fix: remove un-used variables and update linting checks to ensure this is catched in the future

2025-12-16 16:01:11 +00:00 · 2021-11-17 08:04:41 -05:00 · 2021-11-17 08:04:41 -05:00 · affe754727
commit affe754727
parent 9c80ff9ac5
20 changed files with 60 additions and 105 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,13 +1,27 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.55.0
+    rev: v1.56.0
    hooks:
      - id: terraform_fmt
+      - id: terraform_validate
      - id: terraform_docs
        args:
          - '--args=--lockfile=false'
-      - id: terraform_validate
      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.0.1
    hooks:
--- a/README.md
+++ b/README.md
@ -114,21 +114,17 @@ No modules.

 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_auth"></a> [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | `map(string)` | `{}` | no |
 | <a name="input_auth_scheme"></a> [auth\_scheme](#input\_auth\_scheme) | The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS` | `string` | `"SECRETS"` | no |
 | <a name="input_connection_borrow_timeout"></a> [connection\_borrow\_timeout](#input\_connection\_borrow\_timeout) | The number of seconds for a proxy to wait for a connection to become available in the connection pool | `number` | `null` | no |
 | <a name="input_create_iam_policy"></a> [create\_iam\_policy](#input\_create\_iam\_policy) | Determines whether an IAM policy is created | `bool` | `true` | no |
 | <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created | `bool` | `true` | no |
 | <a name="input_create_proxy"></a> [create\_proxy](#input\_create\_proxy) | Determines whether a proxy and its resources will be created | `bool` | `true` | no |
 | <a name="input_db_cluster_identifier"></a> [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
-| <a name="input_db_host"></a> [db\_host](#input\_db\_host) | The identifier to use for the database endpoint | `string` | `""` | no |
 | <a name="input_db_instance_identifier"></a> [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
-| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | The name of the database | `string` | `""` | no |
 | <a name="input_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#input\_db\_proxy\_endpoints) | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no |
 | <a name="input_debug_logging"></a> [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
 | <a name="input_engine_family"></a> [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
 | <a name="input_iam_auth"></a> [iam\_auth](#input\_iam\_auth) | Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED` | `string` | `"REQUIRED"` | no |
-| <a name="input_iam_creation_wait_duration"></a> [iam\_creation\_wait\_duration](#input\_iam\_creation\_wait\_duration) | Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay. | `string` | `"30s"` | no |
 | <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | The description of the role | `string` | `""` | no |
 | <a name="input_iam_role_force_detach_policies"></a> [iam\_role\_force\_detach\_policies](#input\_iam\_role\_force\_detach\_policies) | Specifies to force detaching any policies the role has before destroying it | `bool` | `true` | no |
--- a/examples/mysql_iam_cluster/README.md
+++ b/examples/mysql_iam_cluster/README.md
@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

 ## Providers

 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

 ## Modules

@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

 ## Inputs

--- a/examples/mysql_iam_cluster/main.tf
+++ b/examples/mysql_iam_cluster/main.tf
@ -3,14 +3,10 @@ provider "aws" {
 }

 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result

  tags = {
    Example     = local.name
@ -18,10 +14,6 @@ locals {
  }
 }

-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -72,7 +64,7 @@ module "rds" {
  version = "~> 6.0"

  name            = local.name
-  database_name   = local.db_name
+  database_name   = "example"
  master_username = local.db_username
  master_password = local.db_password

@ -213,8 +205,6 @@ module "rds_proxy" {
  }

  engine_family = "MYSQL"
-  db_host       = module.rds.cluster_endpoint
-  db_name       = module.rds.cluster_database_name
  debug_logging = true

  # Target Aurora cluster
--- a/examples/mysql_iam_cluster/variables.tf
+++ b/examples/mysql_iam_cluster/variables.tf
--- a/examples/mysql_iam_cluster/versions.tf
+++ b/examples/mysql_iam_cluster/versions.tf
@ -6,5 +6,9 @@ terraform {
      source  = "hashicorp/aws"
      version = ">= 3.38"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
  }
 }
--- a/examples/mysql_iam_instance/README.md
+++ b/examples/mysql_iam_instance/README.md
@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

 ## Providers

 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

 ## Modules

@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

 ## Inputs

--- a/examples/mysql_iam_instance/main.tf
+++ b/examples/mysql_iam_instance/main.tf
@ -3,14 +3,10 @@ provider "aws" {
 }

 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result

  tags = {
    Example     = local.name
@ -18,10 +14,6 @@ locals {
  }
 }

-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -92,7 +84,7 @@ module "rds" {
  source  = "terraform-aws-modules/rds/aws"
  version = "~> 3.0"

-  name     = local.db_name
+  name     = "example"
  username = local.db_username
  password = local.db_password

@ -218,8 +210,6 @@ module "rds_proxy" {
  }

  engine_family = "MYSQL"
-  db_host       = module.rds.db_instance_address
-  db_name       = module.rds.db_instance_name
  debug_logging = true

