Issue #3: Resolve terraform violations

terraform/modules/azure-cluster-network/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+
+  required_version = ">= 1.7.2"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.25"
+    }
+  }
+}

terraform/modules/azure-kubernetes-cluster/main.tf

@@ -3,7 +3,7 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   name                = local.prefix
   resource_group_name = var.resource_group
   location            = var.location
-  dns_prefix          = "${local.prefix}-dns"
+  dns_prefix          = local.dns_prefix
   kubernetes_version  = var.k8s_version
 
   linux_profile {
@@ -30,9 +30,9 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   }
 
   azure_active_directory_role_based_access_control {
-    managed                = true
+    managed                = var.managed
     admin_group_object_ids = var.aks_admin_group_object_ids
-    azure_rbac_enabled     = true
+    azure_rbac_enabled     = var.rbac_enabled
   }
 
   identity {

terraform/modules/azure-kubernetes-cluster/resources.tf

@@ -1,10 +1,7 @@
 locals {
-
   prefix    = var.prefix
-  sp_name   = "${var.prefix}-sp"
+  dns_prefix = "${local.prefix}-dns"
   subnet_id = data.azurerm_subnet.subnet.id
-  location  = var.location
-  tags      = var.tags
 }
 
 data "azurerm_subnet" "subnet" {

terraform/modules/azure-kubernetes-cluster/storage_account.tf

@@ -7,5 +7,5 @@ resource "azurerm_storage_account" "st" {
   account_replication_type = var.storage_account_replication_type
   account_kind             = var.storage_account_kind
 
-  tags = local.tags
+  tags = var.tags
 }

terraform/modules/azure-kubernetes-cluster/variables.tf

@@ -70,18 +70,18 @@ variable "tags" {
   type        = map(string)
 }
 
-variable "end_date" {
-  description = "The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z)."
-  type        = string
-  default     = "2030-01-01T00:00:00Z"
-}
-
 variable "k8s_version" {
   description = "(Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade)."
   type        = string
   default     = "1.23.5"
 }
 
+variable "managed" {
+  description = "(Optional) Is this a managed Kubernetes Cluster? Default is true."
+  type        = bool
+  default     = true
+}
+
 variable "rbac_enabled" {
   description = "(Required) Is Role Based Access Control Enabled? Changing this forces a new resource to be created."
   type        = bool

terraform/modules/azure-kubernetes-cluster/versions.tf

@@ -0,0 +1,23 @@
+terraform {
+
+  required_version = ">= 1.7.2"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.25"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "2.4.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.4"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "1.0.0"
+    }
+  }
+}

terraform/prod/main.tf

@@ -2,23 +2,23 @@ terraform {
 
   required_version = ">= 1.1.0"
 
-  # backend "azurerm" {
-  #   resource_group_name  = "rg-ai-cfia-terraform-state"
-  #   storage_account_name = "tfcfiastate"
-  #   container_name       = "infra-terraform-state"
-  #   key                  = "tf/terraform.tfstate"
-  # }
+#   backend "azurerm" {
+#     resource_group_name  = "rg-ai-cfia-terraform-state"
+#     storage_account_name = "tfcfiastate"
+#     container_name       = "infra-terraform-state"
+#     key                  = "tf/terraform.tfstate"
+#   }
 
-  # required_providers {
-  #   azurerm = {
-  #     source  = "hashicorp/azurerm"
-  #     version = "~> 3.25"
-  #   }
-  #   kubernetes = {
-  #     source  = "hashicorp/kubernetes"
-  #     version = "2.24.0"
-  #   }
-  # }
+#   required_providers {
+#     azurerm = {
+#       source  = "hashicorp/azurerm"
+#       version = "~> 3.25"
+#     }
+#     kubernetes = {
+#       source  = "hashicorp/kubernetes"
+#       version = "2.24.0"
+#     }
+#   }
 }
 
 # provider "azurerm" {

terraform/staging/main.tf

@@ -1,7 +1,5 @@
 terraform {
 
-  required_version = ">= 1.7.2"
-
   backend "azurerm" {
     resource_group_name  = "rg-ai-cfia-terraform-state"
     storage_account_name = "tfcfiastate"
@@ -13,25 +11,6 @@ terraform {
   #   bucket = "terraform-tfstate-gcp-storage"
   #   prefix = "terraform/state"
   # }
-
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = "~> 5.0"
-    }
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~> 3.25"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.24.0"
-    }
-    # aws = {
-    #   source  = "hashicorp/aws"
-    #   version = "~> 3.0"
-    # }
-  }
 }
 
 provider "azurerm" {
@@ -99,6 +78,8 @@ module "aks-cluster-0" {
   node_min_count            = var.node_min_count
   node_max_count            = var.node_max_count
 
