version bumping and updating checks

cdaniluk · cdaniluk · commit c1ae241b1144 · 2022-02-15T20:12:27.000-05:00
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1 @@
-* @rhythmictech/engineering
+* @sdickenson @cdaniluk
diff --git a/.github/workflows/pre-commit-check.yaml b/.github/workflows/pre-commit-check.yaml
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,19 @@
 #  Local .terraform directories
 **/.terraform/*
+**/terraform.d/*
 
 # .tfstate files
 *.tfstate
 *.tfstate.*
+
+# plans
+*.tfplan
+*.tfplan.txt
+
+# override files
+override.tf*
+*_override.tf*
+
+# temp files
+**/tmp/**
+**/builds
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,17 +1,11 @@
+exclude: ".terraform"
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.31.0
+    rev: v1.62.3
     hooks:
       - id: terraform_docs
         always_run: true
-        args:
-          - --args=--sort-by-required
       - id: terraform_fmt
-      - id: terraform_tflint
-        alias: terraform_tflint_deep
-        name: terraform_tflint_deep
-        args:
-          - --args=--deep
       - id: terraform_tflint
         alias: terraform_tflint_nocreds
         name: terraform_tflint_nocreds
@@ -33,14 +27,36 @@ repos:
               cd $(dirname "$FILE")
               terraform init --backend=false
               terraform validate .
+              cd ..
+            done
+          '
+        language: system
+        verbose: true
+        files: \.tf(vars)?$
+        exclude: examples
+      - id: tflock
+        name: provider_locks
+        entry: |
+          bash -c '
+            AWS_DEFAULT_REGION=us-east-1
+            declare -a DIRS
+            for FILE in "$@"
+            do
+              DIRS+=($(dirname "$FILE"))
+            done
+            for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
+            do
+              cd $(dirname "$FILE")
+              terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64
+              cd ..
             done
           '
         language: system
         verbose: true
         files: \.tf(vars)?$
         exclude: examples
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.0.0
+    rev: v4.1.0
     hooks:
       - id: check-case-conflict
       - id: check-json
@@ -50,11 +66,17 @@ repos:
         args:
           - --unsafe
       - id: end-of-file-fixer
-      - id: trailing-whitespace
       - id: mixed-line-ending
         args:
           - --fix=lf
       - id: no-commit-to-branch
+        args:
+          - --branch
+          - main
+          - --branch
+          - master
+          - --branch
+          - prod
       - id: pretty-format-json
         args:
           - --autofix
@@ -63,3 +85,5 @@ repos:
         args:
           - --markdown-linebreak-ext=md
         exclude: README.md
+ci:
+  skip: [terraform_docs, terraform_fmt, terraform_tflint, terraform_tfsec, tflock]
diff --git a/.terraform-version b/.terraform-version
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -1,6 +1,5 @@
 config {
   module     = true
-  deep_check = false
 }
 
 rule "terraform_deprecated_interpolation" {
diff --git a/.yamllint.yml b/.yamllint.yml
@@ -0,0 +1,2 @@
+truthy:
+  check-keys: false
diff --git a/README.md b/README.md
@@ -1,5 +1,11 @@
 # terraform-aws-backend
-[![](https://github.com/rhythmictech/terraform-aws-backend/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-aws-backend/actions) <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=RhythmicTech" alt="follow on Twitter"></a>
+
+[![tflint](https://github.com/rhythmictech/terraform-aws-backend/workflows/tflint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-backend/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)
+[![tfsec](https://github.com/rhythmictech/terraform-aws-backend/workflows/tfsec/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-backend/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)
+[![yamllint](https://github.com/rhythmictech/terraform-aws-backend/workflows/yamllint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-backend/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)
+[![misspell](https://github.com/rhythmictech/terraform-aws-backend/workflows/misspell/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-backend/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)
+[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-backend/workflows/pre-commit-check/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-backend/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)
+<a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=twitter" alt="follow on Twitter"></a>
 
