From b315c1ed27e51896f4a95892e0d0ea2e8f13b7bf Mon Sep 17 00:00:00 2001 From: iameskild Date: Tue, 25 Jan 2022 09:51:44 -0800 Subject: [PATCH 1/5] Create new lint.yaml --- .github/workflows/lint.yaml | 49 +++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/lint.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000000..ef2d1f8d50 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,49 @@ +name: Lint + +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + branches: [main] + +jobs: + Python-linter: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + - name: black Lint + uses: psf/black@stable + - name: flake8 Lint + uses: py-actions/flake8@v2 + with: + max-line-length: "100" + path: "qhub" + + Docker-linter: + runs-on: ubuntu-latest + strategy: + matrix: + dockerfile: + - jupyterlab + - jupyterlab-centos + - jupyterhub + - dask-worker + - dask-worker-centos + - dask-gateway + steps: + - uses: actions/checkout@v2 + - name: Dockerfile Lint + uses: jbergstroem/hadolint-gh-action@v1 + with: + # TODO: update dockerfile location after PR 1003 is merged + dockerfile: ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.${{ matrix.dockerfile }} + output_format: tty + error_level: 0 + + Terraform-linter: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Terraform Lint + uses: actionshub/terraform-lint@main From 2b4a97b7c3184582f9cc15e298a008e1133702f0 Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Tue, 10 May 2022 11:18:32 +0530 Subject: [PATCH 2/5] chore: format terraform files --- .../stages/01-terraform-state/aws/main.tf | 2 +- .../stages/01-terraform-state/azure/main.tf | 8 +- .../stages/01-terraform-state/do/main.tf | 4 +- .../do/modules/spaces/versions.tf | 2 +- .../do/modules/terraform-state/versions.tf | 2 +- .../stages/01-terraform-state/gcp/main.tf | 4 +- .../aws/modules/kubernetes/outputs.tf | 2 +- .../stages/02-infrastructure/aws/outputs.tf | 8 +- .../stages/02-infrastructure/aws/versions.tf | 2 +- .../stages/02-infrastructure/azure/main.tf | 14 +-- .../azure/modules/kubernetes/main.tf | 4 +- .../azure/modules/kubernetes/outputs.tf | 6 +- .../stages/02-infrastructure/azure/outputs.tf | 8 +- .../02-infrastructure/azure/variables.tf | 6 +- .../stages/02-infrastructure/do/main.tf | 8 +- .../do/modules/kubernetes/main.tf | 2 +- .../do/modules/kubernetes/outputs.tf | 2 +- .../do/modules/kubernetes/versions.tf | 2 +- .../do/modules/registry/versions.tf | 2 +- .../stages/02-infrastructure/do/outputs.tf | 6 +- .../stages/02-infrastructure/do/variables.tf | 6 +- .../stages/02-infrastructure/do/versions.tf | 2 +- .../stages/02-infrastructure/gcp/main.tf | 10 +-- .../gcp/modules/kubernetes/main.tf | 20 ++--- .../gcp/modules/kubernetes/outputs.tf | 4 +- .../gcp/modules/kubernetes/variables.tf | 38 ++++---- .../stages/02-infrastructure/gcp/outputs.tf | 6 +- .../stages/02-infrastructure/gcp/variables.tf | 38 ++++---- .../stages/02-infrastructure/gcp/versions.tf | 2 +- .../stages/02-infrastructure/local/main.tf | 6 +- .../stages/03-kubernetes-initialize/main.tf | 4 +- .../modules/nvidia-installer/variables.tf | 6 +- .../03-kubernetes-initialize/variables.tf | 2 +- .../modules/kubernetes/ingress/main.tf | 10 +-- .../modules/kubernetes/ingress/variables.tf | 6 +- .../stages/04-kubernetes-ingress/outputs.tf | 2 +- .../stages/04-kubernetes-ingress/variables.tf | 10 +-- .../kubernetes/keycloak-helm/outputs.tf | 2 +- .../main.tf | 22 ++--- .../variables.tf | 6 +- .../stages/07-kubernetes-services/clearml.tf | 2 +- .../07-kubernetes-services/conda-store.tf | 10 +-- .../07-kubernetes-services/dask_gateway.tf | 6 +- .../07-kubernetes-services/forward-auth.tf | 4 +- .../07-kubernetes-services/jupyterhub.tf | 34 ++++---- .../modules/kubernetes/forwardauth/main.tf | 6 +- .../kubernetes/services/clearml/main.tf | 2 +- .../kubernetes/services/conda-store/server.tf | 16 ++-- .../services/conda-store/storage.tf | 6 +- .../kubernetes/services/dask-gateway/crds.tf | 6 +- .../services/dask-gateway/gateway.tf | 24 +++--- .../kubernetes/services/dask-gateway/main.tf | 2 +- .../services/jupyterhub/configmaps.tf | 10 +-- .../kubernetes/services/jupyterhub/main.tf | 76 ++++++++-------- .../kubernetes/services/jupyterhub/outputs.tf | 6 +- .../services/jupyterhub/variables.tf | 18 ++-- .../services/keycloak-client/main.tf | 10 +-- .../services/keycloak-client/outputs.tf | 4 +- .../modules/kubernetes/services/minio/main.tf | 4 +- .../kubernetes/services/monitoring/main.tf | 40 ++++----- .../services/monitoring/variables.tf | 2 +- .../stages/07-kubernetes-services/outputs.tf | 20 ++--- .../stages/07-kubernetes-services/prefect.tf | 10 +-- .../07-kubernetes-services/variables.tf | 8 +- .../08-qhub-tf-extensions/helm-extension.tf | 16 ++-- .../modules/helm-extensions/variables.tf | 2 +- .../modules/qhubextension/keycloak-config.tf | 2 +- .../modules/qhubextension/locals.tf | 86 +++++++++---------- .../modules/qhubextension/main.tf | 2 +- .../08-qhub-tf-extensions/tf-extensions.tf | 2 +- .../stages/08-qhub-tf-extensions/variables.tf | 2 +- 71 files changed, 367 insertions(+), 367 deletions(-) diff --git a/qhub/template/stages/01-terraform-state/aws/main.tf b/qhub/template/stages/01-terraform-state/aws/main.tf index d0e142d923..cb38df4c2b 100644 --- a/qhub/template/stages/01-terraform-state/aws/main.tf +++ b/qhub/template/stages/01-terraform-state/aws/main.tf @@ -23,7 +23,7 @@ module "terraform-state" { terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "3.73.0" } } diff --git a/qhub/template/stages/01-terraform-state/azure/main.tf b/qhub/template/stages/01-terraform-state/azure/main.tf index f766254d32..f60e608960 100644 --- a/qhub/template/stages/01-terraform-state/azure/main.tf +++ b/qhub/template/stages/01-terraform-state/azure/main.tf @@ -30,10 +30,10 @@ provider "azurerm" { module "terraform-state" { source = "./modules/terraform-state" - name = "${var.name}-${var.namespace}" - resource_group_name = var.state_resource_group_name - location = var.region - storage_account_postfix = var.storage_account_postfix + name = "${var.name}-${var.namespace}" + resource_group_name = var.state_resource_group_name + location = var.region + storage_account_postfix = var.storage_account_postfix } terraform { diff --git a/qhub/template/stages/01-terraform-state/do/main.tf b/qhub/template/stages/01-terraform-state/do/main.tf index c83c74f0f9..b08734a60f 100644 --- a/qhub/template/stages/01-terraform-state/do/main.tf +++ b/qhub/template/stages/01-terraform-state/do/main.tf @@ -20,14 +20,14 @@ provider "digitalocean" { module "terraform-state" { source = "./modules/terraform-state" - name = "${var.name }-${var.namespace}" + name = "${var.name}-${var.namespace}" region = var.region } terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/01-terraform-state/do/modules/spaces/versions.tf b/qhub/template/stages/01-terraform-state/do/modules/spaces/versions.tf index 932bfee7ba..286ef1075a 100644 --- a/qhub/template/stages/01-terraform-state/do/modules/spaces/versions.tf +++ b/qhub/template/stages/01-terraform-state/do/modules/spaces/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/01-terraform-state/do/modules/terraform-state/versions.tf b/qhub/template/stages/01-terraform-state/do/modules/terraform-state/versions.tf index 932bfee7ba..286ef1075a 100644 --- a/qhub/template/stages/01-terraform-state/do/modules/terraform-state/versions.tf +++ b/qhub/template/stages/01-terraform-state/do/modules/terraform-state/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/01-terraform-state/gcp/main.tf b/qhub/template/stages/01-terraform-state/gcp/main.tf index a5012ff8da..01f3c2ff12 100644 --- a/qhub/template/stages/01-terraform-state/gcp/main.tf +++ b/qhub/template/stages/01-terraform-state/gcp/main.tf @@ -16,14 +16,14 @@ variable "region" { module "terraform-state" { source = "./modules/terraform-state" - name = "${var.name }-${var.namespace}" + name = "${var.name}-${var.namespace}" location = var.region } terraform { required_providers { google = { - source = "hashicorp/google" + source = "hashicorp/google" version = "4.8.0" } } diff --git a/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/outputs.tf b/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/outputs.tf index 5c4c74756e..d0736cb951 100644 --- a/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/outputs.tf +++ b/qhub/template/stages/02-infrastructure/aws/modules/kubernetes/outputs.tf @@ -1,6 +1,6 @@ output "credentials" { description = "AWS eks credentials" - sensitive = true + sensitive = true value = { endpoint = aws_eks_cluster.main.endpoint token = data.aws_eks_cluster_auth.main.token diff --git a/qhub/template/stages/02-infrastructure/aws/outputs.tf b/qhub/template/stages/02-infrastructure/aws/outputs.tf index 69d47ae0ec..950b530ba3 100644 --- a/qhub/template/stages/02-infrastructure/aws/outputs.tf +++ b/qhub/template/stages/02-infrastructure/aws/outputs.tf @@ -1,7 +1,7 @@ output "kubernetes_credentials" { description = "Parameters needed to connect to kubernetes cluster" - sensitive = true - value = { + sensitive = true + value = { host = module.kubernetes.credentials.endpoint cluster_ca_certificate = module.kubernetes.credentials.cluster_ca_certificate token = module.kubernetes.credentials.token @@ -11,13 +11,13 @@ output "kubernetes_credentials" { resource "local_file" "kubeconfig" { count = var.kubeconfig_filename != null ? 