feat: add IRSA support

lablabs · Dec 15, 2022 · dd5abf8 · dd5abf8
1 parent b8eb5a8
commit dd5abf8
Show file tree

Hide file tree

Showing 19 changed files with 442 additions and 175 deletions.
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -9,20 +9,21 @@ on:
 
 env:
   TERRAFORM_DOCS_VERSION: "v0.16.0"
-  TFLINT_VERSION: "v0.36.2"
+  TFLINT_VERSION: "v0.40.1"
+  CHECKOV_VERSION: "2.1.212"
 
 jobs:
   pre-commit:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-python@v2
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
 
     - name: Install additional pre-commit hooks
       shell: bash
       run: |
         echo "########### Install Checkov ####################"
-        pip install checkov
+        pip install checkov==${{ env.CHECKOV_VERSION }}
 
         echo "########### Install Terraform-docs #############"
         wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
@@ -40,4 +41,4 @@ jobs:
         ~/tflint/bin/tflint --init
 
     - name: Run pre-commit
-      uses: pre-commit/action@v2.0.3
+      uses: pre-commit/action@v3.0.0
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -15,7 +15,7 @@ on:
 
 jobs:
   update_release_draft:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: release-drafter/release-drafter@v5
         with:

diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -10,11 +10,11 @@ on:
 jobs:
   versionExtract:
     name: Extract min/max Terraform versions
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Extract Terraform min/max versions
         id: minMax
@@ -26,7 +26,7 @@ jobs:
       maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
   terraform-validate:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: versionExtract
     strategy:
       matrix:
@@ -35,7 +35,7 @@ jobs:
           - ${{ needs.versionExtract.outputs.maxVersion }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ matrix.tf_ver }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.2.0
+    rev: v4.3.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -10,31 +10,19 @@ repos:
       - id: end-of-file-fixer
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.75.0
     hooks:
     - id: terraform_fmt
     - id: terraform_tflint
     - id: terraform_validate
     - id: terraform_checkov
     - id: terraform_docs
       args:
-        - '--args=--hide providers --sort-by required'
-
-  - repo: https://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: v1.0.0
-    hooks:
-    - id: terraform-vars
+        - '--args=--config=.terraform-docs.yml'
 
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.2.0
+    rev: v1.3.0
     hooks:
       - id: detect-secrets
         args: ['--baseline', '.secrets.baseline']
         exclude: terraform.tfstate
-
-  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-    rev: v8.0.0
-    hooks:
-        - id: commitlint
-          stages: [commit-msg]
-          additional_dependencies: ['@commitlint/config-conventional']
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,20 +1,18 @@
 {
-  "custom_plugin_paths": [],
-  "exclude": {
-    "files": null,
-    "lines": null
-  },
-  "generated_at": "2020-09-21T20:48:01Z",
+  "version": "1.3.0",
   "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
     {
       "name": "AWSKeyDetector"
     },
     {
-      "name": "ArtifactoryDetector"
+      "name": "AzureStorageKeyDetector"
     },
     {
-      "base64_limit": 4.5,
-      "name": "Base64HighEntropyString"
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
     },
     {
       "name": "BasicAuthDetector"
@@ -23,8 +21,11 @@
       "name": "CloudantDetector"
     },
     {
-      "hex_limit": 3,
-      "name": "HexHighEntropyString"
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
     },
     {
       "name": "IbmCloudIamDetector"
@@ -36,32 +37,73 @@
       "name": "JwtTokenDetector"
     },
     {
-      "keyword_exclude": null,
-      "name": "KeywordDetector"
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
     },
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
+    {
+      "name": "SendGridDetector"
+    },
     {
       "name": "SlackDetector"
     },
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
     {
       "name": "TwilioKeyDetector"
     }
   ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
   "results": {},
-  "version": "0.14.3",
-  "word_list": {
-    "file": null,
-    "hash": null
-  }
+  "generated_at": "2022-12-15T15:44:37Z"
 }
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -0,0 +1,15 @@
+formatter: markdown table
+
+output:
+  mode: inject
+  template: |-
+    <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+    {{ .Content }}
+    <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+sections:
+  hide:
+    - providers
+
+sort:
+  by: required
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,11 @@
+plugin "terraform" {
+  enabled = true
+  version = "0.1.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  preset  = "recommended"
+}
+plugin "aws" {
+  enabled = true
+  version = "0.17.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}