Bugfixes

[Nuru]

what

• Fix use of var.kubernetes_version
• Configure Terraform to create new node group before destroying old one when switching var.create_before_destroy from false to true
• Revert code to be compatible with Terraform v1.3
• Update test dependencies
• Better tolerance of inputs from disabled EKS cluster module

why

• Incorrectly treated list as scalar
• Better user experience to implement create-before-destroy behavior when selecting that behavior
• Version spec says module is compatible with Terraform 1.3
• Keep current
• Reduce special handling needed by client modules when setting enabled=false

references

• Supersedes [bugfix]random_pet uses kubernetes_version as a string #204
• Closes Destroy before create? #199
• Closes Required terraform version #188
• Supersedes and closes chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /test/src in the go_modules group #201
• Supersedes and closes chore(deps): update terraform cloudposse/eks-cluster/aws to v4.6.0 #192

[Nuru]

/terratest

@coderabbitai review

[coderabbitai]

🧩 Analysis chain

@Nuru I'll review the changes in the test files.

---

🏁 Script executed:

#!/bin/bash
# Find test files
fd "test.*\.go" --type f

# Get the diff for test files
git diff origin/master -- '*test.go'

Length of output: 188

---

🏁 Script executed:

#!/bin/bash
# Check go.mod changes
git diff origin/master -- go.mod go.sum

Length of output: 77

---

🏁 Script executed:

#!/bin/bash
# List branches to find the base
git branch -a

# Get the content of the test files
cat test/src/default_test.go
cat test/src/examples_complete_test.go
cat test/src/framework_test.go

# Get the content of go.mod
cat go.mod

Length of output: 11800

---

🏁 Script executed:

#!/bin/bash
# Get the diff between main and current branch for test files
git diff main -- test/src/

# Try to find any dependency files
fd "go\.(mod|sum)" --type f

Length of output: 7286

---

@Nuru I've reviewed the test changes. The modifications are focused on updating Go dependencies to their newer versions and removing the explicit Go toolchain version constraint. The test logic and structure remain unchanged, maintaining the existing test coverage for:

• EKS node group creation and configuration
• Node labeling and tainting
• VPC and subnet validation
• Cluster state verification

The updates to dependencies should improve compatibility with newer Go versions while maintaining the same test functionality.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces several documentation and configuration updates. In the documentation (docs/terraform.md and versions.tf), a new null provider and resource are added and input descriptions improved. Example files are updated with new module version references and a new variable for controlling create-before-destroy behavior. In the main configuration file (main.tf), the logic for Kubernetes version resolution, subnet handling, and resource dependency is modified, including the addition of a null_resource and an extra node group. The go.mod file sees version bumps to several dependencies, userdata.tf replaces a function call, and a subnet_ids validation block is removed.

Changes

File(s)	Change Summary
docs/terraform.md, versions.tf	Added new null provider declaration (version ≥ 3.0) and introduced the null_resource (seq) along with corresponding documentation updates; enhanced and reformatted multiple input descriptions.
examples/.../main.tf, examples/.../variables.tf	Updated module versions (eks_cluster from 4.2.0 to 4.6.0) and adjusted attributes in eks_node_group modules (using var.create_before_destroy and its inverted value for minimal module) while adding a new variable (create_before_destroy) to control resource replacement order.
main.tf	Modified Kubernetes version resolution logic (using one(...) and adjusting subnet_ids with coalesce), updated the random_pet resource’s version reference, and introduced a null_resource (seq) along with an additional aws_eks_node_group (cbd) to ensure the correct create-before-destroy order.
test/src/go.mod	Bumped dependency versions: golang.org/x/crypto (0.21.0 → 0.31.0), x/sys (0.18.0 → 0.28.0), x/term (0.18.0 → 0.27.0), and x/text (0.14.0 → 0.21.0); removed the toolchain version specification.
userdata.tf	Replaced the use of strcontains with regexall for checking the presence of a specific flag in kubelet_extra_args.
variables.tf	Removed the validation block for subnet_ids, allowing the variable to be an empty list.

