Skip to content

Commit

Permalink
Spacelift Component tflint and Variable Usage (#904)
Browse files Browse the repository at this point in the history
  • Loading branch information
@milldr
milldr authored Nov 14, 2023
1 parent 8ba0dee commit 3dc7660
Show file tree
Hide file tree
Showing 10 changed files with 97 additions and 113 deletions.
16 changes: 7 additions & 9 deletions modules/spacelift/admin-stack/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ components:
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
| <a name="requirement_spacelift"></a> [spacelift](#requirement\_spacelift) | >= 0.1.31 |
| <a name="requirement_utils"></a> [utils](#requirement\_utils) | >= 1.14.0 |
## Providers
Expand All @@ -154,11 +155,11 @@ components:
| Name | Source | Version |
|------|--------|---------|
| <a name="module_all_admin_stacks_config"></a> [all\_admin\_stacks\_config](#module\_all\_admin\_stacks\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.0.0 |
| <a name="module_child_stack"></a> [child\_stack](#module\_child\_stack) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stack | 1.0.0 |
| <a name="module_child_stacks_config"></a> [child\_stacks\_config](#module\_child\_stacks\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.0.0 |
| <a name="module_root_admin_stack"></a> [root\_admin\_stack](#module\_root\_admin\_stack) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stack | 1.0.0 |
| <a name="module_root_admin_stack_config"></a> [root\_admin\_stack\_config](#module\_root\_admin\_stack\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.0.0 |
| <a name="module_all_admin_stacks_config"></a> [all\_admin\_stacks\_config](#module\_all\_admin\_stacks\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.4.0 |
| <a name="module_child_stack"></a> [child\_stack](#module\_child\_stack) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stack | 1.4.0 |
| <a name="module_child_stacks_config"></a> [child\_stacks\_config](#module\_child\_stacks\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.4.0 |
| <a name="module_root_admin_stack"></a> [root\_admin\_stack](#module\_root\_admin\_stack) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stack | 1.4.0 |
| <a name="module_root_admin_stack_config"></a> [root\_admin\_stack\_config](#module\_root\_admin\_stack\_config) | cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config | 1.4.0 |
| <a name="module_spaces"></a> [spaces](#module\_spaces) | cloudposse/stack-config/yaml//modules/remote-state | 1.5.0 |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
Expand All @@ -181,7 +182,6 @@ components:
|------|-------------|------|---------|:--------:|
| <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| <a name="input_admin_stack_label"></a> [admin\_stack\_label](#input\_admin\_stack\_label) | Label to use to identify the admin stack when creating the child stacks | `string` | `"admin-stack-name"` | no |
| <a name="input_administrative"></a> [administrative](#input\_administrative) | Whether this stack can manage other stacks | `bool` | `false` | no |
| <a name="input_allow_public_workers"></a> [allow\_public\_workers](#input\_allow\_public\_workers) | Whether to allow public workers to be used for this stack | `bool` | `false` | no |
| <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
| <a name="input_autodeploy"></a> [autodeploy](#input\_autodeploy) | Controls the Spacelift 'autodeploy' option for a stack | `bool` | `false` | no |
Expand Down Expand Up @@ -212,6 +212,7 @@ components:
| <a name="input_drift_detection_timezone"></a> [drift\_detection\_timezone](#input\_drift\_detection\_timezone) | Timezone in which the schedule is expressed. Defaults to UTC. | `string` | `null` | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| <a name="input_excluded_context_filters"></a> [excluded\_context\_filters](#input\_excluded\_context\_filters) | Context filters to exclude from stacks matching specific criteria of `var.context_filters`. | <pre>object({<br> namespaces = optional(list(string), [])<br> environments = optional(list(string), [])<br> tenants = optional(list(string), [])<br> stages = optional(list(string), [])<br> tags = optional(map(string), {})<br> })</pre> | `{}` | no |
| <a name="input_github_enterprise"></a> [github\_enterprise](#input\_github\_enterprise) | GitHub Enterprise (self-hosted) VCS settings | `map(any)` | `null` | no |
| <a name="input_gitlab"></a> [gitlab](#input\_gitlab) | GitLab VCS settings | `map(any)` | `null` | no |
| <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
Expand All @@ -224,12 +225,9 @@ components:
| <a name="input_manage_state"></a> [manage\_state](#input\_manage\_state) | Flag to enable/disable manage\_state setting in stack | `bool` | `false` | no |
| <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| <a name="input_parent_space_id"></a> [parent\_space\_id](#input\_parent\_space\_id) | If creating a dedicated space for this stack, specify the ID of the parent space in Spacelift. | `string` | `null` | no |
| <a name="input_policy_ids"></a> [policy\_ids](#input\_policy\_ids) | Set of Rego policy IDs to attach to this stack | `set(string)` | `[]` | no |
| <a name="input_protect_from_deletion"></a> [protect\_from\_deletion](#input\_protect\_from\_deletion) | Flag to enable/disable deletion protection. | `bool` | `false` | no |
| <a name="input_pulumi"></a> [pulumi](#input\_pulumi) | Pulumi-specific configuration. Presence means this Stack is a Pulumi Stack. | `map(any)` | `null` | no |
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| <a name="input_region"></a> [region](#input\_region) | The AWS region to use | `string` | `"us-east-1"` | no |
| <a name="input_repository"></a> [repository](#input\_repository) | The name of your infrastructure repo | `string` | n/a | yes |
| <a name="input_root_admin_stack"></a> [root\_admin\_stack](#input\_root\_admin\_stack) | Flag to indicate if this stack is the root admin stack. In this case, the stack will be created in the root space and will create all the other admin stacks as children. | `bool` | `false` | no |
| <a name="input_root_stack_policy_attachments"></a> [root\_stack\_policy\_attachments](#input\_root\_stack\_policy\_attachments) | List of policy attachments to attach to the root admin stack | `set(string)` | `[]` | no |
Expand Down
68 changes: 35 additions & 33 deletions modules/spacelift/admin-stack/child-stacks.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,16 +44,17 @@ resource "null_resource" "child_stack_parent_precondition" {
# for each one.
module "child_stacks_config" {
source = "cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stacks-from-atmos-config"
version = "1.0.0"
version = "1.4.0"