 Creates a backend S3 bucket and DynamoDB table for managing Terraform state. Useful for bootstrapping a new
 environment. This module supports cross-account state management, using a centralized account that holds the S3 bucket and KMS key.
@@ -58,34 +64,51 @@ region               = "us-east-1"
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.13 |
-| aws | ~> 3.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.15.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | ~> 3.15.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.15.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
+| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
+| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| allowed\_account\_ids | Account IDs that are allowed to access the bucket/KMS key | `list(string)` | `[]` | no |
-| bucket | Name of bucket to create (do not provide if using `remote_bucket`) | `string` | `""` | no |
-| kms\_alias\_name | Name of KMS Alias | `string` | `""` | no |
-| kms\_key\_id | ARN for KMS key for all encryption operations. | `string` | `""` | no |
-| logging\_target\_bucket | The name of the bucket that will receive the log objects | `string` | `null` | no |
-| logging\_target\_prefix | A key prefix for log objects | `string` | `"TFStateLogs/"` | no |
-| remote\_bucket | If specified, the remote bucket will be used for the backend. A new bucket will not be created | `string` | `""` | no |
-| table | Name of Dynamo Table to create | `string` | `"tf-locktable"` | no |
-| tags | Mapping of any extra tags you want added to resources | `map(string)` | `{}` | no |
+| <a name="input_allowed_account_ids"></a> [allowed\_account\_ids](#input\_allowed\_account\_ids) | Account IDs that are allowed to access the bucket/KMS key | `list(string)` | `[]` | no |
+| <a name="input_bucket"></a> [bucket](#input\_bucket) | Name of bucket to create (do not provide if using `remote_bucket`) | `string` | `""` | no |
+| <a name="input_kms_alias_name"></a> [kms\_alias\_name](#input\_kms\_alias\_name) | Name of KMS Alias | `string` | `""` | no |
+| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | ARN for KMS key for all encryption operations. | `string` | `""` | no |
+| <a name="input_logging_target_bucket"></a> [logging\_target\_bucket](#input\_logging\_target\_bucket) | The name of the bucket that will receive the log objects | `string` | `null` | no |
+| <a name="input_logging_target_prefix"></a> [logging\_target\_prefix](#input\_logging\_target\_prefix) | A key prefix for log objects | `string` | `"TFStateLogs/"` | no |
+| <a name="input_remote_bucket"></a> [remote\_bucket](#input\_remote\_bucket) | If specified, the remote bucket will be used for the backend. A new bucket will not be created | `string` | `""` | no |
+| <a name="input_table"></a> [table](#input\_table) | Name of Dynamo Table to create | `string` | `"tf-locktable"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Mapping of any extra tags you want added to resources | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| kms\_key\_arn | ARN of KMS Key for S3 bucket |
-| s3\_bucket\_backend | S3 bucket |
-
+| <a name="output_kms_key_arn"></a> [kms\_key\_arn](#output\_kms\_key\_arn) | ARN of KMS Key for S3 bucket |
+| <a name="output_s3_bucket_backend"></a> [s3\_bucket\_backend](#output\_s3\_bucket\_backend) | S3 bucket |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/bin/install-macos.sh b/bin/install-macos.sh
diff --git a/bin/update-provider.sh b/bin/update-provider.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+
+linux_plugin_dir="terraform.d/plugins/linux_amd64/"
+mac_plugin_dir="terraform.d/plugins/darwin_amd64"
+
+if [ -z "${1}" ]
+then
+  # Default to 2.0.3
+  version="2.0.3"
+else
+  # Get specific version
+  version="${1}"
+fi
+
+# Delete old versions
+[ -d $linux_plugin_dir ] && rm $linux_plugin_dir/*
+[ -d $mac_plugin_dir ] && rm $mac_plugin_dir/*
+
+# if it doesn't exist
+# then create plugin dir
+[ ! -d $linux_plugin_dir ] && mkdir -p $linux_plugin_dir
+[ ! -d $mac_plugin_dir ] && mkdir -p $mac_plugin_dir
+
+# Download Linux provider
+curl -sSL -o \
+  "$linux_plugin_dir/terraform-provider-errorcheck_v${version}" \
+  "https://github.com/rhythmictech/terraform-provider-errorcheck/releases/download/${version}/terraform-provider-errorcheck_v${version}_linux_amd64"
+chmod 0744 $linux_plugin_dir/*
+
+# Download Mac provider
+curl -sSL -o \
+  "$mac_plugin_dir/terraform-provider-errorcheck_v${version}" \
+  "https://github.com/rhythmictech/terraform-provider-errorcheck/releases/download/${version}/terraform-provider-errorcheck_v${version}_darwin_amd64"
+chmod 0744 $mac_plugin_dir/*
diff --git a/versions.tf b/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.15.0"
+      version = ">= 3.15.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-* @rhythmictech/engineering`
	`1`	`+* @sdickenson @cdaniluk`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`config {`
`2`	`2`	`module = true`
`3`		`- deep_check = false`
`4`	`3`	`}`
`5`	`4`
`6`	`5`	`rule "terraform_deprecated_interpolation" {`