1 : 0 - content = module.kubernetes.kubeconfig + content = module.kubernetes.kubeconfig filename = var.kubeconfig_filename } output "kubeconfig_filename" { description = "filename for qhub kubeconfig" - value = var.kubeconfig_filename + value = var.kubeconfig_filename } output "nfs_endpoint" { diff --git a/qhub/template/stages/02-infrastructure/aws/versions.tf b/qhub/template/stages/02-infrastructure/aws/versions.tf index 8a4901aef5..54fc973d6a 100644 --- a/qhub/template/stages/02-infrastructure/aws/versions.tf +++ b/qhub/template/stages/02-infrastructure/aws/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "3.73.0" } } diff --git a/qhub/template/stages/02-infrastructure/azure/main.tf b/qhub/template/stages/02-infrastructure/azure/main.tf index d2f730bd83..803245bd4f 100644 --- a/qhub/template/stages/02-infrastructure/azure/main.tf +++ b/qhub/template/stages/02-infrastructure/azure/main.tf @@ -5,7 +5,7 @@ resource "azurerm_resource_group" "resource_group" { module "registry" { - source = "./modules/registry" + source = "./modules/registry" name = "${var.name}${var.environment}" location = var.region @@ -16,17 +16,17 @@ module "registry" { module "kubernetes" { source = "./modules/kubernetes" - name = "${var.name}-${var.environment}" - environment = var.environment - location = var.region - resource_group_name = azurerm_resource_group.resource_group.name + name = "${var.name}-${var.environment}" + environment = var.environment + location = var.region + resource_group_name = azurerm_resource_group.resource_group.name # Azure requires that a new, non-existent Resource Group is used, as otherwise # the provisioning of the Kubernetes Service will fail. node_resource_group_name = var.node_resource_group_name kubernetes_version = var.kubernetes_version node_groups = [ - for name, config in var.node_groups: { + for name, config in var.node_groups : { name = name auto_scale = true instance_type = config.instance @@ -34,6 +34,6 @@ module "kubernetes" { max_size = config.max_nodes } ] - vnet_subnet_id = var.vnet_subnet_id + vnet_subnet_id = var.vnet_subnet_id private_cluster_enabled = var.private_cluster_enabled } diff --git a/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/main.tf b/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/main.tf index 2adb51ab04..43ea605795 100644 --- a/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/main.tf +++ b/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/main.tf @@ -8,12 +8,12 @@ resource "azurerm_kubernetes_cluster" "main" { dns_prefix = "Qhub" # required # Azure requires that a new, non-existent Resource Group is used, as otherwise the provisioning of the Kubernetes Service will fail. - node_resource_group = var.node_resource_group_name + node_resource_group = var.node_resource_group_name private_cluster_enabled = var.private_cluster_enabled kubernetes_version = var.kubernetes_version default_node_pool { - vnet_subnet_id = var.vnet_subnet_id + vnet_subnet_id = var.vnet_subnet_id name = var.node_groups[0].name node_count = 1 vm_size = var.node_groups[0].instance_type diff --git a/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/outputs.tf b/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/outputs.tf index ebacfe889c..35d7b048b9 100644 --- a/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/outputs.tf +++ b/qhub/template/stages/02-infrastructure/azure/modules/kubernetes/outputs.tf @@ -1,6 +1,6 @@ output "credentials" { description = "Credentials required for connecting to kubernetes cluster" - sensitive = true + sensitive = true value = { # see bottom of https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster endpoint = azurerm_kubernetes_cluster.main.kube_config.0.host @@ -14,6 +14,6 @@ output "credentials" { output "kubeconfig" { description = "Kubernetes connection kubeconfig" - sensitive = true - value = azurerm_kubernetes_cluster.main.kube_config_raw + sensitive = true + value = azurerm_kubernetes_cluster.main.kube_config_raw } diff --git a/qhub/template/stages/02-infrastructure/azure/outputs.tf b/qhub/template/stages/02-infrastructure/azure/outputs.tf index 67b8279737..3d383f414f 100644 --- a/qhub/template/stages/02-infrastructure/azure/outputs.tf +++ b/qhub/template/stages/02-infrastructure/azure/outputs.tf @@ -1,7 +1,7 @@ output "kubernetes_credentials" { description = "Parameters needed to connect to kubernetes cluster" - sensitive = true - value = { + sensitive = true + value = { username = module.kubernetes.credentials.username password = module.kubernetes.credentials.password client_certificate = module.kubernetes.credentials.client_certificate @@ -14,11 +14,11 @@ output "kubernetes_credentials" { resource "local_file" "kubeconfig" { count = var.kubeconfig_filename != null ? 1 : 0 - content = module.kubernetes.kubeconfig + content = module.kubernetes.kubeconfig filename = var.kubeconfig_filename } output "kubeconfig_filename" { description = "filename for qhub kubeconfig" - value = var.kubeconfig_filename + value = var.kubeconfig_filename } diff --git a/qhub/template/stages/02-infrastructure/azure/variables.tf b/qhub/template/stages/02-infrastructure/azure/variables.tf index 1e8a64e8b6..c75b5edea7 100644 --- a/qhub/template/stages/02-infrastructure/azure/variables.tf +++ b/qhub/template/stages/02-infrastructure/azure/variables.tf @@ -21,9 +21,9 @@ variable "kubernetes_version" { variable "node_groups" { description = "Azure node groups" type = map(object({ - instance = string - min_nodes = number - max_nodes = number + instance = string + min_nodes = number + max_nodes = number })) } diff --git a/qhub/template/stages/02-infrastructure/do/main.tf b/qhub/template/stages/02-infrastructure/do/main.tf index 41b68a2374..69dfe73145 100644 --- a/qhub/template/stages/02-infrastructure/do/main.tf +++ b/qhub/template/stages/02-infrastructure/do/main.tf @@ -7,12 +7,12 @@ module "kubernetes" { kubernetes_version = var.kubernetes_version node_groups = [ - for name, config in var.node_groups: { + for name, config in var.node_groups : { name = name auto_scale = true - size = config.instance - min_nodes = config.min_nodes - max_nodes = config.max_nodes + size = config.instance + min_nodes = config.min_nodes + max_nodes = config.max_nodes } ] diff --git a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/main.tf b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/main.tf index 0e5e81ae8d..f39abcecc4 100644 --- a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/main.tf +++ b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/main.tf @@ -28,7 +28,7 @@ resource "digitalocean_kubernetes_node_pool" "main" { max_nodes = lookup(local.additional_node_groups[count.index], "max_nodes", 1) labels = { - "qhub.dev/node_group": local.additional_node_groups[count.index].name + "qhub.dev/node_group" : local.additional_node_groups[count.index].name } tags = var.tags diff --git a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/outputs.tf b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/outputs.tf index 77052edc99..e2e1c2c6be 100644 --- a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/outputs.tf +++ b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/outputs.tf @@ -12,5 +12,5 @@ output "credentials" { output "kubeconfig" { description = "Kubeconfig for connecting to kubernetes cluster" - value = digitalocean_kubernetes_cluster.main.kube_config.0.raw_config + value = digitalocean_kubernetes_cluster.main.kube_config.0.raw_config } diff --git a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/versions.tf b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/versions.tf index 932bfee7ba..286ef1075a 100644 --- a/qhub/template/stages/02-infrastructure/do/modules/kubernetes/versions.tf +++ b/qhub/template/stages/02-infrastructure/do/modules/kubernetes/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/02-infrastructure/do/modules/registry/versions.tf b/qhub/template/stages/02-infrastructure/do/modules/registry/versions.tf index 932bfee7ba..286ef1075a 100644 --- a/qhub/template/stages/02-infrastructure/do/modules/registry/versions.tf +++ b/qhub/template/stages/02-infrastructure/do/modules/registry/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/02-infrastructure/do/outputs.tf b/qhub/template/stages/02-infrastructure/do/outputs.tf index e421f18bf2..38848a015a 100644 --- a/qhub/template/stages/02-infrastructure/do/outputs.tf +++ b/qhub/template/stages/02-infrastructure/do/outputs.tf @@ -1,7 +1,7 @@ output "kubernetes_credentials" { description = "Parameters needed to connect to kubernetes cluster" sensitive = true - value = { + value = { host = module.kubernetes.credentials.endpoint cluster_ca_certificate = module.kubernetes.credentials.cluster_ca_certificate token = module.kubernetes.credentials.token @@ -11,11 +11,11 @@ output "kubernetes_credentials" { resource "local_file" "kubeconfig" { count = var.kubeconfig_filename != null ? 1 : 0 - content = module.kubernetes.kubeconfig + content = module.kubernetes.kubeconfig filename = var.kubeconfig_filename } output "kubeconfig_filename" { description = "filename for qhub kubeconfig" - value = var.kubeconfig_filename + value = var.kubeconfig_filename } diff --git a/qhub/template/stages/02-infrastructure/do/variables.tf b/qhub/template/stages/02-infrastructure/do/variables.tf index 1ffebd1658..ca096f7bf8 100644 --- a/qhub/template/stages/02-infrastructure/do/variables.tf +++ b/qhub/template/stages/02-infrastructure/do/variables.tf @@ -27,9 +27,9 @@ variable "kubernetes_version" { variable "node_groups" { description = "DigitalOcean node groups" type = map(object({ - instance = string - min_nodes = number - max_nodes = number + instance = string + min_nodes = number + max_nodes = number })) } diff --git a/qhub/template/stages/02-infrastructure/do/versions.tf b/qhub/template/stages/02-infrastructure/do/versions.tf index 932bfee7ba..286ef1075a 100644 --- a/qhub/template/stages/02-infrastructure/do/versions.tf +++ b/qhub/template/stages/02-infrastructure/do/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { digitalocean = { - source = "digitalocean/digitalocean" + source = "digitalocean/digitalocean" version = "2.17.0" } } diff --git a/qhub/template/stages/02-infrastructure/gcp/main.tf b/qhub/template/stages/02-infrastructure/gcp/main.tf index cd2a149762..35cb0fca81 100644 --- a/qhub/template/stages/02-infrastructure/gcp/main.tf +++ b/qhub/template/stages/02-infrastructure/gcp/main.tf @@ -26,10 +26,10 @@ module "kubernetes" { "https://www.googleapis.com/auth/cloud-platform" ] - node_groups = var.node_groups - network = var.network - subnetwork = var.subnetwork - ip_allocation_policy = var.ip_allocation_policy + node_groups = var.node_groups + network = var.network + subnetwork = var.subnetwork + ip_allocation_policy = var.ip_allocation_policy master_authorized_networks_config = var.master_authorized_networks_config - private_cluster_config = var.private_cluster_config + private_cluster_config = var.private_cluster_config } diff --git a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/main.tf b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/main.tf index ed07b937e8..6bb36ac7fa 100644 --- a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/main.tf +++ b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/main.tf @@ -20,16 +20,16 @@ resource "google_container_cluster" "main" { } networking_mode = var.networking_mode - network = var.network - subnetwork = var.subnetwork + network = var.network + subnetwork = var.subnetwork dynamic "ip_allocation_policy" { for_each = var.ip_allocation_policy == null ? [] : [1] content { - cluster_secondary_range_name = var.ip_allocation_policy.cluster_secondary_range_name - services_secondary_range_name = var.ip_allocation_policy.services_secondary_range_name - cluster_ipv4_cidr_block = var.ip_allocation_policy.cluster_ipv4_cidr_block - services_ipv4_cidr_block = var.ip_allocation_policy.services_ipv4_cidr_block + cluster_secondary_range_name = var.ip_allocation_policy.cluster_secondary_range_name + services_secondary_range_name = var.ip_allocation_policy.services_secondary_range_name + cluster_ipv4_cidr_block = var.ip_allocation_policy.cluster_ipv4_cidr_block + services_ipv4_cidr_block = var.ip_allocation_policy.services_ipv4_cidr_block } } @@ -37,7 +37,7 @@ resource "google_container_cluster" "main" { for_each = var.master_authorized_networks_config == null ? [] : [1] content { cidr_blocks { - cidr_block = var.master_authorized_networks_config.cidr_blocks.cidr_block + cidr_block = var.master_authorized_networks_config.cidr_blocks.cidr_block display_name = var.master_authorized_networks_config.cidr_blocks.display_name } } @@ -46,9 +46,9 @@ resource "google_container_cluster" "main" { dynamic "private_cluster_config" { for_each = var.private_cluster_config == null ? [] : [1] content { - enable_private_nodes = var.private_cluster_config.enable_private_nodes - enable_private_endpoint = var.private_cluster_config.enable_private_endpoint - master_ipv4_cidr_block = var.private_cluster_config.master_ipv4_cidr_block + enable_private_nodes = var.private_cluster_config.enable_private_nodes + enable_private_endpoint = var.private_cluster_config.enable_private_endpoint + master_ipv4_cidr_block = var.private_cluster_config.master_ipv4_cidr_block } } diff --git a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/outputs.tf b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/outputs.tf index 4276d042ba..bfb5463295 100644 --- a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/outputs.tf +++ b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/outputs.tf @@ -1,6 +1,6 @@ output "credentials" { description = "Credentials required for connecting to kubernets cluster" - sensitive = true + sensitive = true value = { endpoint = "https://${google_container_cluster.main.endpoint}" token = data.google_client_config.main.access_token @@ -15,7 +15,7 @@ data "google_client_config" "provider" {} output "kubeconfig" { description = "Kubeconfig for connecting to kubernetes cluster" - sensitive = true + sensitive = true value = templatefile("${path.module}/templates/kubeconfig.yaml", { context = google_container_cluster.main.name cluster_ca_certificate = google_container_cluster.main.master_auth[0].cluster_ca_certificate diff --git a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/variables.tf b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/variables.tf index 4490915990..b19f817ae7 100644 --- a/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/variables.tf +++ b/qhub/template/stages/02-infrastructure/gcp/modules/kubernetes/variables.tf @@ -87,50 +87,50 @@ variable "node_group_defaults" { variable "networking_mode" { description = "Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES." - type = string - default = "ROUTES" + type = string + default = "ROUTES" } variable "network" { description = "Name of the VPC network, where the cluster should be deployed" - type = string - default = "default" + type = string + default = "default" } variable "subnetwork" { description = "Name of the subnet for deploying cluster into" - type = string - default = null + type = string + default = null } variable "ip_allocation_policy" { description = "Configuration of cluster IP allocation for VPC-native clusters." type = map(object({ - cluster_secondary_range_name = string - services_secondary_range_name = string - cluster_ipv4_cidr_block = string - services_ipv4_cidr_block = string + cluster_secondary_range_name = string + services_secondary_range_name = string + cluster_ipv4_cidr_block = string + services_ipv4_cidr_block = string })) default = null } variable "master_authorized_networks_config" { description = "The desired configuration options for master authorized networks" - type = map(object({ - cidr_blocks = map(object({ - cidr_block = string + type = map(object({ + cidr_blocks = map(object({ + cidr_block = string display_name = string })) })) - default = null + default = null } variable "private_cluster_config" { description = "Configuration for private clusters, clusters with private nodes." - type = map(object({ - enable_private_nodes = bool - enable_private_endpoint = bool - master_ipv4_cidr_block = string + type = map(object({ + enable_private_nodes = bool + enable_private_endpoint = bool + master_ipv4_cidr_block = string })) - default = null + default = null } diff --git a/qhub/template/stages/02-infrastructure/gcp/outputs.tf b/qhub/template/stages/02-infrastructure/gcp/outputs.tf index e421f18bf2..38848a015a 100644 --- a/qhub/template/stages/02-infrastructure/gcp/outputs.tf +++ b/qhub/template/stages/02-infrastructure/gcp/outputs.tf @@ -1,7 +1,7 @@ output "kubernetes_credentials" { description = "Parameters needed to connect to kubernetes cluster" sensitive = true - value = { + value = { host = module.kubernetes.credentials.endpoint cluster_ca_certificate = module.kubernetes.credentials.cluster_ca_certificate token = module.kubernetes.credentials.token @@ -11,11 +11,11 @@ output "kubernetes_credentials" { resource "local_file" "kubeconfig" { count = var.kubeconfig_filename != null ? 1 : 0 - content = module.kubernetes.kubeconfig + content = module.kubernetes.kubeconfig filename = var.kubeconfig_filename } output "kubeconfig_filename" { description = "filename for qhub kubeconfig" - value = var.kubeconfig_filename + value = var.kubeconfig_filename } diff --git a/qhub/template/stages/02-infrastructure/gcp/variables.tf b/qhub/template/stages/02-infrastructure/gcp/variables.tf index 7484e34b81..64bddd1c3b 100644 --- a/qhub/template/stages/02-infrastructure/gcp/variables.tf +++ b/qhub/template/stages/02-infrastructure/gcp/variables.tf @@ -44,50 +44,50 @@ variable "tags" { variable "networking_mode" { description = "Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES." - type = string - default = "ROUTES" + type = string + default = "ROUTES" } variable "network" { description = "Name of the VPC network, where the cluster should be deployed" - type = string - default = "default" + type = string + default = "default" } variable "subnetwork" { description = "Name of the subnet for deploying cluster into" - type = string - default = null + type = string + default = null } variable "ip_allocation_policy" { description = "Configuration of cluster IP allocation for VPC-native clusters." type = map(object({ - cluster_secondary_range_name = string - services_secondary_range_name = string - cluster_ipv4_cidr_block = string - services_ipv4_cidr_block = string + cluster_secondary_range_name = string + services_secondary_range_name = string + cluster_ipv4_cidr_block = string + services_ipv4_cidr_block = string })) default = null } variable "master_authorized_networks_config" { description = "The desired configuration options for master authorized networks" - type = map(object({ - cidr_blocks = map(object({ - cidr_block = string + type = map(object({ + cidr_blocks = map(object({ + cidr_block = string display_name = string })) })) - default = null + default = null } variable "private_cluster_config" { description = "Configuration for private clusters, clusters with private nodes." - type = map(object({ - enable_private_nodes = bool - enable_private_endpoint = bool - master_ipv4_cidr_block = string + type = map(object({ + enable_private_nodes = bool + enable_private_endpoint = bool + master_ipv4_cidr_block = string })) - default = null + default = null } diff --git a/qhub/template/stages/02-infrastructure/gcp/versions.tf b/qhub/template/stages/02-infrastructure/gcp/versions.tf index e994bef7f1..ddea3c185c 100644 --- a/qhub/template/stages/02-infrastructure/gcp/versions.tf +++ b/qhub/template/stages/02-infrastructure/gcp/versions.tf @@ -1,7 +1,7 @@ terraform { required_providers { google = { - source = "hashicorp/google" + source = "hashicorp/google" version = "4.8.0" } } diff --git a/qhub/template/stages/02-infrastructure/local/main.tf b/qhub/template/stages/02-infrastructure/local/main.tf index f2ad3e2aa1..4383e8294c 100644 --- a/qhub/template/stages/02-infrastructure/local/main.tf +++ b/qhub/template/stages/02-infrastructure/local/main.tf @@ -5,13 +5,13 @@ variable "kube_context" { output "kubernetes_credentials" { description = "Parameters needed to connect to kubernetes cluster locally" - value = { - config_path = pathexpand("~/.kube/config") + value = { + config_path = pathexpand("~/.kube/config") config_context = var.kube_context } } output "kubeconfig_filename" { description = "filename for qhub kubeconfig" - value = pathexpand("~/.kube/config") + value = pathexpand("~/.kube/config") } diff --git a/qhub/template/stages/03-kubernetes-initialize/main.tf