Merge pull request #275 from silinternational/lint-fixes

fix issues found by tflint
silinternational · Nov 21, 2024 · aff6cc5 · aff6cc5
2 parents 930a8d1 + 0581a2f
commit aff6cc5
Show file tree

Hide file tree

Showing 31 changed files with 61 additions and 127 deletions.
diff --git a/terraform/000-core/vars.tf b/terraform/000-core/vars.tf
@@ -12,11 +12,13 @@ variable "cert_domain" {
 
 variable "create_acm_cert" {
   description = "Set to true if an ACM certificate is needed"
+  type        = bool
   default     = false
 }
 
 variable "create_cd_user" {
   description = "Set to false if an IAM user for continuous deployment is not needed"
+  type        = bool
   default     = true
 }
 
@@ -36,4 +38,3 @@ variable "appconfig_app_name" {
   type        = string
   default     = ""
 }
-
diff --git a/terraform/010-cluster/vars.tf b/terraform/010-cluster/vars.tf
@@ -100,6 +100,6 @@ variable "vpc_cidr_block" {
 
 variable "log_retention_in_days" {
   description = "Number of days to retain CloudWatch application logs"
-  default     = 30
   type        = number
+  default     = 30
 }
diff --git a/terraform/022-ecr/README.md b/terraform/022-ecr/README.md
@@ -26,7 +26,6 @@ This module is used to create ECR image repositories for ECS services
 module "ecr" {
   source              = "github.com/silinternational/idp-in-a-box//terraform/022-ecr"
   idp_name            = var.idp_name
-  app_env             = var.app_env
   ecsInstanceRole_arn = data.terraform_remote_state.core.ecsInstanceRole_arn
   ecsServiceRole_arn  = data.terraform_remote_state.core.ecsServiceRole_arn
   cd_user_arn         = data.terraform_remote_state.core.cduser_arn

diff --git a/terraform/022-ecr/vars.tf b/terraform/022-ecr/vars.tf
@@ -1,7 +1,3 @@
-variable "app_env" {
-  type = string
-}
-
 variable "idp_name" {
   type = string
 }
@@ -17,4 +13,3 @@ variable "ecsServiceRole_arn" {
 variable "cd_user_arn" {
   type = string
 }
-
diff --git a/terraform/030-phpmyadmin/main.tf b/terraform/030-phpmyadmin/main.tf
@@ -13,4 +13,6 @@ module "phpmyadmin" {
   alb_dns_name           = var.alb_dns_name
   enable                 = var.enable
   upload_limit           = var.upload_limit
+  cpu                    = var.cpu
+  memory                 = var.memory
 }
diff --git a/terraform/030-phpmyadmin/vars.tf b/terraform/030-phpmyadmin/vars.tf
@@ -52,10 +52,12 @@ variable "alb_dns_name" {
 }
 
 variable "cpu" {
+  type    = string
   default = "32"
 }
 
 variable "memory" {
+  type    = string
   default = "128"
 }
 

diff --git a/terraform/031-email-service/README.md b/terraform/031-email-service/README.md
@@ -27,10 +27,8 @@ This module is used to create an ECS service running email-service.
  - `mysql_pass` - MySQL password for email-service
  - `mysql_user` - MySQL username for email-service
  - `notification_email` - Email address to send alerts/notifications to
- - `ssl_policy` - SSL policy
  - `subdomain` - Subdomain for email-service
  - `vpc_id` - ID for VPC
- - `wildcard_cert_arn` - ARN to ACM wildcard certificate
 
