From 3703f80048a7d4f5a94de3d65a6fcd875ef61535 Mon Sep 17 00:00:00 2001 From: Mykola Babinskyi Date: Fri, 21 Mar 2025 17:28:01 +0100 Subject: [PATCH 1/4] ci: add tflint --- .github/workflows/ci.yml | 15 +++++++++++++++ .tflint.hcl | 25 +++++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 .tflint.hcl diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1c2f66..696a8ac 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -85,6 +85,21 @@ jobs: git diff --exit-code --color=always || ( echo "Terraform docs are out-of-date. See the diff above." && exit 1 ) + tflint: + runs-on: ubuntu-latest + + env: + TFLINT_CONFIG_FILE: "${{ github.workspace }}/.tflint.hcl" + + steps: + - uses: actions/checkout@v4 + - uses: terraform-linters/setup-tflint@v4 + with: + tflint_version: "latest" + + - run: tflint --init + - run: tflint --color --recursive + prettier: runs-on: ubuntu-latest steps: diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..4e0dd53 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,25 @@ +tflint { + required_version = ">= 0.53.0" +} + +config { + plugin_dir = "~/.tflint.d/plugins" + call_module_type = "local" +} + +plugin "terraform" { + enabled = true + preset = "all" +} + +plugin "aws" { + enabled = true + version = "0.38.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "azurerm" { + enabled = true + version = "0.27.0" + source = "github.com/terraform-linters/tflint-ruleset-azurerm" +} From a0b61773e18ecaed615713c0c3d575a558f84f83 Mon Sep 17 00:00:00 2001 From: Mykola Babinskyi Date: Fri, 21 Mar 2025 18:23:51 +0100 Subject: [PATCH 2/4] tflint fixes --- asset-account/terraform/stack-set/README.md | 4 ++-- .../terraform/stack-set/examples/self-managed/main.tf | 0 .../stack-set/examples/self-managed/outputs.tf | 0 .../stack-set/examples/self-managed/variables.tf | 2 ++ .../stack-set/examples/self-managed/versions.tf | 10 ++++++++++ .../stack-set/examples/service-managed/outputs.tf | 0 .../stack-set/examples/service-managed/versions.tf | 3 +++ asset-account/terraform/stack-set/variables.tf | 2 ++ 8 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 asset-account/terraform/stack-set/examples/self-managed/main.tf create mode 100644 asset-account/terraform/stack-set/examples/self-managed/outputs.tf create mode 100644 asset-account/terraform/stack-set/examples/self-managed/versions.tf create mode 100644 asset-account/terraform/stack-set/examples/service-managed/outputs.tf create mode 100644 asset-account/terraform/stack-set/examples/service-managed/versions.tf diff --git a/asset-account/terraform/stack-set/README.md b/asset-account/terraform/stack-set/README.md index 82ddbc0..809419b 100644 --- a/asset-account/terraform/stack-set/README.md +++ b/asset-account/terraform/stack-set/README.md @@ -67,8 +67,8 @@ No modules. | [permission_model](#input_permission_model) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1) | `string` | `null` | no | | [region](#input_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no | | [retain_stacks](#input_retain_stacks) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1) | `bool` | `null` | no | -| [stack_set_description](#input_stack_set_description) | n/a | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no | -| [stack_set_name](#input_stack_set_name) | n/a | `string` | `"ElastioAssetAccount"` | no | +| [stack_set_description](#input_stack_set_description) | The description of the CloudFormation StackSet. | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no | +| [stack_set_name](#input_stack_set_name) | The name of the CloudFormation StackSet. | `string` | `"ElastioAssetAccount"` | no | | [tags](#input_tags) | Additional tags to apply to all resources created by this stack. | `map(string)` | `{}` | no | | [template_url](#input_template_url) | The URL of the Elastio Asset Account CloudFormation template obtained from
the Elastio Portal.

