Adds a handful of fixes + enhancements to the module (#6)

Co-authored-by: John C. Bland II <johncblandii@users.noreply.github.com> Co-authored-by: Dan Meyers <danjbh@users.noreply.github.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
cloudposse-archives · Jan 14, 2021 · 3062c72 · 3062c72
1 parent c856676
commit 3062c72
Show file tree

Hide file tree

Showing 22 changed files with 153 additions and 99 deletions.
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
@@ -9,7 +9,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: "Handle common commands"
-        uses: cloudposse/actions/github/slash-command-dispatch@0.16.0
+        uses: cloudposse/actions/github/slash-command-dispatch@0.23.0
         with:
           token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
           reaction-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
       - name: "Checkout commit"
         uses: actions/checkout@v2
       - name: "Run tests"
-        uses: cloudposse/actions/github/slash-command-dispatch@0.16.0
+        uses: cloudposse/actions/github/slash-command-dispatch@0.23.0
         with:
           token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
           reaction-token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,6 +4,6 @@ repos:
   hooks:
     - id: check-yaml
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.31.0
+  rev: v1.45.0
   hooks:
     - id: terraform_fmt
diff --git a/README.md b/README.md
@@ -1,6 +1,8 @@
+<!-- markdownlint-disable -->
 # terraform-tfe-cloud-infrastructure-automation
 
  [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-tfe-cloud-infrastructure-automation.svg)](https://github.com/cloudposse/terraform-tfe-cloud-infrastructure-automation/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) [![Discourse Forum](https://img.shields.io/discourse/https/ask.sweetops.com/posts.svg)](https://ask.sweetops.com/)
+<!-- markdownlint-restore -->
 
 [![README Header][readme_header_img]][readme_header_link]
 
@@ -66,8 +68,15 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 ## Usage
 
 
-**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
-Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-tfe-cloud-infrastructure-automation/releases).
+**IMPORTANT:** We do not pin modules to versions in our examples because of the
+difficulty of keeping the versions in the documentation in sync with the latest released versions.
+We highly recommend that in your code you pin the version to the exact version you are
+using so that your infrastructure remains stable, and update versions in a
+systematic way so that they do not catch you by surprise.
+
+Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
+the registry shows many of our inputs as required when in fact they are optional.
+The table below correctly indicates which inputs are required.
 
 
 Here's how to invoke this example module in your projects:
@@ -125,8 +134,9 @@ projects:
       terraform_version: 0.13.4
       # Controls the `auto_apply` setting within this workspace
       auto_apply: true
-      # Optional filename trigger to match (default is *.tf)
-      filename_trigger: "*.*"
+      # Optional filename triggers to match (default is *.tf)
+      filename_triggers:
+        - "*.*"
       # Add extra 'Run Triggers' to this workspace, beyond the parent workspace, which is created by default
       # These triggers mean this project workspace will be automatically planned if any of these workspaces are applied.
       triggers:
@@ -166,13 +176,13 @@ Available targets:
 | terraform | >= 0.13.0 |
 | local | >= 1.4 |
 | random | >= 2.2 |
-| tfe | >= 0.21.0 |
+| tfe | >= 0.23.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| tfe | >= 0.21.0 |
+| tfe | >= 0.23.0 |
 
 ## Inputs
 
@@ -310,7 +320,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyrights
 
-Copyright © 2020-2020 [Cloud Posse, LLC](https://cloudposse.com)
+Copyright © 2020-2021 [Cloud Posse, LLC](https://cloudposse.com)
 
 
 
@@ -369,8 +379,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 
 ### Contributors
 
+<!-- markdownlint-disable -->
 |  [![Erik Osterman][osterman_avatar]][osterman_homepage]<br/>[Erik Osterman][osterman_homepage] | [![Dan Meyers][danjbh_avatar]][danjbh_homepage]<br/>[Dan Meyers][danjbh_homepage] |
 |---|---|
+<!-- markdownlint-restore -->
 
   [osterman_homepage]: https://github.com/osterman
   [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png

diff --git a/README.yaml b/README.yaml
@@ -92,7 +92,7 @@ examples: |-
   - [`examples/complete`](https://github.com/cloudposse/terraform-tfe-cloud-infrastructure-automation/) - complete example of using this module
 
