fix: tflint fixes (terraform-google-modules#909)

0-bootstrap/cb.tf

@@ -22,6 +22,7 @@ locals {
 
   cicd_project_id = module.tf_source.cloudbuild_project_id
 
+  bucket_self_link_prefix             = "https://www.googleapis.com/storage/v1/b/"
   default_state_bucket_self_link      = "${local.bucket_self_link_prefix}${module.seed_bootstrap.gcs_bucket_tfstate}"
   gcp_projects_state_bucket_self_link = module.gcp_projects_state_bucket.bucket.self_link
 

0-bootstrap/groups.tf

@@ -33,9 +33,9 @@ data "google_organization" "org" {
 }
 
 module "required_group" {
-  for_each = local.required_groups_to_create
   source   = "terraform-google-modules/group/google"
   version  = "~> 0.4"
+  for_each = local.required_groups_to_create
 
   id                   = each.value
   display_name         = each.key
@@ -45,9 +45,9 @@ module "required_group" {
 }
 
 module "optional_group" {
-  for_each = local.optional_groups_to_create
   source   = "terraform-google-modules/group/google"
   version  = "~> 0.4"
+  for_each = local.optional_groups_to_create
 
   id                   = each.value
   display_name         = each.key

0-bootstrap/jenkins.tf.example

@@ -21,7 +21,8 @@ locals {
 }
 
 module "jenkins_bootstrap" {
-  source                                   = "./modules/jenkins-agent"
+  source = "./modules/jenkins-agent"
+
   org_id                                   = var.org_id
   folder_id                                = google_folder.bootstrap.id
   billing_account                          = var.billing_account

0-bootstrap/main.tf

@@ -33,9 +33,8 @@ locals {
   org_admins_org_iam_permissions = var.org_policy_admin_role == true ? [
     "roles/orgpolicy.policyAdmin", "roles/resourcemanager.organizationAdmin", "roles/billing.user"
   ] : ["roles/resourcemanager.organizationAdmin", "roles/billing.user"]
-  bucket_self_link_prefix = "https://www.googleapis.com/storage/v1/b/"
-  group_org_admins        = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
-  group_billing_admins    = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
+  group_org_admins     = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
+  group_billing_admins = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
 }
 
 resource "google_folder" "bootstrap" {

0-bootstrap/modules/cb-private-pool/vpn_ha.tf

@@ -31,7 +31,6 @@ module "vpn_ha_cb_to_onprem" {
   version = "~> 2.3"
   count   = var.vpn_configuration.enable_vpn ? 1 : 0
 
-
   project_id = var.project_id
   region     = var.private_worker_pool.region
   network    = local.peered_network_id

0-bootstrap/modules/jenkins-agent/README.md

@@ -61,7 +61,6 @@ module "jenkins_bootstrap" {
 | jenkins\_agent\_gce\_name | Jenkins Agent GCE Instance name. | `string` | `"jenkins-agent-01"` | no |
 | jenkins\_agent\_gce\_private\_ip\_address | The private IP Address of the Jenkins Agent. This IP Address must be in the CIDR range of `jenkins_agent_gce_subnetwork_cidr_range` and be reachable through the VPN that exists between on-prem (Jenkins Controller) and GCP (CICD Project, where the Jenkins Agent is located). | `string` | n/a | yes |
 | jenkins\_agent\_gce\_ssh\_pub\_key | SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'` | `string` | n/a | yes |
-| jenkins\_agent\_gce\_ssh\_user | Jenkins Agent GCE Instance SSH username. | `string` | `"jenkins"` | no |
 | jenkins\_agent\_gce\_subnetwork\_cidr\_range | The subnetwork to which the Jenkins Agent will be connected to (in CIDR range 0.0.0.0/0) | `string` | n/a | yes |
 | jenkins\_agent\_sa\_email | Email for Jenkins Agent service account. | `string` | `"jenkins-agent-gce"` | no |
 | jenkins\_controller\_subnetwork\_cidr\_range | A list of CIDR IP ranges of the Jenkins Controller in the form ['0.0.0.0/0']. Usually only one IP in the form '0.0.0.0/32'. Needed to create a FW rule that allows communication with the Jenkins Agent GCE Instance. | `list(string)` | n/a | yes |

0-bootstrap/modules/jenkins-agent/main.tf

@@ -29,8 +29,9 @@ resource "random_id" "suffix" {
   CICD project
 *******************************************/
 module "cicd_project" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   name                        = local.cicd_project_name
   random_project_id           = true
   random_project_id_length    = 4

