Merge pull request #18 from samstav/0.12upgrade-part2

stavxyz · web-flow · commit 1a89eb6415a5 · 2019-11-22T20:19:01.000-06:00
0.12 upgrade
diff --git a/main.tf b/main.tf
@@ -29,57 +29,53 @@
  *
  */
 
-terraform {
-  required_version = ">= 0.9.0"
+data "aws_caller_identity" "current" {
 }
 
-data "aws_caller_identity" "current" {}
-
 resource "aws_dynamodb_table" "tf_backend_state_lock_table" {
-  count = "${var.dynamodb_lock_table_enabled ? 1 : 0}"
-  name           = "${var.dynamodb_lock_table_name}"
-  read_capacity  = "${var.lock_table_read_capacity}"
-  write_capacity = "${var.lock_table_write_capacity}"
-  hash_key       = "LockID"
-  stream_enabled = "${var.dynamodb_lock_table_stream_enabled}"
-  stream_view_type = "${var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""}"
+  count            = var.dynamodb_lock_table_enabled ? 1 : 0
+  name             = var.dynamodb_lock_table_name
+  read_capacity    = var.lock_table_read_capacity
+  write_capacity   = var.lock_table_write_capacity
+  hash_key         = "LockID"
+  stream_enabled   = var.dynamodb_lock_table_stream_enabled
+  stream_view_type = var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""
 
   attribute {
     name = "LockID"
     type = "S"
   }
-  tags {
-    Description = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."
+  tags = {
+    Description        = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
 
   lifecycle {
     prevent_destroy = true
   }
-
 }
 
 resource "aws_s3_bucket" "tf_backend_bucket" {
-  bucket = "${var.backend_bucket}"
-  acl = "private"
+  bucket = var.backend_bucket
+  acl    = "private"
   versioning {
     enabled = true
   }
   logging {
-    target_bucket = "${aws_s3_bucket.tf_backend_logs_bucket.id}"
+    target_bucket = aws_s3_bucket.tf_backend_logs_bucket.id
     target_prefix = "log/"
   }
-  tags {
-    Description = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."
+  tags = {
+    Description        = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
   server_side_encryption_configuration {
     rule {
       apply_server_side_encryption_by_default {
-        kms_master_key_id = "${var.kms_key_id}"
-        sse_algorithm     = "${var.kms_key_id == "" ? "AES256" : "aws:kms"}"
+        kms_master_key_id = var.kms_key_id
+        sse_algorithm     = var.kms_key_id == "" ? "AES256" : "aws:kms"
       }
     }
   }
@@ -90,68 +86,68 @@ resource "aws_s3_bucket" "tf_backend_bucket" {
 
 data "aws_iam_policy_document" "tf_backend_bucket_policy" {
   statement {
-    sid = "RequireEncryptedTransport"
+    sid    = "RequireEncryptedTransport"
     effect = "Deny"
     actions = [
       "s3:*",
     ]
     resources = [
-      "${aws_s3_bucket.tf_backend_bucket.arn}/*"
+      "${aws_s3_bucket.tf_backend_bucket.arn}/*",
     ]
     condition {
-      test = "Bool"
+      test     = "Bool"
       variable = "aws:SecureTransport"
       values = [
         false,
       ]
     }
     principals {
-      type = "*"
+      type        = "*"
       identifiers = ["*"]
     }
   }
 
   statement {
-    sid = "RequireEncryptedStorage"
+    sid    = "RequireEncryptedStorage"
     effect = "Deny"
     actions = [
       "s3:PutObject",
     ]
     resources = [
-      "${aws_s3_bucket.tf_backend_bucket.arn}/*"
+      "${aws_s3_bucket.tf_backend_bucket.arn}/*",
     ]
     condition {
-      test = "StringNotEquals"
+      test     = "StringNotEquals"
       variable = "s3:x-amz-server-side-encryption"
       values = [
-        "${var.kms_key_id == "" ? "AES256" : "aws:kms" }"
+        var.kms_key_id == "" ? "AES256" : "aws:kms",
       ]
     }
     principals {
-      type = "*"
+      type        = "*"
       identifiers = ["*"]
     }
   }
 }
 