b/qhub/template/stages/03-kubernetes-initialize/main.tf index 58f7491d2d..1a0fae9249 100644 --- a/qhub/template/stages/03-kubernetes-initialize/main.tf +++ b/qhub/template/stages/03-kubernetes-initialize/main.tf @@ -25,7 +25,7 @@ module "nvidia-driver-installer" { source = "./modules/nvidia-installer" - cloud-provider = var.cloud-provider - gpu_enabled = var.gpu_enabled + cloud-provider = var.cloud-provider + gpu_enabled = var.gpu_enabled gpu_node_group_names = var.gpu_node_group_names } diff --git a/qhub/template/stages/03-kubernetes-initialize/modules/nvidia-installer/variables.tf b/qhub/template/stages/03-kubernetes-initialize/modules/nvidia-installer/variables.tf index fa8bc9ea5c..1c3e60f3d6 100644 --- a/qhub/template/stages/03-kubernetes-initialize/modules/nvidia-installer/variables.tf +++ b/qhub/template/stages/03-kubernetes-initialize/modules/nvidia-installer/variables.tf @@ -1,14 +1,14 @@ variable "gpu_node_group_names" { description = "Names of node groups with GPU" - default = [] + default = [] } variable "gpu_enabled" { description = "Enable GPU support" - default = false + default = false } variable "cloud-provider" { description = "Name of cloud-provider" - type = string + type = string } diff --git a/qhub/template/stages/03-kubernetes-initialize/variables.tf b/qhub/template/stages/03-kubernetes-initialize/variables.tf index 23e89af63e..54353b1028 100644 --- a/qhub/template/stages/03-kubernetes-initialize/variables.tf +++ b/qhub/template/stages/03-kubernetes-initialize/variables.tf @@ -30,5 +30,5 @@ variable "gpu_enabled" { variable "gpu_node_group_names" { description = "Names of node groups with GPU" - default = [] + default = [] } diff --git a/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/main.tf b/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/main.tf index 32a2848996..3e1cb63926 100644 --- a/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/main.tf +++ b/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/main.tf @@ -110,7 +110,7 @@ resource "kubernetes_service" "main" { target_port = 8786 } - type = "LoadBalancer" + type = "LoadBalancer" load_balancer_ip = var.load-balancer-ip } } @@ -237,14 +237,14 @@ resource "kubernetes_deployment" "main" { # Enable debug logging. Useful to work out why something might not be # working. Fetch logs of the pod. "--log.level=${var.loglevel}", - ], var.enable-certificates ? [ + ], var.enable-certificates ? [ "--entrypoints.websecure.http.tls.certResolver=letsencrypt", "--entrypoints.minio.http.tls.certResolver=letsencrypt", "--certificatesresolvers.letsencrypt.acme.tlschallenge", "--certificatesresolvers.letsencrypt.acme.email=${var.acme-email}", "--certificatesresolvers.letsencrypt.acme.storage=acme.json", "--certificatesresolvers.letsencrypt.acme.caserver=${var.acme-server}", - ] : [ + ] : [ # ideally we could write "--entrypoints.websecure.http.tls={}" # but this doesn't seem to work? # since all we want to do is trigger traefik to generate a certificate @@ -325,9 +325,9 @@ resource "kubernetes_manifest" "tlsstore_default" { count = var.certificate-secret-name != null ? 1 : 0 manifest = { "apiVersion" = "traefik.containo.us/v1alpha1" - "kind" = "TLSStore" + "kind" = "TLSStore" "metadata" = { - "name" = "default" + "name" = "default" "namespace" = var.namespace } "spec" = { diff --git a/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/variables.tf b/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/variables.tf index d30bb93346..af58645cb2 100644 --- a/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/variables.tf +++ b/qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/variables.tf @@ -61,13 +61,13 @@ variable "certificate-secret-name" { variable "load-balancer-ip" { description = "IP Address of the load balancer" - type = string - default = null + type = string + default = null } variable "load-balancer-annotations" { description = "Annotations for the load balancer" - type = map(object({ + type = map(object({ key = string value = string })) diff --git a/qhub/template/stages/04-kubernetes-ingress/outputs.tf b/qhub/template/stages/04-kubernetes-ingress/outputs.tf index 7f9c5cc56a..33cff35c36 100644 --- a/qhub/template/stages/04-kubernetes-ingress/outputs.tf +++ b/qhub/template/stages/04-kubernetes-ingress/outputs.tf @@ -1,4 +1,4 @@ output "load_balancer_address" { description = "traefik load balancer address" - value = module.kubernetes-ingress.endpoint + value = module.kubernetes-ingress.endpoint } diff --git a/qhub/template/stages/04-kubernetes-ingress/variables.tf b/qhub/template/stages/04-kubernetes-ingress/variables.tf index 85929c4fb1..3e02e85b29 100644 --- a/qhub/template/stages/04-kubernetes-ingress/variables.tf +++ b/qhub/template/stages/04-kubernetes-ingress/variables.tf @@ -10,8 +10,8 @@ variable "environment" { variable "node_groups" { description = "Node group selectors for kubernetes resources" - type = map(object({ - key = string + type = map(object({ + key = string value = string })) } @@ -42,14 +42,14 @@ variable "certificate-secret-name" { variable "load-balancer-ip" { description = "IP Address of the load balancer" - type = string - default = null + type = string + default = null } variable "load-balancer-annotations" { description = "Annotations for the load balancer" - type = map(object({ + type = map(object({ key = string value = string })) diff --git a/qhub/template/stages/05-kubernetes-keycloak/modules/kubernetes/keycloak-helm/outputs.tf b/qhub/template/stages/05-kubernetes-keycloak/modules/kubernetes/keycloak-helm/outputs.tf index ed42d2b876..e8b11c027c 100644 --- a/qhub/template/stages/05-kubernetes-keycloak/modules/kubernetes/keycloak-helm/outputs.tf +++ b/qhub/template/stages/05-kubernetes-keycloak/modules/kubernetes/keycloak-helm/outputs.tf @@ -1,7 +1,7 @@ output "credentials" { description = "keycloak admin credentials" sensitive = true - value = { + value = { url = "https://${var.external-url}" client_id = "admin-cli" realm = "master" diff --git a/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf b/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf index dfa8a99a9a..32a1e582b0 100644 --- a/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf +++ b/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf @@ -2,7 +2,7 @@ resource "keycloak_realm" "main" { realm = var.realm display_name = var.realm_display_name - + direct_grant_flow = "direct grant" enabled = true browser_flow = "browser" @@ -10,28 +10,28 @@ resource "keycloak_realm" "main" { user_managed_access = false ssl_required = "external" registration_flow = "registration" - + refresh_token_max_reuse = 0 reset_credentials_flow = "reset credentials" client_authentication_flow = "clients" docker_authentication_flow = "docker auth" offline_session_max_lifespan_enabled = false - - web_authn_policy { + + web_authn_policy { } - + web_authn_passwordless_policy { } } resource "keycloak_group" "groups" { - for_each = var.keycloak_groups - realm_id = keycloak_realm.main.id - name = each.key + for_each = var.keycloak_groups + realm_id = keycloak_realm.main.id + name = each.key attributes = {} - + lifecycle { ignore_changes = [ attributes, @@ -40,9 +40,9 @@ resource "keycloak_group" "groups" { } resource "keycloak_default_groups" "default" { - realm_id = keycloak_realm.main.id + realm_id = keycloak_realm.main.id group_ids = [ - for g in var.default_groups: + for g in var.default_groups : keycloak_group.groups[g].id ] } diff --git a/qhub/template/stages/06-kubernetes-keycloak-configuration/variables.tf b/qhub/template/stages/06-kubernetes-keycloak-configuration/variables.tf index 350bcbc137..0118094d8b 100644 --- a/qhub/template/stages/06-kubernetes-keycloak-configuration/variables.tf +++ b/qhub/template/stages/06-kubernetes-keycloak-configuration/variables.tf @@ -10,13 +10,13 @@ variable "realm_display_name" { variable "keycloak_groups" { description = "Permission groups in keycloak used for granting access to services" - type = set(string) - default = [] + type = set(string) + default = [] } variable "authentication" { description = "Authentication configuration for keycloak" - type = any + type = any } variable "default_groups" { diff --git a/qhub/template/stages/07-kubernetes-services/clearml.tf b/qhub/template/stages/07-kubernetes-services/clearml.tf index 42b01fc7cc..59c5ceba4b 100644 --- a/qhub/template/stages/07-kubernetes-services/clearml.tf +++ b/qhub/template/stages/07-kubernetes-services/clearml.tf @@ -23,7 +23,7 @@ variable "clearml-overrides" { module "clearml" { count = var.clearml-enabled ? 