Merge pull request #29 from UKHomeOffice/terraform-1.1.3

terraform 1.1.3

.drone.yml

@@ -10,9 +10,9 @@ platform:
 steps:
 - name: validate
   pull: if-not-exists
-  image: quay.io/ukhomeofficedigital/terraform-toolset:v0.12.26
+  image: quay.io/ukhomeofficedigital/terraform-toolset:v1.1.3-2
   commands:
-  - /acp/scripts/tf-validate.sh --no-docs
+  - /acp/scripts/tf-validate.sh
   when:
     event:
     - pull_request

README.md

@@ -1,37 +1,38 @@
+<!-- BEGIN_TF_DOCS -->
 Module usage:
 
-     module "msk_cluster" {
+     module "msk\_cluster" {
        source = "git::https://github.com/UKHomeOffice/acp-tf-msk-cluster?ref=master"
 
        name                   = "msktestclutser"
-       msk_instance_type      = "kafka.m5.large"
-       kafka_version          = "1.1.1"
+       msk\_instance\_type      = "kafka.m5.large"
+       kafka\_version          = "1.1.1"
        environment            = "${var.environment}"
-       number_of_broker_nodes = "3"
-       subnet_ids             = ["${data.aws_subnet_ids.suben_id_name.ids}"]
-      vpc_id                 = "${var.vpc_id}"
-       ebs_volume_size        = "50"
-       cidr_blocks            = ["${values(var.compute_cidrs)}"]
+       number\_of\_broker\_nodes = "3"
+       subnet\_ids             = ["${data.aws\_subnet\_ids.suben\_id\_name.ids}"]
+      vpc\_id                 = "${var.vpc\_id}"
+       ebs\_volume\_size        = "50"
+       cidr\_blocks            = ["${values(var.compute\_cidrs)}"]
      }
 
-     module "msk_cluster_with_config" {
+     module "msk\_cluster\_with\_config" {
        source = "git::https://github.com/UKHomeOffice/acp-tf-msk-cluster?ref=master"
 
        name                   = "msktestclusterwithconfig"
-       msk_instance_type      = "kafka.m5.large"
-       kafka_version          = "1.1.1"
+       msk\_instance\_type      = "kafka.m5.large"
+       kafka\_version          = "1.1.1"
        environment            = "${var.environment}"
-       number_of_broker_nodes = "3"
-       subnet_ids             = ["${data.aws_subnet_ids.suben_id_name.ids}"]
-       vpc_id                 = "${var.vpc_id}"
-       ebs_volume_size        = "50"
-       cidr_blocks            = ["${values(var.compute_cidrs)}"]
+       number\_of\_broker\_nodes = "3"
+       subnet\_ids             = ["${data.aws\_subnet\_ids.suben\_id\_name.ids}"]
+       vpc\_id                 = "${var.vpc\_id}"
+       ebs\_volume\_size        = "50"
+       cidr\_blocks            = ["${values(var.compute\_cidrs)}"]
 
-       config_name           = "testmskconfig"
-       config_kafka_versions = ["1.1.1"]
-       config_description    = "Test MSK configuration"
+       config\_name           = "testmskconfig"
+       config\_kafka\_versions = ["1.1.1"]
+       config\_description    = "Test MSK configuration"
 
-       config_server_properties = <<PROPERTIES
+       config\_server\_properties = <<PROPERTIES
      auto.create.topics.enable = true
      delete.topic.enable = true
      PROPERTIES
@@ -41,19 +42,20 @@ Module usage:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 0.12 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider_aws) | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.72.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_self_serve_access_keys"></a> [self_serve_access_keys](#module_self_serve_access_keys) | git::https://github.com/UKHomeOffice/acp-tf-self-serve-access-keys | v0.1.0 |
+| <a name="module_self_serve_access_keys"></a> [self\_serve\_access\_keys](#module\_self\_serve\_access\_keys) | git::https://github.com/UKHomeOffice/acp-tf-self-serve-access-keys | v0.1.0 |
 
