From 43570629a71837c8257e0f5983c11c8331207500 Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Fri, 27 Oct 2023 11:38:41 +0300 Subject: [PATCH 1/5] refactor: extract data sources to its own dedicated file --- data.tf | 11 +++++++++++ main.tf | 42 ------------------------------------------ runner-worker.tf | 15 +++++++++++++++ runner.tf | 13 +++++++++++++ 4 files changed, 39 insertions(+), 42 deletions(-) create mode 100644 data.tf create mode 100644 runner-worker.tf create mode 100644 runner.tf diff --git a/data.tf b/data.tf new file mode 100644 index 000000000..1eb232793 --- /dev/null +++ b/data.tf @@ -0,0 +1,11 @@ +data "aws_caller_identity" "current" {} +data "aws_partition" "current" {} +data "aws_region" "current" {} + +data "aws_subnet" "runners" { + id = var.subnet_id +} + +data "aws_availability_zone" "runners" { + name = data.aws_subnet.runners.availability_zone +} diff --git a/main.tf b/main.tf index 616dd53e5..ebab9fed5 100644 --- a/main.tf +++ b/main.tf @@ -1,15 +1,3 @@ -data "aws_caller_identity" "current" {} -data "aws_partition" "current" {} -data "aws_region" "current" {} - -data "aws_subnet" "runners" { - id = var.subnet_id -} - -data "aws_availability_zone" "runners" { - name = data.aws_subnet.runners.availability_zone -} - # Parameter value is managed by the user-data script of the gitlab runner instance resource "aws_ssm_parameter" "runner_registration_token" { name = local.secure_parameter_store_runner_token_key @@ -152,22 +140,6 @@ locals { ) } -data "aws_ami" "docker-machine" { - count = var.runner_worker.type == "docker+machine" ? 1 : 0 - - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_worker_docker_machine_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_worker_docker_machine_ami_owners -} - # ignores: Autoscaling Groups Supply Tags --> we use a "dynamic" block to create the tags # ignores: Auto Scaling Group With No Associated ELB --> that's simply not true, as the EC2 instance contacts GitLab. So no ELB needed here. # kics-scan ignore-line @@ -235,20 +207,6 @@ resource "aws_autoscaling_schedule" "scale_out" { max_size = try(var.runner_schedule_config["scale_out_max_size"], var.runner_schedule_config["scale_out_count"]) } -data "aws_ami" "runner" { - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_ami_owners -} - resource "aws_launch_template" "gitlab_runner_instance" { # checkov:skip=CKV_AWS_341:Hop limit > 1 needed here in case of Docker builds. Otherwise the token is invalid within Docker. # checkov:skip=CKV_AWS_88:User can decide to add a public IP. diff --git a/runner-worker.tf b/runner-worker.tf new file mode 100644 index 000000000..b153dfaa5 --- /dev/null +++ b/runner-worker.tf @@ -0,0 +1,15 @@ +data "aws_ami" "docker-machine" { + count = var.runner_worker.type == "docker+machine" ? 1 : 0 + + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_worker_docker_machine_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_worker_docker_machine_ami_owners +} diff --git a/runner.tf b/runner.tf new file mode 100644 index 000000000..58b439176 --- /dev/null +++ b/runner.tf @@ -0,0 +1,13 @@ +data "aws_ami" "runner" { + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_ami_owners +} From 04fb5d48acc487a0b3216b9fb5bd1b98d677d9ae Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 9 Nov 2023 10:13:35 +0100 Subject: [PATCH 2/5] remove duplicate data sources --- data.tf | 2 ++ modules/terminate-agent-hook/iam.tf | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/data.tf b/data.tf index 1eb232793..902dfb0b2 100644 --- a/data.tf +++ b/data.tf @@ -1,5 +1,7 @@ data "aws_caller_identity" "current" {} + data "aws_partition" "current" {} + data "aws_region" "current" {} data "aws_subnet" "runners" { diff --git a/modules/terminate-agent-hook/iam.tf b/modules/terminate-agent-hook/iam.tf index 0ce8f3039..0ca71f692 100644 --- a/modules/terminate-agent-hook/iam.tf +++ b/modules/terminate-agent-hook/iam.tf @@ -1,7 +1,3 @@ -data "aws_partition" "current" {} -data "aws_caller_identity" "this" {} -data "aws_region" "this" {} - # ---------------------------------------------------------------------------- # Terminate Instances - IAM Resources # ---------------------------------------------------------------------------- From afefe5a3137c5d3da9369a38d4eb41decb3d0199 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 9 Nov 2023 10:17:03 +0100 Subject: [PATCH 3/5] put all data sources in one file --- data.tf | 30 ++++++++++++++++++++++++++++++ runner-worker.tf | 15 --------------- runner.tf | 13 ------------- 3 files changed, 30 insertions(+), 28 deletions(-) delete mode 100644 runner-worker.tf delete mode 100644 runner.tf diff --git a/data.tf b/data.tf index 902dfb0b2..25b5e4661 100644 --- a/data.tf +++ b/data.tf @@ -11,3 +11,33 @@ data "aws_subnet" "runners" { data "aws_availability_zone" "runners" { name = data.aws_subnet.runners.availability_zone } + +data "aws_ami" "runner" { + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_ami_owners +} + +data "aws_ami" "docker-machine" { + count = var.runner_worker.type == "docker+machine" ? 1 : 0 + + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_worker_docker_machine_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_worker_docker_machine_ami_owners +} diff --git a/runner-worker.tf b/runner-worker.tf deleted file mode 100644 index b153dfaa5..000000000 --- a/runner-worker.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_ami" "docker-machine" { - count = var.runner_worker.type == "docker+machine" ? 1 : 0 - - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_worker_docker_machine_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_worker_docker_machine_ami_owners -} diff --git a/runner.tf b/runner.tf deleted file mode 100644 index 58b439176..000000000 --- a/runner.tf +++ /dev/null @@ -1,13 +0,0 @@ -data "aws_ami" "runner" { - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_ami_owners -} From 023971a58ff815b33332ac14f47e56e369e245a8 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 9 Nov 2023 10:20:41 +0100 Subject: [PATCH 4/5] moved by accident --- modules/terminate-agent-hook/iam.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/terminate-agent-hook/iam.tf b/modules/terminate-agent-hook/iam.tf index 0ca71f692..db6e26162 100644 --- a/modules/terminate-agent-hook/iam.tf +++ b/modules/terminate-agent-hook/iam.tf @@ -1,3 +1,9 @@ +data "aws_caller_identity" "current" {} + +data "aws_partition" "current" {} + +data "aws_region" "current" {} + # ---------------------------------------------------------------------------- # Terminate Instances - IAM Resources # ---------------------------------------------------------------------------- From ef222306e73df308cc043b290f2d1a9de828b4d1 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 9 Nov 2023 10:23:21 +0100 Subject: [PATCH 5/5] rename resource, copy&paste error --- modules/terminate-agent-hook/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terminate-agent-hook/iam.tf b/modules/terminate-agent-hook/iam.tf index db6e26162..47cd87210 100644 --- a/modules/terminate-agent-hook/iam.tf +++ b/modules/terminate-agent-hook/iam.tf @@ -1,8 +1,8 @@ -data "aws_caller_identity" "current" {} +data "aws_caller_identity" "this" {} data "aws_partition" "current" {} -data "aws_region" "current" {} +data "aws_region" "this" {} # ---------------------------------------------------------------------------- # Terminate Instances - IAM Resources