Back to Details

refactor-module

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Skill: Refactor Module

技能:重构模块

Overview

概述

This skill guides AI agents in transforming monolithic Terraform configurations into reusable, maintainable modules following HashiCorp's module design principles and community best practices.
本技能指导AI Agent遵循HashiCorp的模块设计原则和社区最佳实践,将单体Terraform配置转换为可复用、可维护的模块。

Capability Statement

能力说明

The agent will analyze existing Terraform code and systematically refactor it into well-structured modules with:
  • Clear interface contracts (variables and outputs)
  • Proper encapsulation and abstraction
  • Versioning and documentation
  • Testing frameworks
  • Migration path for existing state
Agent将分析现有Terraform代码,并系统地将其重构为结构良好的模块,具备以下特性:
  • 清晰的接口契约(变量和输出)
  • 适当的封装与抽象
  • 版本控制与文档
  • 测试框架
  • 现有状态的迁移路径

Prerequisites

前提条件

  • Existing Terraform configuration to refactor
  • Understanding of resource dependencies
  • Access to current state file (for migration planning)
  • Knowledge of module registry patterns
  • 待重构的现有Terraform配置
  • 了解资源依赖关系
  • 可访问当前状态文件(用于迁移规划)
  • 了解模块注册表模式

Input Parameters

输入参数

ParameterTypeRequiredDescription
source_directory
stringYesPath to existing Terraform configuration
module_name
stringYesName for the new module
abstraction_level
stringNo"simple", "intermediate", "advanced" (default: intermediate)
preserve_state
booleanYesWhether to maintain state compatibility
target_registry
stringNoTarget module registry (local, private, public)
参数类型是否必填描述
source_directory
string现有Terraform配置的路径
module_name
string新模块的名称
abstraction_level
string"simple"、"intermediate"、"advanced"(默认值:intermediate)
preserve_state
boolean是否保持状态兼容性
target_registry
string目标模块注册表(本地、私有、公共)

Execution Steps

执行步骤

1. Analysis Phase

1. 分析阶段

markdown
**Identify Refactoring Candidates**
- Group resources by logical function
- Identify repeated patterns
- Map resource dependencies
- Detect configuration coupling
- Analyze variable usage patterns

**Complexity Assessment**
- Count resource relationships
- Measure variable propagation depth
- Identify cross-resource references
- Evaluate state migration complexity
markdown
**识别重构候选对象**
- 按逻辑功能对资源进行分组
- 识别重复模式
- 映射资源依赖关系
- 检测配置耦合
- 分析变量使用模式

**复杂度评估**
- 统计资源关系数量
- 衡量变量传播深度
- 识别跨资源引用
- 评估状态迁移复杂度

2. Module Design

2. 模块设计

Interface Design

接口设计

hcl
undefined
hcl
undefined

Define clear input contract

Define clear input contract

variable "network_config" { description = "Network configuration parameters" type = object({ cidr_block = string availability_zones = list(string) enable_nat = bool })
validation { condition = can(cidrhost(var.network_config.cidr_block, 0)) error_message = "CIDR block must be valid IPv4 CIDR." } }
variable "network_config" { description = "Network configuration parameters" type = object({ cidr_block = string availability_zones = list(string) enable_nat = bool })
validation { condition = can(cidrhost(var.network_config.cidr_block, 0)) error_message = "CIDR block must be valid IPv4 CIDR." } }

Define output contract

Define output contract

output "vpc_id" { description = "ID of the created VPC" value = aws_vpc.main.id }
output "private_subnet_ids" { description = "List of private subnet IDs" value = { for k, v in aws_subnet.private : k => v.id } }
undefined
output "vpc_id" { description = "ID of the created VPC" value = aws_vpc.main.id }
output "private_subnet_ids" { description = "List of private subnet IDs" value = { for k, v in aws_subnet.private : k => v.id } }
undefined