1 : 0 - source = "./modules/kubernetes/services/clearml" + source = "./modules/kubernetes/services/clearml" namespace = var.environment external-url = var.endpoint diff --git a/qhub/template/stages/07-kubernetes-services/conda-store.tf b/qhub/template/stages/07-kubernetes-services/conda-store.tf index c8f47a2468..313fd1d8e3 100644 --- a/qhub/template/stages/07-kubernetes-services/conda-store.tf +++ b/qhub/template/stages/07-kubernetes-services/conda-store.tf @@ -1,7 +1,7 @@ # ======================= VARIABLES ====================== variable "conda-store-environments" { description = "Conda-Store managed environments" - default = {} + default = {} } variable "conda-store-filesystem-storage" { @@ -31,8 +31,8 @@ variable "conda-store-image" { module "kubernetes-conda-store-server" { source = "./modules/kubernetes/services/conda-store" - name = "qhub" - namespace = var.environment + name = "qhub" + namespace = var.environment external-url = var.endpoint realm_id = var.realm_id @@ -41,8 +41,8 @@ module "kubernetes-conda-store-server" { minio_capacity = coalesce(var.conda-store-object-storage, var.conda-store-filesystem-storage) node-group = var.node_groups.general conda-store-image = var.conda-store-image - environments = { - for filename, environment in var.conda-store-environments: + environments = { + for filename, environment in var.conda-store-environments : filename => yamlencode(environment) } } diff --git a/qhub/template/stages/07-kubernetes-services/dask_gateway.tf b/qhub/template/stages/07-kubernetes-services/dask_gateway.tf index 7fc7ee3d42..54ebc5f857 100644 --- a/qhub/template/stages/07-kubernetes-services/dask_gateway.tf +++ b/qhub/template/stages/07-kubernetes-services/dask_gateway.tf @@ -9,7 +9,7 @@ variable "dask-worker-image" { variable "dask-gateway-profiles" { description = "Dask Gateway profiles to expose to user" - default = [] + default = [] } @@ -23,7 +23,7 @@ module "dask-gateway" { external-url = var.endpoint - cluster-image = var.dask-worker-image + cluster-image = var.dask-worker-image general-node-group = var.node_groups.general worker-node-group = var.node_groups.worker @@ -32,7 +32,7 @@ module "dask-gateway" { dask-etc-configmap-name = "dask-etc" # environments - conda-store-pvc = module.conda-store-nfs-mount.persistent_volume_claim.name + conda-store-pvc = module.conda-store-nfs-mount.persistent_volume_claim.name conda-store-mount = "/home/conda" # profiles diff --git a/qhub/template/stages/07-kubernetes-services/forward-auth.tf b/qhub/template/stages/07-kubernetes-services/forward-auth.tf index c53bd6275c..3cb4e827e2 100644 --- a/qhub/template/stages/07-kubernetes-services/forward-auth.tf +++ b/qhub/template/stages/07-kubernetes-services/forward-auth.tf @@ -1,9 +1,9 @@ module "forwardauth" { - source = "./modules/kubernetes/forwardauth" + source = "./modules/kubernetes/forwardauth" namespace = var.environment external-url = var.endpoint realm_id = var.realm_id - node-group = var.node_groups.general + node-group = var.node_groups.general } diff --git a/qhub/template/stages/07-kubernetes-services/jupyterhub.tf b/qhub/template/stages/07-kubernetes-services/jupyterhub.tf index 4defc42dbd..c75e7f4da9 100644 --- a/qhub/template/stages/07-kubernetes-services/jupyterhub.tf +++ b/qhub/template/stages/07-kubernetes-services/jupyterhub.tf @@ -1,20 +1,20 @@ variable "cdsdashboards" { description = "Enable CDS Dashboards" - type = object({ - enabled = bool - cds_hide_user_named_servers = bool + type = object({ + enabled = bool + cds_hide_user_named_servers = bool cds_hide_user_dashboard_servers = bool }) - default = { - enabled = true - cds_hide_user_named_servers = true + default = { + enabled = true + cds_hide_user_named_servers = true cds_hide_user_dashboard_servers = false } } variable "jupyterhub-theme" { description = "JupyterHub theme" - type = map + type = map(any) default = {} } @@ -53,7 +53,7 @@ variable "jupyterlab-image" { variable "jupyterlab-profiles" { description = "JupyterHub profiles to expose to user" - default = [] + default = [] } @@ -90,7 +90,7 @@ module "jupyterhub" { namespace = var.environment external-url = var.endpoint - realm_id = var.realm_id + realm_id = var.realm_id overrides = var.jupyterhub-overrides @@ -98,15 +98,15 @@ module "jupyterhub" { shared-pvc = module.jupyterhub-nfs-mount.persistent_volume_claim.name - conda-store-pvc = module.conda-store-nfs-mount.persistent_volume_claim.name - conda-store-mount = "/home/conda" + conda-store-pvc = module.conda-store-nfs-mount.persistent_volume_claim.name + conda-store-mount = "/home/conda" conda-store-environments = var.conda-store-environments extra-mounts = { - "/etc/dask" = { - name = "dask-etc" + "/etc/dask" = { + name = "dask-etc" namespace = var.environment - kind = "configmap" + kind = "configmap" }, } @@ -115,14 +115,14 @@ module "jupyterhub" { ], (var.prefect-enabled ? ["prefect"] : [])) general-node-group = var.node_groups.general - user-node-group = var.node_groups.user + user-node-group = var.node_groups.user jupyterhub-image = var.jupyterhub-image jupyterlab-image = var.jupyterlab-image - cdsdashboards = var.cdsdashboards + cdsdashboards = var.cdsdashboards - theme = var.jupyterhub-theme + theme = var.jupyterhub-theme profiles = var.jupyterlab-profiles jupyterhub-logout-redirect-url = var.jupyterhub-logout-redirect-url diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/forwardauth/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/forwardauth/main.tf index 61fb7cc3e3..6d9eb126ea 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/forwardauth/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/forwardauth/main.tf @@ -2,7 +2,7 @@ module "forwardauth-openid-client" { source = "../services/keycloak-client" realm_id = var.realm_id - client_id = "forwardauth" + client_id = "forwardauth" external-url = var.external-url callback-url-paths = [ "https://${var.external-url}${var.callback-url-path}" @@ -77,12 +77,12 @@ resource "kubernetes_deployment" "forwardauth-deployment" { } env { - name = "PROVIDERS_GENERIC_OAUTH_TOKEN_URL" + name = "PROVIDERS_GENERIC_OAUTH_TOKEN_URL" value = module.forwardauth-openid-client.config.token_url } env { - name = "PROVIDERS_GENERIC_OAUTH_USER_URL" + name = "PROVIDERS_GENERIC_OAUTH_USER_URL" value = module.forwardauth-openid-client.config.userinfo_url } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/clearml/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/clearml/main.tf index c38b450619..c14f831f2f 100755 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/clearml/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/clearml/main.tf @@ -3,7 +3,7 @@ resource "helm_release" "clearml" { namespace = var.namespace chart = "${path.module}/chart" dependency_update = true - values = concat([ + values = concat([ file("${path.module}/chart/values.yaml") ], var.overrides) diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/server.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/server.tf index 7383c7fcd9..2486ce4b02 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/server.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/server.tf @@ -7,15 +7,15 @@ resource "kubernetes_config_map" "conda-store-config" { data = { "conda_store_config.py" = templatefile( "${path.module}/config/conda_store_config.py", { - external-url = var.external-url - minio-username = module.minio.root_username - minio-password = module.minio.root_password - minio-service = module.minio.service + external-url = var.external-url + minio-username = module.minio.root_username + minio-password = module.minio.root_password + minio-service = module.minio.service postgres-username = module.postgresql.root_username postgres-password = module.postgresql.root_password postgres-service = module.postgresql.service openid-config = module.conda-store-openid-client.config - }) + }) } } @@ -24,12 +24,12 @@ module "conda-store-openid-client" { source = "../keycloak-client" realm_id = var.realm_id - client_id = "conda_store" + client_id = "conda_store" external-url = var.external-url role_mapping = { - "admin" = ["conda_store_admin"] + "admin" = ["conda_store_admin"] "developer" = ["conda_store_developer"] - "analyst" = ["conda_store_developer"] + "analyst" = ["conda_store_developer"] } callback-url-paths = [ "https://${var.external-url}/conda-store/oauth_callback" diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/storage.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/storage.tf index 4708ad76de..d946c84c87 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/storage.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/storage.tf @@ -1,8 +1,8 @@ module "minio" { source = "../minio" - name = "qhub-conda-store" - namespace = var.namespace + name = "qhub-conda-store" + namespace = var.namespace external-url = var.external-url node-group = var.node-group @@ -18,7 +18,7 @@ module "minio" { module "postgresql" { source = "../postgresql" - name = "qhub-conda-store" + name = "qhub-conda-store" namespace = var.namespace node-group = var.node-group diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/crds.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/crds.tf index 781cd67d0c..65ddf7c01f 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/crds.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/crds.tf @@ -6,7 +6,7 @@ resource "kubernetes_manifest" "main" { name = "daskclusters.gateway.dask.org" } spec = { - group = "gateway.dask.org" + group = "gateway.dask.org" names = { kind = "DaskCluster" listKind = "DaskClusterList" @@ -15,8 +15,8 @@ resource "kubernetes_manifest" "main" { } scope = "Namespaced" versions = [{ - name = "v1alpha1" - served = true + name = "v1alpha1" + served = true storage = true subresources = { status = {} diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/gateway.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/gateway.tf index dd0a5227f0..4ac86b5985 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/gateway.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/gateway.tf @@ -6,20 +6,20 @@ resource "kubernetes_secret" "gateway" { data = { "config.json" = jsonencode({ - jupyterhub_api_token = var.jupyterhub_api_token - jupyterhub_api_url = var.jupyterhub_api_url - gateway_service_name = kubernetes_service.gateway.metadata.0.name - gateway_service_namespace = kubernetes_service.gateway.metadata.0.namespace + jupyterhub_api_token = var.jupyterhub_api_token + jupyterhub_api_url = var.jupyterhub_api_url + gateway_service_name = kubernetes_service.gateway.metadata.0.name + gateway_service_namespace = kubernetes_service.gateway.metadata.0.namespace gateway_cluster_middleware_name = kubernetes_manifest.chain-middleware.manifest.metadata.name gateway_cluster_middleware_namespace = kubernetes_manifest.chain-middleware.manifest.metadata.namespace - gateway = var.gateway - controller = var.controller - cluster = var.cluster - cluster-image = var.cluster-image - profiles = var.profiles - conda-store-pvc = var.conda-store-pvc - conda-store-mount = var.conda-store-mount - worker-node-group = var.worker-node-group + gateway = var.gateway + controller = var.controller + cluster = var.cluster + cluster-image = var.cluster-image + profiles = var.profiles + conda-store-pvc = var.conda-store-pvc + conda-store-mount = var.conda-store-mount + worker-node-group = var.worker-node-group }) } } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/main.tf index 734095d86a..f84b40f088 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/main.tf @@ -5,7 +5,7 @@ resource "kubernetes_config_map" "dask-etc" { } data = { - "gateway.yaml" = jsonencode({ + "gateway.yaml" = jsonencode({ gateway = { address = "http://${kubernetes_service.gateway.metadata.0.name}.