fix: correct the bugs of major version 7 (pre-release) (#860)

kayman-mk · tmeijn · kayman-mk · commit 9057ae177327 · 2023-07-06T22:07:40.000+02:00
## Description

Corrects all bugs of the pre-release version 7 of the module before
roll-out.

---------

Co-authored-by: Tyrone Meijn &lt;tyrone_meijn@hotmail.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -138,7 +138,7 @@ jobs:
 
       - name: Run TFLint
         # assign necessary variables to avoid errors
-        run: "tflint --var 'enable_kms=true' --var='runner_instance={\"name_prefix\": \"a\", \"name\": \"b\"}'"
+        run: "tflint --var 'enable_managed_kms_key=true' --var='runner_instance={\"name_prefix\": \"a\", \"name\": \"b\"}'"
 
   tfsec:
     name: tfsec PR commenter
diff --git a/main.tf b/main.tf
@@ -81,7 +81,7 @@ locals {
       gitlab_runner_locked_to_project                              = var.runner_gitlab_registration_config["locked_to_project"]
       gitlab_runner_run_untagged                                   = var.runner_gitlab_registration_config["run_untagged"]
       gitlab_runner_maximum_timeout                                = var.runner_gitlab_registration_config["maximum_timeout"]
-      gitlab_runner_access_level                                   = lookup(var.runner_gitlab_registration_config, "access_level", "not_protected")
+      gitlab_runner_access_level                                   = var.runner_gitlab_registration_config.access_level
       sentry_dsn                                                   = var.runner_manager.sentry_dsn
       public_key                                                   = var.runner_worker_docker_machine_fleet.enable == true ? tls_private_key.fleet[0].public_key_openssh : ""
       use_fleet                                                    = var.runner_worker_docker_machine_fleet.enable
diff --git a/migrations/migrate-to-7-0-0.sh b/migrations/migrate-to-7-0-0.sh
@@ -16,7 +16,6 @@ cp "$1" "$converted_file"
 # PR #738 chore!: remove deprecated variables
 #
 sed -i '/arn_format/d' "$converted_file"
-sed -i '/subnet_id_runners/d' "$converted_file"
 sed -i '/subnet_ids_gitlab_runner/d' "$converted_file"
 sed -i '/asg_terminate_lifecycle_hook_create/d' "$converted_file"
 sed -i '/asg_terminate_lifecycle_hook_heartbeat_timeout/d' "$converted_file"
@@ -133,7 +132,7 @@ sed 's/role_tags/runner_extra_role_tags/g' | \
 sed 's/runner_tags/runner_worker_docker_machine_extra_role_tags/g' | \
 sed 's/agent_tags/runner_extra_instance_tags/g' | \
 sed 's/enable_ping/runner_ping_enable/g' | \
-sed 's/gitlab_runner_version/runner_gitlab_runner_version/g' | \
+sed 's/[^\.]gitlab_runner_version/runner_gitlab_runner_version/g' | \
 sed 's/gitlab_runner_egress_rules/runner_extra_egress_rules/g' | \
 sed 's/gitlab_runner_security_group_ids/runner_ping_allow_from_security_groups/g' | \
 sed 's/gitlab_runner_security_group_description/runner_security_group_description/g' | \
@@ -650,12 +649,23 @@ if [ -n "$extracted_variables" ]; then
   " > x && mv x "$converted_file"
 fi
 
+# rename the subnet_id_runners variable
+sed -i 's/subnet_id_runners/subnet_id/g' "$converted_file"
+
+# remove the \" from the autoscaling periods. No longer needed as jsonencode(value) is used
+sed -i '/periods/s/\\"//g' "$converted_file"
+
 # change the module source to cattle-ops
 sed -i 's/npalm/cattle-ops/g' "$converted_file"
 
 cat <<EOT
 Not all cases are handled by this script. Please check the output file and make sure that all variables are converted correctly.
-Especially it you have comments or multiline templates in your file.
+Take some time and sort the variables again for better readability.
+
+Known issues:
+  - commented lines are not supported. Remove them.
+  - variable definitions with multiple lines are not supported. Rework manually.
+  - `subnet_id` was taken from `subnet_id_runners`. Make sure that this is correct.
 EOT
 
 echo
diff --git a/modules/terminate-agent-hook/cloudwatch.tf b/modules/terminate-agent-hook/cloudwatch.tf
@@ -29,7 +29,8 @@ resource "aws_cloudwatch_event_target" "terminate_instances" {
 }
 
 resource "aws_cloudwatch_log_group" "lambda" {
-  name              = "/aws/lambda/${var.environment}-${var.name}"
+  name = "/aws/lambda/${var.environment}-${var.name}"
+  # checkov:skip=CKV_AWS_338:There is no need to store the logs for 1+ years. They are not critical.
   retention_in_days = var.cloudwatch_logging_retention_in_days
 
   # ok as encryption can be activated by the user
diff --git a/variables.tf b/variables.tf
@@ -123,7 +123,7 @@ variable "runner_instance" {
     name                        = string
     name_prefix                 = optional(string)
     private_address_only        = optional(bool, true)
-    root_device_config          = optional(map(string))
+    root_device_config          = optional(map(string), {})
     spot_price                  = optional(string, null)
     ssm_access                  = optional(bool, false)
     type                        = optional(string, "t3.micro")
@@ -305,7 +305,7 @@ variable "runner_gitlab_registration_config" {
     locked_to_project  = optional(string, "")
     run_untagged       = optional(string, "")
     maximum_timeout    = optional(string, "")
-    access_level       = optional(string, "")
+    access_level       = optional(string, "not_protected") # this is the only mandatory field calling the GitLab get token for executor operation
   })
 
   default = {}

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,8 @@ resource "aws_cloudwatch_event_target" "terminate_instances" {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`resource "aws_cloudwatch_log_group" "lambda" {`
`32`		`- name = "/aws/lambda/${var.environment}-${var.name}"`
	`32`	`+ name = "/aws/lambda/${var.environment}-${var.name}"`
	`33`	`+ # checkov:skip=CKV_AWS_338:There is no need to store the logs for 1+ years. They are not critical.`
`33`	`34`	`retention_in_days = var.cloudwatch_logging_retention_in_days`
`34`	`35`
`35`	`36`	`# ok as encryption can be activated by the user`