From 852dd32dca8bf0cca28ba2f49e946eb221c200af Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 30 Jul 2025 11:50:31 -0400 Subject: [PATCH] add base-label prefixes --- CHANGELOG.md | 4 +++ base-label/.tf-control | 32 +++++++++++++++++ base-label/.tf-control.tfrc | 24 +++++++++++++ base-label/locals.tf | 7 ++++ base-label/outputs.tf | 4 +++ base-label/prefixes.tf | 11 ++++++ base-label/prefixes.yml | 41 ++++++++++++++++++++++ base-label/tf-run.data | 27 ++++++++++++++ base-label/variables.tf | 14 ++++---- base-label/version.tf | 1 + base-label/versions.tf | 33 +++++++++++++++++ common/locals.tf.initial | 3 +- common/version.tf | 2 +- examples/tags/tags.tf | 11 ++++++ examples/tags/variable.application_tags.tf | 4 +++ examples/tags/versions.tf | 33 +++++++++++++++++ tags/outputs.tf | 10 ++++++ 17 files changed, 252 insertions(+), 9 deletions(-) create mode 100644 base-label/.tf-control create mode 100644 base-label/.tf-control.tfrc create mode 100644 base-label/locals.tf create mode 100644 base-label/outputs.tf create mode 100644 base-label/prefixes.tf create mode 100644 base-label/prefixes.yml create mode 100644 base-label/tf-run.data create mode 120000 base-label/version.tf create mode 100644 base-label/versions.tf create mode 100644 examples/tags/tags.tf create mode 100644 examples/tags/variable.application_tags.tf create mode 100644 examples/tags/versions.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index e215e8e..0ec6d66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,3 +11,7 @@ - 0.1.0 -- 2025-04-14 - add map for (AWS Migration Accleration Program) tag section (automatic, but need to select them from output) + +- 0.2.0 -- 2025-07-29 + - add base-label + - add prefixes diff --git a/base-label/.tf-control b/base-label/.tf-control new file mode 100644 index 0000000..340816b --- /dev/null +++ b/base-label/.tf-control @@ -0,0 +1,32 @@ +# .tf-control +# allows for setting a specific command to be used for tf-* commands under this git repo +# see tf-control.sh help for more info + +TFCONTROL_VERSION="1.0.7" +#TFCOMMAND="terraform_latest" +TFCOMMAND="terraform_current" + +# TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc +# TFARGS="" +# TFNOLOG="" +# TFNOCOLOR="" + +# from issue: https://github.com/hashicorp/terraform/issues/32901 +# to get to TF 1.4 and beyond in a shared cache environment +# this is currently in the tf-control.sh script explicitly +#TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=1 + +# use the following to force a specific version. An upgrade of an existing 0.12.31 to 1.x +# needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed). Other +# steps in between. See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details +# +#TFCOMMAND="terraform_0.12.31" +#TFCOMMAND="terraform_0.13.7" +#TFCOMMAND="terraform_0.14.11" +#TFCOMMAND="terraform_0.15.5" +#TFCOMMAND="terraform_1.3.10" +#TFCOMMAND="terraform_1.4.7" +#TFCOMMAND="terraform_1.5.7" +#TFCOMMAND="terraform_1.6.6" +#TFCOMMAND="terraform_1.7.5" +#TFCOMMAND="terraform_1.8.2" diff --git a/base-label/.tf-control.tfrc b/base-label/.tf-control.tfrc new file mode 100644 index 0000000..7425488 --- /dev/null +++ b/base-label/.tf-control.tfrc @@ -0,0 +1,24 @@ +TFCONTROL_VERSION="1.0.5" + +# https://www.terraform.io/docs/cli/config/config-file.html +plugin_cache_dir = "/data/terraform/terraform.d/plugin-cache" +#disable_checkpoint = true + +provider_installation { +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "*/*/*" ] +# } + filesystem_mirror { + path = "/data/terraform/terraform.d/providers" + include = [ "*/*/*" ] + } +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "external.terraform.census.gov/*/*" ] +# } + direct { + include = [ "*/*/*" ] + } +} + diff --git a/base-label/locals.tf b/base-label/locals.tf new file mode 100644 index 0000000..532b160 --- /dev/null +++ b/base-label/locals.tf @@ -0,0 +1,7 @@ +locals { + base_tags = { + "boc:created_by" = "terraform" + "boc:tf_module_version" = local._module_version + "boc:tf_module_name" = format("%v/%v", local._module_name, "base-label") + } +} diff --git a/base-label/outputs.tf b/base-label/outputs.tf new file mode 100644 index 0000000..2c96211 --- /dev/null +++ b/base-label/outputs.tf @@ -0,0 +1,4 @@ +output "version" { + description = "Module version information. Cannot be passed back in tags because it will overwrite other module tags" + value = local.base_tags +} diff --git a/base-label/prefixes.tf b/base-label/prefixes.tf new file mode 100644 index 0000000..fa3bccb --- /dev/null +++ b/base-label/prefixes.tf @@ -0,0 +1,11 @@ +locals { + _prefixes = yamldecode(file(format("%v/prefixes.yml", path.module)))["prefixes"] + prefixes = { for k, v in local._prefixes : k => v!=null ? format("%v-", v) : "" } +} + +output "prefixes" { + description = "Pre-defined prefixes map. If missing, there is no prefix for the component." + value = local.prefixes +} + +# get prefix with: try(module.x.prefixes.s3,"") diff --git a/base-label/prefixes.yml b/base-label/prefixes.yml new file mode 100644 index 0000000..dccba1f --- /dev/null +++ b/base-label/prefixes.yml @@ -0,0 +1,41 @@ +prefixes: + customer-gateway: cgw + dhcp-options: + ebs: v-ebs + ecs: ecs + ecs-policy: p-ecs + ecs-role: r-ecs + ecs-security-group: ecs + ecs-user: s-ecs + efs: v-efs + eks-policy: p-eks + eks-role: r-eks + eks-security-group: eks + eks-user: s-eks + elastic-ip: eip + group: g + iam-admin-user: a + iam-service-user: s + iam-user: u + internet-gateway: igw + kms: k-kms + log-group: lg + log-stream: lgs + nat-gateway: nat + network-acl: nacl + policy: p + role: r + route-table: route + s3: v-s3 + security-group: + subnet: + transit-gateway-attachment: tgwa + transit-gateway-peer: tgwp + transit-gateway-route-table: tgwr + transit-gateway: tgw + transit-gateway-vpn: tgwv + vpc: + vpc-endpoint: vpce + vpc-peer: vpcp + vpn-connection: vpn_ + vpn-gateway: vpcg diff --git a/base-label/tf-run.data b/base-label/tf-run.data new file mode 100644 index 0000000..b83d623 --- /dev/null +++ b/base-label/tf-run.data @@ -0,0 +1,27 @@ +VERSION 2.1.1 +TAG setup +REMOTE-STATE +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh + +TAG links +LINKTOP includes.d/variables.account_tags.tf +LINKTOP includes.d/variables.account_tags.auto.tfvars +LINKTOP includes.d/variables.infrastructure_tags.tf +LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars +LINKTOP includes.d/variables.application_tags.tf +LINKTOP includes.d/variables.application_tags.auto.tfvars +# LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars +# LINKTOP provider_configs.d/provider.ldap_new.tf +# LINKTOP provider_configs.d/provider.ldap_new.variables.tf +COMMAND rm -f provider.ldap.* + +TAG init +COMMAND tf-init + +TAG start +#POLICY +ALL + +TAG state-link +COMMAND tf-directory-setup.py -l s3 diff --git a/base-label/variables.tf b/base-label/variables.tf index 3d4d6a9..cac7451 100644 --- a/base-label/variables.tf +++ b/base-label/variables.tf @@ -1,25 +1,25 @@ variable "business" { description = "Business label (organization, program, etc)" - type = string + type = string } variable "application" { description = "Application label" - type = string + type = string } variable "environment" { description = "Environment label" - type = string + type = string validation { - condition = contains(["dev","test","qa","uat","ite","stage","prod","cre","sa","services","common"],var.environment) - error_message = "var.environment value invalid. See https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/documentation/naming-tagging-standard for valid list." + condition = contains(["dev", "test", "qa", "uat", "ite", "stage", "prod", "cre", "sa", "services", "common"], var.environment) + error_message = "The var.environment value invalid. See https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/documentation/naming-tagging-standard for valid list." } } variable "custom" { description = "Custom label" - type = string - default = null + type = string + default = null } diff --git a/base-label/version.tf b/base-label/version.tf new file mode 120000 index 0000000..b83c5b7 --- /dev/null +++ b/base-label/version.tf @@ -0,0 +1 @@ +../common/version.tf \ No newline at end of file diff --git a/base-label/versions.tf b/base-label/versions.tf new file mode 100644 index 0000000..371c572 --- /dev/null +++ b/base-label/versions.tf @@ -0,0 +1,33 @@ +terraform { + required_version = ">= 1.0.0" + required_providers { + # aws = { + # source = "hashicorp/aws" + # version = ">= 5.0" + # } + # ldap = { + # source = "trevex/ldap" + # version = ">= 0.5.4" + # } + # external = { + # source = "hashicorp/external" + # version = ">= 1.0" + # } + # null = { + # source = "hashicorp/null" + # version = ">= 1.0" + # } + # random = { + # source = "hashicorp/random" + # version = ">= 1.0" + # } + # template = { + # source = "hashicorp/template" + # version = ">= 1.0" + # } + # infoblox = { + # source = "infobloxopen/infoblox" + # version = ">= 2.1.0" + # } + } +} diff --git a/common/locals.tf.initial b/common/locals.tf.initial index 2bd4d7f..3794f01 100644 --- a/common/locals.tf.initial +++ b/common/locals.tf.initial @@ -3,7 +3,8 @@ locals { account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew" base_tags = { - "boc:tf_module_version" = local._module_version "boc:created_by" = "terraform" + "boc:tf_module_version" = local._module_version + "boc:tf_module_version" = local._module_name } } diff --git a/common/version.tf b/common/version.tf index 635c239..1a8debc 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,4 +1,4 @@ locals { - _module_version = "0.1.0" + _module_version = "0.2.0" _module_name = "boc-nts" } diff --git a/examples/tags/tags.tf b/examples/tags/tags.tf new file mode 100644 index 0000000..f3c9e35 --- /dev/null +++ b/examples/tags/tags.tf @@ -0,0 +1,11 @@ +module "tags" { +# source = "git@github.e.it.census.gov:terraform-modules/boc-nts//tags" + source = "../../tags" + filename = format("%v/%v", path.root, "tags.yml") + + legacy_tags = merge( + var.account_tags, + var.infrastructure_tags, + var.application_tags, + ) +} diff --git a/examples/tags/variable.application_tags.tf b/examples/tags/variable.application_tags.tf new file mode 100644 index 0000000..25316e4 --- /dev/null +++ b/examples/tags/variable.application_tags.tf @@ -0,0 +1,4 @@ +variable "application_tags" { + description = "Map of application tags" + type = map(string) +} diff --git a/examples/tags/versions.tf b/examples/tags/versions.tf new file mode 100644 index 0000000..dea05fd --- /dev/null +++ b/examples/tags/versions.tf @@ -0,0 +1,33 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } +# ldap = { +# source = "trevex/ldap" +# version = ">= 0.5.4" +# } +# external = { +# source = "hashicorp/external" +# version = ">= 1.0" +# } +# null = { +# source = "hashicorp/null" +# version = ">= 1.0" +# } +# random = { +# source = "hashicorp/random" +# version = ">= 1.0" +# } +# template = { +# source = "hashicorp/template" +# version = ">= 1.0" +# } +# infoblox = { +# source = "infobloxopen/infoblox" +# version = ">= 2.1.0" +# } + } + required_version = ">= 1.0.0" +} diff --git a/tags/outputs.tf b/tags/outputs.tf index 88b4edb..77a20e8 100644 --- a/tags/outputs.tf +++ b/tags/outputs.tf @@ -20,3 +20,13 @@ output "finops_roles" { description = "Map of finops_project_role values based on finops_project_name and finops.roles in YAML" value = { for r in local.finops_roles : r => { (format("%v_%v_role", local._finops_tags.prefix, "project")) = format("%v_%v", local.finops_tags.project_name, r) } } } + +output "finops_tags" { + description = "Map of finops tags by short name for individual selection" + value = { for k,v in local.finops_tags : replace(k,"${local._finops_tags_prefix}_","") => { k = v }} +} + +output "version" { + description = "Module version information. Cannot be passed back in tags because it will overwrite other module tags" + value = local.base_tags +}