-
 resource "aws_s3_bucket_policy" "tf_backend_bucket_policy" {
-  bucket = "${aws_s3_bucket.tf_backend_bucket.id}"
-  policy = "${data.aws_iam_policy_document.tf_backend_bucket_policy.json}"
+  bucket = aws_s3_bucket.tf_backend_bucket.id
+  policy = data.aws_iam_policy_document.tf_backend_bucket_policy.json
 }
 
 resource "aws_s3_bucket" "tf_backend_logs_bucket" {
   bucket = "${var.backend_bucket}-logs"
-  acl = "log-delivery-write"
+  acl    = "log-delivery-write"
   versioning {
     enabled = true
   }
-  tags {
-    Purpose = "Logging bucket for ${var.backend_bucket}"
+  tags = {
+    Purpose            = "Logging bucket for ${var.backend_bucket}"
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
   lifecycle {
     prevent_destroy = true
   }
 }
+
diff --git a/outputs.tf b/outputs.tf
@@ -12,21 +12,26 @@
  */
 
 output "s3_backend_bucket_name" {
-  value = "${ join("", aws_s3_bucket.tf_backend_bucket.*.id, aws_s3_bucket.tf_backend_bucket.*.id)}"
+  value = join(
+    "",
+    aws_s3_bucket.tf_backend_bucket.*.id,
+    aws_s3_bucket.tf_backend_bucket.*.id,
+  )
 }
 
 output "dynamodb_lock_table_name" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.id}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.id
 }
 
 output "dynamodb_lock_table_arn" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.arn}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.arn
 }
 
 output "dynamodb_lock_stream_arn" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn
 }
 
 output "dynamodb_lock_stream_label" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label
 }
+
diff --git a/variables.tf b/variables.tf
@@ -1,12 +1,15 @@
-variable "backend_bucket" {}
+variable "backend_bucket" {
+}
 
 variable "dynamodb_lock_table_enabled" {
-  default = 1
+  type        = bool
+  default     = true
   description = "Affects terraform-aws-backend module behavior. Set to false or 0 to prevent this module from creating the DynamoDB table to use for terraform state locking and consistency. More info on locking for aws/s3 backends: https://www.terraform.io/docs/backends/types/s3.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"
 }
 
 variable "dynamodb_lock_table_stream_enabled" {
-  default = 0
+  type        = bool
+  default     = false
   description = "Affects terraform-aws-backend module behavior. Set to false or 0 to disable DynamoDB Streams for the table. More info on DynamoDB streams: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"
 }
 
@@ -19,15 +22,18 @@ variable "dynamodb_lock_table_name" {
 }
 
 variable "lock_table_read_capacity" {
+  type    = number
   default = 1
 }
 
 variable "lock_table_write_capacity" {
+  type    = number
   default = 1
 }
 
 variable "kms_key_id" {
   # Default to absent/blank to use the default aws/s3 aws kms master key
-  default = ""
+  default     = ""
   description = "The AWS KMS master key ID used for the SSE-KMS encryption on the tf state s3 bucket. If the kms_key_id is specified, the bucket default encryption key management method will be set to aws-kms. If the kms_key_id is not specified (the default), then the default encryption key management method will be set to aes-256 (also known as aws-s3 key management). The default aws/s3 AWS KMS master key is used if this element is absent (the default)."
 }
+
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

