From 1a63c04600f352bc5c97ad49ede4eba13215d9df Mon Sep 17 00:00:00 2001 From: Andriy Knysh Date: Wed, 17 May 2023 18:08:45 -0400 Subject: [PATCH] Fix and update variables and inputs (#90) * updates * updates * updates --- README.md | 34 ++++---- docs/terraform.md | 34 ++++---- examples/complete/main.tf | 29 +++---- examples/complete/outputs.tf | 87 ++++++++++++++++--- examples/complete/security-group-variables.tf | 27 ------ examples/complete/versions.tf | 6 +- main.tf | 5 +- outputs.tf | 85 +++++++++++------- security-group-variables.tf | 27 ------ test/src/go.mod | 8 +- test/src/go.sum | 17 ++-- variables-deprecated.tf | 8 -- versions.tf | 2 +- 13 files changed, 195 insertions(+), 174 deletions(-) delete mode 100644 variables-deprecated.tf diff --git a/README.md b/README.md index ce087d9..dcfc276 100644 --- a/README.md +++ b/README.md @@ -154,13 +154,13 @@ Available targets: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 4.15 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.15 | +| [aws](#provider\_aws) | >= 4.0 | ## Modules @@ -189,8 +189,6 @@ Available targets: | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [allow\_all\_egress](#input\_allow\_all\_egress) | If `true`, the created security group will allow egress on all ports and protocols to all IP addresses.
If this is false and no egress rules are otherwise specified, then no egress will be allowed. | `bool` | `true` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | A list of IPv4 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | -| [allowed\_ipv6\_cidr\_blocks](#input\_allowed\_ipv6\_cidr\_blocks) | A list of IPv6 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | -| [allowed\_ipv6\_prefix\_list\_ids](#input\_allowed\_ipv6\_prefix\_list\_ids) | A list of IPv6 Prefix Lists IDs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | | [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | | [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the created resource with, in addition to the created security group.
These security groups will not be modified and, if `create_security_group` is `false`, must have rules providing the desired access. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | @@ -236,7 +234,6 @@ Available targets: | [properties](#input\_properties) | Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html) | `map(string)` | `{}` | no | | [public\_access\_enabled](#input\_public\_access\_enabled) | Enable public access to MSK cluster (given that all of the requirements are met) | `bool` | `false` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [revoke\_security\_group\_rules\_on\_delete](#input\_revoke\_security\_group\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Group's attached ingress and egress rules before deleting
the security group itself. This is normally not needed. | `bool` | `false` | no | | [s3\_logs\_bucket](#input\_s3\_logs\_bucket) | Name of the S3 bucket to deliver logs to | `string` | `""` | no | | [s3\_logs\_enabled](#input\_s3\_logs\_enabled) | Indicates whether you want to enable or disable streaming broker logs to S3 | `bool` | `false` | no | | [s3\_logs\_prefix](#input\_s3\_logs\_prefix) | Prefix to append to the S3 folder name logs are delivered to | `string` | `""` | no | @@ -246,7 +243,6 @@ Available targets: | [security\_group\_description](#input\_security\_group\_description) | The description to assign to the created Security Group.
Warning: Changing the description causes the security group to be replaced. | `string` | `"Managed by Terraform"` | no | | [security\_group\_name](#input\_security\_group\_name) | The name to assign to the created security group. Must be unique within the VPC.
If not provided, will be derived from the `null-label.context` passed in.
If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no | | [security\_group\_rule\_description](#input\_security\_group\_rule\_description) | The description to place on each security group rule. The %s will be replaced with the protocol name | `string` | `"Allow inbound %s traffic"` | no | -| [security\_groups](#input\_security\_groups) | DEPRECATED: Use `allowed_security_group_ids` instead.
