terraform: align infrastructure module attributes (#2703)

* all vars have snail_case * make iam schema consistent * infrastructure schema * terraform: update AWS infrastructure module * fix ci * terraform: update AWS infrastructure module * terraform: update AWS IAM module * terraform: update Azure Infrastructure module inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update Azure IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update OpenStack Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update QEMU Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform-module: fix input name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: tidy * cli: ignore whitespace in Terraform variable tests * terraform-module: fix AWS output names * terraform-module: fix output references Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: rename `api_server_cert_sans` * Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix self-managed * terraform: revert AWS modules output file renaming * terraform: remove duplicate varable declaration * terraform: rename Azure location field * ci: adjust output name in self-managed e2e test * e2e: continuously print output in upgrade test * e2e: write to output variables * cli: migrate IAM variable names * cli: make `location` field optional --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-09-19 04:24:39 -04:00 · 2023-12-15 10:36:58 +01:00 · 2023-12-15 10:36:58 +01:00 · 9667dfff58
commit 9667dfff58
parent 6f6f28b8cc
76 changed files with 745 additions and 767 deletions
--- a/terraform/infrastructure/azure/main.tf
+++ b/terraform/infrastructure/azure/main.tf
@ -20,9 +20,9 @@ provider "azurerm" {
 }

 locals {
-  uid            = random_id.uid.hex
-  name           = "${var.name}-${local.uid}"
-  initSecretHash = random_password.initSecret.bcrypt_hash
+  uid              = random_id.uid.hex
+  name             = "${var.name}-${local.uid}"
+  init_secret_hash = random_password.init_secret.bcrypt_hash
  tags = {
    constellation-uid = local.uid,
  }
@ -54,7 +54,7 @@ resource "random_id" "uid" {
  byte_length = 4
 }

-resource "random_password" "initSecret" {
+resource "random_password" "init_secret" {
  length           = 32
  special          = true
  override_special = "_%@"
@ -245,7 +245,7 @@ module "scale_set_group" {
  zones           = each.value.zones
  tags = merge(
    local.tags,
-    { constellation-init-secret-hash = local.initSecretHash },
+    { constellation-init-secret-hash = local.init_secret_hash },
    { constellation-maa-url = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : "" },
  )

--- a/terraform/infrastructure/azure/modules/jump_host/outputs.tf
+++ b/terraform/infrastructure/azure/modules/jump_host/outputs.tf
@ -1,3 +1,4 @@
 output "ip" {
-  value = azurerm_linux_virtual_machine.jump_host.public_ip_address
+  value       = azurerm_linux_virtual_machine.jump_host.public_ip_address
+  description = "Public IP of the jump host."
 }
--- a/terraform/infrastructure/azure/modules/jump_host/variables.tf
+++ b/terraform/infrastructure/azure/modules/jump_host/variables.tf
@ -1,29 +1,29 @@
 variable "base_name" {
-  description = "Base name of the jump host"
+  description = "Base name of the jump host."
  type        = string
 }

 variable "ports" {
-  description = "Ports to forward to the load balancer"
+  description = "Ports to forward to the load balancer."
  type        = list(number)
 }

-variable "resource_group" {
-  description = "Resource group name to deploy the jump host into"
-  type        = string
-}
-
-variable "location" {
-  description = "Location to deploy the jump host into"
-  type        = string
-}
-
 variable "subnet_id" {
-  description = "Subnet ID to deploy the jump host into"
+  description = "Subnet ID to deploy the jump host into."
  type        = string
 }

 variable "lb_internal_ip" {
-  description = "Internal IP of the load balancer"
+  description = "Internal IP of the load balancer."
+  type        = string
+}
+
+variable "resource_group" {
+  description = "Resource group name to deploy the jump host into."
+  type        = string
+}
+
+variable "location" {
+  description = "Location to deploy the jump host into."
  type        = string
 }
--- a/terraform/infrastructure/azure/modules/load_balancer_backend/outputs.tf
+++ b/terraform/infrastructure/azure/modules/load_balancer_backend/outputs.tf
@ -1,4 +1,4 @@
 output "backendpool_id" {
  value       = azurerm_lb_backend_address_pool.backend_pool.id
-  description = "The ID of the created backend pool."
+  description = "ID of the created backend address pool."
 }
--- a/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf
+++ b/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf
@ -1,17 +1,17 @@
 variable "name" {
  type        = string
  default     = "constell"
-  description = "Base name of the cluster."
+  description = "Name of the Constellation cluster."
 }

 variable "frontend_ip_configuration_name" {
  type        = string
-  description = "The name of the frontend IP configuration to use for the load balancer."
+  description = "Name of the frontend IP configuration to use for the load balancer."
 }

 variable "loadbalancer_id" {
  type        = string
-  description = "The ID of the load balancer to add the backend to."
+  description = "ID of the load balancer to add the backend to."
 }