Assessment against linked issues

Objective	Addressed	Explanation
Ensure node groups are created before destroy (#199)	✅
Avoid unsupported function usage by replacing strcontains with regexall (#188)	✅
Update Go dependencies (including bumping golang.org/x/crypto to v0.31.0) (#201)	✅
Upgrade eks-cluster module version to meet release expectations (#192)	✅	Updated version exceeds the required v4.5.0

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/terraform.md (1)

54-121: Input Documentation Formatting and Grammar
The Inputs section has been reformatted for improved clarity and readability. The updated descriptions and removal of unnecessary line breaks make the documentation more user-friendly. Additionally, static analysis hints have flagged several minor grammatical and punctuation issues (e.g. missing articles, prepositions, and commas). While these are non‑blocking, addressing them would further polish the documentation.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~59-~59: The preposition “with” seems more likely in this position.
Context: ...ecurity group will not
be associated to the nodes and you will need to provide ...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

---

[uncategorized] ~59-~59: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...p will not
be associated to the nodes and you will need to provide another securi...

(COMMA_COMPOUND_SENTENCE)

---

[uncategorized] ~61-~61: A comma might be missing here.
Context: ...(e.g. workers or cluster) to add to id,
in the order they appear in the ...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[uncategorized] ~70-~70: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[grammar] ~78-~78: Did you mean “too false to”?
Context: ..."> enabled | Set to false to prevent the module from creating any re...

(TOO_ADJECTIVE_TO)

---

[grammar] ~82-~82: The verb ‘keep’ seems to be in the wrong form here.
Context: ... for unlimited length.
Set to null for keep the existing setting, which defaults to...

(FOR_VB)

---

[uncategorized] ~100-~100: Possible missing article found.
Context: ...epends_on) | Can be any value desired. Module will wait for this value to be computed...

(AI_HYDRA_LEO_MISSING_THE)

---

[uncategorized] ~100-~100: You might be missing the article “a” here.
Context: ...is value to be computed before creating node group. | any | null | no | | <a nam...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[typographical] ~101-~101: Consider adding a comma after ‘Usually’ for more clarity.
Context: ... name | ID element. Usually the component or solution name, e.g. 'a...

(RB_LY_COMMA)

---

[uncategorized] ~101-~101: Possible missing preposition found.
Context: ...ID element not also included as a tag.
The "name" tag is set to the full id s...

(AI_EN_LECTOR_MISSING_PREPOSITION)

---

[typographical] ~102-~102: Consider adding a comma after ‘Usually’ for more clarity.
Context: ...space](#input_namespace) | ID element. Usually an abbreviation of your organization na...

(RB_LY_COMMA)

---

[uncategorized] ~103-~103: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[uncategorized] ~109-~109: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[style] ~110-~110: Consider a shorter alternative to avoid wordiness.
Context: ..._length](#input_random_pet_length) | In order to support "create before destroy" behavio...

(IN_ORDER_TO_PREMIUM)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 416a689 and 9035928.

⛔ Files ignored due to path filters (2)

• README.md is excluded by !README.md
• test/src/go.sum is excluded by !**/*.sum

📒 Files selected for processing (8)

• docs/terraform.md (4 hunks)
• examples/complete/main.tf (3 hunks)
• examples/complete/variables.tf (1 hunks)
• main.tf (5 hunks)
• test/src/go.mod (1 hunks)
• userdata.tf (1 hunks)
• variables.tf (0 hunks)
• versions.tf (1 hunks)

💤 Files with no reviewable changes (1)

• variables.tf

🧰 Additional context used

📓 Path-based instructions (2)

`examples/complete/*.tf`: This is framework for testing and ...

examples/complete/*.tf: This is framework for testing and standards are very relaxed, plus certain things need to be certain ways for testing. Exclude from review unless you find misspelling or similar error in comments or serious errors in code.