0-bootstrap/modules/jenkins-agent/variables.tf

@@ -64,12 +64,6 @@ variable "jenkins_agent_gce_private_ip_address" {
   type        = string
 }
 
-variable "jenkins_agent_gce_ssh_user" {
-  description = "Jenkins Agent GCE Instance SSH username."
-  type        = string
-  default     = "jenkins"
-}
-
 variable "jenkins_agent_gce_ssh_pub_key" {
   description = "SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'`"
   type        = string

0-bootstrap/modules/jenkins-agent/vpn_ha.tf

@@ -15,8 +15,9 @@
  */
 
 module "vpn_ha_agent_to_onprem" {
-  source     = "terraform-google-modules/vpn/google//modules/vpn_ha"
-  version    = "~> 2.0"
+  source  = "terraform-google-modules/vpn/google//modules/vpn_ha"
+  version = "~> 2.0"
+
   project_id = module.cicd_project.project_id
   region     = var.default_region
   network    = google_compute_network.jenkins_agents.name

1-org/envs/shared/org_policy.tf

@@ -20,7 +20,7 @@ locals {
   policy_for      = local.parent_folder != "" ? "folder" : "organization"
 
   essential_contacts_domains_to_allow = concat(
-    [for domain in var.essential_contacts_domains_to_allow : "${domain}" if can(regex("^@.*$", domain)) == true],
+    [for domain in var.essential_contacts_domains_to_allow : domain if can(regex("^@.*$", domain)) == true],
     [for domain in var.essential_contacts_domains_to_allow : "@${domain}" if can(regex("^@.*$", domain)) == false]
   )
 
@@ -46,9 +46,10 @@ locals {
 }
 
 module "organization_policies_type_boolean" {
-  for_each        = local.boolean_type_organization_policies
-  source          = "terraform-google-modules/org-policy/google"
-  version         = "~> 5.1"
+  source   = "terraform-google-modules/org-policy/google"
+  version  = "~> 5.1"
+  for_each = local.boolean_type_organization_policies
+
   organization_id = local.organization_id
   folder_id       = local.folder_id
   policy_for      = local.policy_for
@@ -62,8 +63,9 @@ module "organization_policies_type_boolean" {
 *******************************************/
 
 module "org_vm_external_ip_access" {
-  source          = "terraform-google-modules/org-policy/google"
-  version         = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id = local.organization_id
   folder_id       = local.folder_id
   policy_for      = local.policy_for
@@ -73,8 +75,9 @@ module "org_vm_external_ip_access" {
 }
 
 module "restrict_protocol_fowarding" {
-  source            = "terraform-google-modules/org-policy/google"
-  version           = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id   = local.organization_id
   folder_id         = local.folder_id
   policy_for        = local.policy_for
@@ -89,8 +92,9 @@ module "restrict_protocol_fowarding" {
 *******************************************/
 
 module "org_domain_restricted_sharing" {
-  source           = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
-  version          = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
+  version = "~> 5.1"
+
   organization_id  = local.organization_id
   folder_id        = local.folder_id
   policy_for       = local.policy_for
@@ -102,8 +106,9 @@ module "org_domain_restricted_sharing" {
 *******************************************/
 
 module "domain_restricted_contacts" {
-  source            = "terraform-google-modules/org-policy/google"
-  version           = "~> 5.1"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 5.1"
+
   organization_id   = local.organization_id
   folder_id         = local.folder_id
   policy_for        = local.policy_for

1-org/envs/shared/projects.tf

@@ -28,8 +28,9 @@ locals {
 *****************************************/
 
 module "org_audit_logs" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -54,8 +55,9 @@ module "org_audit_logs" {
 }
 
 module "org_billing_logs" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -84,8 +86,9 @@ module "org_billing_logs" {
 *****************************************/
 
 module "org_secrets" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -114,8 +117,9 @@ module "org_secrets" {
 *****************************************/
 
 module "interconnect" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -144,8 +148,9 @@ module "interconnect" {
 *****************************************/
 
 module "scc_notifications" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -174,8 +179,9 @@ module "scc_notifications" {
 *****************************************/
 
 module "dns_hub" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -212,9 +218,10 @@ module "dns_hub" {
 *****************************************/
 
 module "base_network_hub" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
-  count                    = var.enable_hub_and_spoke ? 1 : 0
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+  count   = var.enable_hub_and_spoke ? 1 : 0
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
@@ -259,9 +266,10 @@ resource "google_project_iam_member" "network_sa_base" {
 *****************************************/
 
 module "restricted_network_hub" {
-  source                   = "terraform-google-modules/project-factory/google"
-  version                  = "~> 14.0"
-  count                    = var.enable_hub_and_spoke ? 1 : 0
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+  count   = var.enable_hub_and_spoke ? 1 : 0
+
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"