 variable "ports" {
@ -21,5 +21,5 @@ variable "ports" {
    health_check_protocol = string
    path                  = string
  }))
-  description = "The ports to add to the backend. Protocol can be either 'Tcp' or 'Https'. Path is only used for 'Https' protocol and can otherwise be null."
+  description = "Ports to add to the backend. Healtch check protocol can be either 'Tcp' or 'Https'. Path is only used for the 'Https' protocol and can otherwise be null."
 }
--- a/terraform/infrastructure/azure/modules/scale_set/main.tf
+++ b/terraform/infrastructure/azure/modules/scale_set/main.tf
@ -24,6 +24,7 @@ locals {
 resource "random_id" "uid" {
  byte_length = 4
 }
+
 resource "random_password" "password" {
  length      = 16
  min_lower   = 1
@ -92,7 +93,6 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" {
    }
  }

-
  data_disk {
    storage_account_type = var.state_disk_type
    disk_size_gb         = var.state_disk_size
--- a/terraform/infrastructure/azure/modules/scale_set/variables.tf
+++ b/terraform/infrastructure/azure/modules/scale_set/variables.tf
@ -1,6 +1,6 @@
 variable "base_name" {
  type        = string
-  description = "Base name of the instance group."
+  description = "Base name of the scale set."
 }

 variable "node_group_name" {
@ -10,7 +10,7 @@ variable "node_group_name" {

 variable "role" {
  type        = string
-  description = "The role of the instance group."
+  description = "Role of the instance group."
  validation {
    condition     = contains(["control-plane", "worker"], var.role)
    error_message = "The role has to be 'control-plane' or 'worker'."
@ -19,7 +19,7 @@ variable "role" {

 variable "tags" {
  type        = map(string)
-  description = "Tags to include in the scale_set."
+  description = "Tags to include in the scale set."
 }

 variable "zones" {
@ -30,59 +30,59 @@ variable "zones" {

 variable "initial_count" {
  type        = number
-  description = "The number of instances in this scale set."
+  description = "Number of instances in this scale set."
 }

 variable "instance_type" {
  type        = string
-  description = "The Azure instance type to deploy."
+  description = "Azure instance type to deploy."
 }

 variable "state_disk_size" {
  type        = number
  default     = 30
-  description = "The size of the state disk in GB."
+  description = "Disk size for the state disk of the nodes [GB]."
 }

 variable "resource_group" {
  type        = string
-  description = "The name of the Azure resource group to create the Constellation cluster in."
+  description = "Name of the Azure resource group to create the Constellation cluster in."
 }

 variable "location" {
  type        = string
-  description = "The Azure location to deploy the cluster in."
+  description = "Azure location to deploy the cluster in."
 }

 variable "image_id" {
  type        = string
-  description = "The image to use for the cluster nodes."
+  description = "OS Image reference for the cluster's nodes."
 }

 variable "user_assigned_identity" {
  type        = string
-  description = "The name of the user assigned identity to attache to the nodes of the cluster."
+  description = "Name of the user assigned identity to attache to the nodes of the cluster."
 }

 variable "state_disk_type" {
  type        = string
  default     = "Premium_LRS"
-  description = "The type of the state disk."
+  description = "Type of the state disk."
 }

 variable "network_security_group_id" {
  type        = string
-  description = "The ID of the network security group to use for the scale set."
+  description = "ID of the network security group to use for the scale set."
 }

 variable "backend_address_pool_ids" {
  type        = list(string)
-  description = "The IDs of the backend address pools to use for the scale set."
+  description = "IDs of the backend address pools to use for the scale set."
 }

 variable "subnet_id" {
  type        = string
-  description = "The ID of the subnet to use for the scale set."
+  description = "ID of the subnet to use for the scale set."
 }

 variable "confidential_vm" {
--- a/terraform/infrastructure/azure/outputs.tf
+++ b/terraform/infrastructure/azure/outputs.tf
@ -1,9 +1,13 @@
+# Outputs common to all CSPs
+
 output "out_of_cluster_endpoint" {
-  value = local.out_of_cluster_endpoint
+  value       = local.out_of_cluster_endpoint
+  description = "External endpoint for the Kubernetes API server. Only varies from the `in_cluster_endpoint` when using an internal load balancer."
 }

 output "in_cluster_endpoint" {
-  value = local.in_cluster_endpoint
+  value       = local.in_cluster_endpoint
+  description = "Internal endpoint for the Kubernetes API server."
 }

 output "api_server_cert_sans" {
@ -19,46 +23,58 @@ output "api_server_cert_sans" {
      )
    )
  )
+  description = "List of Subject Alternative Names (SANs) for the API server certificate."
 }

 output "uid" {
-  value = local.uid
+  value       = local.uid
+  description = "Unique Identifier (UID) of the cluster."
 }