context_filters = var.context_filters
context_filters = var.context_filters
excluded_context_filters = var.excluded_context_filters

context = module.this.context
}

module "child_stack" {
source = "cloudposse/cloud-infrastructure-automation/spacelift//modules/spacelift-stack"
version = "1.0.0"
version = "1.4.0"

for_each = local.child_stacks
depends_on = [
Expand All @@ -70,8 +71,8 @@ module "child_stack" {
after_perform = try(each.value.settings.spacelift.after_perform, [])
after_plan = try(each.value.settings.spacelift.after_plan, [])
atmos_stack_name = try(each.value.stack, null)
autodeploy = try(each.value.settings.spacelift.autodeploy, false)
autoretry = try(each.value.settings.spacelift.autoretry, false)
autodeploy = try(each.value.settings.spacelift.autodeploy, var.autodeploy)
autoretry = try(each.value.settings.spacelift.autoretry, var.autoretry)
aws_role_enabled = try(each.value.settings.aws_role_enabled, var.aws_role_enabled)
aws_role_arn = try(each.value.settings.aws_role_arn, var.aws_role_arn)
aws_role_external_id = try(each.value.settings.aws_role_external_id, var.aws_role_external_id)
Expand All @@ -83,11 +84,11 @@ module "child_stack" {
before_plan = try(each.value.settings.spacelift.before_plan, [])
branch = try(each.value.branch, var.branch)
commit_sha = var.commit_sha != null ? var.commit_sha : try(each.value.commit_sha, null)
component_env = try(each.value.env, {})
component_env = try(each.value.env, var.component_env)
component_name = try(each.value.component, null)
component_root = try(join("/", [var.component_root, try(each.value.metadata.component, each.value.component)]))
component_vars = try(each.value.vars, null)
context_attachments = try(each.value.context_attachments, [])
component_vars = try(each.value.vars, var.component_vars)
context_attachments = try(each.value.context_attachments, var.context_attachments)
description = try(each.value.description, var.description)
drift_detection_enabled = try(each.value.settings.spacelift.drift_detection_enabled, var.drift_detection_enabled)
drift_detection_reconcile = try(each.value.settings.spacelift.drift_detection_reconcile, var.drift_detection_reconcile)
Expand All @@ -99,32 +100,33 @@ module "child_stack" {
["managed-by:${local.managed_by}"],
local.create_root_admin_stack ? ["depends-on:${local.root_admin_stack_name}", ""] : []
)
local_preview_enabled = try(each.value.local_preview_enabled, var.local_preview_enabled)
manage_state = try(each.value.manage_state, var.manage_state)
policy_ids = try(local.child_policy_ids, [])
protect_from_deletion = try(each.value.settings.spacelift.protect_from_deletion, false)
repository = var.repository
runner_image = try(each.value.settings.spacelift.runner_image, var.runner_image)
space_id = local.spaces[each.value.settings.spacelift.space_name]
spacelift_run_enabled = try(each.value.settings.spacelift.spacelift_run_enabled, var.spacelift_run_enabled)
stack_destructor_enabled = try(each.value.settings.spacelift.stack_destructor_enabled, var.stack_destructor_enabled)
stack_name = try(each.value.settings.spacelift.stack_name, each.key)
terraform_smart_sanitization = try(each.value.terraform_smart_sanitization, false)
