Merge pull request #1 from anyscale/v0.2.0

[upd] v0.2.0

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -10,32 +10,26 @@ body:
       value: |
         Thank you for taking the time to file a bug report.
         Please make sure to search for existing issues before filing a new one.
-
-  - type: input
-    id: contact
-    attributes:
-      label: Contact Details
-      description: An email address that we can reach out to you if we need more information.
-      placeholder: ex. [email protected]
   - type: textarea
     id: what-happened
     attributes:
       label: What happened?
       description: What did you expect to happen? (provide screenshots if possible)
-      value: "A bug happened!"
+      placeholder: "A bug happened!"
     validations:
       required: true
   - type: input
     id: which-module
     attributes:
       label: Which module?
       description: "Which module(s) are you having problems with?"
-      value: "ex. Root, S3, EFS, IAM, VPC, S3-Policy, SecurityGroup"
+      placeholder: "ex. Root, S3, EFS, IAM, VPC, S3-Policy, SecurityGroup"
   - type: dropdown
     id: version
     attributes:
       label: Module version
       description: What version of the modules are you using?
+      multiple: false
       options:
         - 0.1.0 (Default)
     validations:
@@ -45,6 +39,7 @@ body:
     attributes:
       label: Terraform version
       description: What version of Terraform are you using?
+      multiple: false
       options:
         - 1.3.x (Default)
         - 1.2.x
@@ -58,6 +53,7 @@ body:
     attributes:
       label: Is it blocking work?
       description: Please choose one?
+      multiple: false
       options:
         - "no"
         - "yes"

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -10,32 +10,26 @@ body:
       value: |
         Thank you for taking the time to request a new feature.
         Please make sure to search for existing issues before filing a new one.
-
-  - type: input
-    id: contact
-    attributes:
-      label: Contact Details
-      description: An email address that we can reach out to you if we need more information.
-      placeholder: ex. [email protected]
   - type: textarea
     id: new-feature
     attributes:
       label: What are you looking for?
       description: Please provide a detailed explanation of the new feature request you are looking for.
-      value: "Feature request!!"
+      placeholder: "Feature request!!"
     validations:
       required: true
   - type: input
     id: which-module
     attributes:
       label: Which module?
       description: "Which module(s) are you having problems with?"
-      value: "ex. Root, S3, EFS, IAM, VPC, S3-Policy, SecurityGroup"
+      placeholder: "ex. Root, S3, EFS, IAM, VPC, S3-Policy, SecurityGroup"
   - type: dropdown
     id: blocking_work
     attributes:
       label: Is it blocking work?
       description: Please choose one?
+      multiple: false
       options:
         - "no"
         - "yes"
@@ -46,6 +40,7 @@ body:
     attributes:
       label: Terraform version
       description: What version of Terraform are you using?
+      multiple: false
       options:
         - 1.3.x (Default)
         - 1.2.x

.github/labeler.yml

@@ -1,17 +1,5 @@
-name: "Pull Request Labeler"
-on: [pull_request]
-
-permissions: read-all
-
-jobs:
-  add-label:
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/labeler@v4
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        configuration-path: ".github/labeler.yml"
-        sync-labels: true
+# See https://github.com/actions/labeler for details
+# "dependencies" label for any changes in dependency files
+# Add 'repo' label to any root file changes
+repo:
+- '*'

.github/workflows/labeler.yml

@@ -0,0 +1,16 @@
+name: "Pull Request Labeler"
+on:
+  - pull_request
+
+jobs:
+  add-label:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@v4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          configuration-path: ".github/labeler.yml"
+          sync-labels: true

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 default_stages: [commit]
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.0
+    rev: v1.77.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

examples/anyscale-v1-existing-vpc/main.tf

@@ -23,11 +23,10 @@ module "aws_anyscale_v1_existing_vpc" {
 
   anyscale_deploy_env = var.anyscale_deploy_env
   anyscale_cloud_id   = var.anyscale_cloud_id
-  cloud_provider      = "aws"
 
   # VPC Related
-  existing_vpc_id     = local.existing_vpc_id
-  existing_subnet_ids = local.existing_subnet_ids
+  existing_vpc_id         = local.existing_vpc_id
+  existing_vpc_subnet_ids = local.existing_subnet_ids
 