List of security group IDs to be allowed to connect to the cluster | `list(string)` | `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [storage\_autoscaling\_disable\_scale\_in](#input\_storage\_autoscaling\_disable\_scale\_in) | If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource | `bool` | `false` | no | | [storage\_autoscaling\_max\_capacity](#input\_storage\_autoscaling\_max\_capacity) | Maximum size the autoscaling policy can scale storage. Defaults to `broker_volume_size` | `number` | `null` | no | @@ -261,22 +257,26 @@ Available targets: | Name | Description | |------|-------------| -| [bootstrap\_brokers](#output\_bootstrap\_brokers) | A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster | -| [bootstrap\_brokers\_iam](#output\_bootstrap\_brokers\_iam) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/IAM to the kafka cluster. | -| [bootstrap\_brokers\_scram](#output\_bootstrap\_brokers\_scram) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/SCRAM to the kafka cluster. | -| [bootstrap\_brokers\_tls](#output\_bootstrap\_brokers\_tls) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster | -| [broker\_endpoints](#output\_broker\_endpoints) | A list of broker endpoints | +| [bootstrap\_brokers](#output\_bootstrap\_brokers) | Comma separated list of one or more hostname:port pairs of Kafka brokers suitable to bootstrap connectivity to the Kafka cluster | +| [bootstrap\_brokers\_public\_sasl\_iam](#output\_bootstrap\_brokers\_public\_sasl\_iam) | Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for public access to the Kafka cluster using SASL/IAM | +| [bootstrap\_brokers\_public\_sasl\_scram](#output\_bootstrap\_brokers\_public\_sasl\_scram) | Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for public access to the Kafka cluster using SASL/SCRAM | +| [bootstrap\_brokers\_public\_tls](#output\_bootstrap\_brokers\_public\_tls) | Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for public access to the Kafka cluster using TLS | +| [bootstrap\_brokers\_sasl\_iam](#output\_bootstrap\_brokers\_sasl\_iam) | Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for access to the Kafka cluster using SASL/IAM | +| [bootstrap\_brokers\_sasl\_scram](#output\_bootstrap\_brokers\_sasl\_scram) | Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for access to the Kafka cluster using SASL/SCRAM | +| [bootstrap\_brokers\_tls](#output\_bootstrap\_brokers\_tls) | Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for access to the Kafka cluster using TLS | +| [broker\_endpoints](#output\_broker\_endpoints) | List of broker endpoints | | [cluster\_arn](#output\_cluster\_arn) | Amazon Resource Name (ARN) of the MSK cluster | | [cluster\_name](#output\_cluster\_name) | MSK Cluster name | -| [config\_arn](#output\_config\_arn) | Amazon Resource Name (ARN) of the configuration | -| [current\_version](#output\_current\_version) | Current version of the MSK Cluster used for updates | -| [hostname](#output\_hostname) | Comma separated list of MSK Cluster broker DNS hostnames | +| [config\_arn](#output\_config\_arn) | Amazon Resource Name (ARN) of the MSK configuration | +| [current\_version](#output\_current\_version) | Current version of the MSK Cluster | | [hostnames](#output\_hostnames) | List of MSK Cluster broker DNS hostnames | -| [latest\_revision](#output\_latest\_revision) | Latest revision of the configuration | +| [latest\_revision](#output\_latest\_revision) | Latest revision of the MSK configuration | | [security\_group\_arn](#output\_security\_group\_arn) | The ARN of the created security group | | [security\_group\_id](#output\_security\_group\_id) | The ID of the created security group | -| [security\_group\_name](#output\_security\_group\_name) | The name of the created security group | -| [zookeeper\_connect\_string](#output\_zookeeper\_connect\_string) | A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster | +| [security\_group\_name](#output\_security\_group\_name) | n/a | +| [storage\_mode](#output\_storage\_mode) | Storage mode for supported storage tiers | +| [zookeeper\_connect\_string](#output\_zookeeper\_connect\_string) | Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster | +| [zookeeper\_connect\_string\_tls](#output\_zookeeper\_connect\_string\_tls) | Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster via TLS | diff --git a/docs/terraform.md b/docs/terraform.md index 7bc4ca6..b4f28f3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 4.15 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.15 | +| [aws](#provider\_aws) | >= 4.0 | ## Modules @@ -39,8 +39,6 @@ | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [allow\_all\_egress](#input\_allow\_all\_egress) | If `true`, the created security group will allow egress on all ports and protocols to all IP addresses.
If this is false and no egress rules are otherwise specified, then no egress will be allowed. | `bool` | `true` | no | | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | A list of IPv4 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | -| [allowed\_ipv6\_cidr\_blocks](#input\_allowed\_ipv6\_cidr\_blocks) | A list of IPv6 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | -| [allowed\_ipv6\_prefix\_list\_ids](#input\_allowed\_ipv6\_prefix\_list\_ids) | A list of IPv6 Prefix Lists IDs to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | | [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the security group created by this module.