 ## Optional Inputs
 
@@ -89,9 +87,7 @@ module "email" {
   mysql_pass                = data.terraform_remote_state.database.db_emailservice_pass
   mysql_user                = var.mysql_user
   notification_email        = var.notification_email
-  ssl_policy                = var.ssl_policy
   subdomain                 = var.email_subdomain
   vpc_id                    = data.terraform_remote_state.cluster.vpc_id
-  wildcard_cert_arn         = data.terraform_remote_state.cluster.wildcard_cert_arn
 }
 ```
diff --git a/terraform/031-email-service/vars.tf b/terraform/031-email-service/vars.tf
@@ -7,12 +7,6 @@ variable "app_name" {
   default = "email-service"
 }
 
-variable "aws_region" {
-  description = "WARNING: This is not used. The region is more reliably determined from the aws_region data source."
-  type        = string
-  default     = ""
-}
-
 variable "cloudflare_domain" {
   type = string
 }
@@ -22,10 +16,12 @@ variable "cloudwatch_log_group_name" {
 }
 
 variable "cpu_api" {
+  type    = string
   default = "32"
 }
 
 variable "cpu_cron" {
+  type    = string
   default = "100"
 }
 
@@ -117,10 +113,12 @@ variable "mailer_username" {
 }
 
 variable "memory_api" {
+  type    = string
   default = "96"
 }
 
 variable "memory_cron" {
+  type    = string
   default = "32"
 }
 
@@ -140,10 +138,6 @@ variable "notification_email" {
   type = string
 }
 
-variable "ssl_policy" {
-  type = string
-}
-
 variable "subdomain" {
   description = "The subdomain for email-service, without an embedded region in it (e.g. 'email', NOT 'email-us-east-1')"
   type        = string
@@ -153,11 +147,8 @@ variable "vpc_id" {
   type = string
 }
 
-variable "wildcard_cert_arn" {
-  type = string
-}
-
 variable "enable_cron" {
+  type    = bool
   default = true
 }
 

diff --git a/terraform/032-db-backup/README.md b/terraform/032-db-backup/README.md
@@ -13,12 +13,10 @@ This module is used to run mysqldump and backup files to S3
  - `cloudwatch_log_group_name` - CloudWatch log group name
  - `docker_image` - The docker image to use for this
  - `ecs_cluster_id` - ID for ECS Cluster
- - `ecsServiceRole_arn` - ARN for ECS Service Role
  - `idp_name` - Short name of IdP for use in logs and email alerts
  - `mysql_host` - Address for RDS instance
  - `mysql_pass` - MySQL password
  - `mysql_user` - MySQL username
- - `vpc_id` - ID for VPC
 
 ## Optional Inputs
 
@@ -56,13 +54,11 @@ module "dbbackup" {
   db_names                  = var.db_names
   docker_image              = data.terraform_remote_state.ecr.ecr_repo_dbbackup
   ecs_cluster_id            = data.terraform_remote_state.core.ecs_cluster_id
-  ecsServiceRole_arn        = data.terraform_remote_state.core.ecsServiceRole_arn
   idp_name                  = var.idp_name
   memory                    = var.memory
   mysql_host                = data.terraform_remote_state.database.rds_address
   mysql_pass                = data.terraform_remote_state.database.mysql_pass
   mysql_user                = data.terraform_remote_state.database.mysql_user
   service_mode              = var.service_mode
-  vpc_id                    = data.terraform_remote_state.cluster.vpc_id
 }
 ```
diff --git a/terraform/032-db-backup/main.tf b/terraform/032-db-backup/main.tf
@@ -1,15 +1,12 @@
 locals {
-  aws_account = data.aws_caller_identity.this.account_id
-  aws_region  = data.aws_region.current.name
+  aws_region = data.aws_region.current.name
 }
 
 
 /*
  * AWS data
  */
 
-data "aws_caller_identity" "this" {}
-
 data "aws_region" "current" {}
 
 

diff --git a/terraform/032-db-backup/vars.tf b/terraform/032-db-backup/vars.tf
@@ -7,12 +7,6 @@ variable "app_name" {
   default = "db-backup"
 }
 
-variable "aws_region" {
-  description = "This is not used. The region is more reliably determined from the aws_region data source."
-  type        = string
-  default     = ""
-}
-
 variable "backup_user_name" {
   type    = string
   default = null
@@ -52,10 +46,6 @@ variable "ecs_cluster_id" {
   type = string
 }
 
-variable "ecsServiceRole_arn" {
-  type = string
-}
-
 variable "event_schedule" {
   description = "Schedule for backup task execution. Default: `cron(0 2 * * ? *)"
   type        = string
@@ -88,10 +78,6 @@ variable "service_mode" {
   default = "backup"
 }
 
-variable "vpc_id" {
-  type = string
-}
-
 variable "enable_aws_backup" {
   description = "enable backup using AWS Backup service"
   type        = bool

diff --git a/terraform/040-id-broker/README.md b/terraform/040-id-broker/README.md
@@ -39,12 +39,10 @@ This module is used to create an ECS service running id-broker.
  - `mysql_pass` - MySQL password for id-broker
  - `mysql_user` - MySQL username for id-broker
  - `password_profile_url` - URL to password manager profile
- - `ssl_policy` - SSL policy
  - `subdomain` - Subdomain to use for this (id-broker) ECS service
  - `support_email` - Email address for support
  - `support_name` - Name for support. Default: `support`
  - `vpc_id` - ID for VPC
- - `wildcard_cert_arn` - ARN to ACM wildcard certificate
 