   # Security Group Related
   security_group_create_anyscale_public_ingress       = true

examples/anyscale-v1/main.tf

@@ -26,7 +26,6 @@ module "aws_anyscale_v1" {
 
   anyscale_deploy_env = var.anyscale_deploy_env
   anyscale_cloud_id   = var.anyscale_cloud_id
-  cloud_provider      = "aws"
 
   # VPC Related
   anyscale_vpc_cidr_block     = local.cidr_block

examples/anyscale-v2-existing-vpc/main.tf

@@ -0,0 +1,33 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Create core Anyscale v2 Stack with existing VPC (Public Subnets)
+#   Creates a v2 stack including
+#     - IAM Roles
+#     - S3 Bucket
+#     - VPC Security Groups
+#     - EFS
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  full_tags = merge(tomap({
+    anyscale-cloud-id           = var.anyscale_cloud_id,
+    anyscale-deploy-environment = var.anyscale_deploy_env
+    }),
+    var.tags
+  )
+  existing_vpc_id            = "vpc-086408b268f481027"
+  existing_public_subnet_ids = ["subnet-06154a164989c0f8d", "subnet-05f678cbbba3d9a1d", "subnet-0f7b63788905e3eb2"]
+}
+
+module "aws_anyscale_v2_existing_vpc" {
+  source = "../../"
+  tags   = local.full_tags
+
+  anyscale_deploy_env = var.anyscale_deploy_env
+  anyscale_cloud_id   = var.anyscale_cloud_id
+
+  # VPC Related
+  existing_vpc_id         = local.existing_vpc_id
+  existing_vpc_subnet_ids = local.existing_public_subnet_ids
+
+  # Security Group Related
+  security_group_ingress_allow_access_from_cidr_range = var.customer_ingress_cidr_ranges
+}

examples/anyscale-v2-existing-vpc/outputs.tf

@@ -0,0 +1,27 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Anyscale v2 Stack with existing VPC
+# ---------------------------------------------------------------------------------------------------------------------
+output "anyscale_v2_existing_vpc_s3_bucket_id" {
+  description = "Anyscale S3 Bucket ID. If a bucket was not created, return an empty string."
+  value       = try(module.aws_anyscale_v2_existing_vpc.anyscale_s3_bucket_id, "")
+}
+
+output "anyscale_v2_existing_vpc_security_group_id" {
+  description = "Anyscale Security Group ID. If a security group was not created, return an empty string."
+  value       = try(module.aws_anyscale_v2_existing_vpc.anyscale_security_group_id, "")
+}
+
+output "anyscale_v2_existing_vpc_iam_role_arn" {
+  description = "Anyscale IAM access role arn."
+  value       = try(module.aws_anyscale_v2_existing_vpc.anyscale_iam_role_arn, "")
+}
+
+output "anyscale_v2_existing_vpc_iam_instance_role_arn" {
+  description = "Anyscale IAM instance role arn."
+  value       = try(module.aws_anyscale_v2_existing_vpc.anyscale_iam_role_cluster_node_arn, "")
+}
+
+output "anyscale_v2_existing_vpc_efs_id" {
+  description = "Anyscale Elastic File System ID."
+  value       = try(module.aws_anyscale_v2_existing_vpc.anyscale_efs_id, "")
+}

examples/anyscale-v2-existing-vpc/variables.tf

@@ -0,0 +1,66 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ENVIRONMENT VARIABLES
+# Define these secrets as environment variables
+# ---------------------------------------------------------------------------------------------------------------------
+
+# AWS_ACCESS_KEY_ID
+# AWS_SECRET_ACCESS_KEY
+
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED VARIABLES
+# These variables must be set when using this module.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "aws_region" {
+  description = "The AWS region in which all resources will be created."
+  type        = string
+}
+
+variable "anyscale_deploy_env" {
+  description = "(Required) Anyscale deploy environment. Used in resource names and tags."
+  type        = string
+  validation {
+    condition = (
+      var.anyscale_deploy_env == "production" || var.anyscale_deploy_env == "development" || var.anyscale_deploy_env == "test"
+    )
+    error_message = "The anyscale_deploy_env only allows `production`, `test`, or `development`"
+  }
+}
+
+# ------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS
+# These variables have defaults, but may be overridden.
+# ------------------------------------------------------------------------------
+variable "anyscale_cloud_id" {
+  description = "(Optional) Anyscale Cloud ID. Default is `null`."
+  type        = string
+  default     = null
+  validation {
+    condition = (
+      var.anyscale_cloud_id == null ? true : (
+        length(var.anyscale_cloud_id) > 4 &&
+        substr(var.anyscale_cloud_id, 0, 4) == "cld_"
+      )
+    )
+    error_message = "The anyscale_cloud_id value must start with \"cld_\"."
+  }
+}
+
+variable "tags" {
+  description = "(Optional) A map of tags to all resources that accept tags."
+  type        = map(string)
+  default = {
+    "test" : true,
+    "environment" : "test"
+  }
+}
+
+variable "customer_ingress_cidr_ranges" {
+  description = <<-EOT
+    The IPv4 CIDR block that is allowed to access the clusters.
+    This provides the ability to lock down the v1 stack to just the public IPs of a corporate network.
+    This is added to the security group and allows port 443 (https) and 22 (ssh) access.
+    ex: `52.1.1.23/32,10.1.0.0/16'
+  EOT
+  type        = string
+}