Encapsulation Strategy

封装策略

markdown
**What to Include in Module:**
- Tightly coupled resources (VPC + subnets)
- Resources with shared lifecycle
- Configuration with clear boundaries

**What to Keep Separate:**
- Cross-cutting concerns (monitoring, tagging)
- Resources with different lifecycles
- Provider-specific configurations
markdown
**模块应包含的内容:**
- 紧密耦合的资源(VPC + 子网)
- 具有共享生命周期的资源
- 边界清晰的配置

**应单独保留的内容:**
- 横切关注点(监控、标签)
- 生命周期不同的资源
- 特定于提供商的配置

3. Code Transformation

3. 代码转换

Before: Monolithic Configuration

转换前:单体配置

hcl
undefined
hcl
undefined

main.tf (monolithic)

main.tf (monolithic)

resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" enable_dns_hostnames = true
tags = { Name = "production-vpc" Environment = "prod" } }
resource "aws_subnet" "public_1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "us-east-1a"
tags = { Name = "public-subnet-1" Type = "public" } }
resource "aws_subnet" "public_2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.2.0/24" availability_zone = "us-east-1b"
tags = { Name = "public-subnet-2" Type = "public" } }
resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id
tags = { Name = "production-igw" } }
resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" enable_dns_hostnames = true
tags = { Name = "production-vpc" Environment = "prod" } }
resource "aws_subnet" "public_1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "us-east-1a"
tags = { Name = "public-subnet-1" Type = "public" } }
resource "aws_subnet" "public_2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.2.0/24" availability_zone = "us-east-1b"
tags = { Name = "public-subnet-2" Type = "public" } }
resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id
tags = { Name = "production-igw" } }

... more repetitive subnet and routing resources

... more repetitive subnet and routing resources

undefined
undefined

After: Modular Structure

转换后:模块化结构

hcl
undefined
hcl
undefined

modules/vpc/main.tf

modules/vpc/main.tf

locals { subnet_count = length(var.availability_zones) }
resource "aws_vpc" "main" { cidr_block = var.cidr_block enable_dns_hostnames = var.enable_dns_hostnames enable_dns_support = var.enable_dns_support
tags = merge( var.tags, { Name = var.name } ) }
resource "aws_subnet" "public" { for_each = var.create_public_subnets ? toset(var.availability_zones) : []
vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.cidr_block, 8, index(var.availability_zones, each.value)) availability_zone = each.value map_public_ip_on_launch = true
tags = merge( var.tags, { Name = "${var.name}-public-${each.value}" Type = "public" } ) }
resource "aws_internet_gateway" "main" { count = var.create_public_subnets ? 1 : 0 vpc_id = aws_vpc.main.id
tags = merge( var.tags, { Name = "${var.name}-igw" } ) }
locals { subnet_count = length(var.availability_zones) }
resource "aws_vpc" "main" { cidr_block = var.cidr_block enable_dns_hostnames = var.enable_dns_hostnames enable_dns_support = var.enable_dns_support
tags = merge( var.tags, { Name = var.name } ) }
resource "aws_subnet" "public" { for_each = var.create_public_subnets ? toset(var.availability_zones) : []
vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.cidr_block, 8, index(var.availability_zones, each.value)) availability_zone = each.value map_public_ip_on_launch = true
tags = merge( var.tags, { Name = "${var.name}-public-${each.value}" Type = "public" } ) }
resource "aws_internet_gateway" "main" { count = var.create_public_subnets ? 1 : 0 vpc_id = aws_vpc.main.id
tags = merge( var.tags, { Name = "${var.name}-igw" } ) }