• examples/complete/variables.tf
• examples/complete/main.tf

`test/src/*`: This is `go` code for orchestrating testing an...

test/src/*: This is go code for orchestrating testing and standards are very relaxed, plus certain things need to be certain ways for testing. Exclude from review unless you find misspelling or similar error in comments or serious errors in code.

• test/src/go.mod

🪛 LanguageTool

docs/terraform.md

[uncategorized] ~59-~59: The preposition “with” seems more likely in this position.
Context: ...ecurity group will not
be associated to the nodes and you will need to provide ...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

---

[uncategorized] ~59-~59: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...p will not
be associated to the nodes and you will need to provide another securi...

(COMMA_COMPOUND_SENTENCE)

---

[uncategorized] ~61-~61: A comma might be missing here.
Context: ...(e.g. workers or cluster) to add to id,
in the order they appear in the ...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[uncategorized] ~70-~70: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[grammar] ~82-~82: The verb ‘keep’ seems to be in the wrong form here.
Context: ... for unlimited length.
Set to null for keep the existing setting, which defaults to...

(FOR_VB)

---

[uncategorized] ~100-~100: Possible missing article found.
Context: ...epends_on) | Can be any value desired. Module will wait for this value to be computed...

(AI_HYDRA_LEO_MISSING_THE)

---

[uncategorized] ~100-~100: You might be missing the article “a” here.
Context: ...is value to be computed before creating node group. | any | null | no | | <a nam...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[typographical] ~101-~101: Consider adding a comma after ‘Usually’ for more clarity.
Context: ... name | ID element. Usually the component or solution name, e.g. 'a...

(RB_LY_COMMA)

---

[uncategorized] ~101-~101: Possible missing preposition found.
Context: ...ID element not also included as a tag.
The "name" tag is set to the full id s...

(AI_EN_LECTOR_MISSING_PREPOSITION)

---

[typographical] ~102-~102: Consider adding a comma after ‘Usually’ for more clarity.
Context: ...space](#input_namespace) | ID element. Usually an abbreviation of your organization na...

(RB_LY_COMMA)

---

[uncategorized] ~103-~103: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[uncategorized] ~109-~109: You might be missing the article “a” here.
Context: ...
Leave list empty for defaults. Pass list with single object with attributes matc...

(AI_EN_LECTOR_MISSING_DETERMINER_A)

---

[style] ~110-~110: Consider a shorter alternative to avoid wordiness.
Context: ..._length](#input_random_pet_length) | In order to support "create before destroy" behavio...

(IN_ORDER_TO_PREMIUM)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (16)

versions.tf (1)

17-20: New Null Provider Declaration Added
The addition of the null provider (source "hashicorp/null" with version ">= 3.0") is correctly integrated into the required_providers block. This aligns with the updated documentation and overall module enhancements.

test/src/go.mod (1)

87-92: Dependency Version Updates Reviewed
The updated versions for dependencies (e.g. golang.org/x/crypto v0.31.0, x/sys v0.28.0, x/term v0.27.0, and x/text v0.21.0) appear consistent with the broader update goals. There are no evident issues, and the changes seem in line with maintaining compatibility for the tests.

userdata.tf (1)

62-63: Regexall Replacement for strcontains
The original use of strcontains has been replaced with regexall to check for the presence of "--register-with-taints" in kubelet_extra_args. Please verify that regexall returns an empty list when the pattern is not found (thus making the length equal to 0), as this change is critical for ensuring the flag is only appended when needed.

examples/complete/main.tf (3)

122-125: EKS Cluster Module Version Update
The eks_cluster module version has been updated from "4.2.0" to "4.6.0". Ensure that the new version is fully compatible with dependent modules and the rest of your configuration.

---

178-178: Configurable Create-Before-Destroy for eks_node_group
The attribute change from a hardcoded true to var.create_before_destroy in the eks_node_group module enhances flexibility in node group replacement. Confirm that all module invocations and related resources are updated to gracefully handle this parameter.