${kubernetes_service.gateway.metadata.0.namespace}:8000" public_address = "https://${var.external-url}/gateway" diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/configmaps.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/configmaps.tf index 8d0fc35f4a..03bba63fce 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/configmaps.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/configmaps.tf @@ -5,7 +5,7 @@ resource "kubernetes_config_map" "etc-ipython" { } data = { - for filename in fileset("${path.module}/files/ipython", "*"): + for filename in fileset("${path.module}/files/ipython", "*") : filename => file("${path.module}/files/ipython/${filename}") } } @@ -18,7 +18,7 @@ resource "kubernetes_config_map" "etc-jupyter" { } data = { - for filename in fileset("${path.module}/files/jupyter", "*"): + for filename in fileset("${path.module}/files/jupyter", "*") : filename => file("${path.module}/files/jupyter/${filename}") } } @@ -31,7 +31,7 @@ resource "kubernetes_config_map" "etc-skel" { } data = { - for filename in fileset("${path.module}/files/skel", "*"): + for filename in fileset("${path.module}/files/skel", "*") : filename => file("${path.module}/files/skel/${filename}") } } @@ -44,7 +44,7 @@ resource "kubernetes_config_map" "jupyterlab-settings" { } data = { - for filename in fileset("${path.module}/files/jupyterlab", "*"): + for filename in fileset("${path.module}/files/jupyterlab", "*") : filename => file("${path.module}/files/jupyterlab/${filename}") } } @@ -57,7 +57,7 @@ resource "kubernetes_config_map" "shared-examples" { } data = { - for filename in fileset("${path.module}/files/examples", "*"): + for filename in fileset("${path.module}/files/examples", "*") : filename => file("${path.module}/files/examples/${filename}") } } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/main.tf index ac922a0500..7505e79002 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/main.tf @@ -31,39 +31,39 @@ resource "helm_release" "jupyterhub" { shared-pvc = var.shared-pvc conda-store-pvc = var.conda-store-pvc conda-store-mount = var.conda-store-mount - skel-mount = { + skel-mount = { name = kubernetes_config_map.etc-skel.metadata.0.name namespace = kubernetes_config_map.etc-skel.metadata.0.namespace } - extra-mounts = merge( + extra-mounts = merge( var.extra-mounts, { "/etc/ipython" = { - name = kubernetes_config_map.etc-ipython.metadata.0.name + name = kubernetes_config_map.etc-ipython.metadata.0.name namespace = kubernetes_config_map.etc-ipython.metadata.0.namespace - kind = "configmap" + kind = "configmap" } "/etc/jupyter" = { - name = kubernetes_config_map.etc-jupyter.metadata.0.name + name = kubernetes_config_map.etc-jupyter.metadata.0.name namespace = kubernetes_config_map.etc-jupyter.metadata.0.namespace - kind = "configmap" + kind = "configmap" } "/opt/conda/envs/default/share/jupyter/lab/settings" = { - name = kubernetes_config_map.jupyterlab-settings.metadata.0.name + name = kubernetes_config_map.jupyterlab-settings.metadata.0.name namespace = kubernetes_config_map.jupyterlab-settings.metadata.0.namespace - kind = "configmap" + kind = "configmap" } "/shared/examples" = { - name = kubernetes_config_map.shared-examples.metadata.0.name + name = kubernetes_config_map.shared-examples.metadata.0.name namespace = kubernetes_config_map.shared-examples.metadata.0.namespace - kind = "configmap" + kind = "configmap" } } ) - environments = var.conda-store-environments + environments = var.conda-store-environments } hub = { @@ -73,15 +73,15 @@ resource "helm_release" "jupyterhub" { } extraConfig = { - "01-theme.py" = file("${path.module}/files/jupyterhub/01-theme.py") - "02-spawner.py" = file("${path.module}/files/jupyterhub/02-spawner.py") - "03-profiles.py" = file("${path.module}/files/jupyterhub/03-profiles.py") + "01-theme.py" = file("${path.module}/files/jupyterhub/01-theme.py") + "02-spawner.py" = file("${path.module}/files/jupyterhub/02-spawner.py") + "03-profiles.py" = file("${path.module}/files/jupyterhub/03-profiles.py") } services = { - for service in var.services: service => { - name = service - admin = true + for service in var.services : service => { + name = service + admin = true api_token = random_password.service_token[service].result } } @@ -96,18 +96,18 @@ resource "helm_release" "jupyterhub" { enable_auth_state = true } GenericOAuthenticator = { - client_id = module.jupyterhub-openid-client.config.client_id - client_secret = module.jupyterhub-openid-client.config.client_secret + client_id = module.jupyterhub-openid-client.config.client_id + client_secret = module.jupyterhub-openid-client.config.client_secret oauth_callback_url = "https://${var.external-url}/hub/oauth_callback" - authorize_url = module.jupyterhub-openid-client.config.authentication_url - token_url = module.jupyterhub-openid-client.config.token_url - userdata_url = module.jupyterhub-openid-client.config.userinfo_url - login_service = "Keycloak" - username_key = "preferred_username" - claim_groups_key = "roles" - allowed_groups = ["jupyterhub_admin", "jupyterhub_developer"] - admin_groups = ["jupyterhub_admin"] - tls_verify = false + authorize_url = module.jupyterhub-openid-client.config.authentication_url + token_url = module.jupyterhub-openid-client.config.token_url + userdata_url = module.jupyterhub-openid-client.config.userinfo_url + login_service = "Keycloak" + username_key = "preferred_username" + claim_groups_key = "roles" + allowed_groups = ["jupyterhub_admin", "jupyterhub_developer"] + admin_groups = ["jupyterhub_admin"] + tls_verify = false } } } @@ -135,17 +135,17 @@ resource "helm_release" "jupyterhub" { } } })], - var.overrides, - [jsonencode({ - hub = { - extraEnv = concat([ + var.overrides, + [jsonencode({ + hub = { + extraEnv = concat([ { - name = "OAUTH_LOGOUT_REDIRECT_URL", + name = "OAUTH_LOGOUT_REDIRECT_URL", value = format("%s?redirect_uri=%s", "https://${var.external-url}/auth/realms/${var.realm_id}/protocol/openid-connect/logout", urlencode(var.jupyterhub-logout-redirect-url)) }], jsondecode(var.jupyterhub-hub-extraEnv)) - } - })] + } + })] ) set { @@ -186,12 +186,12 @@ module "jupyterhub-openid-client" { source = "../keycloak-client" realm_id = var.realm_id - client_id = "jupyterhub" + client_id = "jupyterhub" external-url = var.external-url role_mapping = { - "admin" = ["jupyterhub_admin", "dask_gateway_admin"] + "admin" = ["jupyterhub_admin", "dask_gateway_admin"] "developer" = ["jupyterhub_developer", "dask_gateway_developer"] - "analyst" = ["jupyterhub_developer"] + "analyst" = ["jupyterhub_developer"] } callback-url-paths = [ "https://${var.external-url}/hub/oauth_callback", diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/outputs.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/outputs.tf index 74d020d41c..da6f4728df 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/outputs.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/outputs.tf @@ -6,9 +6,9 @@ output "internal_jupyterhub_url" { output "services" { description = "Jupyterhub registered services" - value = { - for service in var.services: service => { - name = service + value = { + for service in var.services : service => { + name = service api_token = random_password.service_token[service].result } } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/variables.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/variables.tf index 8f6d279982..03407f919d 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/variables.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/variables.tf @@ -88,7 +88,7 @@ variable "services" { variable "theme" { description = "JupyterHub theme" - type = map + type = map(any) default = {} } @@ -99,14 +99,14 @@ variable "profiles" { variable "cdsdashboards" { description = "Enable CDS Dashboards" - type = object({ - enabled = bool - cds_hide_user_named_servers = bool + type = object({ + enabled = bool + cds_hide_user_named_servers = bool cds_hide_user_dashboard_servers = bool }) - default = { - enabled = true - cds_hide_user_named_servers = true + default = { + enabled = true + cds_hide_user_named_servers = true cds_hide_user_dashboard_servers = false } } @@ -119,8 +119,8 @@ variable "conda-store-environments" { variable "jupyterhub-logout-redirect-url" { description = "Next redirect destination following a Keycloak logout" - type = string - default = "" + type = string + default = "" } variable "jupyterhub-hub-extraEnv" { diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/main.tf index 6d88040880..fd85eeb7a0 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/main.tf @@ -20,10 +20,10 @@ resource "keycloak_openid_client" "main" { resource "keycloak_openid_user_client_role_protocol_mapper" "main" { - realm_id = var.realm_id - client_id = keycloak_openid_client.main.id - name = "user-client-role-mapper" - claim_name = "roles" + realm_id = var.realm_id + client_id = keycloak_openid_client.main.id + name = "user-client-role-mapper" + claim_name = "roles" claim_value_type = "String" multivalued = true @@ -85,7 +85,7 @@ resource "keycloak_group_roles" "group_roles" { realm_id = var.realm_id group_id = data.keycloak_group.main[each.key].id - role_ids = [for role in each.value: keycloak_role.main[role].id] + role_ids = [for role in each.value : keycloak_role.main[role].id] exhaustive = false } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/outputs.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/outputs.tf index 16c15cd092..bd1978bd4b 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/outputs.