   We use YAML for the configuration files in order to separate configuration settings from business logic. It's also a portable format that can be used across multiple tools. Our convention is to name files by `$env-$stage.yaml` (e.g. `ue2-testing.yaml`), so for example an `$env` could be `ue2` (for `us-east-2`) and the `$stage` might be `testing`. Workspace names are derived from the `$env-$stage-$project`, which looks like  `ue2-testing-eks`.
-  
+
   ```yaml
   # Projects are all the top-level root modules
   projects:
@@ -115,8 +115,9 @@ examples: |-
         terraform_version: 0.13.4
         # Controls the `auto_apply` setting within this workspace
         auto_apply: true
-        # Optional filename trigger to match (default is *.tf)
-        filename_trigger: "*.*"
+        # Optional filename triggers to match (default is *.tf)
+        filename_triggers:
+          - "*.*"
         # Add extra 'Run Triggers' to this workspace, beyond the parent workspace, which is created by default
         # These triggers mean this project workspace will be automatically planned if any of these workspaces are applied.
         triggers:

diff --git a/context.tf b/context.tf
@@ -18,8 +18,10 @@
 # will be null, and `module.this.delimiter` will be `-` (hyphen).
 #
 
+
 module "this" {
-  source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2"
+  source  = "cloudposse/label/null"
+  version = "0.22.1" // requires Terraform >= 0.12.26
 
   enabled             = var.enabled
   namespace           = var.namespace

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -6,13 +6,13 @@
 | terraform | >= 0.13.0 |
 | local | >= 1.4 |
 | random | >= 2.2 |
-| tfe | >= 0.21.0 |
+| tfe | >= 0.23.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| tfe | >= 0.21.0 |
+| tfe | >= 0.23.0 |
 
 ## Inputs
 

diff --git a/examples/complete/config/ue2-testing.yaml b/examples/complete/config/ue2-testing.yaml
@@ -8,8 +8,9 @@ projects:
       workspace_enabled: true
       terraform_version: 0.13.4
       auto_apply: true
-      # Optional filename trigger to match (default is *.tf)
-      filename_trigger: "*.*"
+      # Optional filename triggers to match (default is *.tf)
+      filename_triggers:
+        - "*.*"
       triggers:
         - uw2-testing-example2
         - gbl-root-example1

diff --git a/examples/complete/context.tf b/examples/complete/context.tf
@@ -18,8 +18,10 @@
 # will be null, and `module.this.delimiter` will be `-` (hyphen).
 #
 
+
 module "this" {
-  source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2"
+  source  = "cloudposse/label/null"
+  version = "0.22.1" // requires Terraform >= 0.12.26
 
   enabled             = var.enabled
   namespace           = var.namespace

diff --git a/examples/complete/fixtures.tfvars → examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.tfvars → examples/complete/fixtures.us-east-2.tfvars
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -2,7 +2,7 @@
 provider "tfe" {
   hostname = var.tfe_hostname
   token    = var.tfe_token
-  version  = ">= 0.21.0"
+  version  = ">= 0.23.0"
 }
 
 module "example" {

diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -1,5 +1,14 @@
-output "example" {
-  description = "Outputs for the example module"
-  value       = module.example
+output "global_workspace" {
+  value       = module.example.global_workspace
+  description = "Configuration information for the global workspace."
 }
 
+output "environment_workspaces" {
+  value       = module.example.environment_workspaces
+  description = "A list of environment workspaces & their configurations."
+}
+
+output "project_workspaces" {
+  value       = module.example.project_workspaces
+  description = "A list of project workspaces & their configurations."
+}
diff --git a/main.tf b/main.tf
@@ -24,7 +24,7 @@ locals {
     }
   ]...)
 
-  custom_triggers = merge(flatten([
+  custom_triggers = merge({}, flatten([
     for k, v in local.projects : [
       for project, settings in v.terraform : {
         for trigger in(try(settings.triggers, null) != null ? settings.triggers : []) :
@@ -49,6 +49,7 @@ module "tfc_config" {
   trigger_prefixes      = [basename(local.config_file_path)]
   vcs_repo              = var.vcs_repo
   working_directory     = "${var.projects_path}/${var.tfc_project_path}"
+  execution_mode        = "remote"
 }
 
 # Create our 2nd-tier environment workspaces, as well as our 3rd-tier project workspaces
@@ -57,12 +58,13 @@ module "tfc_environment" {
 
   for_each = local.projects
 
-  config_name   = each.key
-  global_values = each.value.globals
-  projects      = local.projects[each.key].terraform
-  projects_path = var.projects_path
-  organization  = var.organization
-  vcs_repo      = var.vcs_repo
+  config_name       = each.key
+  global_values     = each.value.globals
+  terraform_version = var.terraform_version
+  projects          = local.projects[each.key].terraform
+  projects_path     = var.projects_path
+  organization      = var.organization
+  vcs_repo          = var.vcs_repo
 }
 
 # Generate our custom triggers based on configuration defined in YAML (at the project level)

diff --git a/modules/environment/main.tf b/modules/environment/main.tf
@@ -1,3 +1,7 @@
+locals {
+  default_execution_mode = "remote"
+}
+
 module "workspace" {
   source = "../workspaces"
 
@@ -7,6 +11,7 @@ module "workspace" {
   organization          = var.organization
   trigger_prefixes      = ["${var.config_directory}/${var.config_name}.yaml"]
   vcs_repo              = var.vcs_repo
+  execution_mode        = local.default_execution_mode
 }
 
 module "variables" {
@@ -30,9 +35,11 @@ module "projects" {
   project_values        = each.value.vars
   projects_path         = var.projects_path
   custom_project_folder = try(each.value.custom_project_folder, null)
+  execution_mode        = try(each.value.execution_mode, local.default_execution_mode)
   vcs_repo              = var.vcs_repo
-  terraform_version     = try(each.value.terraform_version, null)
+  vcs_branch_override   = try(each.value.vcs_branch_override, null)
+  terraform_version     = try(each.value.terraform_version, var.terraform_version)
   parent_workspace_id   = module.workspace.workspace.id
   auto_apply            = try(each.value.auto_apply, false)
-  filename_trigger      = try(each.value.filename_trigger, "*.tf")
-}
+  filename_triggers     = try(each.value.filename_triggers, [])
+}
diff --git a/modules/environment/variables.tf b/modules/environment/variables.tf
@@ -10,7 +10,7 @@ variable "config_directory" {
 }
 
 variable "global_values" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "The global values applied to all workspaces within the environment."
 }
@@ -32,6 +32,12 @@ variable "organization" {
   description = "Name of the organization."
 }
 
+variable "terraform_version" {
+  default     = null
+  type        = string
+  description = "The top level terraform_version that is used if not overriden by the project."
+}
+
 variable "vcs_repo" {
   description = "The VCS repository to configure."
   default = {

diff --git a/modules/project/main.tf b/modules/project/main.tf
@@ -1,5 +1,10 @@
 locals {
   project_folder = coalesce(var.custom_project_folder, var.project_name)
+
+  trigger_prefixes = [
+    for prefix in var.filename_triggers :
+    "${var.projects_path}/${local.project_folder}/${prefix}"
+  ]
 }
 
 module "workspace" {
@@ -11,10 +16,12 @@ module "workspace" {
   file_triggers_enabled = true
   name                  = "${var.environment}-${var.project_name}"
   organization          = var.organization
-  trigger_prefixes      = ["${var.projects_path}/${local.project_folder}/${var.filename_trigger}"]
+  trigger_prefixes      = local.trigger_prefixes
   vcs_repo              = var.vcs_repo
+  vcs_branch_override   = var.vcs_branch_override
   working_directory     = "${var.projects_path}/${local.project_folder}"
   terraform_version     = var.terraform_version
+  execution_mode        = var.execution_mode
 }
 
 module "variables" {

diff --git a/modules/project/variables.tf b/modules/project/variables.tf
@@ -21,15 +21,27 @@ variable "project_name" {
 }
 
 variable "project_values" {
-  type        = map
+  # NOTE: This is of type `any` to allow for a map of various, complex types.
+  # See issue #4 in this repository for full details.
+  type        = any
   description = "Map of project-level environment variables"
 }
 
 variable "global_values" {
-  type        = map
+  type        = map(any)
   description = "Map of project-level Terraform variables"
 }
 
+variable "execution_mode" {
+  type        = string
+  description = "Indicates whether the workspace is applied remotely, locally, or via agent."
+
+  validation {
+    condition     = contains(["remote", "local", "agent"], var.execution_mode)
+    error_message = "The execution_mode value must be either `remote`, `local`, or `agent`."
+  }
+}
+
 variable "organization" {
   type        = string
   description = "Name of the organization."
@@ -53,6 +65,12 @@ variable "vcs_repo" {
   type        = map(string)
 }
 
+variable "vcs_branch_override" {
+  description = "Use this to override the branch you want your workspace to plan / apply against."
+  default     = null
+  type        = string
+}
+
 variable "terraform_version" {
   type        = string
   description = "The version of Terraform to use for this workspace."
@@ -65,8 +83,8 @@ variable "auto_apply" {
   default     = false
 }
 
-variable "filename_trigger" {
-  type        = string
+variable "filename_triggers" {
+  type        = list(string)
   description = "Controls which file(s) will trigger workspace executions."
-  default     = "*.tf"
+  default     = []
 }
diff --git a/modules/variables/main.tf b/modules/variables/main.tf
@@ -1,11 +1,18 @@
+locals {
+  # We compute the values ahead of time to deal with ternary type conversion issues.
+  # The jsonencode / replaces below translate a JSON encoded string to proper HCL2
+  variables = merge(var.variables, {
+    for key, val in var.variables :
+    key => replace(replace(jsonencode(val), "/(\".*?\"):/", "$1 = "), "/= null/", "= \"\"") if var.hcl
+  })
+}
 resource "tfe_variable" "this" {
-  for_each = var.variables
+  for_each = local.variables
 
-  category  = var.category
-  hcl       = var.hcl
-  key       = var.category == "env" ? "TF_VAR_${each.key}" : each.key
-  sensitive = var.sensitive
-  # translate a JSON encoded string to proper HCL2
-  value        = var.hcl ? replace(replace(jsonencode(each.value), "/(\".*?\"):/", "$1 = "), "/= null/", "= \"\"") : jsonencode(each.value)
+  category     = var.category
+  hcl          = var.hcl
+  key          = var.category == "env" ? "TF_VAR_${each.key}" : each.key
+  sensitive    = var.sensitive
+  value        = each.value
   workspace_id = var.workspace_id
 }