+  managed                    = var.managed
+  rbac_enabled               = var.rbac_enabled
   aks_admin_group_object_ids = var.aks_admin_group_object_ids
   ad_groups                  = var.ad_groups
 

terraform/staging/variables.tf

@@ -1,35 +1,44 @@
 variable "location_1" {
   description = "Azure cloud first computing region"
+  type        = string
 }
 
 # variable "location_2" {
 #   description = "Azure cloud second computing region"
+#   type        = string
+
 # }
 
 variable "resource_group" {
   description = "Resource group name"
+  type        = string
 }
 
 variable "aks_name" {
   description = "AKS cluster name"
+  type        = string
 }
 
 variable "admin_username" {
   description = "User to access the virtual machines of the system (use lower case, no spaces and special characters ex: azureuser)"
+  type        = string
 }
 
 variable "k8s_version" {
   description = "Version of Kubernetes specified when creating the AKS managed cluster."
+  type        = string
   default     = "2.24.0"
 }
 
 variable "default_node_vm_size" {
   description = "Size of the main nodepool VM"
+  type        = string
   default     = "Standard_E8as_v4"
 }
 
 variable "auto_scaling_default_node" {
   description = "Enables auto-scaling of the main node"
+  type        = bool
   default     = true
 }
 
@@ -41,61 +50,84 @@ variable "zones" {
 
 variable "node_count" {
   description = "Number of Cluster Nodes"
+  type        = number
   default     = 1
 }
 
 variable "node_min_count" {
   description = "Minimum number of nodes in the cluster"
+  type        = number
   default     = 1
 }
 
 variable "node_max_count" {
   description = "Maximum number of nodes in the cluster"
+  type        = number
   default     = 10
 }
 
 variable "max_pods" {
   description = "Total number of pods that can be started on a kubernetes node "
+  type        = number
   default     = 110
 }
 
 variable "virtual_network_address" {
   description = "Virtual network address"
+  type        = string
   default     = "10.0.0.0/16" # RFC1918-compliant private address space
 }
 
 variable "subnet_address" {
   description = "Subnet address"
+  type        = string
   default     = "10.241.0.0/16" # Subnet resides within RFC1918-compliant VNet range
 }
 
 variable "service_cidr" {
   description = "The Network Range used by the Kubernetes service.Changing this forces a new resource to be created."
+  type        = string
   default     = "10.0.0.0/16"
 }
 
 variable "dns_service_ip" {
   description = "IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)."
+  type        = string
   default     = "10.0.0.10"
 }
 
 variable "pod_cidr" {
   description = "The CIDR to use for pod IP addresses. Changing this forces a new resource to be created."
+  type        = string
   default     = "10.244.0.0/16"
 }
 
 variable "docker_bridge_cidr" {
   description = "The Network Range used by the Kubernetes service. Changing this forces a new resource to be created."
+  type        = string
   default     = "172.17.0.1/16"
 }
 
 variable "additional_node_pools" {
   description = "List of additional node pools to the cluster."
+  type = map(object({
+    vm_size             = string
+    os_disk_size_gb     = number
+    enable_auto_scaling = bool
+    zones               = list(string)
+    node_count          = number
+    min_count           = number
+    max_count           = number
+    max_pods            = number
+    node_labels         = map(string)
+    taints              = list(string)
+  }))
   default     = {}
 }
 
 variable "tags" {
   description = "Azure resource tags"
+  type        = map(string)
   default     = {}
 }
 
@@ -105,6 +137,18 @@ variable "sku_tier" {
   default     = "Free"
 }
 
+variable "managed" {
+  description = "(Optional) Is this a managed Kubernetes Cluster? Default is true."
+  type        = bool
+  default     = true
+}
+
+variable "rbac_enabled" {
+  description = "(Required) Is Role Based Access Control Enabled? Changing this forces a new resource to be created."
+  type        = bool
+  default     = false
+}
+
 variable "aks_admin_group_object_ids" {
   description = "aks admin group ids"
   type        = list(string)

terraform/staging/versions.tf

@@ -0,0 +1,23 @@
+terraform {
+
+  required_version = ">= 1.7.2"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.0"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.25"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.24.0"
+    }
+    # aws = {
+    #   source  = "hashicorp/aws"
+    #   version = "~> 3.0"
+    # }
+  }
+}