---

206-209: Inverse Logic for Minimal Node Group Creation
In module eks_node_group_minimal, setting create_before_destroy to !var.create_before_destroy and adding replace_node_group_on_version_update = true are notable changes. Please verify that inverting the behavior for the minimal node group is intentional and documented, as it may be counterintuitive for users expecting consistent behavior across node groups.

examples/complete/variables.tf (1)

172-182: New Variable for Create-Before-Destroy
The new variable "create_before_destroy" is well defined with an appropriate description and default value. This enhances configurability and clearly communicates the behavior change regarding node group replacement timing.

main.tf (6)

7-9: Kubernetes Version Resolution Logic
The condition on line 7 has been updated to use the cluster’s Kubernetes version when either the module is disabled or no version is provided (i.e. “!local.enabled || length(var.kubernetes_version) == 0”). This meets the PR objective. However, note that if local.enabled is false then the data source “aws_eks_cluster.this” will have count = 0, and evaluating one(data.aws_eks_cluster.this[*].version) on an empty list could be problematic if the expression were ever inadvertently used. Although Terraform’s lazy evaluation may prevent runtime errors when resources aren’t created, it’s worth verifying that this logic is safe under all conditions.

---

92-98: Subnet and Instance Types Configuration
In the local “ng” block, line 93 now sorts and safely coalesces “var.subnet_ids” (allowing an empty list when the module is disabled) and line 97 directly passes “var.instance_types”. These changes improve robustness and clarity.

---

148-165: Enforcing Create‐Before‐Destroy Ordering
The newly added “null_resource.seq” resource (lines 148–165) enforces that when switching to create-before-destroy behavior the new node group is created before destroying the old one. The dependency on aws_eks_node_group.default is clearly stated. Double-check that this dependency does not introduce any cyclic dependency issues in your configuration.

---

184-198: Default Node Group Dependency Enhancements
In the “aws_eks_node_group.default” resource, the depends_on block (lines 184–198) now includes additional IAM policy attachments and dependencies. This ensures that all necessary IAM permissions and related resources are in place before EKS attempts to delete EC2 instances or network interfaces. These changes are well aligned with the intended ordering requirements.

---

260-275: CBD Node Group for Create‐Before‐Destroy Behavior
The new “aws_eks_node_group.cbd” resource (lines 260–275) implements the create-before-destroy functionality. The node_group_name is now generated with a formatted string (line 262) to help ensure uniqueness, and the dependency on null_resource.seq (line 274) enforces the correct creation order. Make sure the configurations (labels, scaling, and launch template data) remain in sync with the default node group apart from the intended differences.

---

141-144: Version Keeper in Random Pet Resource
Within the merge on line 143, the “version” key is set to “var.kubernetes_version[0]” when var.replace_node_group_on_version_update is true. This logic assumes that var.kubernetes_version is non‑empty. To avoid runtime errors when the version list is empty, consider adding a length check. For example:

-      version = var.kubernetes_version[0]
+      version = length(var.kubernetes_version) > 0 ? var.kubernetes_version[0] : null

✅ Verification successful

Action: Update Kubernetes version reference to handle empty lists

The current code assumes that var.kubernetes_version always has at least one element, leading to potential runtime errors when the list is empty. The suggested change introduces a safeguard by checking the list length before accessing its first element:

• Replace
  version = var.kubernetes_version[0]
  with
  version = length(var.kubernetes_version) > 0 ? var.kubernetes_version[0] : null

This conditional check ensures that if the version list is empty, the value will safely resolve to null, preventing unexpected runtime issues.

docs/terraform.md (3)

8-8: New Null Provider Requirement
The addition of the null provider requirement (line 8) with version “>= 3.0” is consistent with the module changes and ensures that necessary provider functionality is available.

---

16-16: New Null Provider Declaration
Including the null provider in the Providers table (line 16) aligns the documentation with the updated provider requirements.

---

40-41: Documenting the New Resource “null_resource.seq”
The Resources section now lists “null_resource.seq” (line 40) with a link to its official documentation. This accurately reflects the new resource added in the module for handling create-before-destroy semantics.

[github-actions]

These changes were released in v3.3.0.