 ## Resources
 
@@ -80,40 +82,41 @@ Module usage:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ca_arn"></a> [ca_arn](#input_ca_arn) | ARN of the AWS managed CA to attach to the MSK cluster | `list(string)` | `[]` | no |
-| <a name="input_acmpca_iam_user_name"></a> [acmpca_iam_user_name](#input_acmpca_iam_user_name) | The name of the IAM user assigned to the created AWS Private CA | `string` | `""` | no |
-| <a name="input_certificateauthority"></a> [certificateauthority](#input_certificateauthority) | Should a CA be created with the MSK cluster? | `bool` | `false` | no |
-| <a name="input_cidr_blocks"></a> [cidr_blocks](#input_cidr_blocks) | The CIDR blocks that the MSK cluster allows ingress connections from | `list` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| <a name="input_client_broker"></a> [client_broker](#input_client_broker) | Encryption setting for data in transit between clients and brokers. Valid values: TLS, TLS_PLAINTEXT, and PLAINTEXT | `string` | `"TLS_PLAINTEXT"` | no |
-| <a name="input_config_arn"></a> [config_arn](#input_config_arn) | ARN of the MSK configuration to attach to the MSK cluster | `string` | `""` | no |
-| <a name="input_config_description"></a> [config_description](#input_config_description) | The description of the MSK configuration | `string` | `""` | no |
-| <a name="input_config_kafka_versions"></a> [config_kafka_versions](#input_config_kafka_versions) | A list of Kafka versions that the configuration supports | `list` | `[]` | no |
-| <a name="input_config_name"></a> [config_name](#input_config_name) | Name of the MSK configuration to attach to the MSK cluster | `string` | `""` | no |
-| <a name="input_config_revision"></a> [config_revision](#input_config_revision) | The revision of the MSK configuration to use | `string` | `""` | no |
-| <a name="input_config_server_properties"></a> [config_server_properties](#input_config_server_properties) | The properties to set on the MSK cluster. Omitted properties are set to a default value | `string` | `""` | no |
-| <a name="input_ebs_volume_size"></a> [ebs_volume_size](#input_ebs_volume_size) | The MSK cluster EBS volume size for each broker | `any` | n/a | yes |
-| <a name="input_email_addresses"></a> [email_addresses](#input_email_addresses) | A list of email addresses for key rotation notifications. | `list` | `[]` | no |
-| <a name="input_encryption_at_rest_kms_key_arn"></a> [encryption_at_rest_kms_key_arn](#input_encryption_at_rest_kms_key_arn) | Use to set custom KMS key to encrypt data written to EBS volume | `any` | `null` | no |
-| <a name="input_enhanced_monitoring"></a> [enhanced_monitoring](#input_enhanced_monitoring) | The desired enhanced MSK CloudWatch monitoring level | `string` | `"DEFAULT"` | no |
-| <a name="input_environment"></a> [environment](#input_environment) | The environment the MSK cluster is running in i.e. dev, prod etc | `any` | n/a | yes |
-| <a name="input_kafka_version"></a> [kafka_version](#input_kafka_version) | The Kafka version for the AWS MSK cluster | `string` | `"2.2.1"` | no |
-| <a name="input_key_rotation"></a> [key_rotation](#input_key_rotation) | Enable email notifications for old IAM keys. | `string` | `"true"` | no |
-| <a name="input_msk_instance_type"></a> [msk_instance_type](#input_msk_instance_type) | The MSK cluster instance type | `any` | n/a | yes |
-| <a name="input_name"></a> [name](#input_name) | Name of the MSK cluster | `any` | n/a | yes |
-| <a name="input_number_of_broker_nodes"></a> [number_of_broker_nodes](#input_number_of_broker_nodes) | The number of broker nodes running in the MSK cluster | `any` | n/a | yes |
-| <a name="input_prometheus_jmx_exporter_enabled"></a> [prometheus_jmx_exporter_enabled](#input_prometheus_jmx_exporter_enabled) | Enable Prometheus open monitoring for the JMX exporter | `bool` | `false` | no |
-| <a name="input_prometheus_node_exporter_enabled"></a> [prometheus_node_exporter_enabled](#input_prometheus_node_exporter_enabled) | Enable Prometheus open monitoring for the node exporter | `bool` | `false` | no |
-| <a name="input_subnet_ids"></a> [subnet_ids](#input_subnet_ids) | A list of subnets that the MSK cluster should run in | `list(string)` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input_tags) | A map of tags to add to all resources | `map` | `{}` | no |
-| <a name="input_type"></a> [type](#input_type) | The type of the certificate authority | `string` | `""` | no |
-| <a name="input_vpc_id"></a> [vpc_id](#input_vpc_id) | The MSK cluster's VPC ID | `any` | n/a | yes |
+| <a name="input_acmpca_iam_user_name"></a> [acmpca\_iam\_user\_name](#input\_acmpca\_iam\_user\_name) | The name of the IAM user assigned to the created AWS Private CA | `string` | `""` | no |
+| <a name="input_ca_arn"></a> [ca\_arn](#input\_ca\_arn) | ARN of the AWS managed CA to attach to the MSK cluster | `list(string)` | `[]` | no |
+| <a name="input_certificateauthority"></a> [certificateauthority](#input\_certificateauthority) | Should a CA be created with the MSK cluster? | `bool` | `false` | no |
