chore: consolidate tf 0.15 and review ci (#94)

ci: re-enable validate org validation

Author: iru

.github/workflows/ci-pull-request.yaml

@@ -63,15 +63,27 @@ jobs:
         with:
           terraform_version: ${{ steps.minMax.outputs.minVersion }}
 
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Install pre-commit dependencies
-        run: pip install pre-commit
+        run: |
+          pip install pre-commit
+          go install github.com/hashicorp/terraform-config-inspect@latest
+
+      - name: Execute generate-terraform-providers for organizational
+        if: ${{ matrix.directory !=  '.' }}
+        run: |
+          pre-commit run generate_tf_providers -a
 
-      - name: Execute pre-commit
+      - name: Execute pre-commit min_version 1
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
         run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*
 
-      - name: Execute pre-commit
+      - name: Execute pre-commit min_version 2
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
         run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)
@@ -106,7 +118,7 @@ jobs:
       - name: Install Python
         uses: actions/setup-python@v2
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Install Terraform v${{ matrix.version }}
@@ -117,10 +129,11 @@ jobs:
         run: |
           pip install pre-commit
           go install github.com/terraform-docs/terraform-docs@v0.16.0
+          go install github.com/hashicorp/terraform-config-inspect@latest
           curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
       - name: Clean pre-commit cache
         run: pre-commit clean
-      - name: Execute pre-commit
+      - name: Execute pre-commit max_version
         # Run all pre-commit checks on max version supported
         if: ${{ matrix.version ==  needs.getTerraformMinMaxVersion.outputs.maxVersion }}
         run: pre-commit run --color=always --show-diff-on-failure --all-files

.gitignore

@@ -44,3 +44,6 @@ override.tf.json
 .kitchen/*
 test/fixtures/**/.kitchen/
 test/snippets/*
+
+# pre-commit workarounds
+**/aliased-providers.tf.json

.pre-commit-config.yaml

@@ -16,7 +16,7 @@ repos:
 #    hooks:
 #        - id: terraform_validate
 #          name: Terraform validate
-#          entry: .pre-commit-terraform-validate-examples.sh
+#          entry: resources/scripts/terraform_validate.sh
 #          pass_filenames: false
 #          language: script
 #          verbose: true
@@ -30,13 +30,25 @@ repos:
         language: system
         entry: bash -c "find . \( -iname ".terraform*" ! -iname ".terraform-docs*" ! -path "*/test/*" \)  -print0 | xargs -0 rm -r; true"
 
+
+  - repo: local
+    # Adding this patch to fix organizational multi-provider terraform validate error
+    # 'missing provider provider["registry.terraform.io/hashicorp/aws"].member'
+    # https://github.com/antonbabenko/pre-commit-terraform/#terraform_validate
+    hooks:
+      - id: generate_tf_providers
+        name: generate_tf_providers
+        language: system
+        entry: bash -c "./resources/scripts/generate_providers.sh ./modules/infrastructure/permissions/org-role-ecs ./examples/organizational"
+        pass_filenames: false
+
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.64.0
     hooks:
       - id: terraform_fmt
       # https://github.com/antonbabenko/pre-commit-terraform#terraform_validate
       - id: terraform_validate
-        exclude: (modules/infrastructure/permissions/org-role-ecs)|(examples/organizational)|(test)|(examples-internal)\/.*$
+        exclude: (test)|(examples-internal)\/.*$
       - id: terraform_docs
         args:
           - '--args=--sort-by required'

examples/organizational/README.md

@@ -143,9 +143,9 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | >= 4.0.0 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.15.0 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
 

examples/single-account-k8s/README.md

@@ -84,7 +84,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.5.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 

examples/trigger-events/README.md

@@ -49,7 +49,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/cloudtrail/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/cloudtrail_s3-sns-sqs/README.md

@@ -46,7 +46,7 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/codebuild/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/ecs-vpc/README.md

@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-connector/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-scanning/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/general/README.md

@@ -15,7 +15,7 @@ General permissions that apply to both cloud-connector and cloud-scanning module
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/iam-user/README.md

@@ -45,7 +45,7 @@ Note: Contact us if this authentication system does not match your requirement.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/org-role-ecs/README.md

@@ -31,8 +31,8 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | >= 3.50.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/permissions/org-role-eks/README.md

@@ -29,7 +29,7 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/resource-group/README.md

@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/sqs-sns-subscription/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/infrastructure/ssm/README.md

@@ -16,7 +16,7 @@ and pass it, in a safe way, to all the modules that require it.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 
 ## Modules
 

modules/services/cloud-bench/README.md

@@ -26,8 +26,8 @@ Deployed on **Sysdig Backend**
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.3 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.2.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules

modules/services/cloud-connector-ecs/README.md

@@ -15,7 +15,7 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules

resources/scripts/generate_providers.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+for path in "$@"
+do
+  echo "$path"
+  terraform-config-inspect --json "$path" | jq -r '
+    [.required_providers[].aliases]
+    | flatten
+    | del(.[] | select(. == null))
+    | reduce .[] as $entry (
+      {};
+      .provider[$entry.name] //= [] | .provider[$entry.name] += [{"alias": $entry.alias}]
+    )
+  ' > "$path"/aliased-providers.tf.json
+done

resources/terraform-clean.sh renamed to resources/scripts/terraform-clean.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# use from root path  ./resources/terraform-clean.sh
+# use from root path  ./resources/scripts/terraform-clean.sh
 # we don't wanna delete possible ./test state tests
 
 pushd .

.pre-commit-terraform-validate-examples.sh renamed to resources/scripts/terraform_validate.sh

@@ -22,7 +22,7 @@ modules, and we also offer [AWS Cloudformation templates](https://github.com/sys
 - deployment type
   - are you familiar with the installation stack? Terraform, Cloudformation, AWS CDK, ...?
   - if you want to use Kubernetes workload for Sysdig deployment, what's your current way of deploying helm charts?
-  
+
 
 
 ### AWS