The length of this list must be known at "plan" time. | `list(string)` | `[]` | no | | [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the created resource with, in addition to the created security group.
These security groups will not be modified and, if `create_security_group` is `false`, must have rules providing the desired access. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | @@ -86,7 +84,6 @@ | [properties](#input\_properties) | Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html) | `map(string)` | `{}` | no | | [public\_access\_enabled](#input\_public\_access\_enabled) | Enable public access to MSK cluster (given that all of the requirements are met) | `bool` | `false` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [revoke\_security\_group\_rules\_on\_delete](#input\_revoke\_security\_group\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Group's attached ingress and egress rules before deleting
the security group itself. This is normally not needed. | `bool` | `false` | no | | [s3\_logs\_bucket](#input\_s3\_logs\_bucket) | Name of the S3 bucket to deliver logs to | `string` | `""` | no | | [s3\_logs\_enabled](#input\_s3\_logs\_enabled) | Indicates whether you want to enable or disable streaming broker logs to S3 | `bool` | `false` | no | | [s3\_logs\_prefix](#input\_s3\_logs\_prefix) | Prefix to append to the S3 folder name logs are delivered to | `string` | `""` | no | @@ -96,7 +93,6 @@ | [security\_group\_description](#input\_security\_group\_description) | The description to assign to the created Security Group.
Warning: Changing the description causes the security group to be replaced. | `string` | `"Managed by Terraform"` | no | | [security\_group\_name](#input\_security\_group\_name) | The name to assign to the created security group. Must be unique within the VPC.
If not provided, will be derived from the `null-label.context` passed in.
If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no | | [security\_group\_rule\_description](#input\_security\_group\_rule\_description) | The description to place on each security group rule. The %s will be replaced with the protocol name | `string` | `"Allow inbound %s traffic"` | no | -| [security\_groups](#input\_security\_groups) | DEPRECATED: Use `allowed_security_group_ids` instead.
List of security group IDs to be allowed to connect to the cluster | `list(string)` | `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [storage\_autoscaling\_disable\_scale\_in](#input\_storage\_autoscaling\_disable\_scale\_in) | If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource | `bool` | `false` | no | | [storage\_autoscaling\_max\_capacity](#input\_storage\_autoscaling\_max\_capacity) | Maximum size the autoscaling policy can scale storage. Defaults to `broker_volume_size` | `number` | `null` | no | @@ -111,20 +107,24 @@ | Name | Description | |------|-------------| -| [bootstrap\_brokers](#output\_bootstrap\_brokers) | A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster | -| [bootstrap\_brokers\_iam](#output\_bootstrap\_brokers\_iam) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/IAM to the kafka cluster. | -| [bootstrap\_brokers\_scram](#output\_bootstrap\_brokers\_scram) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/SCRAM to the kafka cluster. | -| [bootstrap\_brokers\_tls](#output\_bootstrap\_brokers\_tls) | A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster | -| [broker\_endpoints](#output\_broker\_endpoints) | A list of broker endpoints | +| [bootstrap\_brokers](#output\_bootstrap\_brokers) | Comma separated list of one or more hostname:port pairs of Kafka brokers suitable to bootstrap connectivity to the Kafka cluster | +| [bootstrap\_brokers\_public\_sasl\_iam](#output\_bootstrap\_brokers\_public\_sasl\_iam) | Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for public access to the Kafka cluster using SASL/IAM | +| [bootstrap\_brokers\_public\_sasl\_scram](#output\_bootstrap\_brokers\_public\_sasl\_scram) | Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for public access to the Kafka cluster using SASL/SCRAM | +| [bootstrap\_brokers\_public\_tls](#output\_bootstrap\_brokers\_public\_tls) | Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for public access to the Kafka cluster using TLS | +| [bootstrap\_brokers\_sasl\_iam](#output\_bootstrap\_brokers\_sasl\_iam) | Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for access to the Kafka cluster using SASL/IAM | +| [bootstrap\_brokers\_sasl\_scram](#output\_bootstrap\_brokers\_sasl\_scram) | Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for access to the Kafka cluster using SASL/SCRAM | +| [bootstrap\_brokers\_tls](#output\_bootstrap\_brokers\_tls) | Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for