+| <a name="input_cidr_blocks"></a> [cidr\_blocks](#input\_cidr\_blocks) | The CIDR blocks that the MSK cluster allows ingress connections from | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_client_broker"></a> [client\_broker](#input\_client\_broker) | Encryption setting for data in transit between clients and brokers. Valid values: TLS, TLS\_PLAINTEXT, and PLAINTEXT | `string` | `"TLS_PLAINTEXT"` | no |
+| <a name="input_config_arn"></a> [config\_arn](#input\_config\_arn) | ARN of the MSK configuration to attach to the MSK cluster | `string` | `""` | no |
+| <a name="input_config_description"></a> [config\_description](#input\_config\_description) | The description of the MSK configuration | `string` | `""` | no |
+| <a name="input_config_kafka_versions"></a> [config\_kafka\_versions](#input\_config\_kafka\_versions) | A list of Kafka versions that the configuration supports | `list(string)` | `[]` | no |
+| <a name="input_config_name"></a> [config\_name](#input\_config\_name) | Name of the MSK configuration to attach to the MSK cluster | `string` | `""` | no |
+| <a name="input_config_revision"></a> [config\_revision](#input\_config\_revision) | The revision of the MSK configuration to use | `string` | `""` | no |
+| <a name="input_config_server_properties"></a> [config\_server\_properties](#input\_config\_server\_properties) | The properties to set on the MSK cluster. Omitted properties are set to a default value | `string` | `""` | no |
+| <a name="input_ebs_volume_size"></a> [ebs\_volume\_size](#input\_ebs\_volume\_size) | The MSK cluster EBS volume size for each broker | `any` | n/a | yes |
+| <a name="input_email_addresses"></a> [email\_addresses](#input\_email\_addresses) | A list of email addresses for key rotation notifications. | `list(string)` | `[]` | no |
+| <a name="input_encryption_at_rest_kms_key_arn"></a> [encryption\_at\_rest\_kms\_key\_arn](#input\_encryption\_at\_rest\_kms\_key\_arn) | Use to set custom KMS key to encrypt data written to EBS volume | `any` | `null` | no |
+| <a name="input_enhanced_monitoring"></a> [enhanced\_monitoring](#input\_enhanced\_monitoring) | The desired enhanced MSK CloudWatch monitoring level | `string` | `"DEFAULT"` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment the MSK cluster is running in i.e. dev, prod etc | `any` | n/a | yes |
+| <a name="input_kafka_version"></a> [kafka\_version](#input\_kafka\_version) | The Kafka version for the AWS MSK cluster | `string` | `"2.2.1"` | no |
+| <a name="input_key_rotation"></a> [key\_rotation](#input\_key\_rotation) | Enable email notifications for old IAM keys. | `string` | `"true"` | no |
+| <a name="input_msk_instance_type"></a> [msk\_instance\_type](#input\_msk\_instance\_type) | The MSK cluster instance type | `any` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name of the MSK cluster | `any` | n/a | yes |
+| <a name="input_number_of_broker_nodes"></a> [number\_of\_broker\_nodes](#input\_number\_of\_broker\_nodes) | The number of broker nodes running in the MSK cluster | `any` | n/a | yes |
+| <a name="input_prometheus_jmx_exporter_enabled"></a> [prometheus\_jmx\_exporter\_enabled](#input\_prometheus\_jmx\_exporter\_enabled) | Enable Prometheus open monitoring for the JMX exporter | `bool` | `false` | no |
+| <a name="input_prometheus_node_exporter_enabled"></a> [prometheus\_node\_exporter\_enabled](#input\_prometheus\_node\_exporter\_enabled) | Enable Prometheus open monitoring for the node exporter | `bool` | `false` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnets that the MSK cluster should run in | `list(string)` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_type"></a> [type](#input\_type) | The type of the certificate authority | `string` | `""` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The MSK cluster's VPC ID | `any` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_bootstrap_brokers"></a> [bootstrap_brokers](#output_bootstrap_brokers) | Plaintext connection host:port pairs |
-| <a name="output_bootstrap_brokers_tls"></a> [bootstrap_brokers_tls](#output_bootstrap_brokers_tls) | TLS connection host:port pairs |
-| <a name="output_msk_cluster_arn"></a> [msk_cluster_arn](#output_msk_cluster_arn) | The MSK cluster arn |
-| <a name="output_msk_sg_id"></a> [msk_sg_id](#output_msk_sg_id) | The MSK security group ID |
-| <a name="output_zookeeper_connect_string"></a> [zookeeper_connect_string](#output_zookeeper_connect_string) | A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster |
+| <a name="output_bootstrap_brokers"></a> [bootstrap\_brokers](#output\_bootstrap\_brokers) | Plaintext connection host:port pairs |
+| <a name="output_bootstrap_brokers_tls"></a> [bootstrap\_brokers\_tls](#output\_bootstrap\_brokers\_tls) | TLS connection host:port pairs |
+| <a name="output_msk_cluster_arn"></a> [msk\_cluster\_arn](#output\_msk\_cluster\_arn) | The MSK cluster arn |
+| <a name="output_msk_sg_id"></a> [msk\_sg\_id](#output\_msk\_sg\_id) | The MSK security group ID |
+| <a name="output_zookeeper_connect_string"></a> [zookeeper\_connect\_string](#output\_zookeeper\_connect\_string) | A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster |
+<!-- END_TF_DOCS -->

