diff --git a/.github/release.yml b/.github/release.yml
index c6d9cb1..421c43d 100644
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -10,8 +10,8 @@ changelog:
labels:
- dependencies
- - title: 🔩 Dependencies
+ - title: 🔩 Dependencies
labels:
- dependencies
-# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
\ No newline at end of file
+# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
diff --git a/.gitignore b/.gitignore
index a543f04..4af90a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,9 +18,6 @@ crash.log
# be included in version control.
local.tfvars
-# Provider.tf is used for local development of modules and shouldn't be added to repos.
-provider.tf
-
# Ignore override files as they are usually used to override ressources locally
override.tf
override.tf.json
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 05e7141..a422cc7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
- id: check-symlinks
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.1
+ rev: v1.96.2
hooks:
- id: terraform_fmt
@@ -29,9 +29,11 @@ repos:
- id: terraform_docs
- repo: https://github.com/bridgecrewio/checkov.git
- rev: 3.2.257
+ rev: 3.2.296
hooks:
- id: checkov
verbose: true
args:
+ - --skip-check
+ - "CKV_TF_1"
- --quiet
diff --git a/regional/README.md b/regional/README.md
index 5da9e41..ce4bb81 100644
--- a/regional/README.md
+++ b/regional/README.md
@@ -11,11 +11,13 @@ No requirements.
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | 2.16.0 |
+| [helm](#provider\_helm) | 2.16.1 |
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
## Resources
diff --git a/regional/helm/cert-manager.yml b/regional/helm/cert-manager.yml
index a5b7061..36a485f 100644
--- a/regional/helm/cert-manager.yml
+++ b/regional/helm/cert-manager.yml
@@ -1,6 +1,6 @@
+crds:
+ enabled: true
+
global:
commonLabels:
tags.datadoghq.com/source: cert-manager
-
-crds:
- enabled: true
diff --git a/regional/helpers.tf b/regional/helpers.tf
new file mode 120000
index 0000000..404585d
--- /dev/null
+++ b/regional/helpers.tf
@@ -0,0 +1 @@
+../shared/helpers.tf
\ No newline at end of file
diff --git a/regional/istio-csr/README.md b/regional/istio-csr/README.md
index d2f44eb..a4cdff3 100644
--- a/regional/istio-csr/README.md
+++ b/regional/istio-csr/README.md
@@ -11,12 +11,14 @@ No requirements.
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | 2.16.0 |
+| [helm](#provider\_helm) | 2.16.1 |
| [kubernetes](#provider\_kubernetes) | 2.33.0 |
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
## Resources
diff --git a/regional/istio-csr/helpers.tf b/regional/istio-csr/helpers.tf
new file mode 120000
index 0000000..4be5464
--- /dev/null
+++ b/regional/istio-csr/helpers.tf
@@ -0,0 +1 @@
+../../shared/helpers.tf
\ No newline at end of file
diff --git a/regional/istio-csr/locals.tf b/regional/istio-csr/locals.tf
index 28a2e2e..d78dbe6 100644
--- a/regional/istio-csr/locals.tf
+++ b/regional/istio-csr/locals.tf
@@ -2,45 +2,15 @@
# https://www.terraform.io/docs/language/values/locals.html
locals {
- cluster_id = local.zone != null ? "${var.cluster_prefix}-${local.region}-${local.zone}-${local.env}" : "${var.cluster_prefix}-${local.region}-${local.env}"
- env = lookup(local.env_map, local.environment, "none")
-
- environment = (
- terraform.workspace == "default" ?
- "mock-environment" :
- regex(".*-(?P[^-]+)$", terraform.workspace)["environment"]
- )
-
- env_map = {
- "non-production" = "nonprod"
- "production" = "prod"
- "sandbox" = "sb"
- }
+ cluster_id = module.helpers.zone != null ? "${var.cluster_prefix}-${module.helpers.region}-${module.helpers.zone}-${module.helpers.env}" : "${var.cluster_prefix}-${module.helpers.region}-${module.helpers.env}"
helm_values = {
"app.server.clusterID" = local.cluster_id
- "podLabels.tags\\.datadoghq\\.com/env" = local.environment
+ "podLabels.tags\\.datadoghq\\.com/env" = module.helpers.environment
"podLabels.tags\\.datadoghq\\.com/version" = var.cert_manager_istio_csr_version
"resources.limits.cpu" = var.resources_limits_cpu
"resources.limits.memory" = var.resources_limits_memory
"resources.requests.cpu" = var.resources_requests_cpu
"resources.requests.memory" = var.resources_requests_memory
}
-
- region = (
- terraform.workspace == "default" ?
- "mock-region" :
- regex("^(?P[^-]+-[^-]+)", terraform.workspace)["region"]
- )
-
-
- zone = (
- terraform.workspace == "default" ?
- "mock-zone" :
- (
- regex("^(?P[^-]+-[^-]+)(?:-(?P[^-]+))?-.*$", terraform.workspace)["zone"] != "" ?
