Merge pull request #21 from zilliztech/record-caller

locustbaby · web-flow · commit 13a4cbcbf001 · 2025-03-27T11:02:47.000+08:00
chore: record caller
diff --git a/.github/workflows/hcl-check.yaml b/.github/workflows/hcl-check.yaml
@@ -0,0 +1,45 @@
+name: Terraform Validation
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:      
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: latest
+
+      - name: Configure Terraform plugin cache
+        run: |
+          echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >>"$GITHUB_ENV"
+          mkdir --parents "$HOME/.terraform.d/plugin-cache"
+      
+      - name: Cache Terraform Plugin
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.terraform.d/plugin-cache
+          key: terraform-${{ runner.os }}-plugin-cache
+          restore-keys: |
+            terraform-${{ runner.os }}-plugin-cache
+      
+      - name: Terraform Validate in All Modules
+        run: |
+          export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache"
+          for dir in modules/*; do
+            if [ -d "$dir" ]; then
+              echo "Validating $dir"
+              cd "$dir"
+              terraform init
+              terraform validate
+              cd -
+            fi
+          done
diff --git a/modules/aws_bucket/bucket.tf b/modules/aws_bucket/bucket.tf
@@ -1,3 +1,5 @@
+data "aws_caller_identity" "current" {}
+
 module "s3_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "3.15.1"
@@ -8,8 +10,13 @@ module "s3_bucket" {
 
   control_object_ownership = true
   object_ownership         = "ObjectWriter"
+
+  tags = {
+    Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
+  }
 }
 
 output "s3_bucket_ids" {
   value = module.s3_bucket["milvus"].s3_bucket_id
-}
+}
diff --git a/modules/aws_byoc_op/eks.tf b/modules/aws_byoc_op/eks.tf
@@ -8,10 +8,12 @@ resource "aws_eks_cluster" "zilliz_byoc_cluster" {
   tags = {
 
     "Vendor" = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
   tags_all = {
 
     "Vendor" = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
   # version = "1.31"
 
diff --git a/modules/aws_byoc_op/iam-role-eks-addon.tf b/modules/aws_byoc_op/iam-role-eks-addon.tf
@@ -3,6 +3,7 @@ resource "aws_iam_role" "eks_addon_role" {
 
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 
   assume_role_policy = jsonencode({
diff --git a/modules/aws_byoc_op/iam-role-eks.tf b/modules/aws_byoc_op/iam-role-eks.tf
@@ -3,6 +3,7 @@ resource "aws_iam_role" "eks_role" {
 
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
   
   assume_role_policy = jsonencode({
diff --git a/modules/aws_byoc_op/iam-role-maintaince.tf b/modules/aws_byoc_op/iam-role-maintaince.tf
@@ -36,6 +36,7 @@ resource "aws_iam_role" "maintaince_role" {
 
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 
diff --git a/modules/aws_byoc_op/iam-role-storage.tf b/modules/aws_byoc_op/iam-role-storage.tf
@@ -2,6 +2,7 @@ resource "aws_iam_role" "storage_role" {
   name = "${local.dataplane_id}-storage-role"
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 
   lifecycle {
diff --git a/modules/aws_byoc_op/private_link.tf b/modules/aws_byoc_op/private_link.tf
@@ -14,6 +14,7 @@ resource "aws_vpc_endpoint" "byoc_endpoint" {
   tags = {
     Name   = "${local.dataplane_id}-endpoint"
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 
@@ -27,6 +28,11 @@ resource "aws_route53_zone" "byoc_private_zone" {
     vpc_id = module.vpc.vpc_id
   }
   comment = "Private hosted zone for BYOC project"
+
+  tags = {
+    Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
+  }
 }
 
 resource "aws_route53_record" "byoc_endpoint_alias" {
diff --git a/modules/aws_byoc_op/s3.tf b/modules/aws_byoc_op/s3.tf
@@ -8,4 +8,9 @@ module "s3_bucket" {
 
   control_object_ownership = true
   object_ownership         = "ObjectWriter"
+
+  tags = {
+    Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
+  }
 }
diff --git a/modules/aws_byoc_op/vpc.tf b/modules/aws_byoc_op/vpc.tf
@@ -44,6 +44,7 @@ module "vpc" {
 
   tags = {
     Vendor    = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 
diff --git a/modules/aws_iam/cross-account-role.tf b/modules/aws_iam/cross-account-role.tf
@@ -1,3 +1,5 @@
+data "aws_caller_identity" "current" {}
+
 locals {
   config = yamldecode(file("${path.module}/conf.yaml"))
 }
@@ -29,6 +31,7 @@ resource "aws_iam_role" "cross_account_role" {
 
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 
diff --git a/modules/aws_iam/eks-role.tf b/modules/aws_iam/eks-role.tf
@@ -3,6 +3,7 @@ resource "aws_iam_role" "eks_role" {
 
