From 267b80e045f0b4f2882010874e8d5d6c94033d6e Mon Sep 17 00:00:00 2001 From: Dave Bunten Date: Thu, 11 Apr 2024 11:43:20 -0600 Subject: [PATCH 1/2] update pre-commit deps and related linting checks (#19) --- .pre-commit-config.yaml | 6 ++--- project.cue | 2 +- .../.pre-commit-config.yaml | 24 +++++++++---------- {{ cookiecutter.project_name }}/README.md | 2 +- .../terraform/operations/README.md | 2 +- .../terraform/operations/versions.tf | 2 +- .../terraform/state-management/README.md | 2 +- .../terraform/state-management/versions.tf | 2 +- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 62d9b3d..542803e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,7 +4,7 @@ # misc checks repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -18,12 +18,12 @@ repos: exclude: "tests/data/gcp-mock-credentials.json" # checking yaml formatting - repo: https://github.com/adrienverge/yamllint - rev: v1.32.0 + rev: v1.35.1 hooks: - id: yamllint # checking spelling - repo: https://github.com/codespell-project/codespell - rev: v2.2.5 + rev: v2.2.6 hooks: - id: codespell exclude: > diff --git a/project.cue b/project.cue index 18f9dcc..e9db0dc 100644 --- a/project.cue +++ b/project.cue @@ -60,7 +60,7 @@ import "universe.dagger.io/docker" _tf_build: docker.#Build & { steps: [ docker.#Pull & { - source: "ghcr.io/antonbabenko/pre-commit-terraform:v1.83.3" + source: "ghcr.io/antonbabenko/pre-commit-terraform:v1.88.4" }, docker.#Set & { config: { diff --git a/{{ cookiecutter.project_name }}/.pre-commit-config.yaml b/{{ cookiecutter.project_name }}/.pre-commit-config.yaml index a58ae8f..90a34ca 100644 --- a/{{ cookiecutter.project_name }}/.pre-commit-config.yaml +++ b/{{ cookiecutter.project_name }}/.pre-commit-config.yaml @@ -4,7 +4,7 @@ # misc checks repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -14,18 +14,18 @@ repos: - id: detect-private-key # checking yaml formatting - repo: https://github.com/adrienverge/yamllint - rev: v1.32.0 + rev: v1.35.1 hooks: - id: yamllint # checking spelling - repo: https://github.com/codespell-project/codespell - rev: v2.2.5 + rev: v2.2.6 hooks: - id: codespell exclude: > - (?x)^( - .*\.lock|.*\.csv - )$ + (?x)^( + .*\.lock|.*\.csv + )$ # checking markdown formatting - repo: https://github.com/executablebooks/mdformat rev: 0.7.17 @@ -33,13 +33,13 @@ repos: - id: mdformat # ignore terraform autogenerated docs exclude: > - (?x)^( - terraform/.* | - terraform/.*/.* - )$ + (?x)^( + terraform/.* | + terraform/.*/.* + )$ # linting for terraform - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.3 + rev: v1.88.4 hooks: - id: terraform_docs args: @@ -48,4 +48,4 @@ repos: - --hook-config=--create-file-if-not-exist=true - id: terraform_fmt - id: terraform_tflint - - id: terraform_tfsec + - id: terraform_trivy diff --git a/{{ cookiecutter.project_name }}/README.md b/{{ cookiecutter.project_name }}/README.md index 7fa5cc6..5fe6cdb 100644 --- a/{{ cookiecutter.project_name }}/README.md +++ b/{{ cookiecutter.project_name }}/README.md @@ -28,7 +28,7 @@ This repository uses [Terraform](https://developer.hashicorp.com/terraform/intro See below for an overview of roles which are important to context for various parts of this repository. - __Terraform Administrator__: this role involves administrating over cloud resources created with Terraform. Content found under the `terraform` directory and following steps under [Tutorial: Bucket Infrastructure](#%EF%B8%8F-bucket-infrastructure) apply to this role. -- __Data Provider__: this role involves using content under `utilties/data-provider` to synchronize (add, update, or remove) data to the bucket created by a Terraform Administrator. Instructions specific to this role are provided under [`utilities/data-provider/README.md`](utilities/data-provider/README.md). +- __Data Provider__: this role involves using content under `utilities/data-provider` to synchronize (add, update, or remove) data to the bucket created by a Terraform Administrator. Instructions specific to this role are provided under [`utilities/data-provider/README.md`](utilities/data-provider/README.md). - __Data Receiver__: this role is involved with downloading content from the bucket after it has been uploaded by the data provider. Associated content may be found under [`utilities/data-receiver/README.md`](utilities/data-receiver/README.md). ## 🛠️ Install diff --git a/{{ cookiecutter.project_name }}/terraform/operations/README.md b/{{ cookiecutter.project_name }}/terraform/operations/README.md index 16d3091..59ac6d5 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/README.md +++ b/{{ cookiecutter.project_name }}/terraform/operations/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | ~> 1.5.7 | +| [terraform](#requirement\_terraform) | ~> 1.7.5 | | [google](#requirement\_google) | ~> 4.83.0 | | [local](#requirement\_local) | ~> 2.4.0 | diff --git a/{{ cookiecutter.project_name }}/terraform/operations/versions.tf b/{{ cookiecutter.project_name }}/terraform/operations/versions.tf index 6c64340..04a0577 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/versions.