fixed packer and plan build

JamesWoolfenden · May 24, 2021 · a32ad01 · a32ad01
1 parent e97c684
commit a32ad01
Show file tree

Hide file tree

Showing 23 changed files with 99 additions and 85 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @JamesWoolfenden
diff --git a/.github/workflows/compare.yml b/.github/workflows/compare.yml
@@ -7,7 +7,6 @@ on:
   workflow_dispatch:
 
 env:
-  terraform: 0.15.0
   tf_target_dir: example/examplea
   branch: master
 jobs:
@@ -21,11 +20,10 @@ jobs:
           token: ${{ github.token }}
       - name: tfsec
         run: |
-         pip3 install lastversion
-         now=$(lastversion tfsec/tfsec)
-         wget https://github.com/tfsec/tfsec/releases/download/v${now}/tfsec-linux-amd64
-         chmod +x tfsec-linux-amd64
-         ./tfsec-linux-amd64 ${{ env.tf_target_dir }} -f json --out tfsec.json
+          pip3 install lastversion
+          lastversion tfsec/tfsec --assets -d
+          chmod +x tfsec-linux-amd64
+          ./tfsec-linux-amd64 ${{ env.tf_target_dir }} -f json --out tfsec.json
         continue-on-error: true
       - name: store
         uses: actions/upload-artifact@v2
@@ -67,18 +65,20 @@ jobs:
       - name: install terrascan
         run: |
           pip3 install lastversion
-          now=$(lastversion accurics/terrascan)
-          curl --location https://github.com/accurics/terrascan/releases/download/v${now}/terrascan_${now}_Linux_x86_64.tar.gz --output terrascan.tar.gz
-          tar -xvf terrascan.tar.gz
+          lastversion accurics/terrascan --assets -d --verbose
+          tar -xvf terrascan*.tar.gz
+          chmod +x ./terrascan
       - name: run terrascan
-        run: ./terrascan scan -d  ${{ env.tf_target_dir }} -o json -x json >terrascan.json
+        run: |
+          ./terrascan init
+          ./terrascan scan -d  ${{ env.tf_target_dir }} -o json -x json | tee terrascan.json
         continue-on-error: true
       - name: store
         uses: actions/upload-artifact@v2
         with:
           name: terrascan
           path: terrascan.json
-          if-no-files-found: error
+          if-no-files-found: warn
   kics:
     runs-on: ubuntu-latest
     steps:
@@ -87,18 +87,20 @@ jobs:
         with:
           ref: ${{ env.branch }}
           token: ${{ github.token }}
-      - name: run kics Scan
-        uses: checkmarx/kics-action@v1.0
-        with:
-          path: ${{ env.tf_target_dir }}
-          output_path: "kics.json"
+      - name: install kics
+        run: |
+          pip3 install lastversion
+          lastversion Checkmarx/kics --assets -d --verbose
+          tar -xvf kics*.tar.gz
+      - name: run kics
+        run: ./kics scan -p  ${{ env.tf_target_dir }} -o kics.json --report-formats json
         continue-on-error: true
       - name: store
         uses: actions/upload-artifact@v2
         with:
           name: kics
           path: kics.json
-          if-no-files-found: error
+          if-no-files-found: warn
 
   upload:
     needs: [kics, terrascan, checkov, tfsec]