This parameter is sensitive, because anyone who knows this URL can deploy
Elastio Account stack and linking it to your Elastio tenant. | `string` | n/a | yes | diff --git a/asset-account/terraform/stack-set/examples/self-managed/main.tf b/asset-account/terraform/stack-set/examples/self-managed/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/asset-account/terraform/stack-set/examples/self-managed/outputs.tf b/asset-account/terraform/stack-set/examples/self-managed/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/asset-account/terraform/stack-set/examples/self-managed/variables.tf b/asset-account/terraform/stack-set/examples/self-managed/variables.tf index e355baf..3769478 100644 --- a/asset-account/terraform/stack-set/examples/self-managed/variables.tf +++ b/asset-account/terraform/stack-set/examples/self-managed/variables.tf @@ -13,11 +13,13 @@ variable "template_url" { } variable "admin_account_aws_profile" { + description = "The AWS CLI profile name for the admin account." type = string default = null } variable "asset_account_aws_profile" { + description = "The AWS CLI profile name for the asset account." type = string default = null } diff --git a/asset-account/terraform/stack-set/examples/self-managed/versions.tf b/asset-account/terraform/stack-set/examples/self-managed/versions.tf new file mode 100644 index 0000000..ddfcb0e --- /dev/null +++ b/asset-account/terraform/stack-set/examples/self-managed/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } + } +} diff --git a/asset-account/terraform/stack-set/examples/service-managed/outputs.tf b/asset-account/terraform/stack-set/examples/service-managed/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/asset-account/terraform/stack-set/examples/service-managed/versions.tf b/asset-account/terraform/stack-set/examples/service-managed/versions.tf new file mode 100644 index 0000000..7117131 --- /dev/null +++ b/asset-account/terraform/stack-set/examples/service-managed/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 1.0" +} diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf index 4c6ba4d..b32994d 100644 --- a/asset-account/terraform/stack-set/variables.tf +++ b/asset-account/terraform/stack-set/variables.tf @@ -82,12 +82,14 @@ variable "auto_deployment" { } variable "stack_set_name" { + description = "The name of the CloudFormation StackSet." type = string nullable = false default = "ElastioAssetAccount" } variable "stack_set_description" { + description = "The description of the CloudFormation StackSet." type = string nullable = false default = <<-DESCR From 120f3539f96a0c57042d3c04d40a1840ab904775 Mon Sep 17 00:00:00 2001 From: Veetaha Date: Fri, 21 Mar 2025 17:55:19 +0000 Subject: [PATCH 3/4] Fix the unused `region` variable --- asset-account/terraform/stack-set/README.md | 2 +- asset-account/terraform/stack-set/main.tf | 1 + asset-account/terraform/stack-set/variables.tf | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/asset-account/terraform/stack-set/README.md b/asset-account/terraform/stack-set/README.md index 809419b..b45a7d8 100644 --- a/asset-account/terraform/stack-set/README.md +++ b/asset-account/terraform/stack-set/README.md @@ -65,8 +65,8 @@ No modules. | [managed_execution](#input_managed_execution) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#managed_execution-1) | 
object({
 active = optional(bool)
 })
| `null` | no | | [operation_preferences](#input_operation_preferences) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#operation_preferences) | 
object({
 concurrency_mode = optional(string)
 failure_tolerance_count = optional(number)
 failure_tolerance_percentage = optional(number)
 max_concurrent_count = optional(number)
 max_concurrent_percentage = optional(number)

 # Region settings are not supported, because
 # there must be at most one stack per account
 # in a single region.
 })
| `null` | no | | [permission_model](#input_permission_model) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1) | `string` | `null` | no | -| [region](#input_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no | | [retain_stacks](#input_retain_stacks) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1) | `bool` | `null` | no | +| [stack_instances_region](#input_stack_instances_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no | | [stack_set_description](#input_stack_set_description) | The description of the CloudFormation StackSet. | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no | | [stack_set_name](#input_stack_set_name) | The name of the CloudFormation StackSet. | `string` | `"ElastioAssetAccount"` | no | | [tags](#input_tags) | Additional tags to apply to all resources created by this stack. | `map(string)` | `{}` | no | diff --git a/asset-account/terraform/stack-set/main.tf b/asset-account/terraform/stack-set/main.tf index 91fe644..aa4ec97 100644 --- a/asset-account/terraform/stack-set/main.tf +++ b/asset-account/terraform/stack-set/main.tf @@ -61,6 +61,7 @@ resource "aws_cloudformation_stack_instances" "this" { stack_set_name = aws_cloudformation_stack_set.this.name accounts = var.accounts + regions = [var.stack_instances_region] dynamic "deployment_targets" { for_each = var.deployment_targets[*] diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf index b32994d..24bb656 100644 --- a/asset-account/terraform/stack-set/variables.tf +++ b/asset-account/terraform/stack-set/variables.tf @@ -51,7 +51,7 @@ variable "deployment_targets" { ## Optional parameters ## ######################### -variable "region" { +variable "stack_instances_region" { description = <<-DESCR The AWS region where the Elastio Asset Account stack instances will be deployed. It is just a single region because this stack is deployed only once per AWS account. From 0fc2c2f6630f0194677365f2cd3276881b7d8192 Mon Sep 17 00:00:00 2001 From: Mykola Babinskyi Date: Fri, 21 Mar 2025 19:08:38 +0100 Subject: [PATCH 4/4] update git hook update git hook --- .githooks/pre-commit | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.githooks/pre-commit b/.githooks/pre-commit index 98253d7..1489b2b 100755 --- a/.githooks/pre-commit +++ b/.githooks/pre-commit @@ -46,6 +46,11 @@ if command_exists ./node_modules/.bin/prettier; then echo "$files" | xargs ./node_modules/.bin/prettier --ignore-unknown --write fi +if command_exists tflint; then + tflint --init + tflint --config "$(pwd)/.tflint.hcl" --color --recursive +fi + # Add the modified/prettified files to staging echo "$files" | xargs git add