modules/vpc/variables.tf

modules/vpc/variables.tf

variable "name" { description = "Name prefix for all resources" type = string }
variable "cidr_block" { description = "CIDR block for the VPC" type = string
validation { condition = can(cidrhost(var.cidr_block, 0)) error_message = "Must be a valid IPv4 CIDR block." } }
variable "availability_zones" { description = "List of availability zones" type = list(string) }
variable "create_public_subnets" { description = "Whether to create public subnets" type = bool default = true }
variable "enable_dns_hostnames" { description = "Enable DNS hostnames in the VPC" type = bool default = true }
variable "enable_dns_support" { description = "Enable DNS support in the VPC" type = bool default = true }
variable "tags" { description = "Tags to apply to all resources" type = map(string) default = {} }
variable "name" { description = "Name prefix for all resources" type = string }
variable "cidr_block" { description = "CIDR block for the VPC" type = string
validation { condition = can(cidrhost(var.cidr_block, 0)) error_message = "Must be a valid IPv4 CIDR block." } }
variable "availability_zones" { description = "List of availability zones" type = list(string) }
variable "create_public_subnets" { description = "Whether to create public subnets" type = bool default = true }
variable "enable_dns_hostnames" { description = "Enable DNS hostnames in the VPC" type = bool default = true }
variable "enable_dns_support" { description = "Enable DNS support in the VPC" type = bool default = true }
variable "tags" { description = "Tags to apply to all resources" type = map(string) default = {} }

modules/vpc/outputs.tf

modules/vpc/outputs.tf

output "vpc_id" { description = "ID of the VPC" value = aws_vpc.main.id }
output "vpc_cidr_block" { description = "CIDR block of the VPC" value = aws_vpc.main.cidr_block }
output "public_subnet_ids" { description = "Map of availability zones to public subnet IDs" value = { for k, v in aws_subnet.public : k => v.id } }
output "internet_gateway_id" { description = "ID of the internet gateway" value = try(aws_internet_gateway.main[0].id, null) }
output "vpc_id" { description = "ID of the VPC" value = aws_vpc.main.id }
output "vpc_cidr_block" { description = "CIDR block of the VPC" value = aws_vpc.main.cidr_block }
output "public_subnet_ids" { description = "Map of availability zones to public subnet IDs" value = { for k, v in aws_subnet.public : k => v.id } }
output "internet_gateway_id" { description = "ID of the internet gateway" value = try(aws_internet_gateway.main[0].id, null) }

Root configuration using module

Root configuration using module

module "vpc" { source = "./modules/vpc"
name = "production" cidr_block = "10.0.0.0/16" availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
tags = { Environment = "production" ManagedBy = "Terraform" } }
undefined
module "vpc" { source = "./modules/vpc"
name = "production" cidr_block = "10.0.0.0/16" availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
tags = { Environment = "production" ManagedBy = "Terraform" } }
undefined

4. State Migration

4. 状态迁移

Generate Migration Plan

生成迁移计划

hcl
undefined
hcl
undefined

migration.tf

migration.tf

Use moved blocks for state refactoring (Terraform 1.1+)

Use moved blocks for state refactoring (Terraform 1.1+)

moved { from = aws_vpc.main to = module.vpc.aws_vpc.main }
moved { from = aws_subnet.public_1 to = module.vpc.aws_subnet.public["us-east-1a"] }
moved { from = aws_subnet.public_2 to = module.vpc.aws_subnet.public["us-east-1b"] }
moved { from = aws_internet_gateway.main to = module.vpc.aws_internet_gateway.main[0] }
undefined
moved { from = aws_vpc.main to = module.vpc.aws_vpc.main }
moved { from = aws_subnet.public_1 to = module.vpc.aws_subnet.public["us-east-1a"] }
moved { from = aws_subnet.public_2 to = module.vpc.aws_subnet.public["us-east-1b"] }
moved { from = aws_internet_gateway.main to = module.vpc.aws_internet_gateway.main[0] }
undefined

Manual State Migration (Pre-1.1)