access to the Kafka cluster using TLS | +| [broker\_endpoints](#output\_broker\_endpoints) | List of broker endpoints | | [cluster\_arn](#output\_cluster\_arn) | Amazon Resource Name (ARN) of the MSK cluster | | [cluster\_name](#output\_cluster\_name) | MSK Cluster name | -| [config\_arn](#output\_config\_arn) | Amazon Resource Name (ARN) of the configuration | -| [current\_version](#output\_current\_version) | Current version of the MSK Cluster used for updates | -| [hostname](#output\_hostname) | Comma separated list of MSK Cluster broker DNS hostnames | +| [config\_arn](#output\_config\_arn) | Amazon Resource Name (ARN) of the MSK configuration | +| [current\_version](#output\_current\_version) | Current version of the MSK Cluster | | [hostnames](#output\_hostnames) | List of MSK Cluster broker DNS hostnames | -| [latest\_revision](#output\_latest\_revision) | Latest revision of the configuration | +| [latest\_revision](#output\_latest\_revision) | Latest revision of the MSK configuration | | [security\_group\_arn](#output\_security\_group\_arn) | The ARN of the created security group | | [security\_group\_id](#output\_security\_group\_id) | The ID of the created security group | -| [security\_group\_name](#output\_security\_group\_name) | The name of the created security group | -| [zookeeper\_connect\_string](#output\_zookeeper\_connect\_string) | A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster | +| [security\_group\_name](#output\_security\_group\_name) | n/a | +| [storage\_mode](#output\_storage\_mode) | Storage mode for supported storage tiers | +| [zookeeper\_connect\_string](#output\_zookeeper\_connect\_string) | Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster | +| [zookeeper\_connect\_string\_tls](#output\_zookeeper\_connect\_string\_tls) | Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster via TLS | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 3245125..0c40569 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -37,22 +37,19 @@ module "kafka" { public_access_enabled = var.public_access_enabled broker_dns_records_count = var.broker_dns_records_count - allowed_security_group_ids = concat(var.allowed_security_group_ids, [module.vpc.vpc_default_security_group_id]) - allowed_cidr_blocks = var.allowed_cidr_blocks - allowed_ipv6_cidr_blocks = var.allowed_ipv6_cidr_blocks - allowed_ipv6_prefix_list_ids = var.allowed_ipv6_prefix_list_ids - associated_security_group_ids = var.associated_security_group_ids - create_security_group = var.create_security_group - security_group_name = var.security_group_name - security_group_description = var.security_group_description - security_group_create_before_destroy = var.security_group_create_before_destroy - preserve_security_group_id = var.preserve_security_group_id - security_group_create_timeout = var.security_group_create_timeout - security_group_delete_timeout = var.security_group_delete_timeout - allow_all_egress = var.allow_all_egress - additional_security_group_rules = var.additional_security_group_rules - inline_rules_enabled = var.inline_rules_enabled - revoke_security_group_rules_on_delete = var.revoke_security_group_rules_on_delete + allowed_security_group_ids = concat(var.allowed_security_group_ids, [module.vpc.vpc_default_security_group_id]) + allowed_cidr_blocks = var.allowed_cidr_blocks + associated_security_group_ids = var.associated_security_group_ids + create_security_group = var.create_security_group + security_group_name = var.security_group_name + security_group_description = var.security_group_description + security_group_create_before_destroy = var.security_group_create_before_destroy + preserve_security_group_id = var.preserve_security_group_id + security_group_create_timeout = var.security_group_create_timeout + security_group_delete_timeout = var.security_group_delete_timeout + allow_all_egress = var.allow_all_egress + additional_security_group_rules = var.additional_security_group_rules + inline_rules_enabled = var.inline_rules_enabled context = module.this.context } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index f81d733..bb2d21c 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,34 +1,99 @@ output "cluster_name" { - description = "The cluster name of the MSK cluster" value = module.kafka.cluster_name + description = "The cluster name of the MSK cluster" } output "cluster_arn" { - description = "Amazon Resource Name (ARN) of the MSK cluster" value = module.kafka.cluster_arn + description = "Amazon Resource Name (ARN) of the MSK cluster" } output "config_arn" { - description = "Amazon Resource Name (ARN) of the MSK configuration" value = module.kafka.config_arn -} - -output "hostname" { - description = "Comma separated list of MSK Cluster broker