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -33,6 +33,28 @@ jobs:
           tf_actions_version: ${{ env.terraform }}
           tf_actions_subcommand: validate
           tf_actions_working_dir: ${{ env.tf_target_dir }}
+      - name: Terraform Plan
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: plan
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+        env:
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      - name: Bills
+        run: |
+          pip3 install lastversion
+          lastversion infracost --assets -d --verbose
+          mkdir $GITHUB_WORKSPACE/bin
+          tar -xvf infracost*.tar.gz --directory $GITHUB_WORKSPACE/bin
+          chmod +x $GITHUB_WORKSPACE/bin/infracost-linux-amd64
+          $GITHUB_WORKSPACE/bin/infracost-linux-amd64 breakdown --path ${{ env.tf_target_dir }} --usage-file ${{ env.tf_target_dir }}/infracost-usage.yml
+        env:
+          INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Do not change
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   security:
     runs-on: ubuntu-latest
     steps:
@@ -46,10 +68,9 @@ jobs:
           python-version: 3.8
       - run: |
           pip3 install lastversion
-          now=$(lastversion terraform-docs)
+          lastversion terraform-docs --assets -d --verbose
           mkdir $GITHUB_WORKSPACE/bin
-          curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v${now}/terraform-docs-v${now}-$(uname)-amd64.tar.gz -o terraform-docs.tar.gz
-          tar -xvf terraform-docs.tar.gz --directory $GITHUB_WORKSPACE/bin
+          tar -xvf terraform-docs*.tar.gz --directory $GITHUB_WORKSPACE/bin
           chmod +x $GITHUB_WORKSPACE/bin/terraform-docs
           echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
       - uses: pre-commit/action@v2.0.0
@@ -59,7 +80,6 @@ jobs:
     steps:
       - uses: actions/checkout@master
       - name: Bump version and push tag
-        if: ${{ !env.ACT }}
         uses: anothrNick/github-tag-action@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -29,6 +29,15 @@ jobs:
           tf_actions_version: ${{ env.terraform }}
           tf_actions_subcommand: validate
           tf_actions_working_dir: ${{ env.tf_target_dir }}
+      - name: Terraform Plan
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: ${{ env.terraform }}
+          tf_actions_subcommand: plan
+          tf_actions_working_dir: ${{ env.tf_target_dir }}
+        env:
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   security:
     runs-on: ubuntu-latest
     steps:
@@ -41,10 +50,28 @@ jobs:
           python-version: 3.8
       - run: |
           pip3 install lastversion
-          now=$(lastversion terraform-docs)
+          lastversion terraform-docs --assets -d --verbose
           mkdir $GITHUB_WORKSPACE/bin
-          curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v${now}/terraform-docs-v${now}-$(uname)-amd64.tar.gz -o terraform-docs.tar.gz
-          tar -xvf terraform-docs.tar.gz --directory $GITHUB_WORKSPACE/bin
+          tar -xvf terraform-docs*.tar.gz --directory $GITHUB_WORKSPACE/bin
           chmod +x $GITHUB_WORKSPACE/bin/terraform-docs
           echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
       - uses: pre-commit/action@v2.0.0
+  infracost:
+    runs-on: ubuntu-latest
+    name: Show infracost diff
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v2
+      - name: Run infracost diff
+        uses: infracost/infracost-gh-action@master # Use a specific version instead of master if locking is preferred
+        env:
+          INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Do not change
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          # See the cloud credentials section for the options
+        with:
+          entrypoint: /scripts/ci/diff.sh # Do not change
+          path: ${{ env.tf_target_dir }}
+          usage_file: ${{ env.tf_target_dir }}/infracost-usage.yml
+          #terraform_plan_flags: -var-file=my.tfvars
diff --git a/README.md b/README.md
@@ -37,7 +37,6 @@ module "cassandra" {
   source            = "JamesWoolfenden/cassandra/aws"
   version           = "0.3.1"
   instance_type     = var.instance_type
-  common_tags       = var.common_tags
   subnet_ids        = data.aws_subnet_ids.subs.ids
   #add the private ips
   private_ips       = []
@@ -113,7 +112,6 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_allowed_ranges"></a> [allowed\_ranges](#input\_allowed\_ranges) | Allowed ranges that can access the cluster | `list(any)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_ami"></a> [ami](#input\_ami) | Contains information to select desired AWS AMI | `any` | n/a | yes |
-| <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | Implements the common tags scheme | `map(string)` | n/a | yes |
 | <a name="input_config-file"></a> [config-file](#input\_config-file) | n/a | `string` | `"/etc/dse/cassandra/cassandra.yaml"` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | aws instance type and class | `string` | n/a | yes |
 | <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | List of ips for the cassandra nodes | `list(any)` | n/a | yes |

diff --git a/aws_instance.cassandra.tf b/aws_instance.cassandra.tf
@@ -1,4 +1,5 @@
 resource "aws_instance" "cassandra" {
+  # checkov:skip=CKV2_AWS_17: invalid check
   count         = length(var.private_ips)
   ami           = data.aws_ami.ami.id
   instance_type = var.instance_type
@@ -36,5 +37,4 @@ HERE
     http_tokens = "required"
   }
 
-  tags = var.common_tags
 }
diff --git a/aws_security_groups.cassandra.tf b/aws_security_groups.cassandra.tf
@@ -2,8 +2,6 @@ resource "aws_security_group" "cassandra" {
   name        = "Cassandra"
   description = "Terraform Cassandra security group"
 
-  tags = var.common_tags
-
   ingress {
     from_port   = 22
     to_port     = 22

diff --git a/example/examplea/examplea.auto.tfvars b/example/examplea/examplea.auto.tfvars
diff --git a/example/examplea/infracost-usage.yml b/example/examplea/infracost-usage.yml
@@ -0,0 +1,2 @@
+version: 0.1
+resource_usage: {}
diff --git a/example/examplea/locals.tf b/example/examplea/locals.tf
@@ -0,0 +1,7 @@
+
+locals {
+  ami = {
+    filter = ["cassandra-BASE-v*"]
+    owners = [data.aws_caller_identity.current.account_id]
+  }
+}
diff --git a/example/examplea/module.cassandra.tf b/example/examplea/module.cassandra.tf
@@ -1,7 +1,6 @@
 module "cassandra" {
   source        = "../../"
-  instance_type = var.instance_type
-  common_tags   = var.common_tags
+  instance_type = "t3.micro"
   subnet_ids    = data.aws_subnet_ids.subs.ids
   #add the private ips
   private_ips       = []