-output "initSecret" {
-  value     = random_password.initSecret.result
-  sensitive = true
-}
-
-output "attestationURL" {
-  value = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : ""
-}
-
-output "network_security_group_name" {
-  value = azurerm_network_security_group.security_group.name
-}
-
-output "loadbalancer_name" {
-  value = azurerm_lb.loadbalancer.name
-}
-
-
-output "user_assigned_identity_client_id" {
-  value = data.azurerm_user_assigned_identity.uaid.client_id
-}
-
-output "resource_group" {
-  value = var.resource_group
-}
-
-output "subscription_id" {
-  value = data.azurerm_subscription.current.subscription_id
+output "init_secret" {
+  value       = random_password.init_secret.result
+  sensitive   = true
+  description = "Initialization secret to authenticate the bootstrapping node."
 }

 output "name" {
-  value = local.name
+  value       = local.name
+  description = "Unique name of the Constellation cluster, comprised by name and UID."
 }

-output "ip_cidr_nodes" {
-  value = local.cidr_vpc_subnet_nodes
+output "ip_cidr_node" {
+  value       = local.cidr_vpc_subnet_nodes
+  description = "CIDR block of the node network."
+}
+
+# Azure-specific outputs
+
+output "attestation_url" {
+  value       = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : ""
+  description = "URL of the cluster's Microsoft Azure Attestation (MAA) provider."
+}
+
+output "network_security_group_name" {
+  value       = azurerm_network_security_group.security_group.name
+  description = "Name of the cluster's network security group."
+}
+
+output "loadbalancer_name" {
+  value       = azurerm_lb.loadbalancer.name
+  description = "Name of the cluster's load balancer."
+}
+
+output "user_assigned_identity_client_id" {
+  value       = data.azurerm_user_assigned_identity.uaid.client_id
+  description = "Client ID of the user assigned identity used within the cluster."
+}
+
+output "resource_group" {
+  value       = var.resource_group
+  description = "Name of the resource group the cluster resides in."
+}
+
+output "subscription_id" {
+  value       = data.azurerm_subscription.current.subscription_id
+  description = "ID of the Azure subscription the cluster resides in."
 }
--- a/terraform/infrastructure/azure/variables.tf
+++ b/terraform/infrastructure/azure/variables.tf
@ -1,6 +1,8 @@
+# Variables common to all CSPs
+
 variable "name" {
  type        = string
-  description = "Base name of the cluster."
+  description = "Name of the Constellation cluster."
 }

 variable "node_groups" {
@ -19,26 +21,40 @@ variable "node_groups" {
  }
 }

-variable "location" {
-  type        = string
-  description = "The Azure location to deploy the cluster in."
-}
-
 variable "image_id" {
  type        = string
-  description = "The image to use for the cluster nodes."
-}
-
-variable "create_maa" {
-  type        = bool
-  default     = false
-  description = "Whether to create a Microsoft Azure attestation provider."
+  description = "OS image reference for the cluster's nodes."
 }

 variable "debug" {
  type        = bool
  default     = false
-  description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
+  description = "DO NOT USE IN PRODUCTION. Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
+}
+
+variable "custom_endpoint" {
+  type        = string
+  default     = ""
+  description = "Custom endpoint to use for the Kubernetes API server. If not set, the default endpoint will be used."
+}
+
+variable "internal_load_balancer" {
+  type        = bool
+  default     = false
+  description = "Whether to use an internal load balancer for the cluster."
+}
+
+# Azure-specific variables
+
+variable "location" {
+  type        = string
+  description = "Azure location to deploy the cluster in."
+}
+
+variable "create_maa" {
+  type        = bool
+  default     = false
+  description = "Whether to create a Microsoft Azure Attestation (MAA) provider."
 }

 variable "confidential_vm" {
@ -55,23 +71,12 @@ variable "secure_boot" {

 variable "resource_group" {
  type        = string
-  description = "The name of the Azure resource group to create the Constellation cluster in."
+  description = "Name of the Azure resource group to create the cluster in."
 }
+
 variable "user_assigned_identity" {
  type        = string
-  description = "The name of the user assigned identity to attach to the nodes of the cluster. Should be of format: /subscriptions/$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
-}
-
-variable "custom_endpoint" {
-  type        = string
-  default     = ""
-  description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used."
-}
-
-variable "internal_load_balancer" {
-  type        = bool
-  default     = false
-  description = "Whether to use an internal load balancer for the Constellation."
+  description = "Name of the user assigned identity to attach to the nodes of the cluster. Should be of format: /subscriptions/$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
 }

 variable "marketplace_image" {
@ -82,5 +87,5 @@ variable "marketplace_image" {
    version   = string
  })
  default     = null
-  description = "Marketplace image to use for the cluster nodes."
+  description = "Marketplace image for the cluster's nodes."
 }