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/versions.tf @@ -1,6 +1,6 @@ # tf versions terraform { - required_version = "~> 1.5.7" + required_version = "~> 1.7.5" required_providers { google = { source = "hashicorp/google" diff --git a/{{ cookiecutter.project_name }}/terraform/state-management/README.md b/{{ cookiecutter.project_name }}/terraform/state-management/README.md index e86041a..ed68bc3 100644 --- a/{{ cookiecutter.project_name }}/terraform/state-management/README.md +++ b/{{ cookiecutter.project_name }}/terraform/state-management/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | ~> 1.5.7 | +| [terraform](#requirement\_terraform) | ~> 1.7.5 | | [google](#requirement\_google) | ~> 4.83.0 | ## Providers diff --git a/{{ cookiecutter.project_name }}/terraform/state-management/versions.tf b/{{ cookiecutter.project_name }}/terraform/state-management/versions.tf index a5d279f..4128ff6 100644 --- a/{{ cookiecutter.project_name }}/terraform/state-management/versions.tf +++ b/{{ cookiecutter.project_name }}/terraform/state-management/versions.tf @@ -1,6 +1,6 @@ # tf versions terraform { - required_version = "~> 1.5.7" + required_version = "~> 1.7.5" required_providers { google = { source = "hashicorp/google" From 5ee5e753941e2e381406a144c8f0e33aa4a12895 Mon Sep 17 00:00:00 2001 From: Dave Bunten Date: Thu, 11 Apr 2024 13:48:15 -0600 Subject: [PATCH 2/2] Use cookiecutter hook and tfvar validation to limit service account characters (#20) * use variable slice to limit svc account chars * add cookiecutter and tf input validation Co-Authored-By: Faisal Alquaddoomi --------- Co-authored-by: Faisal Alquaddoomi --- hooks/pre_gen_project.py | 30 +++++++++++++++++++ .../terraform/operations/accounts.tf | 2 +- .../terraform/operations/variables.tf | 12 ++++++++ .../terraform/state-management/variables.tf | 12 ++++++++ 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 hooks/pre_gen_project.py diff --git a/hooks/pre_gen_project.py b/hooks/pre_gen_project.py new file mode 100644 index 0000000..f7f1ffe --- /dev/null +++ b/hooks/pre_gen_project.py @@ -0,0 +1,30 @@ +""" +Hook for checking values from cookiecutter variables before generating the project. +See the following for more information: +https://cookiecutter.readthedocs.io/en/1.7.0/advanced/hooks.html +""" + +import sys + +project_name = "{{ cookiecutter.project_name }}" +project_gc_project = "{{ cookiecutter.project_gc_project }}" + +# checking for proper length of the project name +# note: we provide the limitation here based on constraints +# for Google service accounts and how the variable is used within template. +# See the following for more information: +# https://cloud.google.com/iam/docs/service-accounts-create#creating +if not 6 <= len(project_name) <= 21: + print( + "ERROR: %s Please use a project name of length 6-21 characters!" % project_name + ) + sys.exit(1) + +# limitation for google project names +# see the following for more information: +# https://cloud.google.com/resource-manager/docs/creating-managing-projects +if not 4 <= len(project_gc_project) <= 30: + print( + "ERROR: %s Please use a Google project name of length 4-30 characters!" % project_name + ) + sys.exit(1) diff --git a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf index 2b16f60..7b0dadc 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/accounts.tf @@ -1,7 +1,7 @@ # tf account creation and related work # Create a new service account resource "google_service_account" "service_account" { - account_id = "${var.initiative_label}-svc-account" + account_id = "${var.initiative_label}-svc-acct" } #Create a service-account key for the associated service account diff --git a/{{ cookiecutter.project_name }}/terraform/operations/variables.tf b/{{ cookiecutter.project_name }}/terraform/operations/variables.tf index 3e8e9b1..61894ca 100644 --- a/{{ cookiecutter.project_name }}/terraform/operations/variables.tf +++ b/{{ cookiecutter.project_name }}/terraform/operations/variables.tf @@ -2,6 +2,10 @@ variable "project" { description = "Google Cloud project to create the related resources in." type = string + validation { + condition = length(var.project) >= 4 && length(var.project) <= 30 + error_message = "Project name must be between 4 and 30 characters." + } } variable "region" { @@ -12,9 +16,17 @@ variable "region" { variable "bucket_name" { description = "Name for the bucket being created." type = string + validation { + condition = length(var.bucket_name) >= 3 && length(var.bucket_name) <= 63 + error_message = "Bucket name must be between 3 and 63 characters." + } } variable "initiative_label" { description = "Label for specific initiative useful for differentiating between various resources." type = string + validation { + condition = length(var.initiative_label) >= 6 && length(var.initiative_label) <= 21 + error_message = "Initiative label must be between 6 and 23 characters." + } } diff --git a/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf b/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf index 3e8e9b1..61894ca 100644 --- a/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf +++ b/{{ cookiecutter.project_name }}/terraform/state-management/variables.tf @@ -2,6 +2,10 @@ variable "project" { description = "Google Cloud project to create the related resources in." type = string + validation { + condition = length(var.project) >= 4 && length(var.project) <= 30 + error_message = "Project name must be between 4 and 30 characters." + } } variable "region" { @@ -12,9 +16,17 @@ variable "region" { variable "bucket_name" { description = "Name for the bucket being created." type = string + validation { + condition = length(var.bucket_name) >= 3 && length(var.bucket_name) <= 63 + error_message = "Bucket name must be between 3 and 63 characters." + } } variable "initiative_label" { description = "Label for specific initiative useful for differentiating between various resources." type = string + validation { + condition = length(var.initiative_label) >= 6 && length(var.initiative_label) <= 21 + error_message = "Initiative label must be between 6 and 23 characters." + } }