diff --git a/example/examplea/provider.aws.tf b/example/examplea/provider.aws.tf
@@ -1,5 +1,12 @@
 provider "aws" {
-  region = "eu-west-1"
+  region = "eu-west-2"
+  default_tags {
+    tags = {
+      createdby = "terraform"
+      module    = "terraform-aws-vpc"
+      owner     = "James Woolfenden"
+    }
+  }
 }
 
 provider "tls" {

diff --git a/example/examplea/terraform.tf b/example/examplea/terraform.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      version = "3.35.0"
+      version = "3.39.0"
       source  = "hashicorp/aws"
     }
 

diff --git a/example/examplea/variables.tf b/example/examplea/variables.tf
diff --git a/example/exampleb/examplea.auto.tfvars b/example/exampleb/examplea.auto.tfvars
@@ -1,5 +1 @@
 instance_type = "t3.micro"
-
-common_tags = {
-  "name" = "cassandra"
-"Environment" = "Development" }
diff --git a/example/exampleb/module.cassandra.tf b/example/exampleb/module.cassandra.tf
@@ -1,7 +1,6 @@
 module "cassandra" {
   source        = "../../"
   instance_type = var.instance_type
-  common_tags   = var.common_tags
   subnet_ids    = data.aws_subnet_ids.private.ids
   vpc_id        = tolist(data.aws_vpcs.main.ids)[0]
   providers = {

diff --git a/example/exampleb/variables.tf b/example/exampleb/variables.tf
@@ -7,7 +7,3 @@ variable "instance_type" {
   type        = string
   description = "AWS instance type"
 }
-
-variable "common_tags" {
-  type = map(any)
-}
diff --git a/example/local/examplea.auto.tfvars b/example/local/examplea.auto.tfvars
@@ -1,5 +1,2 @@
 instance_type = "t3.micro"
 private_ips   = ["172.31.0.5", "172.31.0.6", "172.31.0.7", "172.31.0.8", "172.31.0.9"]
-common_tags = {
-  "name" = "cassandra"
-"Environment" = "Development" }
diff --git a/example/local/module.cassandra.tf b/example/local/module.cassandra.tf
@@ -1,7 +1,6 @@
 module "cassandra" {
   source            = "../../"
   instance_type     = var.instance_type
-  common_tags       = var.common_tags
   subnet_ids        = concat(tolist(data.aws_subnet_ids.subs.ids), tolist(data.aws_subnet_ids.subs.ids))
   private_ips       = var.private_ips
   allowed_ranges    = [module.myip.cidr]

diff --git a/example/local/variables.tf b/example/local/variables.tf
@@ -8,10 +8,6 @@ variable "instance_type" {
   description = "AWS instance type"
 }
 
-variable "common_tags" {
-  type = map(any)
-}
-
 variable "private_ips" {
   type = list(any)
 }

diff --git a/packer/apache-cassandra/amazon-ebs.cassandra.pkr.hcl b/packer/apache-cassandra/amazon-ebs.cassandra.pkr.hcl
@@ -6,7 +6,7 @@ source "amazon-ebs" "cassandra" {
       associate_public_ip_address= var.associate_public_ip_address
       instance_type  = var.instance_type
       region         = var.region
-      run_tags {
+      run_tags ={
         Name= "amazon-cassandra-packer"
         Application= "cassandra"
       }
@@ -17,7 +17,7 @@ source "amazon-ebs" "cassandra" {
       subnet_id=var.subnet_id
 
       source_ami_filter {
-        filters {
+        filters ={
           virtualization-type= "hvm"
           name= "amzn2-ami-hvm-*-x86_64-ebs"
           root-device-type= "ebs"
@@ -30,7 +30,7 @@ source "amazon-ebs" "cassandra" {
 
       vpc_id=var.vpc_id
 
-      tags {
+      tags= {
         OS_Version  = "Amazon 2 linux"
         Version     = var.BUILD_NUMBER
         Application = "Cassandra Image"

diff --git a/packer/apache-cassandra/build.pkr.hcl b/packer/apache-cassandra/build.pkr.hcl
@@ -4,8 +4,7 @@ sources=[
   ]
 
   provisioner "shell" {
-     scripts=[
-       "{{ template_dir }}install-cassandra.sh"
-       ]
+     script="${path.root}/install-cassandra.sh"
+  timeout      = "10s"
     }
 }
diff --git a/variables.tf b/variables.tf
@@ -4,10 +4,6 @@ variable "instance_type" {
   type        = string
 }
 
-variable "common_tags" {
-  description = "Implements the common tags scheme"
-  type        = map(string)
-}
 
 variable "allowed_ranges" {
   description = "Allowed ranges that can access the cluster"