DNS hostnames" - value = module.kafka.hostname + description = "Amazon Resource Name (ARN) of the MSK configuration" } output "hostnames" { - description = "List of MSK Cluster broker DNS hostnames" value = module.kafka.hostnames + description = "List of MSK Cluster broker DNS hostnames" } output "security_group_id" { - description = "The ID of the security group rule for the MSK cluster" value = module.kafka.security_group_id + description = "The ID of the security group rule for the MSK cluster" } output "security_group_name" { - description = "The name of the security group rule for the MSK cluster" value = module.kafka.security_group_name + description = "The name of the security group rule for the MSK cluster" +} + +output "security_group_arn" { + value = module.kafka.security_group_arn + description = "The ARN of the created security group" +} + +output "storage_mode" { + value = module.kafka.storage_mode + description = "Storage mode for supported storage tiers" +} + +output "bootstrap_brokers" { + value = module.kafka.bootstrap_brokers + description = "Comma separated list of one or more hostname:port pairs of Kafka brokers suitable to bootstrap connectivity to the Kafka cluster" +} + +output "bootstrap_brokers_tls" { + value = module.kafka.bootstrap_brokers_tls + description = "Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for access to the Kafka cluster using TLS" +} + +output "bootstrap_brokers_public_tls" { + value = module.kafka.bootstrap_brokers_public_tls + description = "Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for public access to the Kafka cluster using TLS" +} + +output "bootstrap_brokers_sasl_scram" { + value = module.kafka.bootstrap_brokers_sasl_scram + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for access to the Kafka cluster using SASL/SCRAM" +} + +output "bootstrap_brokers_public_sasl_scram" { + value = module.kafka.bootstrap_brokers_public_sasl_scram + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for public access to the Kafka cluster using SASL/SCRAM" +} + +output "bootstrap_brokers_sasl_iam" { + value = module.kafka.bootstrap_brokers_sasl_iam + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for access to the Kafka cluster using SASL/IAM" +} + +output "bootstrap_brokers_public_sasl_iam" { + value = module.kafka.bootstrap_brokers_public_sasl_iam + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for public access to the Kafka cluster using SASL/IAM" +} + +output "zookeeper_connect_string" { + value = module.kafka.zookeeper_connect_string + description = "Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster" +} + +output "zookeeper_connect_string_tls" { + value = module.kafka.zookeeper_connect_string_tls + description = "Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster via TLS" +} + +output "broker_endpoints" { + value = module.kafka.broker_endpoints + description = "List of broker endpoints" +} + +output "current_version" { + value = module.kafka.current_version + description = "Current version of the MSK Cluster" +} + +output "latest_revision" { + value = module.kafka.latest_revision + description = "Latest revision of the MSK configuration" } diff --git a/examples/complete/security-group-variables.tf b/examples/complete/security-group-variables.tf index 6f17c8b..bd52e3f 100644 --- a/examples/complete/security-group-variables.tf +++ b/examples/complete/security-group-variables.tf @@ -62,24 +62,6 @@ variable "allowed_cidr_blocks" { EOT default = [] } - -variable "allowed_ipv6_cidr_blocks" { - type = list(string) - description = <<-EOT - A list of IPv6 CIDRs to allow access to the security group created by this module. - The length of this list must be known at "plan" time. - EOT - default = [] -} - -variable "allowed_ipv6_prefix_list_ids" { - type = list(string) - description = <<-EOT - A list of IPv6 Prefix Lists IDs to allow access to the security group created by this module. - The length of this list must be known at "plan" time. - EOT - default = [] -} ## End of optional allowed_* ########### variable "security_group_name" { @@ -200,12 +182,3 @@ variable "inline_rules_enabled" { EOT default = false } - -variable "revoke_security_group_rules_on_delete" { - type = bool - description = <<-EOT - Instruct Terraform to revoke all of the Security Group's attached ingress and egress rules before deleting - the security group itself. This is normally not needed. - EOT - default = false -} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 6131b72..f33ede7 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,11 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" - } - random = { - source = "hashicorp/random" - version = ">= 2.2" + version = ">= 4.0" } } } diff --git a/main.tf b/main.tf index