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
   lifecycle {
     ignore_changes = [
diff --git a/modules/aws_iam/storage-role.tf b/modules/aws_iam/storage-role.tf
@@ -2,6 +2,7 @@ resource "aws_iam_role" "storage_role" {
   name = "zilliz-byoc-${var.name}-storage-role"
   tags = {
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 
   lifecycle {
diff --git a/modules/aws_vpc/private_link.tf b/modules/aws_vpc/private_link.tf
@@ -1,3 +1,5 @@
+data aws_caller_identity "current" {}
+
 locals {
   config = yamldecode(file("${path.module}/conf.yaml"))
 }
@@ -16,6 +18,7 @@ resource "aws_vpc_endpoint" "byoc_endpoint" {
   tags = {
     Name   = "zilliz-byoc-${var.name}-endpoint"
     Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 
@@ -27,7 +30,13 @@ resource "aws_route53_zone" "byoc_private_zone" {
     vpc_id = module.vpc.vpc_id
   }
   comment = "Private hosted zone for BYOC project"
+
+  tags = {
+    Vendor = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
+  }
 }
+
 resource "aws_route53_record" "byoc_endpoint_alias" {
   count = var.enable_private_link ? 1 : 0
   zone_id = aws_route53_zone.byoc_private_zone[0].zone_id
diff --git a/modules/aws_vpc/vpc.tf b/modules/aws_vpc/vpc.tf
@@ -54,6 +54,7 @@ module "vpc" {
 
   tags = {
     Vendor    = "zilliz-byoc"
+    Caller = data.aws_caller_identity.current.arn
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -8,10 +8,12 @@ resource "aws_eks_cluster" "zilliz_byoc_cluster" {`
`8`	`8`	`tags = {`
`9`	`9`
`10`	`10`	`"Vendor" = "zilliz-byoc"`
	`11`	`+ Caller = data.aws_caller_identity.current.arn`
`11`	`12`	`}`
`12`	`13`	`tags_all = {`
`13`	`14`
`14`	`15`	`"Vendor" = "zilliz-byoc"`
	`16`	`+ Caller = data.aws_caller_identity.current.arn`
`15`	`17`	`}`
`16`	`18`	`# version = "1.31"`
`17`	`19`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ resource "aws_iam_role" "eks_addon_role" {`
`3`	`3`
`4`	`4`	`tags = {`
`5`	`5`	`Vendor = "zilliz-byoc"`
	`6`	`+ Caller = data.aws_caller_identity.current.arn`
`6`	`7`	`}`
`7`	`8`
`8`	`9`	`assume_role_policy = jsonencode({`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ resource "aws_iam_role" "maintaince_role" {`
`36`	`36`
`37`	`37`	`tags = {`
`38`	`38`	`Vendor = "zilliz-byoc"`
	`39`	`+ Caller = data.aws_caller_identity.current.arn`
`39`	`40`	`}`
`40`	`41`	`}`
`41`	`42`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ resource "aws_iam_role" "storage_role" {`
`2`	`2`	`name = "${local.dataplane_id}-storage-role"`
`3`	`3`	`tags = {`
`4`	`4`	`Vendor = "zilliz-byoc"`
	`5`	`+ Caller = data.aws_caller_identity.current.arn`
`5`	`6`	`}`
`6`	`7`
`7`	`8`	`lifecycle {`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ resource "aws_vpc_endpoint" "byoc_endpoint" {`
`14`	`14`	`tags = {`
`15`	`15`	`Name = "${local.dataplane_id}-endpoint"`
`16`	`16`	`Vendor = "zilliz-byoc"`
	`17`	`+ Caller = data.aws_caller_identity.current.arn`
`17`	`18`	`}`
`18`	`19`	`}`
`19`	`20`
`@@ -27,6 +28,11 @@ resource "aws_route53_zone" "byoc_private_zone" {`
`27`	`28`	`vpc_id = module.vpc.vpc_id`
`28`	`29`	`}`
`29`	`30`	`comment = "Private hosted zone for BYOC project"`
	`31`	`+`
	`32`	`+ tags = {`
	`33`	`+ Vendor = "zilliz-byoc"`
	`34`	`+ Caller = data.aws_caller_identity.current.arn`
	`35`	`+ }`
`30`	`36`	`}`
`31`	`37`
`32`	`38`	`resource "aws_route53_record" "byoc_endpoint_alias" {`
Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,9 @@ module "s3_bucket" {`
`8`	`8`
`9`	`9`	`control_object_ownership = true`
`10`	`10`	`object_ownership = "ObjectWriter"`
	`11`	`+`
	`12`	`+ tags = {`
	`13`	`+ Vendor = "zilliz-byoc"`
	`14`	`+ Caller = data.aws_caller_identity.current.arn`
	`15`	`+ }`
`11`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ module "vpc" {`
`44`	`44`
`45`	`45`	`tags = {`
`46`	`46`	`Vendor = "zilliz-byoc"`
	`47`	`+ Caller = data.aws_caller_identity.current.arn`
`47`	`48`	`}`
`48`	`49`	`}`
`49`	`50`