns_zone_id             = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
 
   network_profile {
     network_plugin = var.aks_network_plugin
@@ -45,7 +45,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
     content {
       admin_username = var.aks_cluster_node_admin
       ssh_key {
-         key_data = var.aks_cluster_ssh_public_key
+        key_data = var.aks_cluster_ssh_public_key
       }
     }
   }
@@ -80,7 +80,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   dynamic "identity" {
     for_each = var.aks_uai_id == null ? [] : [1]
     content {
-      type = "UserAssigned"
+      type         = "UserAssigned"
       identity_ids = [var.aks_uai_id]
     }
   }
@@ -108,8 +108,8 @@ resource "azurerm_kubernetes_cluster" "aks" {
 
 }
 
- data "azurerm_public_ip" "cluster_public_ip" {
-  count               = var.cluster_egress_type == "loadBalancer" ? 1 : 0
+data "azurerm_public_ip" "cluster_public_ip" {
+  count = var.cluster_egress_type == "loadBalancer" ? 1 : 0
 
   # effective_outbound_ips is a set of strings, that needs to be converted to a list type
   name                = split("/", tolist(azurerm_kubernetes_cluster.aks.network_profile[0].load_balancer_profile[0].effective_outbound_ips)[0])[8]

modules/azure_aks/variables.tf

@@ -11,11 +11,6 @@ variable "aks_cluster_rg" {
   type        = string
 }
 
-variable "aks_cluster_rg_id" {
-  description = "The `azurerm_kubernetes_cluster`'s id."
-  type        = string
-}
-
 variable "aks_cluster_dns_prefix" {
   description = "DNS prefix specified when creating the managed cluster."
   type        = string
@@ -115,7 +110,7 @@ variable "aks_cluster_max_pods" {
 variable "kubernetes_version" {
   description = "The AKS cluster K8s version"
   type        = string
-  default     = "1.26"
+  default     = "1.27"
 }
 
 variable "aks_cluster_endpoint_public_access_cidrs" {
@@ -146,7 +141,7 @@ variable "aks_dns_service_ip" {
   type        = string
   default     = "10.0.0.10"
   validation {
-    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
+    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.aks_dns_service_ip)) : false
     error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
   }
 
@@ -225,6 +220,6 @@ variable "cluster_egress_type" {
 }
 
 variable "aks_cluster_private_dns_zone_id" {
-  type = string
+  type    = string
   default = ""
 }

modules/azurerm_netapp/outputs.tf

@@ -10,7 +10,7 @@ output "netapp_pool_id" {
 }
 
 output "netapp_endpoint" {
-  value = azurerm_netapp_volume.anf.mount_ip_addresses.0
+  value = azurerm_netapp_volume.anf.mount_ip_addresses[0]
 }
 
 output "netapp_path" {

modules/azurerm_netapp/variables.tf

@@ -1,12 +1,6 @@
 # Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-variable create_netapp {
-  description = "Boolean flag to create Azure NetApp Files"
-  type        = bool
-  default     = false
-}
-
 variable "prefix" {
   description = "A prefix used in the name for all the Azure resources created by this script."
   type        = string
@@ -22,11 +16,6 @@ variable "location" {
   type        = string
 }
 
-variable "vnet_name" {
-  description = "Azure Virtual Network"
-  type        = string
-}
-
 variable "subnet_id" {
   description = "Azure subnet id for Azure NetApp Files"
   type        = string

modules/azurerm_postgresql_flex/main.tf

@@ -49,14 +49,14 @@ resource "azurerm_postgresql_flexible_server" "flexpsql" {
 }
 
 resource "azurerm_postgresql_flexible_server_configuration" "flexpsql" {
-  for_each   = {
-    for config in var.postgresql_configurations:
-      config.name => config
+  for_each = {
+    for config in var.postgresql_configurations :
+    config.name => config
   }
 
-  name       = each.value.name
-  server_id  = azurerm_postgresql_flexible_server.flexpsql.id
-  value      = each.value.value
+  name      = each.value.name
+  server_id = azurerm_postgresql_flexible_server.flexpsql.id
+  value     = each.value.value
 }
 
 resource "azurerm_postgresql_flexible_server_firewall_rule" "flexpsql" {

modules/azurerm_postgresql_flex/variables.tf

@@ -98,9 +98,3 @@ variable "delegated_subnet_id" {
   description = "The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created."
   type        = string
 }
-
-variable "private_dns_zone_id" {
-  description = "The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created."
-  type        = string
-  default     = null
-}