From 4b2d199fa8fbaf413ffca196d9957b200cd0ddb5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 19 Feb 2026 15:58:23 -0500 Subject: [PATCH] more refactor work --- modules/ec2/locals.tf | 7 +- modules/ec2/settings.tf | 15 +++ modules/ec2/variables.common.tf | 139 +----------------------- modules/ec2/variables.product.tf | 69 ++++++++++++ modules/ec2/variables.safeguards.tf | 24 ---- modules/ec2/variables.servicecatalog.tf | 59 ++++++++++ modules/ec2/variables.tags.tf | 21 +--- 7 files changed, 147 insertions(+), 187 deletions(-) create mode 100644 modules/ec2/settings.tf create mode 100644 modules/ec2/variables.product.tf delete mode 100644 modules/ec2/variables.safeguards.tf create mode 100644 modules/ec2/variables.servicecatalog.tf diff --git a/modules/ec2/locals.tf b/modules/ec2/locals.tf index 26bea18..33ad2ba 100644 --- a/modules/ec2/locals.tf +++ b/modules/ec2/locals.tf @@ -58,13 +58,8 @@ locals { Module = local.module_name } - enforced_tags = merge( - local.standard_tags, - var.enforced_tags - ) - tags = merge( - local.enforced_tags, + local.standard_tags, var.tags ) } \ No newline at end of file diff --git a/modules/ec2/settings.tf b/modules/ec2/settings.tf new file mode 100644 index 0000000..1ff7aff --- /dev/null +++ b/modules/ec2/settings.tf @@ -0,0 +1,15 @@ +locals { + provisioned_product_name = "app-mcm-01" + project_name = "csvd_morpheus_dev_qa_dev-229685449397" + creator = "morga471" + contact_email = "morga471@example.com" + inc_poc_email = "morga471@example.com" + fisma_id = "OCIO_CSVD (CEN16.09)" + power_schedule = "Weekday_Core_Hours_7-7" + instance_type = "t3.small" + os_name = "RHEL9" + requires_backup = "no" + + portfolio_id = "port-pgj3zvoqca7ya" + product_id = "prod-43foqxjcq5isw" +} \ No newline at end of file diff --git a/modules/ec2/variables.common.tf b/modules/ec2/variables.common.tf index 195849d..2a554c5 100644 --- a/modules/ec2/variables.common.tf +++ b/modules/ec2/variables.common.tf @@ -13,12 +13,6 @@ variable "account_alias" { default = "" } -variable "override_prefixes" { - description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things" - type = map(string) - default = {} -} - variable "availability_zones" { description = "AWS Availability Zones to use (by default will use all available)" type = list(string) @@ -31,137 +25,6 @@ variable "parameters" { default = {} } -variable "project_name" { - description = "Project name (ProjectName parameter)" - type = string - default = "" -} - -variable "creator" { - description = "Creator's JBID (Creator parameter)" - type = string - default = "" -} - -variable "contact_email" { - description = "Provisioning user's email (ContactEmail parameter)" - type = string - default = "" -} - -variable "inc_poc_email" { - description = "Incident POC email (IncPocEmail parameter)" - type = string - default = "" -} - -variable "instance_type" { - description = "EC2 instance type" - type = string - default = "t3.small" -} - -variable "os_name" { - description = "Operating system version" - type = string - default = "RHEL9" -} - -variable "requires_backup" { - description = "Backup requirement" - type = string - default = "no" -} - -variable "power_schedule" { - description = "Power schedule" - type = string - default = "" -} - -variable "fisma_id" { - description = "FISMA ID" - type = string - default = "" -} - -variable "provisioned_product_name" { - description = "Name of the provisioned product" - type = string - - validation { - condition = length(var.provisioned_product_name) > 0 && length(var.provisioned_product_name) <= 128 - error_message = "provisioned_product_name must be between 1 and 128 characters" - } -} - -variable "portfolio_id" { - description = "Portfolio ID. If not provided, will lookup by portfolio_name_pattern" - type = string - default = "port-pgj3zvoqca7ya" -} - -variable "product_id" { - description = "Product ID. If not provided, will lookup by product_name_pattern" - type = string - default = "prod-43foqxjcq5isw" -} - -variable "product_name_pattern" { - description = "Pattern to search for product by name" - type = string - default = "linux-product" -} - -variable "path_id" { - description = "Path identifier of the product. If not provided, will use the latest active artifact" - type = string - default = null -} - -variable "ignore_errors" { - description = "Only applies to deleting. If true, errors from the underlying service are ignored" - type = bool - default = false -} - -variable "notification_arns" { - description = "SNS topic ARNs to notify when the provisioned product changes" - type = list(string) - default = [] -} - -variable "retain_physical_resources" { - description = "Whether to retain the physical resources when the provisioned product is terminated" - type = bool - default = false -} - -variable "stack_set_provisioning_preferences" { - description = "Configuration for StackSet provisioning" - type = object({ - accounts = optional(list(string)) - failure_tolerance_count = optional(number) - failure_tolerance_percentage = optional(number) - max_concurrency_count = optional(number) - max_concurrency_percentage = optional(number) - regions = optional(list(string)) - }) - default = null -} - -variable "retrieve_stack_outputs" { - description = "Whether to retrieve CloudFormation stack outputs" - type = bool - default = true -} - -variable "timeout" { - description = "Timeout for provisioned product operations (create/update/delete)" - type = string - default = "15m" -} - variable "vpc_name" { description = "Name tag of the VPC to deploy into" type = string @@ -172,4 +35,4 @@ variable "subnets_name" { description = "Name tag of the subnets to deploy into" type = string default = "*-apps-*" -} \ No newline at end of file +} diff --git a/modules/ec2/variables.product.tf b/modules/ec2/variables.product.tf new file mode 100644 index 0000000..b1f9981 --- /dev/null +++ b/modules/ec2/variables.product.tf @@ -0,0 +1,69 @@ +variable "path_id" { + description = "Path identifier of the product. If not provided, will use the latest active artifact" + type = string + default = null +} + +variable "provisioned_product_name" { + description = "Name of the provisioned product" + type = string + + validation { + condition = length(var.provisioned_product_name) > 0 && length(var.provisioned_product_name) <= 128 + error_message = "provisioned_product_name must be between 1 and 128 characters" + } +} + +variable "project_name" { + description = "Project name (ProjectName parameter)" + type = string + default = "" +} + +variable "creator" { + description = "Creator's JBID (Creator parameter)" + type = string + default = "" +} + +variable "contact_email" { + description = "Provisioning user's email (ContactEmail parameter)" + type = string + default = "" +} + +variable "inc_poc_email" { + description = "Incident POC email (IncPocEmail parameter)" + type = string + default = "" +} + +variable "fisma_id" { + description = "FISMA ID" + type = string + default = "" +} + +variable "power_schedule" { + description = "Power schedule" + type = string + default = "" +} + +variable "instance_type" { + description = "EC2 instance type" + type = string + default = "t3.small" +} + +variable "os_name" { + description = "Operating system version" + type = string + default = "RHEL9" +} + +variable "requires_backup" { + description = "Backup requirement" + type = string + default = "no" +} \ No newline at end of file diff --git a/modules/ec2/variables.safeguards.tf b/modules/ec2/variables.safeguards.tf deleted file mode 100644 index 91c21b1..0000000 --- a/modules/ec2/variables.safeguards.tf +++ /dev/null @@ -1,24 +0,0 @@ -# This file contains safeguard variables to prevent accidental destruction -# Pattern follows aws-s3 module conventions - -variable "enable_deletion_protection" { - description = "Enable deletion protection to prevent accidental termination" - type = bool - default = false -} - -locals { - deletion_protection_error = "Deletion protection is enabled. Set enable_deletion_protection = false to allow termination." -} - -resource "null_resource" "deletion_protection" { - count = var.enable_deletion_protection ? 1 : 0 - - lifecycle { - prevent_destroy = true - } - - triggers = { - provisioned_product_id = aws_servicecatalog_provisioned_product.this.id - } -} diff --git a/modules/ec2/variables.servicecatalog.tf b/modules/ec2/variables.servicecatalog.tf new file mode 100644 index 0000000..cca6a3f --- /dev/null +++ b/modules/ec2/variables.servicecatalog.tf @@ -0,0 +1,59 @@ +variable "portfolio_id" { + description = "Portfolio ID. If not provided, will lookup by portfolio_name_pattern" + type = string + default = "port-pgj3zvoqca7ya" +} + +variable "product_id" { + description = "Product ID. If not provided, will lookup by product_name_pattern" + type = string + default = "prod-43foqxjcq5isw" +} + +variable "timeout" { + description = "Timeout for provisioned product operations (create/update/delete)" + type = string + default = "15m" +} + +variable "accept_language" { + description = "Language code for Service Catalog API calls" + type = string + default = "en" + + validation { + condition = contains(["en", "jp", "zh"], var.accept_language) + error_message = "accept_language must be one of: en, jp, zh" + } +} + +variable "ignore_errors" { + description = "Whether to ignore errors during provisioning" + type = bool + default = false +} + +variable "notification_arns" { + description = "List of SNS topic ARNs to send provisioning notifications to" + type = list(string) + default = [] +} + +variable "retain_physical_resources" { + description = "Whether to retain physical resources when deleting the provisioned product" + type = bool + default = false +} + +variable "stack_set_provisioning_preferences" { + description = "StackSet provisioning preferences to use when provisioning the product" + type = object({ + accounts = optional(list(string)) + failure_tolerance_count = optional(number) + failure_tolerance_percentage = optional(number) + max_concurrency_count = optional(number) + max_concurrency_percentage = optional(number) + regions = optional(list(string)) + }) + default = null +} \ No newline at end of file diff --git a/modules/ec2/variables.tags.tf b/modules/ec2/variables.tags.tf index 18c6001..511f276 100644 --- a/modules/ec2/variables.tags.tf +++ b/modules/ec2/variables.tags.tf @@ -1,22 +1,5 @@ variable "tags" { - description = "Additional tags to apply to resources" + description = "AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data_safeguard field for such things." type = map(string) default = {} -} - -variable "enforced_tags" { - description = "Tags enforced on all resources" - type = map(string) - default = {} -} - -variable "accept_language" { - description = "Language code for Service Catalog API calls" - type = string - default = "en" - - validation { - condition = contains(["en", "jp", "zh"], var.accept_language) - error_message = "accept_language must be one of: en, jp, zh" - } -} +} \ No newline at end of file