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/outputs.tf @@ -1,12 +1,12 @@ output "config" { description = "configuration credentials for connecting to openid client" - value = { + value = { client_id = keycloak_openid_client.main.client_id client_secret = keycloak_openid_client.main.client_secret authentication_url = "https://${var.external-url}/auth/realms/${var.realm_id}/protocol/openid-connect/auth" token_url = "https://${var.external-url}/auth/realms/${var.realm_id}/protocol/openid-connect/token" userinfo_url = "https://${var.external-url}/auth/realms/${var.realm_id}/protocol/openid-connect/userinfo" - callback_urls = var.callback-url-paths + callback_urls = var.callback-url-paths } } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/minio/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/minio/main.tf index ef70533b4e..3b2d082d51 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/minio/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/minio/main.tf @@ -11,7 +11,7 @@ resource "helm_release" "minio" { repository = "https://charts.bitnami.com/bitnami" chart = "minio" # last release that was Apache-2.0 - version = "6.7.4" + version = "6.7.4" set { name = "accessKey.password" @@ -29,7 +29,7 @@ resource "helm_release" "minio" { } set { - name ="persistence.size" + name = "persistence.size" value = var.storage } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/main.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/main.tf index 13bd92d604..c3e74bcf52 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/main.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/main.tf @@ -11,7 +11,7 @@ resource "helm_release" "prometheus-grafana" { jsonencode({ alertmanager = { alertmanagerSpec = { - nodeSelector: { + nodeSelector : { "${var.node-group.key}" = var.node-group.value } } @@ -51,11 +51,11 @@ resource "helm_release" "prometheus-grafana" { "${var.node-group.key}" = var.node-group.value } - "grafana.ini": { + "grafana.ini" : { server = { - protocol = "http" - domain = var.external-url - root_url = "https://%(domain)s/monitoring" + protocol = "http" + domain = var.external-url + root_url = "https://%(domain)s/monitoring" serve_from_sub_path = "true" } @@ -64,18 +64,18 @@ resource "helm_release" "prometheus-grafana" { } "auth.generic_oauth" = { - enabled = "true" - name = "Login Keycloak" - allow_sign_up = "true" - client_id = module.grafana-client-id.config.client_id - client_secret = module.grafana-client-id.config.client_secret - scopes = "profile" - auth_url = module.grafana-client-id.config.authentication_url - token_url = module.grafana-client-id.config.token_url - api_url = module.grafana-client-id.config.userinfo_url + enabled = "true" + name = "Login Keycloak" + allow_sign_up = "true" + client_id = module.grafana-client-id.config.client_id + client_secret = module.grafana-client-id.config.client_secret + scopes = "profile" + auth_url = module.grafana-client-id.config.authentication_url + token_url = module.grafana-client-id.config.token_url + api_url = module.grafana-client-id.config.userinfo_url tls_skip_verify_insecure = "true" - login_attribute_path = "preferred_username" - role_attribute_path = "contains(roles[*], 'grafana_admin') && 'Admin' || contains(roles[*], 'grafana_developer') && 'Editor' || contains(roles[*], 'grafana_viewer') || 'Viewer'" + login_attribute_path = "preferred_username" + role_attribute_path = "contains(roles[*], 'grafana_admin') && 'Admin' || contains(roles[*], 'grafana_developer') && 'Editor' || contains(roles[*], 'grafana_viewer') || 'Viewer'" } } } @@ -88,12 +88,12 @@ module "grafana-client-id" { source = "../keycloak-client" realm_id = var.realm_id - client_id = "grafana" + client_id = "grafana" external-url = var.external-url role_mapping = { - "admin" = ["grafana_admin"] + "admin" = ["grafana_admin"] "developer" = ["grafana_developer"] - "analyst" = ["grafana_viewer"] + "analyst" = ["grafana_viewer"] } callback-url-paths = [ "https://${var.external-url}/monitoring/login/generic_oauth" @@ -113,7 +113,7 @@ resource "kubernetes_config_map" "dashboard" { } data = { - for dashboard in var.dashboards: dashboard => file("${path.module}/dashboards/${dashboard}") + for dashboard in var.dashboards : dashboard => file("${path.module}/dashboards/${dashboard}") } } diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/variables.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/variables.tf index ecdb71c4ae..d8c5744bba 100644 --- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/variables.tf +++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/monitoring/variables.tf @@ -19,7 +19,7 @@ variable "realm_id" { variable "dashboards" { description = "Enabled grafana dashboards" - type = set(string) + type = set(string) default = [ "traefik.json", "keycloak.json", diff --git a/qhub/template/stages/07-kubernetes-services/outputs.tf b/qhub/template/stages/07-kubernetes-services/outputs.tf index ff84c7af63..a24ef1695f 100644 --- a/qhub/template/stages/07-kubernetes-services/outputs.tf +++ b/qhub/template/stages/07-kubernetes-services/outputs.tf @@ -1,24 +1,24 @@ output "service_urls" { description = "service urls for configured services" value = { - conda_store = { - url = "https://${var.endpoint}/conda-store/" - health_url ="https://${var.endpoint}/conda-store/api/v1/" + conda_store = { + url = "https://${var.endpoint}/conda-store/" + health_url = "https://${var.endpoint}/conda-store/api/v1/" } dask_gateway = { - url = "https://${var.endpoint}/gateway/" + url = "https://${var.endpoint}/gateway/" health_url = "https://${var.endpoint}/gateway/api/version" } - jupyterhub = { - url = "https://${var.endpoint}/" + jupyterhub = { + url = "https://${var.endpoint}/" health_url = "https://${var.endpoint}/hub/api/" } - keycloak = { - url = "https://${var.endpoint}/auth/" + keycloak = { + url = "https://${var.endpoint}/auth/" health_url = "https://${var.endpoint}/auth/realms/master" } - monitoring = { - url = var.monitoring-enabled ? "https://${var.endpoint}/monitoring/" : null + monitoring = { + url = var.monitoring-enabled ? "https://${var.endpoint}/monitoring/" : null health_url = var.monitoring-enabled ? "https://${var.endpoint}/monitoring/api/health" : null } } diff --git a/qhub/template/stages/07-kubernetes-services/prefect.tf b/qhub/template/stages/07-kubernetes-services/prefect.tf index 0fd9d08c28..dea9c18a9a 100644 --- a/qhub/template/stages/07-kubernetes-services/prefect.tf +++ b/qhub/template/stages/07-kubernetes-services/prefect.tf @@ -1,22 +1,22 @@ # ======================= VARIABLES ====================== variable "prefect-enabled" { description = "Prefect enabled or disabled" - type = bool + type = bool } variable "prefect-image" { description = "Prefect image" - type = string + type = string } variable "prefect-token" { description = "Prefect token" - type = string + type = string } variable "prefect-overrides" { description = "Prefect token" - type = map + type = map(any) } @@ -30,5 +30,5 @@ module "prefect" { jupyterhub_api_token = module.jupyterhub.services.prefect.api_token prefect_token = var.prefect-token image = var.prefect-image - overrides = [yamlencode(var.prefect-overrides)] + overrides = [yamlencode(var.prefect-overrides)] } diff --git a/qhub/template/stages/07-kubernetes-services/variables.tf b/qhub/template/stages/07-kubernetes-services/variables.tf index e24d49db0e..8e3cef5fe3 100644 --- a/qhub/template/stages/07-kubernetes-services/variables.tf +++ b/qhub/template/stages/07-kubernetes-services/variables.tf @@ -20,16 +20,16 @@ variable "realm_id" { variable "node_groups" { description = "Node group selectors for kubernetes resources" - type = map(object({ - key = string + type = map(object({ + key = string value = string })) } variable "jupyterhub-logout-redirect-url" { description = "Next redirect destination following a Keycloak logout" - type = string - default = "" + type = string + default = "" } variable "jupyterhub-hub-extraEnv" { diff --git a/qhub/template/stages/08-qhub-tf-extensions/helm-extension.tf b/qhub/template/stages/08-qhub-tf-extensions/helm-extension.tf index 232a470a42..c122e6f3ee 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/helm-extension.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/helm-extension.tf @@ -1,11 +1,11 @@ module "helm-extension" { - for_each = {for extension in var.helm_extensions: extension.name => extension} + for_each = { for extension in var.helm_extensions : extension.name => extension } - source = "./modules/helm-extensions" - name = each.value.name - namespace = var.environment - repository = each.value.repository - chart = each.value.chart - chart_version = each.value.version - overrides = lookup(each.value, "overrides", {}) + source = "./modules/helm-extensions" + name = each.value.name + namespace = var.environment + repository = each.value.repository + chart = each.value.chart + chart_version = each.value.version + overrides = lookup(each.value, "overrides", {}) } diff --git a/qhub/template/stages/08-qhub-tf-extensions/modules/helm-extensions/variables.tf b/qhub/template/stages/08-qhub-tf-extensions/modules/helm-extensions/variables.tf index 89ddff2dd3..b1b7e4475a 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/modules/helm-extensions/variables.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/modules/helm-extensions/variables.tf @@ -27,6 +27,6 @@ variable "chart_version" { variable "overrides" { description = "Overrides for the helm chart values" - type = list + type = list(any) default = [] } diff --git a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/keycloak-config.tf b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/keycloak-config.tf index 96af11e7a2..30a1dacbe6 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/keycloak-config.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/keycloak-config.tf @@ -17,7 +17,7 @@ resource "keycloak_openid_client" "keycloak_ext_client" { } resource "random_password" "qhub-ext-client" { - count = var.oauth2client ? 1 : 0 + count = var.oauth2client ? 