- regex("^(?P[^-]+-[^-]+)(?:-(?P[^-]+))?-.*$", terraform.workspace)["zone"] :
- null
- )
- )
}
diff --git a/regional/locals.tf b/regional/locals.tf
index 6276431..aa24584 100644
--- a/regional/locals.tf
+++ b/regional/locals.tf
@@ -2,20 +2,6 @@
# https://www.terraform.io/docs/language/values/locals.html
locals {
- env = lookup(local.env_map, local.environment, "none")
-
- environment = (
- terraform.workspace == "default" ?
- "mock-environment" :
- regex(".*-(?P[^-]+)$", terraform.workspace)["environment"]
- )
-
- env_map = {
- "non-production" = "nonprod"
- "production" = "prod"
- "sandbox" = "sb"
- }
-
helm_values = {
"cainjector.podLabels.tags\\.datadoghq\\.com/service" = "cert-manager-cainjector"
"cainjector.resources.limits.cpu" = var.cain_injector_resources_limits_cpu
@@ -23,7 +9,7 @@ locals {
"cainjector.resources.requests.cpu" = var.cain_injector_resources_requests_cpu
"cainjector.resources.requests.memory" = var.cain_injector_resources_requests_memory
"cainjector.replicaCount" = var.cain_injector_replicas
- "global.commonLabels.tags\\.datadoghq\\.com/env" = local.environment
+ "global.commonLabels.tags\\.datadoghq\\.com/env" = module.helpers.environment
"global.commonLabels.tags\\.datadoghq\\.com/version" = var.cert_manager_version
"podLabels.tags\\.datadoghq\\.com/service" = "cert-manager"
"resources.limits.cpu" = var.resources_limits_cpu
diff --git a/shared/helpers.tf b/shared/helpers.tf
new file mode 100644
index 0000000..c14ea27
--- /dev/null
+++ b/shared/helpers.tf
@@ -0,0 +1,6 @@
+# Terraform Core Child Module Helpers (osinfra.io)
+# https://github.com/osinfra-io/terraform-core-helpers
+
+module "helpers" {
+ source = "github.com/osinfra-io/terraform-core-helpers//child?ref=v0.1.2"
+}
diff --git a/tests/fixtures/default/regional/istio-csr/locals.tf b/tests/fixtures/default/regional/istio-csr/locals.tf
deleted file mode 100644
index a36772c..0000000
--- a/tests/fixtures/default/regional/istio-csr/locals.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Local Values
-# https://www.terraform.io/language/values/locals
-
-locals {
- regional = data.terraform_remote_state.regional.outputs
-}
diff --git a/tests/fixtures/default/regional/istio-csr/main.tf b/tests/fixtures/default/regional/istio-csr/main.tf
index f6d425b..db3c28d 100644
--- a/tests/fixtures/default/regional/istio-csr/main.tf
+++ b/tests/fixtures/default/regional/istio-csr/main.tf
@@ -15,51 +15,6 @@ terraform {
}
}
-# Helm Provider
-# https://registry.terraform.io/providers/hashicorp/helm/latest
-
-provider "helm" {
- kubernetes {
-
- cluster_ca_certificate = base64decode(
- local.regional.cluster_ca_certificate
- )
-
- host = local.regional.cluster_endpoint
- token = data.google_client_config.current.access_token
- }
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
- cluster_ca_certificate = base64decode(
- local.regional.cluster_ca_certificate
- )
-
- host = "https://${local.regional.cluster_endpoint}"
- token = data.google_client_config.current.access_token
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
-# Remote State Data Source
-# https://www.terraform.io/language/state/remote-state-data
-
-data "terraform_remote_state" "regional" {
- backend = "gcs"
- workspace = "mock-workspace"
-
- config = {
- bucket = "mock-bucket"
- }
-}
-
module "test" {
source = "../../../../../regional/istio-csr"
diff --git a/tests/fixtures/default/regional/locals.tf b/tests/fixtures/default/regional/locals.tf
deleted file mode 100644
index a36772c..0000000
--- a/tests/fixtures/default/regional/locals.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Local Values
-# https://www.terraform.io/language/values/locals
-
-locals {
- regional = data.terraform_remote_state.regional.outputs
-}
diff --git a/tests/fixtures/default/regional/main.tf b/tests/fixtures/default/regional/main.tf
index 0a91843..40f1a84 100644
--- a/tests/fixtures/default/regional/main.tf
+++ b/tests/fixtures/default/regional/main.tf
@@ -15,51 +15,6 @@ terraform {
}
}
-# Helm Provider
-# https://registry.terraform.io/providers/hashicorp/helm/latest
-
-provider "helm" {
- kubernetes {
-
- cluster_ca_certificate = base64decode(
- local.regional.cluster_ca_certificate
- )
-
- host = local.regional.cluster_endpoint
- token = data.google_client_config.current.access_token
- }
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
- cluster_ca_certificate = base64decode(
- local.regional.cluster_ca_certificate
- )
-
- host = "https://${local.regional.cluster_endpoint}"
- token = data.google_client_config.current.access_token
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
-# Remote State Data Source
-# https://www.terraform.io/language/state/remote-state-data
-
-data "terraform_remote_state" "regional" {
- backend = "gcs"
- workspace = "mock-workspace"
-
- config = {
- bucket = "mock-bucket"
- }
-}
-
module "test" {
source = "../../../../regional"