Original file line number	Diff line number	Diff line change
`@@ -29,57 +29,53 @@`
`29`	`29`	`*`
`30`	`30`	`*/`
`31`	`31`
`32`		`-terraform {`
`33`		`- required_version = ">= 0.9.0"`
	`32`	`+data "aws_caller_identity" "current" {`
`34`	`33`	`}`
`35`	`34`
`36`		`-data "aws_caller_identity" "current" {}`
`37`		`-`
`38`	`35`	`resource "aws_dynamodb_table" "tf_backend_state_lock_table" {`
`39`		`- count = "${var.dynamodb_lock_table_enabled ? 1 : 0}"`
`40`		`- name = "${var.dynamodb_lock_table_name}"`
`41`		`- read_capacity = "${var.lock_table_read_capacity}"`
`42`		`- write_capacity = "${var.lock_table_write_capacity}"`
`43`		`- hash_key = "LockID"`
`44`		`- stream_enabled = "${var.dynamodb_lock_table_stream_enabled}"`
`45`		`- stream_view_type = "${var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""}"`
	`36`	`+ count = var.dynamodb_lock_table_enabled ? 1 : 0`
	`37`	`+ name = var.dynamodb_lock_table_name`
	`38`	`+ read_capacity = var.lock_table_read_capacity`
	`39`	`+ write_capacity = var.lock_table_write_capacity`
	`40`	`+ hash_key = "LockID"`
	`41`	`+ stream_enabled = var.dynamodb_lock_table_stream_enabled`
	`42`	`+ stream_view_type = var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""`
`46`	`43`
`47`	`44`	`attribute {`
`48`	`45`	`name = "LockID"`
`49`	`46`	`type = "S"`
`50`	`47`	`}`
`51`		`- tags {`
`52`		`- Description = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."`
	`48`	`+ tags = {`
	`49`	`+ Description = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."`
`53`	`50`	`ManagedByTerraform = "true"`
`54`		`- TerraformModule = "terraform-aws-backend"`
	`51`	`+ TerraformModule = "terraform-aws-backend"`
`55`	`52`	`}`
`56`	`53`
`57`	`54`	`lifecycle {`
`58`	`55`	`prevent_destroy = true`
`59`	`56`	`}`
`60`		`-`
`61`	`57`	`}`
`62`	`58`
`63`	`59`	`resource "aws_s3_bucket" "tf_backend_bucket" {`
`64`		`- bucket = "${var.backend_bucket}"`
`65`		`- acl = "private"`
	`60`	`+ bucket = var.backend_bucket`
	`61`	`+ acl = "private"`
`66`	`62`	`versioning {`
`67`	`63`	`enabled = true`
`68`	`64`	`}`
`69`	`65`	`logging {`
`70`		`- target_bucket = "${aws_s3_bucket.tf_backend_logs_bucket.id}"`
	`66`	`+ target_bucket = aws_s3_bucket.tf_backend_logs_bucket.id`
`71`	`67`	`target_prefix = "log/"`
`72`	`68`	`}`
`73`		`- tags {`
`74`		`- Description = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."`
	`69`	`+ tags = {`
	`70`	`+ Description = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."`
`75`	`71`	`ManagedByTerraform = "true"`
`76`		`- TerraformModule = "terraform-aws-backend"`
	`72`	`+ TerraformModule = "terraform-aws-backend"`
`77`	`73`	`}`
`78`	`74`	`server_side_encryption_configuration {`
`79`	`75`	`rule {`
`80`	`76`	`apply_server_side_encryption_by_default {`
`81`		`- kms_master_key_id = "${var.kms_key_id}"`
`82`		`- sse_algorithm = "${var.kms_key_id == "" ? "AES256" : "aws:kms"}"`
	`77`	`+ kms_master_key_id = var.kms_key_id`
	`78`	`+ sse_algorithm = var.kms_key_id == "" ? "AES256" : "aws:kms"`
`83`	`79`	`}`
`84`	`80`	`}`
`85`	`81`	`}`
`@@ -90,68 +86,68 @@ resource "aws_s3_bucket" "tf_backend_bucket" {`