 ## Optional Inputs
 
@@ -232,7 +230,6 @@ module "broker" {
   send_password_expiring_emails    = var.send_password_expiring_emails
   send_refresh_backup_codes_emails = var.send_refresh_backup_codes_emails
   send_welcome_emails              = var.send_welcome_emails
-  ssl_policy                       = var.ssl_policy
   subdomain                        = var.broker_subdomain
   subject_for_get_backup_codes     = var.subject_for_get_backup_codes
   subject_for_invite               = var.subject_for_invite
@@ -255,6 +252,5 @@ module "broker" {
   support_email                    = var.support_email
   support_name                     = var.support_name
   vpc_id                           = data.terraform_remote_state.cluster.vpc_id
-  wildcard_cert_arn                = data.terraform_remote_state.cluster.wildcard_cert_arn
 }
 ```
diff --git a/terraform/040-id-broker/main.tf b/terraform/040-id-broker/main.tf
@@ -230,7 +230,7 @@ module "cron_task" {
         environment = [
           {
             "name" : "RUN_TASK",
-            "value" : "${var.run_task}"
+            "value" : var.run_task
           }
         ]
       }

diff --git a/terraform/040-id-broker/vars.tf b/terraform/040-id-broker/vars.tf
@@ -24,12 +24,6 @@ variable "app_name" {
   description = "Used in ECS service names and logs, best to leave as default."
 }
 
-variable "aws_region" {
-  description = "This is not used. The region is more reliably determined from the aws_region data source."
-  type        = string
-  default     = ""
-}
-
 variable "cloudflare_domain" {
   type = string
 }
@@ -83,15 +77,18 @@ variable "email_repeat_delay_days" {
 
 variable "email_service_accessToken" {
   description = "Access Token for Email Service API"
+  type        = string
 }
 
 variable "email_service_assertValidIp" {
   description = "Whether or not to assert IP address for Email Service API is trusted"
+  type        = string
   default     = "true"
 }
 
 variable "email_service_baseUrl" {
   description = "Base URL to Email Service API"
+  type        = string
 }
 
 variable "email_service_validIpRanges" {
@@ -128,8 +125,8 @@ variable "ga_measurement_id" {
 }
 
 variable "google_config" {
-  type        = map(string)
   description = "A map of Google properties for Sheets export"
+  type        = map(string)
   default     = { enableSheetsExport = false }
 }
 
@@ -174,6 +171,7 @@ variable "idp_display_name" {
 
 variable "idp_name" {
   description = "Short name of IdP for logs, something like 'acme'"
+  type        = string
 }
 
 variable "inactive_user_period" {
@@ -460,10 +458,6 @@ variable "sentry_dsn" {
   default     = ""
 }
 
-variable "ssl_policy" {
-  type = string
-}
-
 variable "subdomain" {
   description = "The subdomain for id-broker, without an embedded region in it (e.g. 'broker', NOT 'broker-us-east-1')"
   type        = string
@@ -577,10 +571,6 @@ variable "vpc_id" {
   type = string
 }
 
-variable "wildcard_cert_arn" {
-  type = string
-}
-
 variable "app_id" {
   description = "DEPRECATED AppConfig application ID created by AWS. This cannot be the application name."
   type        = string

diff --git a/terraform/041-id-broker-search-lambda/vars.tf b/terraform/041-id-broker-search-lambda/vars.tf
@@ -3,6 +3,7 @@ variable "app_env" {
 }
 
 variable "app_name" {
+  type    = string
   default = "idp-id-broker-search"
 }
 
@@ -19,10 +20,12 @@ variable "function_bucket_name" {
 }
 
 variable "function_zip_name" {
+  type    = string
   default = "idp-id-broker-search.zip"
 }
 
 variable "function_name" {
+  type    = string
   default = "idp-id-broker-search"
 }
 
@@ -37,11 +40,13 @@ variable "lambda_runtime" {
 }
 
 variable "memory_size" {
+  type    = string
   default = "128"
 }
 
 variable "remote_role_arn" {
   description = "ARN to role from different AWS account to be given permission to invoke function"
+  type        = string
 }
 
 variable "security_group_ids" {
@@ -53,6 +58,6 @@ variable "subnet_ids" {
 }
 
 variable "timeout" {
+  type    = string
   default = "5"
 }
-