From f48d63f017a47e018e752dad49016321531d1a76 Mon Sep 17 00:00:00 2001 From: Peter Nduati Date: Fri, 26 Jul 2024 03:24:17 +0300 Subject: [PATCH] 56 validating using tailscale to access digital ocean infrastructure (#26) * refactor ssh logic * remove duplicate * ssh outputs * add public key to ssh_key output * tags refactor * add labels * move ip assignment to new resource * move ip address to new resource * fix references to resources that don't exist * update example --- .pre-commit-config.yaml | 11 ++++++- _examples/complete/example.tf | 3 +- labels.tf | 12 ++++++++ locals.tf | 4 +++ main.tf | 54 +++++++++-------------------------- output.tf | 28 +++++++++--------- variables.tf | 22 ++++++++++---- 7 files changed, 71 insertions(+), 63 deletions(-) create mode 100644 labels.tf create mode 100644 locals.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fc1df8..e692d6f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,4 +17,13 @@ repos: - id: check-merge-conflict - id: debug-statements - id: check-yaml - - id: check-added-large-files \ No newline at end of file + - id: check-added-large-files + - repo: https://github.com/equisoft-devops/pre-commit-tfsort + rev: v1.1.1 + hooks: + - id: tfsort + - repo: https://github.com/mcole18/terraform-check-unused-variables.git + rev: v1.2.1 + hooks: + - id: check-unused-vars + args: [--dir=., --var-file=variables.tf] diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index 4139c90..2740193 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -27,7 +27,6 @@ module "droplet" { environment = local.environment region = local.region vpc_uuid = module.vpc.id - ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB= test" user_data = file("user-data.sh") ####firewall inbound_rules = [ @@ -40,4 +39,4 @@ module "droplet" { allowed_ports = "80" } ] -} \ No newline at end of file +} diff --git a/labels.tf b/labels.tf new file mode 100644 index 0000000..da296f3 --- /dev/null +++ b/labels.tf @@ -0,0 +1,12 @@ +#Module : Label +#Description : This terraform module is designed to generate consistent label names and +# tags for resources. You can use terraform-labels to implement a strict +# naming convention. +module "labels" { + source = "terraform-do-modules/labels/digitalocean" + version = "1.0.1" + name = var.name + environment = var.environment + managedby = var.managedby + label_order = var.label_order +} diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..a64282f --- /dev/null +++ b/locals.tf @@ -0,0 +1,4 @@ +locals { + ssh_key_ids = [for key, ssh_key in digitalocean_ssh_key.ssh_keys : ssh_key.id] + +} \ No newline at end of file diff --git a/main.tf b/main.tf index 517eb47..0376784 100644 --- a/main.tf +++ b/main.tf @@ -1,23 +1,10 @@ -#Module : Label -#Description : This terraform module is designed to generate consistent label names and -# tags for resources. You can use terraform-labels to implement a strict -# naming convention. -module "labels" { - source = "terraform-do-modules/labels/digitalocean" - version = "1.0.1" - name = var.name - environment = var.environment - managedby = var.managedby - label_order = var.label_order -} - ##--------------------------------------------------------------------------------------------------------- #Description : Provides a DigitalOcean SSH key resource to allow you to manage SSH keys for Droplet access. ##--------------------------------------------------------------------------------------------------------- -resource "digitalocean_ssh_key" "default" { - count = var.enabled == true ? 1 : 0 - name = var.key_name == "" ? format("%s-key-%s", module.labels.id, (count.index)) : var.key_name - public_key = var.ssh_key != "" ? var.ssh_key : file(var.key_path) +resource "digitalocean_ssh_key" "ssh_keys" { + for_each = var.ssh_keys + name = coalesce(each.key, each.value.name) + public_key = each.value.public_key } ##---------------------------------------------------------------------------------------------------------------- @@ -32,18 +19,13 @@ resource "digitalocean_droplet" "main" { backups = var.backups monitoring = var.monitoring ipv6 = var.ipv6 - ssh_keys = [join("", digitalocean_ssh_key.default[*].id)] + ssh_keys = local.ssh_key_ids resize_disk = var.resize_disk user_data = var.user_data vpc_uuid = var.vpc_uuid droplet_agent = var.droplet_agent graceful_shutdown = var.graceful_shutdown - tags = [ - format("%s-%s-%s", module.labels.id, "droplet", (count.index)), - module.labels.name, - module.labels.environment, - module.labels.managedby - ] + tags = var.tags } ##---------------------------------------------------------------------------------------------------------------------------------- @@ -57,12 +39,7 @@ resource "digitalocean_volume" "main" { description = "Block storage for ${element(digitalocean_droplet.main[*].name, count.index)}" initial_filesystem_label = var.block_storage_filesystem_label initial_filesystem_type = var.block_storage_filesystem_type - tags = [ - format("%s-%s-%s", module.labels.id, "volume", (count.index)), - module.labels.name, - module.labels.environment, - module.labels.managedby - ] + tags = var.tags } ##--------------------------------------------------------- @@ -78,7 +55,7 @@ resource "digitalocean_volume_attachment" "main" { ##--------------------------------------------------------------------------------------------------------------------------------------------------- #Description : Provides a DigitalOcean Floating IP to represent a publicly-accessible static IP addresses that can be mapped to one of your Droplets. ##--------------------------------------------------------------------------------------------------------------------------------------------------- -resource "digitalocean_floating_ip" "main" { +resource "digitalocean_reserved_ip" "this" { count = var.floating_ip == true && var.enabled == true ? var.droplet_count : 0 region = var.region } @@ -86,11 +63,12 @@ resource "digitalocean_floating_ip" "main" { ##--------------------------------------------------------------------------------------------------------------------------------------------------- #Description : Provides a DigitalOcean Floating IP to represent a publicly-accessible static IP addresses that can be mapped to one of your Droplets. ##--------------------------------------------------------------------------------------------------------------------------------------------------- -resource "digitalocean_floating_ip_assignment" "main" { +resource "digitalocean_reserved_ip_assignment" "ip_assignment" { count = var.floating_ip == true && var.enabled == true ? var.droplet_count : 0 - ip_address = element(digitalocean_floating_ip.main[*].id, count.index) + ip_address = element(digitalocean_reserved_ip.this[*].ip_address, count.index) droplet_id = element(digitalocean_droplet.main[*].id, count.index) - depends_on = [digitalocean_droplet.main, digitalocean_floating_ip.main, digitalocean_volume_attachment.main] + depends_on = [digitalocean_droplet.main, digitalocean_reserved_ip.this, digitalocean_volume_attachment.main] + } ##-------------------------------------------------------------------------------------------------------------------------- @@ -123,9 +101,5 @@ resource "digitalocean_firewall" "default" { } } - tags = [ - module.labels.name, - module.labels.environment, - module.labels.managedby - ] -} \ No newline at end of file + tags = var.tags +} diff --git a/output.tf b/output.tf index 2bb1a3b..09f453e 100644 --- a/output.tf +++ b/output.tf @@ -83,22 +83,22 @@ output "price_monthly" { #Module : SSH KEY #Description : Provides a DigitalOcean SSH key resource to allow you to manage SSH keys for Droplet access. -output "key_id" { - value = digitalocean_ssh_key.default[*].id - description = "The unique ID of the key." +output "ssh_keys" { + description = "SSH keys created in DigitalOcean" + value = { + for key, ssh_key in digitalocean_ssh_key.ssh_keys : # Using a for loop to iterate over each SSH key resource + key => { + id = ssh_key.id + name = ssh_key.name + fingerprint = ssh_key.fingerprint + public_key = ssh_key.public_key + } if var.ssh_keys[key] != null # Check if the SSH key exists in var.ssh_keys + } } -output "key_name" { - value = digitalocean_ssh_key.default[*].name - description = "The name of the SSH key." -} -output "public_key" { - value = digitalocean_ssh_key.default[*].public_key - description = "The text of the public key." -} +output "public_ip_address" { + description = "The IP Address of the resource" + value = try(digitalocean_reserved_ip.this[0].ip_address, null) -output "fingerprint" { - value = digitalocean_ssh_key.default[*].fingerprint - description = "The fingerprint of the SSH key." } diff --git a/variables.tf b/variables.tf index c2ac74b..4421d59 100644 --- a/variables.tf +++ b/variables.tf @@ -109,12 +109,6 @@ variable "vpc_uuid" { description = "The ID of the VPC where the Droplet will be located." } -variable "ssh_key" { - type = string - default = "" - description = "SSH key" -} - variable "key_name" { type = string default = "" @@ -179,4 +173,20 @@ variable "outbound_rule" { } ] description = "List of objects that represent the configuration of each outbound rule." +} + +variable "ssh_keys" { + description = "SSH keys to be created" + type = map(object({ + name = optional(string) + public_key = optional(string) + })) + default = { + } +} +variable "tags" { + description = "A list of the tags to be applied to this Droplet." + type = list(any) + default = [] + } \ No newline at end of file