1 : 0 length = 32 special = false } diff --git a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/locals.tf b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/locals.tf index 6e6adc7f2e..e481238a31 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/locals.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/locals.tf @@ -7,55 +7,55 @@ locals { oauth2client_envs = (var.oauth2client) ? ([{ name = "OAUTH2_AUTHORIZE_URL" value = "https://${var.external-url}/auth/realms/${var.qhub-realm-id}/protocol/openid-connect/auth" - }, - { - name = "OAUTH2_ACCESS_TOKEN_URL" - value = "https://${var.external-url}/auth/realms/${var.qhub-realm-id}/protocol/openid-connect/token" - }, - { - name = "OAUTH2_USER_DATA_URL" - value = "https://${var.external-url}/auth/realms/${var.qhub-realm-id}/protocol/openid-connect/userinfo" - }, - { - name = "OAUTH2_REDIRECT_BASE" - value = "https://${var.external-url}/${var.urlslug}/" - }, - { - name = "COOKIE_OAUTH2STATE_NAME" - value = "${var.name}-o2state" - }, - { - name = "OAUTH2_CLIENT_ID" - value = "${var.name}-client" - }, - { - name = "OAUTH2_CLIENT_SECRET" - value = random_password.qhub-ext-client[0].result - }]) : ([]) + }, + { + name = "OAUTH2_ACCESS_TOKEN_URL" + value = "https://${var.external-url}/auth/realms/${var.qhub-realm-id}/protocol/openid-connect/token" + }, + { + name = "OAUTH2_USER_DATA_URL" + value = "https://${var.external-url}/auth/realms/${var.qhub-realm-id}/protocol/openid-connect/userinfo" + }, + { + name = "OAUTH2_REDIRECT_BASE" + value = "https://${var.external-url}/${var.urlslug}/" + }, + { + name = "COOKIE_OAUTH2STATE_NAME" + value = "${var.name}-o2state" + }, + { + name = "OAUTH2_CLIENT_ID" + value = "${var.name}-client" + }, + { + name = "OAUTH2_CLIENT_SECRET" + value = random_password.qhub-ext-client[0].result + }]) : ([]) keycloakadmin_envs = (var.keycloakadmin) ? ([{ name = "KEYCLOAK_SERVER_URL" value = "http://keycloak-headless.${var.namespace}:8080/auth/" - }, - { - name = "KEYCLOAK_REALM" - value = var.qhub-realm-id - }, - { - name = "KEYCLOAK_ADMIN_USERNAME" - value = "qhub-bot" - }, - { - name = "KEYCLOAK_ADMIN_PASSWORD" - value = var.keycloak_qhub_bot_password - }]) : ([]) + }, + { + name = "KEYCLOAK_REALM" + value = var.qhub-realm-id + }, + { + name = "KEYCLOAK_ADMIN_USERNAME" + value = "qhub-bot" + }, + { + name = "KEYCLOAK_ADMIN_PASSWORD" + value = var.keycloak_qhub_bot_password + }]) : ([]) jwt_envs = (var.jwt) ? ([{ name = "COOKIE_AUTHORIZATION_NAME" value = "${var.name}-jwt" - }, - { - name = "JWT_SECRET_KEY" - value = random_password.qhub-jwt-secret[0].result - }]) : ([]) + }, + { + name = "JWT_SECRET_KEY" + value = random_password.qhub-jwt-secret[0].result + }]) : ([]) } diff --git a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf index ebb1dbc026..44573e9344 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf @@ -97,7 +97,7 @@ resource "kubernetes_deployment" "qhub-extension-deployment" { } resource "random_password" "qhub-jwt-secret" { - count = var.jwt ? 1 : 0 + count = var.jwt ? 1 : 0 length = 32 special = false } diff --git a/qhub/template/stages/08-qhub-tf-extensions/tf-extensions.tf b/qhub/template/stages/08-qhub-tf-extensions/tf-extensions.tf index ad882451b4..ace154bd5c 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/tf-extensions.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/tf-extensions.tf @@ -1,5 +1,5 @@ module "extension" { - for_each = {for extension in var.tf_extensions: extension.name => extension} + for_each = { for extension in var.tf_extensions : extension.name => extension } source = "./modules/qhubextension" diff --git a/qhub/template/stages/08-qhub-tf-extensions/variables.tf b/qhub/template/stages/08-qhub-tf-extensions/variables.tf index 1d5f3069a5..56639eb6b3 100644 --- a/qhub/template/stages/08-qhub-tf-extensions/variables.tf +++ b/qhub/template/stages/08-qhub-tf-extensions/variables.tf @@ -20,7 +20,7 @@ variable "tf_extensions" { variable "qhub_config_yaml" { description = "QHub Configuration" - type = any + type = any } variable "helm_extensions" { From 50c668528c25fe972bd10739b12923c187c2cdde Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Tue, 10 May 2022 11:23:37 +0530 Subject: [PATCH 3/5] CI: make the lint pipeline more stringent and format code using black --- .github/workflows/lint.yaml | 49 ++++++++++++++----------------------- .github/workflows/test.yaml | 9 ------- tests/test_links.py | 7 +----- 3 files changed, 19 insertions(+), 46 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index ef2d1f8d50..8804bbdc89 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,49 +1,36 @@ -name: Lint +name: QHub Lint on: pull_request: types: [opened, synchronize, reopened, ready_for_review] - branches: [main] + jobs: - Python-linter: + python-lint: + name: Lint Python code runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up Python + - name: Checks out the repository + uses: actions/checkout@v3 + + - name: Sets up Python uses: actions/setup-python@v2 - - name: black Lint + + - name: Checks Black formatting uses: psf/black@stable - - name: flake8 Lint + + - name: Lints Python code uses: py-actions/flake8@v2 with: - max-line-length: "100" + max-line-length: "89" path: "qhub" - Docker-linter: + terraform-lint: + name: Lint Terraform code runs-on: ubuntu-latest - strategy: - matrix: - dockerfile: - - jupyterlab - - jupyterlab-centos - - jupyterhub - - dask-worker - - dask-worker-centos - - dask-gateway steps: - - uses: actions/checkout@v2 - - name: Dockerfile Lint - uses: jbergstroem/hadolint-gh-action@v1 - with: - # TODO: update dockerfile location after PR 1003 is merged - dockerfile: ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.${{ matrix.dockerfile }} - output_format: tty - error_level: 0 + - name: Checks out the repository + uses: actions/checkout@v3 - Terraform-linter: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Terraform Lint + - name: Lints Terraform code uses: actionshub/terraform-lint@main diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d4b6109cf2..c6918d531a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,15 +43,6 @@ jobs: - name: Install QHub run: | pip install .[dev] - - name: Black Formatting - run: | - black --version - black qhub --diff --exclude "qhub/_version.py" - black --check qhub --exclude "qhub/_version.py" - - name: Flake8 Formatting - run: | - flake8 --version - flake8 - name: Test QHub run: | pytest --version diff --git a/tests/test_links.py b/tests/test_links.py index b624b588ab..da32367625 100644 --- a/tests/test_links.py +++ b/tests/test_links.py @@ -10,12 +10,7 @@ ] -@pytest.mark.parametrize( - "url,status_code", - [ - (url, 200) for url in LINKS_TO_TEST - ] -) +@pytest.mark.parametrize("url,status_code", [(url, 200) for url in LINKS_TO_TEST]) def test_links(url, status_code): response = requests.get(url) assert response.status_code == status_code From d21d2a62deebb2cbab0c2c13b35843d9f5d17f8f Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Tue, 10 May 2022 11:25:45 +0530 Subject: [PATCH 4/5] CI: add Python 3.10 --- .github/workflows/test.yaml | 7 ++++++- docs/index.md | 2 +- setup.cfg | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c6918d531a..8b19a719c3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -24,13 +24,18 @@ on: - "setup.cfg" - "pyproject.yoml" + jobs: test-general: name: 'Test Package' runs-on: ubuntu-latest strategy: matrix: - python-version: [3.7, 3.8, 3.9] + python-version: + - "3.7" + - "3.8" + - "3.9" + - "3.10" steps: - name: 'Checkout Infrastructure' uses: actions/checkout@main diff --git a/docs/index.md b/docs/index.md index 2dedd6399b..a0e1942213 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,6 +1,6 @@ ![quansight_logo](source/images/qhub_logo.png) -[![Python version](https://img.shields.io/badge/python-3.7%20%7C%203.8%20%7C%203.9-blue.svg)](https://pypi.org/project/qhub/) +[![Python version](https://img.shields.io/badge/python-3.7%20%7C%203.8%20%7C%203.9%20%7C%203.10-blue.svg)](https://pypi.org/project/qhub/) [![PyPI version](https://badge.fury.io/py/qhub.svg)](https://badge.fury.io/py/qhub) [![Conda version](https://img.shields.io/badge/conda--forge-v0.3.0-%234f28a8)](https://anaconda.org/conda-forge/qhub) [![GitHub issues](https://img.shields.io/github/issues/quansight/qhub?style=plastic)](https://github.com/Quansight/qhub/issues/new/choose) diff --git a/setup.cfg b/setup.cfg index b98c9ea1f4..0236ba1385 100644 --- a/setup.cfg +++ b/setup.cfg @@ -15,6 +15,7 @@ classifiers = Programming Language :: Python :: 3.7 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 + Programming Language :: Python :: 3.10 project_urls = Bug Reports = https://github.com/quansight/qhub/issues Source = https://github.com/quansight/qhub From 25bccdea16e2e500e26285d060fe3558b5cc041c Mon Sep 17 00:00:00 2001 From: HarshCasper Date: Tue, 10 May 2022 12:32:51 +0530 Subject: [PATCH 5/5] CI: ensure that the workflow only runs on QHub --- .github/workflows/image.yaml | 1 + .github/workflows/kubernetes_test.yaml | 1 + .github/workflows/test-provider.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 657afcfdbc..0eb3469803 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -21,6 +21,7 @@ jobs: jupyterlab: name: 'Build Docker Images' runs-on: ubuntu-latest + if: "github.repository == 'quansight/qhub'" strategy: matrix: dockerfile: diff --git a/.github/workflows/kubernetes_test.yaml b/.github/workflows/kubernetes_test.yaml index 0a001f42d2..fe973b97da 100644 --- a/.github/workflows/kubernetes_test.yaml +++ b/.github/workflows/kubernetes_test.yaml @@ -27,6 +27,7 @@ on: jobs: test-kubernetes: name: "Kubernetes Tests" + if: "github.repository == 'quansight/qhub'" runs-on: self-hosted defaults: run: diff --git a/.github/workflows/test-provider.yaml b/.github/workflows/test-provider.yaml index 5044647568..b607518179 100644 --- a/.github/workflows/test-provider.yaml +++ b/.github/workflows/test-provider.yaml @@ -37,6 +37,7 @@ env: jobs: test-render-providers: name: 'Test QHub Provider' + if: "github.repository == 'quansight/qhub'" runs-on: ubuntu-latest strategy: matrix: