From 508b149ff977c2a68c955c4fde1d8a63481a7a7a Mon Sep 17 00:00:00 2001 From: Keren Trajtenberg Date: Thu, 25 Jan 2024 15:07:21 +0200 Subject: [PATCH 1/6] fixed default branch attrb in linter --- .github/workflows/actionlint.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 82e310a..1e26f1c 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -28,7 +28,6 @@ jobs: DEFAULT_BRANCH: main # To report GitHub Actions status checks, you must provide a GitHub token. GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }} - DEFAULT_BRANCH : main VALIDATE_BASH : true VALIDATE_BASH_EXEC : true BASH_SEVERITY : "error" From 3403330903720c93d411a2f3f83bb301a9bd9413 Mon Sep 17 00:00:00 2001 From: Keren Trajtenberg Date: Thu, 25 Jan 2024 16:19:04 +0200 Subject: [PATCH 2/6] removed some lint tests --- .github/workflows/actionlint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 1e26f1c..b61e092 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -32,8 +32,8 @@ jobs: VALIDATE_BASH_EXEC : true BASH_SEVERITY : "error" VALIDATE_GITHUB_ACTIONS : true - VALIDATE_MARKDOWN : true - VALIDATE_NATURAL_LANGUAGE : true + # VALIDATE_MARKDOWN : true + # VALIDATE_NATURAL_LANGUAGE : true VALIDATE_POWERSHELL : true VALIDATE_TERRAFORM_FMT : true VALIDATE_YAML : true From 1563c336f79011b1a2ba91917a4ed41bcab64e86 Mon Sep 17 00:00:00 2001 From: Keren Trajtenberg Date: Thu, 25 Jan 2024 16:32:14 +0200 Subject: [PATCH 3/6] aligned tf lint requirements in main.tf --- Terraform/deploy-fsx-ontap/main.tf | 54 +++++++++++++++--------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/Terraform/deploy-fsx-ontap/main.tf b/Terraform/deploy-fsx-ontap/main.tf index a06f237..eb6fb13 100644 --- a/Terraform/deploy-fsx-ontap/main.tf +++ b/Terraform/deploy-fsx-ontap/main.tf @@ -14,14 +14,14 @@ */ resource "aws_security_group" "fsx_sg" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 name = "fsx_sg" description = "Allow FSx ONTAP required ports" vpc_id = var.vpc_id } resource "aws_vpc_security_group_ingress_rule" "all_icmp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Allow all ICMP traffic" cidr_ipv4 = "0.0.0.0/0" @@ -29,7 +29,7 @@ resource "aws_vpc_security_group_ingress_rule" "all_icmp" { } resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Remote procedure call for NFS" cidr_ipv4 = var.cidr_for_sg @@ -39,7 +39,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" { } resource "aws_vpc_security_group_ingress_rule" "nfs_udp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Remote procedure call for NFS" cidr_ipv4 = var.cidr_for_sg @@ -49,7 +49,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_udp" { } resource "aws_vpc_security_group_ingress_rule" "cifs" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "NetBIOS service session for CIFS" cidr_ipv4 = var.cidr_for_sg @@ -59,7 +59,7 @@ resource "aws_vpc_security_group_ingress_rule" "cifs" { } resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Simple network management protocol for log collection" cidr_ipv4 = var.cidr_for_sg @@ -69,7 +69,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" { } resource "aws_vpc_security_group_ingress_rule" "snmp_udp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Simple network management protocol for log collection" cidr_ipv4 = var.cidr_for_sg @@ -79,7 +79,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_udp" { } resource "aws_vpc_security_group_ingress_rule" "smb_cifs" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "Microsoft SMB/CIFS over TCP with NetBIOS framing" cidr_ipv4 = var.cidr_for_sg @@ -89,7 +89,7 @@ resource "aws_vpc_security_group_ingress_rule" "smb_cifs" { } resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "NFS mount" cidr_ipv4 = var.cidr_for_sg @@ -99,7 +99,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" { } resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" { - count = var.create_sg ? 1 : 0 + count = var.create_sg ? 1 : 0 security_group_id = aws_security_group.fsx_sg[count.index] description = "NFS mount" cidr_ipv4 = var.cidr_for_sg @@ -128,38 +128,38 @@ resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" { */ resource "aws_fsx_ontap_file_system" "terraform-fsxn" { -// REQUIRED PARAMETERS + // REQUIRED PARAMETERS subnet_ids = [var.fsx_subnets["primarysub"]] preferred_subnet_id = var.fsx_subnets["primarysub"] -// OPTIONAL PARAMETERS + // OPTIONAL PARAMETERS storage_capacity = var.fsx_capacity_size_gb security_group_ids = var.create_sg ? [element(aws_security_group.fsx_sg.*.id, 0)] : [] deployment_type = var.fsx_deploy_type throughput_capacity = var.fsx_tput_in_MBps - tags = { - Name = var.fsx_name + tags = { + Name = var.fsx_name } - weekly_maintenance_start_time = var.fsx_maintenance_start_time - kms_key_id = var.kms_key_id - automatic_backup_retention_days = var.backup_retention_days + weekly_maintenance_start_time = var.fsx_maintenance_start_time + kms_key_id = var.kms_key_id + automatic_backup_retention_days = var.backup_retention_days daily_automatic_backup_start_time = var.daily_backup_start_time - storage_type = var.storage_type + storage_type = var.storage_type disk_iops_configuration { iops = var.disk_iops_configuration["iops"] mode = var.disk_iops_configuration["mode"] } fsx_admin_password = var.fsx_admin_password - route_table_ids = var.route_table_ids + route_table_ids = var.route_table_ids # endpoint_ip_address_range = "" } resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" { -// REQUIRED PARAMETERS + // REQUIRED PARAMETERS file_system_id = aws_fsx_ontap_file_system.terraform-fsxn.id name = var.svm_name -// OPTIONAL PARAMETERS + // OPTIONAL PARAMETERS root_volume_security_style = var.root_vol_sec_style tags = { Name = var.svm_name @@ -168,12 +168,12 @@ resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" { } resource "aws_fsx_ontap_volume" "myvol" { -// REQUIRED PARAMETERS + // REQUIRED PARAMETERS name = var.vol_info["vol_name"] size_in_megabytes = var.vol_info["size_mg"] storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.mysvm.id -// OPTIONAL PARAMETERS + // OPTIONAL PARAMETERS junction_path = var.vol_info["junction_path"] ontap_volume_type = var.vol_info["vol_type"] storage_efficiency_enabled = var.vol_info["efficiency"] @@ -182,10 +182,10 @@ resource "aws_fsx_ontap_volume" "myvol" { cooling_period = var.vol_info["cooling_period"] } bypass_snaplock_enterprise_retention = var.vol_info["bypass_sl_retention"] - copy_tags_to_backups = var.vol_info["copy_tags_to_backups"] - security_style = var.vol_info["sec_style"] - skip_final_backup = var.vol_info["skip_final_backup"] + copy_tags_to_backups = var.vol_info["copy_tags_to_backups"] + security_style = var.vol_info["sec_style"] + skip_final_backup = var.vol_info["skip_final_backup"] # snaplock_configuration {} snapshot_policy = "NONE" - tags = var.tags + tags = var.tags } From 0b0b6c0310d5617ca274f01dacffc669a6209f3e Mon Sep 17 00:00:00 2001 From: Keren Trajtenberg Date: Thu, 25 Jan 2024 16:36:38 +0200 Subject: [PATCH 4/6] aligned tf lint requirements in vars.tf and output.tf --- Terraform/deploy-fsx-ontap/output.tf | 1 - Terraform/deploy-fsx-ontap/variables.tf | 105 +++++++++++------------- 2 files changed, 49 insertions(+), 57 deletions(-) diff --git a/Terraform/deploy-fsx-ontap/output.tf b/Terraform/deploy-fsx-ontap/output.tf index 5c1f8c3..a237cd3 100644 --- a/Terraform/deploy-fsx-ontap/output.tf +++ b/Terraform/deploy-fsx-ontap/output.tf @@ -1,7 +1,6 @@ output "my_fsx_ontap_security_group_id" { description = "The ID of the FSxN Security Group" value = var.create_sg ? [element(aws_security_group.fsx_sg.*.id, 0)] : [] - } output "my_filesystem_id" { diff --git a/Terraform/deploy-fsx-ontap/variables.tf b/Terraform/deploy-fsx-ontap/variables.tf index 9d2f5e7..49e3681 100644 --- a/Terraform/deploy-fsx-ontap/variables.tf +++ b/Terraform/deploy-fsx-ontap/variables.tf @@ -1,31 +1,31 @@ variable "create_sg" { description = "Determines whether the SG should be deployed as part of this execution or not" - type = bool - default = false + type = bool + default = false } variable "cidr_for_sg" { description = "cide block to be used for the ingress rules" - type = string - default = "0.0.0.0/0" + type = string + default = "0.0.0.0/0" } variable "fsx_name" { description = "The deployed filesystem name" - type = string - default = "terraform-fsxn" + type = string + default = "terraform-fsxn" } variable "vpc_id" { description = "The ID of the VPC in which the FSxN fikesystem should be deployed" - type = string - default = "vpc-111111111" + type = string + default = "vpc-111111111" } variable "fsx_subnets" { description = "The IDs of the subnets fro which the FSxN filesystem will be assigned IP addresses" - type = map - default = { + type = map + default = { "primarysub" = "" "secondarysub" = "" } @@ -33,119 +33,112 @@ variable "fsx_subnets" { variable "fsx_capacity_size_gb" { description = "The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608" - type = number - default = 1024 + type = number + default = 1024 } variable "fsx_deploy_type" { description = "The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1" - type = string - default = "SINGLE_AZ_1" + type = string + default = "SINGLE_AZ_1" } variable "fsx_tput_in_MBps" { description = "The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096." - type = number - default = 256 + type = number + default = 256 } variable "fsx_maintenance_start_time" { description = "The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone." - type = string - default = "00:00:00" + type = string + default = "00:00:00" } variable "kms_key_id" { description = "ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key." - type = string - default = "" + type = string } variable "backup_retention_days" { description = "The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days." - type = number - default = 0 + type = number + default = 0 } variable "daily_backup_start_time" { description = "A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. Requires automatic_backup_retention_days to be set." - type = string - default = "00:00" + type = string + default = "00:00" } variable "disk_iops_configuration" { description = "The SSD IOPS configuration for the Amazon FSx for NetApp ONTAP file system" - type = map - default = { + type = map + default = { "iops" = 3000 "mode" = "AUTOMATIC" } } -variable "ha_pairs" { - description = "The number of ha_pairs to deploy for the file system. Valid values are 1 through 6. Recommend only using this parameter for 2 or more ha pairs." - type = number - default = 1 -} - variable "fsx_admin_password" { description = "The ONTAP administrative password for the fsxadmin user that you can use to administer your file system using the ONTAP CLI and REST API" - type = string + type = string } variable "storage_type" { description = "The filesystem storage type" - type = string - default = "SSD" + type = string + default = "SSD" } variable "route_table_ids" { description = "Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located." - type = list + type = list } variable "svm_name" { description = "The name of the Storage Virtual Machine" - type = string - default = "first_svm" + type = string + default = "first_svm" } variable "root_vol_sec_style" { description = "Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume." - type = string - default = "UNIX" + type = string + default = "UNIX" } variable "vol_info" { description = "Details for the volume creation" - type = map - default = { - "vol_name" = "vol1" - "junction_path" = "/vol1" - "size_mg" = 1024 - "efficiency" = true - "tier_policy_name" = "AUTO" - "cooling_period" = 31 - "vol_type" = "RW" - "bypass_sl_retention" = false + type = map + default = { + "vol_name" = "vol1" + "junction_path" = "/vol1" + "size_mg" = 1024 + "efficiency" = true + "tier_policy_name" = "AUTO" + "cooling_period" = 31 + "vol_type" = "RW" + "bypass_sl_retention" = false "copy_tags_to_backups" = false - "sec_style" = "UNIX" - "skip_final_backup" = false + "sec_style" = "UNIX" + "skip_final_backup" = false } } variable "vol_snapshot_policy" { description = "Specifies the snapshot policy for the volume" - type = map - default = { + type = map + default = { "Name" = "terraform-fsxn" } } variable "tags" { description = "Tags to be applied to the resources" - type = map - default = { + type = map + default = { "Name" = "terraform-fsxn" } } \ No newline