`90`	`86`
`91`	`87`	`data "aws_iam_policy_document" "tf_backend_bucket_policy" {`
`92`	`88`	`statement {`
`93`		`- sid = "RequireEncryptedTransport"`
	`89`	`+ sid = "RequireEncryptedTransport"`
`94`	`90`	`effect = "Deny"`
`95`	`91`	`actions = [`
`96`	`92`	`"s3:*",`
`97`	`93`	`]`
`98`	`94`	`resources = [`
`99`		`- "${aws_s3_bucket.tf_backend_bucket.arn}/*"`
	`95`	`+ "${aws_s3_bucket.tf_backend_bucket.arn}/*",`
`100`	`96`	`]`
`101`	`97`	`condition {`
`102`		`- test = "Bool"`
	`98`	`+ test = "Bool"`
`103`	`99`	`variable = "aws:SecureTransport"`
`104`	`100`	`values = [`
`105`	`101`	`false,`
`106`	`102`	`]`
`107`	`103`	`}`
`108`	`104`	`principals {`
`109`		`- type = "*"`
	`105`	`+ type = "*"`
`110`	`106`	`identifiers = ["*"]`
`111`	`107`	`}`
`112`	`108`	`}`
`113`	`109`
`114`	`110`	`statement {`
`115`		`- sid = "RequireEncryptedStorage"`
	`111`	`+ sid = "RequireEncryptedStorage"`
`116`	`112`	`effect = "Deny"`
`117`	`113`	`actions = [`
`118`	`114`	`"s3:PutObject",`
`119`	`115`	`]`
`120`	`116`	`resources = [`
`121`		`- "${aws_s3_bucket.tf_backend_bucket.arn}/*"`
	`117`	`+ "${aws_s3_bucket.tf_backend_bucket.arn}/*",`
`122`	`118`	`]`
`123`	`119`	`condition {`
`124`		`- test = "StringNotEquals"`
	`120`	`+ test = "StringNotEquals"`
`125`	`121`	`variable = "s3:x-amz-server-side-encryption"`
`126`	`122`	`values = [`
`127`		`- "${var.kms_key_id == "" ? "AES256" : "aws:kms" }"`
	`123`	`+ var.kms_key_id == "" ? "AES256" : "aws:kms",`
`128`	`124`	`]`
`129`	`125`	`}`
`130`	`126`	`principals {`
`131`		`- type = "*"`
	`127`	`+ type = "*"`
`132`	`128`	`identifiers = ["*"]`
`133`	`129`	`}`
`134`	`130`	`}`
`135`	`131`	`}`
`136`	`132`
`137`		`-`
`138`	`133`	`resource "aws_s3_bucket_policy" "tf_backend_bucket_policy" {`
`139`		`- bucket = "${aws_s3_bucket.tf_backend_bucket.id}"`
`140`		`- policy = "${data.aws_iam_policy_document.tf_backend_bucket_policy.json}"`
	`134`	`+ bucket = aws_s3_bucket.tf_backend_bucket.id`
	`135`	`+ policy = data.aws_iam_policy_document.tf_backend_bucket_policy.json`
`141`	`136`	`}`
`142`	`137`
`143`	`138`	`resource "aws_s3_bucket" "tf_backend_logs_bucket" {`
`144`	`139`	`bucket = "${var.backend_bucket}-logs"`
`145`		`- acl = "log-delivery-write"`
	`140`	`+ acl = "log-delivery-write"`
`146`	`141`	`versioning {`
`147`	`142`	`enabled = true`
`148`	`143`	`}`
`149`		`- tags {`
`150`		`- Purpose = "Logging bucket for ${var.backend_bucket}"`
	`144`	`+ tags = {`
	`145`	`+ Purpose = "Logging bucket for ${var.backend_bucket}"`
`151`	`146`	`ManagedByTerraform = "true"`
`152`		`- TerraformModule = "terraform-aws-backend"`
	`147`	`+ TerraformModule = "terraform-aws-backend"`
`153`	`148`	`}`
`154`	`149`	`lifecycle {`
`155`	`150`	`prevent_destroy = true`
`156`	`151`	`}`
`157`	`152`	`}`
	`153`	`+`
Original file line number	Diff line number	Diff line change
`@@ -12,21 +12,26 @@`
`12`	`12`	`*/`
`13`	`13`
`14`	`14`	`output "s3_backend_bucket_name" {`
`15`		`- value = "${ join("", aws_s3_bucket.tf_backend_bucket..id, aws_s3_bucket.tf_backend_bucket..id)}"`
	`15`	`+ value = join(`
	`16`	`+ "",`
	`17`	`+ aws_s3_bucket.tf_backend_bucket.*.id,`
	`18`	`+ aws_s3_bucket.tf_backend_bucket.*.id,`
	`19`	`+ )`
`16`	`20`	`}`
`17`	`21`
`18`	`22`	`output "dynamodb_lock_table_name" {`
`19`		`- value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.id}"`
	`23`	`+ value = aws_dynamodb_table.tf_backend_state_lock_table.*.id`
`20`	`24`	`}`
`21`	`25`
`22`	`26`	`output "dynamodb_lock_table_arn" {`
`23`		`- value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.arn}"`
	`27`	`+ value = aws_dynamodb_table.tf_backend_state_lock_table.*.arn`
`24`	`28`	`}`
`25`	`29`
`26`	`30`	`output "dynamodb_lock_stream_arn" {`
`27`		`- value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn}"`
	`31`	`+ value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn`
`28`	`32`	`}`
`29`	`33`
`30`	`34`	`output "dynamodb_lock_stream_label" {`
`31`		`- value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label}"`
	`35`	`+ value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label`
`32`	`36`	`}`
	`37`	`+`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,15 @@`
`1`		`-variable "backend_bucket" {}`
	`1`	`+variable "backend_bucket" {`
	`2`	`+}`
`2`	`3`
`3`	`4`	`variable "dynamodb_lock_table_enabled" {`
`4`		`- default = 1`
	`5`	`+ type = bool`
	`6`	`+ default = true`
`5`	`7`	`description = "Affects terraform-aws-backend module behavior. Set to false or 0 to prevent this module from creating the DynamoDB table to use for terraform state locking and consistency. More info on locking for aws/s3 backends: https://www.terraform.io/docs/backends/types/s3.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"`
`6`	`8`	`}`
`7`	`9`
`8`	`10`	`variable "dynamodb_lock_table_stream_enabled" {`
`9`		`- default = 0`
	`11`	`+ type = bool`
	`12`	`+ default = false`
`10`	`13`	`description = "Affects terraform-aws-backend module behavior. Set to false or 0 to disable DynamoDB Streams for the table. More info on DynamoDB streams: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"`
`11`	`14`	`}`
`12`	`15`
`@@ -19,15 +22,18 @@ variable "dynamodb_lock_table_name" {`
`19`	`22`	`}`
`20`	`23`
`21`	`24`	`variable "lock_table_read_capacity" {`
	`25`	`+ type = number`
`22`	`26`	`default = 1`
`23`	`27`	`}`
`24`	`28`
`25`	`29`	`variable "lock_table_write_capacity" {`
	`30`	`+ type = number`
`26`	`31`	`default = 1`
`27`	`32`	`}`
`28`	`33`
`29`	`34`	`variable "kms_key_id" {`
`30`	`35`	`# Default to absent/blank to use the default aws/s3 aws kms master key`
`31`		`- default = ""`
	`36`	`+ default = ""`
`32`	`37`	`description = "The AWS KMS master key ID used for the SSE-KMS encryption on the tf state s3 bucket. If the kms_key_id is specified, the bucket default encryption key management method will be set to aws-kms. If the kms_key_id is not specified (the default), then the default encryption key management method will be set to aes-256 (also known as aws-s3 key management). The default aws/s3 AWS KMS master key is used if this element is absent (the default)."`
`33`	`38`	`}`
	`39`	`+`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +terraform {
 +  required_version = ">= 0.12"
 +}