  # Target RDS instance
--- a/examples/mysql_iam_instance/variables.tf
+++ b/examples/mysql_iam_instance/variables.tf
--- a/examples/mysql_iam_instance/versions.tf
+++ b/examples/mysql_iam_instance/versions.tf
@ -6,5 +6,9 @@ terraform {
      source  = "hashicorp/aws"
      version = ">= 3.38"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
  }
 }
--- a/examples/postgresql_iam_cluster/README.md
+++ b/examples/postgresql_iam_cluster/README.md
@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

 ## Providers

 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

 ## Modules

@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

 ## Inputs

--- a/examples/postgresql_iam_cluster/main.tf
+++ b/examples/postgresql_iam_cluster/main.tf
@ -3,14 +3,10 @@ provider "aws" {
 }

 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result

  tags = {
    Example     = local.name
@ -18,10 +14,6 @@ locals {
  }
 }

-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -72,7 +64,7 @@ module "rds" {
  version = "~> 6.0"

  name            = local.name
-  database_name   = local.db_name
+  database_name   = "example"
  master_username = local.db_username
  master_password = local.db_password

@ -213,8 +205,6 @@ module "rds_proxy" {
  }

  engine_family = "POSTGRESQL"
-  db_host       = module.rds.cluster_endpoint
-  db_name       = module.rds.cluster_database_name
  debug_logging = true

  # Target Aurora cluster
--- a/examples/postgresql_iam_cluster/variables.tf
+++ b/examples/postgresql_iam_cluster/variables.tf
--- a/examples/postgresql_iam_cluster/versions.tf
+++ b/examples/postgresql_iam_cluster/versions.tf
@ -6,5 +6,9 @@ terraform {
      source  = "hashicorp/aws"
      version = ">= 3.38"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
  }
 }
--- a/examples/postgresql_iam_instance/README.md
+++ b/examples/postgresql_iam_instance/README.md
@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |

 ## Providers

 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |

 ## Modules

@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

 ## Inputs

--- a/examples/postgresql_iam_instance/main.tf
+++ b/examples/postgresql_iam_instance/main.tf
@ -3,14 +3,10 @@ provider "aws" {
 }

 locals {
-  region = "us-east-1"
-  name   = "example-${replace(basename(path.cwd), "_", "-")}"
-
-  db_name               = "example"
-  db_username           = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
-  db_password           = random_password.password.result
-  db_proxy_resource_id  = element(split(":", module.rds_proxy.proxy_arn), 6)
-  db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+  region      = "us-east-1"
+  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+  db_password = random_password.password.result

  tags = {
    Example     = local.name
@ -18,10 +14,6 @@ locals {
  }
 }

-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -92,7 +84,7 @@ module "rds" {
  source  = "terraform-aws-modules/rds/aws"
  version = "~> 3.0"

-  name     = local.db_name
+  name     = "example"
  username = local.db_username
  password = local.db_password

@ -218,8 +210,6 @@ module "rds_proxy" {
  }

  engine_family = "POSTGRESQL"
-  db_host       = module.rds.db_instance_address
-  db_name       = module.rds.db_instance_name
  debug_logging = true

  # Target RDS instance
--- a/examples/postgresql_iam_instance/variables.tf
+++ b/examples/postgresql_iam_instance/variables.tf
--- a/examples/postgresql_iam_instance/versions.tf
+++ b/examples/postgresql_iam_instance/versions.tf
@ -6,5 +6,9 @@ terraform {
      source  = "hashicorp/aws"
      version = ">= 3.38"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
  }
 }
--- a/main.tf
+++ b/main.tf
@ -1,7 +1,4 @@
 locals {
-  db_identifier_key   = var.db_instance_identifier != "" ? "dbInstanceIdentifier" : "dbClusterIdentifier"
-  db_identifier_value = var.db_instance_identifier != "" ? var.db_instance_identifier : var.db_cluster_identifier
-
  role_arn    = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn
  role_name   = coalesce(var.iam_role_name, var.name)
  policy_name = coalesce(var.iam_policy_name, var.name)
--- a/variables.tf
+++ b/variables.tf
@ -17,12 +17,6 @@ variable "name" {
  default     = ""
 }

-variable "auth" {
-  description = "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters"
-  type        = map(string)
-  default     = {}
-}
-
 variable "debug_logging" {
  description = "Whether the proxy includes detailed information about SQL statements in its logs"
  type        = bool
@ -89,18 +83,6 @@ variable "secrets" {
  default     = {}
 }

-variable "db_host" {
-  description = "The identifier to use for the database endpoint"
-  type        = string
-  default     = ""
-}
-
-variable "db_name" {
-  description = "The name of the database"
-  type        = string
-  default     = ""
-}
-
 # Proxy Default Target Group
 variable "connection_borrow_timeout" {
  description = "The number of seconds for a proxy to wait for a connection to become available in the connection pool"
@ -262,9 +244,3 @@ variable "use_policy_name_prefix" {
  type        = bool
  default     = false
 }
-
-variable "iam_creation_wait_duration" {
-  description = "Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay."
-  type        = string
-  default     = "30s"
-}