at end of file From 4658337e3036c3172fd7f2d6b4d99faac53fdb16 Mon Sep 17 00:00:00 2001 From: Keren Trajtenberg Date: Thu, 25 Jan 2024 16:42:01 +0200 Subject: [PATCH 5/6] fixed yaml files lint warmnings --- .github/workflows/actionlint.yml | 39 ++++++++++++++-------------- .github/workflows/terraform-docs.yml | 1 + .github/workflows/terraform.yml | 1 + 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index b61e092..9ce599e 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -1,3 +1,4 @@ +--- # Copyright (c) NetApp, Inc. # SPDX-License-Identifier: Apache-2.0 @@ -17,24 +18,24 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 - - name: Super-linter - uses: super-linter/super-linter@v5.7.2 # x-release-please-version - env: - DEFAULT_BRANCH: main - # To report GitHub Actions status checks, you must provide a GitHub token. - GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }} - VALIDATE_BASH : true - VALIDATE_BASH_EXEC : true - BASH_SEVERITY : "error" - VALIDATE_GITHUB_ACTIONS : true - # VALIDATE_MARKDOWN : true - # VALIDATE_NATURAL_LANGUAGE : true - VALIDATE_POWERSHELL : true - VALIDATE_TERRAFORM_FMT : true - VALIDATE_YAML : true + - name: Super-linter + uses: super-linter/super-linter@v5.7.2 # x-release-please-version + env: + DEFAULT_BRANCH: main + # To report GitHub Actions status checks, you must provide a GitHub token. + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VALIDATE_BASH: true + VALIDATE_BASH_EXEC: true + BASH_SEVERITY: "error" + VALIDATE_GITHUB_ACTIONS: true + # VALIDATE_MARKDOWN: true + # VALIDATE_NATURAL_LANGUAGE: true + VALIDATE_POWERSHELL: true + VALIDATE_TERRAFORM_FMT: true + VALIDATE_YAML: true \ No newline at end of file diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index 4f24027..17e4fc1 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -1,3 +1,4 @@ +--- # Copyright (c) NetApp, Inc. # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 80a5025..b0bccb2 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,3 +1,4 @@ +--- # Copyright (c) NetApp, Inc. # SPDX-License-Identifier: Apache-2.0 From 07b7ed82b7b85c872ca3b2494b11efe4f93f8f37 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 25 Jan 2024 14:44:53 +0000 Subject: [PATCH 6/6] terraform-docs: automated action --- Terraform/deploy-fsx-ontap/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Terraform/deploy-fsx-ontap/README.md b/Terraform/deploy-fsx-ontap/README.md index 222451a..1ae7e4a 100644 --- a/Terraform/deploy-fsx-ontap/README.md +++ b/Terraform/deploy-fsx-ontap/README.md @@ -196,6 +196,7 @@ terraform apply -y | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | fsx_admin_password | The ONTAP administrative password for the fsxadmin user that you can use to administer your file system using the ONTAP CLI and REST API | `string` | n/a | yes | +| kms_key_id | ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key. | `string` | n/a | yes | | route_table_ids | Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. | `list` | n/a | yes | | backup_retention_days | The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. | `number` | `0` | no | | cidr_for_sg | cide block to be used for the ingress rules | `string` | `"0.0.0.0/0"` | no | @@ -208,8 +209,6 @@ terraform apply -y | fsx_name | The deployed filesystem name | `string` | `"terraform-fsxn"` | no | | fsx_subnets | The IDs of the subnets fro which the FSxN filesystem will be assigned IP addresses | `map` | 
{
  "primarysub": "",
  "secondarysub": ""
}
| no | | fsx_tput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. | `number` | `256` | no | -| ha_pairs | The number of ha_pairs to deploy for the file system. Valid values are 1 through 6. Recommend only using this parameter for 2 or more ha pairs. | `number` | `1` | no | -| kms_key_id | ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key. | `string` | `""` | no | | root_vol_sec_style | Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. | `string` | `"UNIX"` | no | | storage_type | The filesystem storage type | `string` | `"SSD"` | no | | svm_name | The name of the Storage Virtual Machine | `string` | `"first_svm"` | no |