b31fb8a..1c49c77 100644 --- a/main.tf +++ b/main.tf @@ -88,8 +88,9 @@ module "security_group" { security_group_create_timeout = var.security_group_create_timeout security_group_delete_timeout = var.security_group_delete_timeout security_group_description = var.security_group_description - allow_all_egress = true + allow_all_egress = var.allow_all_egress rules = var.additional_security_group_rules + inline_rules_enabled = var.inline_rules_enabled rule_matrix = [ { @@ -116,7 +117,7 @@ resource "aws_msk_configuration" "config" { kafka_versions = [var.kafka_version] name = join("-", [module.this.id, replace(var.kafka_version, ".", "-")]) - description = "Manages an Amazon Managed Streaming for Kafka configuration" + description = "Configuration for Amazon Managed Streaming for Kafka" server_properties = join("\n", [for k in keys(var.properties) : format("%s = %s", k, var.properties[k])]) diff --git a/outputs.tf b/outputs.tf index 170f0bd..4dd1136 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,66 +1,86 @@ output "cluster_arn" { - description = "Amazon Resource Name (ARN) of the MSK cluster" value = one(aws_msk_cluster.default[*].arn) + description = "Amazon Resource Name (ARN) of the MSK cluster" +} + +output "cluster_name" { + value = one(aws_msk_cluster.default[*].cluster_name) + description = "MSK Cluster name" +} + +output "storage_mode" { + value = one(aws_msk_cluster.default[*].storage_mode) + description = "Storage mode for supported storage tiers" } output "bootstrap_brokers" { - description = "A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster" - value = join(",", aws_msk_cluster.default[*].bootstrap_brokers) + value = one(aws_msk_cluster.default[*].bootstrap_brokers) + description = "Comma separated list of one or more hostname:port pairs of Kafka brokers suitable to bootstrap connectivity to the Kafka cluster" } output "bootstrap_brokers_tls" { - description = "A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster" - value = join(",", aws_msk_cluster.default[*].bootstrap_brokers_tls) + value = one(aws_msk_cluster.default[*].bootstrap_brokers_tls) + description = "Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for access to the Kafka cluster using TLS" +} + +output "bootstrap_brokers_public_tls" { + value = one(aws_msk_cluster.default[*].bootstrap_brokers_public_tls) + description = "Comma separated list of one or more DNS names (or IP addresses) and TLS port pairs for public access to the Kafka cluster using TLS" +} + +output "bootstrap_brokers_sasl_scram" { + value = one(aws_msk_cluster.default[*].bootstrap_brokers_sasl_scram) + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for access to the Kafka cluster using SASL/SCRAM" +} + +output "bootstrap_brokers_public_sasl_scram" { + value = one(aws_msk_cluster.default[*].bootstrap_brokers_public_sasl_scram) + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL SCRAM port pairs for public access to the Kafka cluster using SASL/SCRAM" +} + +output "bootstrap_brokers_sasl_iam" { + value = one(aws_msk_cluster.default[*].bootstrap_brokers_sasl_iam) + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for access to the Kafka cluster using SASL/IAM" +} + +output "bootstrap_brokers_public_sasl_iam" { + value = one(aws_msk_cluster.default[*].bootstrap_brokers_public_sasl_iam) + description = "Comma separated list of one or more DNS names (or IP addresses) and SASL IAM port pairs for public access to the Kafka cluster using SASL/IAM" } -output "bootstrap_brokers_scram" { - description = "A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/SCRAM to the kafka cluster." - value = join(",", aws_msk_cluster.default[*].bootstrap_brokers_sasl_scram) +output "zookeeper_connect_string" { + value = one(aws_msk_cluster.default[*].zookeeper_connect_string) + description = "Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster" } -output "bootstrap_brokers_iam" { - description = "A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity using SASL/IAM to the kafka cluster." - value = join(",", aws_msk_cluster.default[*].bootstrap_brokers_sasl_iam) +output "zookeeper_connect_string_tls" { + value = one(aws_msk_cluster.default[*].zookeeper_connect_string_tls) + description = "Comma separated list of one or more hostname:port pairs to connect to the Apache Zookeeper cluster via TLS" } output "broker_endpoints" { - description = "A list of broker endpoints" value = local.broker_endpoints + description = "List of broker endpoints" } output "current_version" { - description = "Current version of the MSK Cluster used for updates" value = one(aws_msk_cluster.default[*].current_version) -} - -output "zookeeper_connect_string" { - description = "A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster" - value = join(",", aws_msk_cluster.default[*].zookeeper_connect_string) + description = "Current version of the MSK Cluster" } output "config_arn" { - description = "Amazon Resource Name (ARN) of the configuration" value = one(aws_msk_configuration.config[*].arn) + description = "Amazon Resource Name (ARN) of the MSK configuration" } output "latest_revision" { - description = "Latest revision of the configuration" value = one(aws_msk_configuration.config[*].latest_revision) -} - -output "hostname" { - description = "Comma separated list of MSK Cluster broker DNS hostnames" - value = join(",", module.hostname[*].hostname) + description = "Latest revision of the MSK configuration" } output "hostnames" { - description = "List of MSK Cluster broker DNS hostnames" value = module.hostname[*].hostname -} - -output "cluster_name" { - description = "MSK Cluster name" - value = one(aws_msk_cluster.default[*].cluster_name) + description = "List of MSK Cluster broker DNS hostnames" } output "security_group_id" { @@ -74,6 +94,5 @@ output "security_group_arn" { } output "security_group_name" { - value = module.security_group.name - description = "The name of the created security group" + value = module.security_group.name } diff --git a/security-group-variables.tf b/security-group-variables.tf index b7a0f38..69f89a3 100644 --- a/security-group-variables.tf +++ b/security-group-variables.tf @@ -62,24 +62,6 @@ variable "allowed_cidr_blocks" { EOT default = [] } - -variable "allowed_ipv6_cidr_blocks" { - type = list(string) - description = <<-EOT - A list of IPv6 CIDRs to allow access to the security group created by this module. - The length of this list must be known at "plan" time. - EOT - default = [] -} - -variable "allowed_ipv6_prefix_list_ids" { - type = list(string) - description = <<-EOT - A list of IPv6 Prefix Lists IDs to allow access to the security group created by this module. - The length of this list must be known at "plan" time. - EOT - default = [] -} ## End of optional allowed_* ########### variable "security_group_name" { @@ -208,12 +190,3 @@ variable "inline_rules_enabled" { EOT default = false } - -variable "revoke_security_group_rules_on_delete" { - type = bool - description = <<-EOT - Instruct Terraform to revoke all of the Security Group's attached ingress and egress rules before deleting - the security group itself. This is normally not needed. - EOT - default = false -} diff --git a/test/src/go.mod b/test/src/go.mod index c8c675e..4211c48 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -1,10 +1,10 @@ module github.com/cloudposse/terraform-aws-msk-apache-kafka-cluster -go 1.19 +go 1.20 require ( - github.com/gruntwork-io/terratest v0.41.19 - github.com/stretchr/testify v1.8.2 + github.com/gruntwork-io/terratest v0.41.24 + github.com/stretchr/testify v1.8.1 k8s.io/apimachinery v0.20.6 ) @@ -59,7 +59,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tmccombs/hcl2json v0.3.3 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect + github.com/ulikunitz/xz v0.5.10 // indirect github.com/urfave/cli v1.22.2 // indirect github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.24.0 // indirect diff --git a/test/src/go.sum b/test/src/go.sum index b546f2f..b9ce5ef 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -185,14 +185,20 @@ cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuW cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.20 h1:s8H1PbCZSqg/DH7JMlOz6YMig6htWLNPsjDdlLqCx3M= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -261,6 +267,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -392,8 +399,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= -github.com/gruntwork-io/terratest v0.41.19 h1:SCqYF28nHZuBlX+jZ+QI4bK+OLpPR8BgcxVUQxyQSEw= -github.com/gruntwork-io/terratest v0.41.19/go.mod h1:O6gajNBjO1wvc7Wl9WtbO+ORcdnhAV2GQiBE71ycwIk= +github.com/gruntwork-io/terratest v0.41.24 h1:j6T6qe4deVvynTG2UmnjGwZy83he6xKgTaYWiSdFv/w= +github.com/gruntwork-io/terratest v0.41.24/go.mod h1:O6gajNBjO1wvc7Wl9WtbO+ORcdnhAV2GQiBE71ycwIk= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= @@ -517,14 +524,12 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= +github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= diff --git a/variables-deprecated.tf b/variables-deprecated.tf deleted file mode 100644 index 86b2393..0000000 --- a/variables-deprecated.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "security_groups" { - type = list(string) - default = [] - description = <<-EOT - DEPRECATED: Use `allowed_security_group_ids` instead. - List of security group IDs to be allowed to connect to the cluster - EOT -} diff --git a/versions.tf b/versions.tf index 037a642..f33ede7 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.15" + version = ">= 4.0" } } }