main.tf

@@ -42,17 +42,13 @@
  */
 
 locals {
-  aws_acmpca_certificate_authority_arn = coalesce(element(concat(aws_acmpca_certificate_authority.msk_kafka_with_ca.*.arn, list("")), 0), element(concat(aws_acmpca_certificate_authority.msk_kafka_ca_with_config.*.arn, list("")), 0), element(concat(var.ca_arn, list("")), 0))
-  msk_cluster_arn                      = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.arn, list("")), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.arn, list("")), 0))
+  aws_acmpca_certificate_authority_arn = coalesce(element(concat(aws_acmpca_certificate_authority.msk_kafka_with_ca.*.arn, [""]), 0), element(concat(aws_acmpca_certificate_authority.msk_kafka_ca_with_config.*.arn, [""]), 0), element(concat(var.ca_arn, [""]), 0))
+  msk_cluster_arn                      = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.arn, [""]), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.arn, [""]), 0))
   email_tags                           = { for i, email in var.email_addresses : "email${i}" => email }
 }
 
 data "aws_caller_identity" "current" {}
 
-terraform {
-  required_version = ">= 0.12"
-}
-
 resource "aws_security_group" "sg_msk" {
   name        = "${var.name}-kafka-security-group"
   description = "Allow kafka traffic"

output.tf

@@ -1,21 +1,21 @@
 output "zookeeper_connect_string" {
   description = "A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster"
-  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.zookeeper_connect_string, list("")), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.zookeeper_connect_string, list("")), 0))
+  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.zookeeper_connect_string, [""]), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.zookeeper_connect_string, [""]), 0))
 }
 
 output "bootstrap_brokers" {
   description = "Plaintext connection host:port pairs"
-  value       = join("", [element(concat(aws_msk_cluster.msk_kafka.*.bootstrap_brokers, list("")), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.bootstrap_brokers, list("")), 0)])
+  value       = join("", [element(concat(aws_msk_cluster.msk_kafka.*.bootstrap_brokers, [""]), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.bootstrap_brokers, [""]), 0)])
 }
 
 output "bootstrap_brokers_tls" {
   description = "TLS connection host:port pairs"
-  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.bootstrap_brokers_tls, list("")), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.bootstrap_brokers_tls, list("")), 0))
+  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.bootstrap_brokers_tls, [""]), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.bootstrap_brokers_tls, [""]), 0))
 }
 
 output "msk_cluster_arn" {
   description = "The MSK cluster arn"
-  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.arn, list("")), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.arn, list("")), 0))
+  value       = coalesce(element(concat(aws_msk_cluster.msk_kafka.*.arn, [""]), 0), element(concat(aws_msk_cluster.msk_kafka_with_config.*.arn, [""]), 0))
 }
 
 output "msk_sg_id" {

variable.tf

@@ -34,6 +34,7 @@ variable "subnet_ids" {
 
 variable "cidr_blocks" {
   description = "The CIDR blocks that the MSK cluster allows ingress connections from"
+  type        = list(string)
   default     = ["0.0.0.0/0"]
 }
 
@@ -65,6 +66,7 @@ variable "config_name" {
 
 variable "config_kafka_versions" {
   description = "A list of Kafka versions that the configuration supports"
+  type        = list(string)
   default     = []
 }
 
@@ -91,6 +93,7 @@ variable "config_arn" {
 
 variable "tags" {
   description = "A map of tags to add to all resources"
+  type        = map(string)
   default     = {}
 }
 
@@ -106,11 +109,13 @@ variable "enhanced_monitoring" {
 
 variable "prometheus_jmx_exporter_enabled" {
   description = "Enable Prometheus open monitoring for the JMX exporter"
+  type        = bool
   default     = false
 }
 
 variable "prometheus_node_exporter_enabled" {
   description = "Enable Prometheus open monitoring for the node exporter"
+  type        = bool
   default     = false
 }
 
@@ -126,5 +131,6 @@ variable "key_rotation" {
 
 variable "email_addresses" {
   description = "A list of email addresses for key rotation notifications."
+  type        = list(string)
   default     = []
 }

versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+  required_version = ">= 1.0"
+}