1-org/envs/shared/tags.tf

@@ -34,9 +34,9 @@ locals {
   tags_obj_list = flatten([
     for tag_key, tag_obj in local.tags : [
       for value in tag_obj.values : {
-        shortkey = "${tag_key}"
+        shortkey = tag_key
         key      = "${tag_key}_${value}"
-        val      = "${value}"
+        val      = value
       }
     ]
   ])

2-environments/modules/env_baseline/main.tf

@@ -16,10 +16,8 @@
 
 locals {
   org_id          = data.terraform_remote_state.bootstrap.outputs.common_config.org_id
-  parent_folder   = data.terraform_remote_state.bootstrap.outputs.common_config.parent_folder
   parent          = data.terraform_remote_state.bootstrap.outputs.common_config.parent_id
   billing_account = data.terraform_remote_state.bootstrap.outputs.common_config.billing_account
-  default_region  = data.terraform_remote_state.bootstrap.outputs.common_config.default_region
   project_prefix  = data.terraform_remote_state.bootstrap.outputs.common_config.project_prefix
   folder_prefix   = data.terraform_remote_state.bootstrap.outputs.common_config.folder_prefix
   tags            = data.terraform_remote_state.org.outputs.tags

2-environments/modules/env_baseline/monitoring.tf

@@ -19,8 +19,9 @@
 *****************************************/
 
 module "monitoring_project" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id           = true
   random_project_id_length    = 4
   name                        = "${local.project_prefix}-${var.environment_code}-monitoring"

2-environments/modules/env_baseline/networking.tf

@@ -19,8 +19,9 @@
 *****************************************/
 
 module "base_shared_vpc_host_project" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id           = true
   random_project_id_length    = 4
   name                        = format("%s-%s-shared-base", local.project_prefix, var.environment_code)
@@ -53,8 +54,9 @@ module "base_shared_vpc_host_project" {
 }
 
 module "restricted_shared_vpc_host_project" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id           = true
   random_project_id_length    = 4
   name                        = format("%s-%s-shared-restricted", local.project_prefix, var.environment_code)

2-environments/modules/env_baseline/secrets.tf

@@ -20,8 +20,9 @@
 *****************************************/
 
 module "env_secrets" {
-  source                      = "terraform-google-modules/project-factory/google"
-  version                     = "~> 14.0"
+  source  = "terraform-google-modules/project-factory/google"
+  version = "~> 14.0"
+
   random_project_id           = true
   random_project_id_length    = 4
   default_service_account     = "deprivilege"

3-networks-dual-svpc/envs/shared/dns-hub.tf

@@ -19,8 +19,9 @@
 *****************************************/
 
 module "dns_hub_vpc" {
-  source                                 = "terraform-google-modules/network/google"
-  version                                = "~> 5.1"
+  source  = "terraform-google-modules/network/google"
+  version = "~> 5.1"
+
   project_id                             = local.dns_hub_project_id
   network_name                           = "vpc-c-dns-hub"
   shared_vpc_host                        = "false"
@@ -91,6 +92,7 @@ module "dns-forwarding-zone" {
 module "dns_hub_region1_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 3.0"
+
   name    = "cr-c-dns-hub-${local.default_region1}-cr1"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
@@ -104,6 +106,7 @@ module "dns_hub_region1_router1" {
 module "dns_hub_region1_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 3.0"
+
   name    = "cr-c-dns-hub-${local.default_region1}-cr2"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
@@ -117,6 +120,7 @@ module "dns_hub_region1_router2" {
 module "dns_hub_region2_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 3.0"
+
   name    = "cr-c-dns-hub-${local.default_region2}-cr3"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
@@ -130,6 +134,7 @@ module "dns_hub_region2_router1" {
 module "dns_hub_region2_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 3.0"
+
   name    = "cr-c-dns-hub-${local.default_region2}-cr4"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name

3-networks-dual-svpc/envs/shared/hierarchical_firewall.tf

@@ -16,6 +16,7 @@
 
 module "hierarchical_firewall_policy" {
   source = "../../modules/hierarchical_firewall_policy/"
+
   parent = local.common_folder_name
   name   = "common-firewall-rules"
   associations = [