terraform_version = lookup(var.terraform_version_map, try(each.value.terraform_version, ""), var.terraform_version)
terraform_workspace = try(each.value.workspace, null)
webhook_enabled = try(each.value.webhook_enabled, var.webhook_enabled)
webhook_endpoint = try(each.value.webhook_endpoint, var.webhook_endpoint)
webhook_secret = try(each.value.webhook_secret, var.webhook_secret)
worker_pool_id = try(local.worker_pools[each.value.worker_pool_name], local.worker_pools[var.worker_pool_name])
local_preview_enabled = try(each.value.local_preview_enabled, var.local_preview_enabled)
manage_state = try(each.value.manage_state, var.manage_state)
policy_ids = try(local.child_policy_ids, [])
protect_from_deletion = try(each.value.settings.spacelift.protect_from_deletion, var.protect_from_deletion)
repository = var.repository
runner_image = try(each.value.settings.spacelift.runner_image, var.runner_image)
space_id = local.spaces[each.value.settings.spacelift.space_name]
spacelift_run_enabled = try(each.value.settings.spacelift.spacelift_run_enabled, var.spacelift_run_enabled)
spacelift_stack_dependency_enabled = try(each.value.settings.spacelift.spacelift_stack_dependency_enabled, var.spacelift_stack_dependency_enabled)
stack_destructor_enabled = try(each.value.settings.spacelift.stack_destructor_enabled, var.stack_destructor_enabled)
stack_name = try(each.value.settings.spacelift.stack_name, each.key)
terraform_smart_sanitization = try(each.value.terraform_smart_sanitization, var.terraform_smart_sanitization)
terraform_version = lookup(var.terraform_version_map, try(each.value.terraform_version, ""), var.terraform_version)
terraform_workspace = try(each.value.workspace, var.terraform_workspace)
webhook_enabled = try(each.value.webhook_enabled, var.webhook_enabled)
webhook_endpoint = try(each.value.webhook_endpoint, var.webhook_endpoint)
webhook_secret = try(each.value.webhook_secret, var.webhook_secret)
worker_pool_id = try(local.worker_pools[each.value.worker_pool_name], local.worker_pools[var.worker_pool_name])

azure_devops = try(each.value.azure_devops, null)
bitbucket_cloud = try(each.value.bitbucket_cloud, null)
bitbucket_datacenter = try(each.value.bitbucket_datacenter, null)
cloudformation = try(each.value.cloudformation, null)
github_enterprise = try(local.root_admin_stack_config.settings.spacelift.github_enterprise, null)
gitlab = try(local.root_admin_stack_config.settings.spacelift.gitlab, null)
pulumi = try(local.root_admin_stack_config.settings.spacelift.pulumi, null)
showcase = try(local.root_admin_stack_config.settings.spacelift.showcase, null)
azure_devops = try(each.value.azure_devops, var.azure_devops)
bitbucket_cloud = try(each.value.bitbucket_cloud, var.bitbucket_cloud)
bitbucket_datacenter = try(each.value.bitbucket_datacenter, var.bitbucket_datacenter)
cloudformation = try(each.value.cloudformation, var.cloudformation)
github_enterprise = try(each.value.github_enterprise, var.github_enterprise)
gitlab = try(each.value.gitlab, var.gitlab)
pulumi = try(each.value.pulumi, var.pulumi)
showcase = try(each.value.showcase, var.showcase)

context = module.this.context
}
Loading

0 comments on commit 3dc7660

Please sign in to comment.