examples/anyscale-v2-existing-vpc/versions.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}

examples/anyscale-v2/main.tf

@@ -0,0 +1,36 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Create core Anyscale v2 Stack resources with minimal parameters
+#   Should be executed in us-east-2
+#   Creates a v2 stack including
+#     - IAM Roles
+#     - S3 Bucket
+#     - VPC with publicly routed subnets (no internal)
+#     - VPC Security Groups
+#     - EFS
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  full_tags = merge(tomap({
+    anyscale-cloud-id           = var.anyscale_cloud_id,
+    anyscale-deploy-environment = var.anyscale_deploy_env
+    }),
+    var.tags
+  )
+  cidr_block     = "172.24.0.0/16"
+  public_subnets = ["172.24.101.0/24", "172.24.102.0/24", "172.24.103.0/24"]
+}
+
+module "aws_anyscale_v2" {
+  source = "../.."
+  tags   = local.full_tags
+
+  anyscale_deploy_env = var.anyscale_deploy_env
+  anyscale_cloud_id   = var.anyscale_cloud_id
+
+  # VPC Related
+  anyscale_vpc_cidr_block     = local.cidr_block
+  anyscale_vpc_public_subnets = local.public_subnets
+
+  # Security Group Related
+  security_group_ingress_allow_access_from_cidr_range = var.customer_ingress_cidr_ranges
+}

examples/anyscale-v2/outputs.tf

@@ -0,0 +1,41 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Anyscale v2 Stack resources with minimal parameters
+# ---------------------------------------------------------------------------------------------------------------------
+output "anyscale_v2_vpc_id" {
+  description = "Anyscale VPC ID. If there was not one created, return the one that was used during other resource creation."
+  value       = try(module.aws_anyscale_v2.anyscale_vpc_id, "")
+}
+
+output "anyscale_v2_vpc_public_subnet_ids" {
+  description = "Anyscale VPC Public Subnet IDs. If there were none created, return an empty string."
+  value       = try(module.aws_anyscale_v2.anyscale_vpc_public_subnet_ids, [])
+}
+output "anyscale_v2_vpc_private_subnet_ids" {
+  description = "Anyscale VPC Private Subnet IDs. If there were none created, return an empty string."
+  value       = try(module.aws_anyscale_v2.anyscale_vpc_private_subnet_ids, [])
+}
+
+output "anyscale_v2_s3_bucket_id" {
+  description = "Anyscale S3 Bucket ID. If a bucket was not created, return an empty string."
+  value       = try(module.aws_anyscale_v2.anyscale_s3_bucket_id, "")
+}
+
+output "anyscale_v2_security_group_id" {
+  description = "Anyscale Security Group ID. If a security group was not created, return an empty string."
+  value       = try(module.aws_anyscale_v2.anyscale_security_group_id, "")
+}
+
+output "anyscale_v2_iam_role_arn" {
+  description = "Anyscale IAM access role arn."
+  value       = try(module.aws_anyscale_v2.anyscale_iam_role_arn, "")
+}
+
+output "anyscale_v2_iam_instance_role_arn" {
+  description = "Anyscale IAM instance role arn."
+  value       = try(module.aws_anyscale_v2.anyscale_iam_role_cluster_node_arn, "")
+}
+
+output "anyscale_v2_efs_id" {
+  description = "Anyscale Elastic File System ID."
+  value       = try(module.aws_anyscale_v2.anyscale_efs_id, "")
+}