手动状态迁移(1.1版本之前)

bash
undefined
bash
undefined

Generate state migration commands

Generate state migration commands

terraform state mv aws_vpc.main module.vpc.aws_vpc.main terraform state mv aws_subnet.public_1 'module.vpc.aws_subnet.public["us-east-1a"]' terraform state mv aws_subnet.public_2 'module.vpc.aws_subnet.public["us-east-1b"]' terraform state mv aws_internet_gateway.main 'module.vpc.aws_internet_gateway.main[0]'
undefined
terraform state mv aws_vpc.main module.vpc.aws_vpc.main terraform state mv aws_subnet.public_1 'module.vpc.aws_subnet.public["us-east-1a"]' terraform state mv aws_subnet.public_2 'module.vpc.aws_subnet.public["us-east-1b"]' terraform state mv aws_internet_gateway.main 'module.vpc.aws_internet_gateway.main[0]'
undefined

5. Module Documentation

5. 模块文档

markdown
undefined
markdown
undefined

VPC Module

VPC Module

Overview

Overview

Creates a VPC with configurable public and private subnets across multiple availability zones.
Creates a VPC with configurable public and private subnets across multiple availability zones.

Features

Features

  • Multi-AZ subnet deployment
  • Optional NAT gateway configuration
  • VPC Flow Logs integration
  • Customizable CIDR allocation
  • Multi-AZ subnet deployment
  • Optional NAT gateway configuration
  • VPC Flow Logs integration
  • Customizable CIDR allocation

Usage

Usage

```hcl module "vpc" { source = "./modules/vpc"
name = "my-vpc" cidr_block = "10.0.0.0/16" availability_zones = ["us-east-1a", "us-east-1b"]
create_public_subnets = true create_private_subnets = true enable_nat_gateway = true
tags = { Environment = "production" } } ```
```hcl module "vpc" { source = "./modules/vpc"
name = "my-vpc" cidr_block = "10.0.0.0/16" availability_zones = ["us-east-1a", "us-east-1b"]
create_public_subnets = true create_private_subnets = true enable_nat_gateway = true
tags = { Environment = "production" } } ```

Requirements

Requirements

NameVersion
terraform>= 1.5.0
aws~> 5.0
NameVersion
terraform>= 1.5.0
aws~> 5.0

Inputs

Inputs

NameDescriptionTypeDefaultRequired
nameName prefix for resources
string
n/ayes
cidr_blockVPC CIDR block
string
n/ayes
availability_zonesList of AZs
list(string)
n/ayes
NameDescriptionTypeDefaultRequired
nameName prefix for resources
string
n/ayes
cidr_blockVPC CIDR block
string
n/ayes
availability_zonesList of AZs
list(string)
n/ayes

Outputs

Outputs

NameDescription
vpc_idVPC identifier
public_subnet_idsMap of public subnet IDs
private_subnet_idsMap of private subnet IDs
NameDescription
vpc_idVPC identifier
public_subnet_idsMap of public subnet IDs
private_subnet_idsMap of private subnet IDs

Examples

Examples

See examples/ directory for complete usage examples.
undefined
See examples/ directory for complete usage examples.
undefined

6. Testing

6. 测试

Use skill terraform-test
Test File: A 
.tftest.hcl
or 
.tftest.json
file containing test configuration and run blocks that validate your Terraform configuration.
Test Block: Optional configuration block that defines test-wide settings (available since Terraform 1.6.0).
Run Block: Defines a single test scenario with optional variables, provider configurations, and assertions. Each test file requires at least one run block.
Assert Block: Contains conditions that must evaluate to true for the test to pass. Failed assertions cause the test to fail.
Mock Provider: Simulates provider behavior without creating real infrastructure (available since Terraform 1.7.0).
Test Modes: Tests run in apply mode (default, creates real infrastructure) or plan mode (validates logic without creating resources).
使用terraform-test技能
测试文件:扩展名为
.tftest.hcl
.tftest.json
的文件,包含验证Terraform配置的测试配置和运行块。
测试块:可选的配置块,定义测试范围的设置(自Terraform 1.6.0起可用)。
运行块:定义单个测试场景,包含可选的变量、提供商配置和断言。每个测试文件至少需要一个运行块。
断言块:包含测试通过必须满足的条件。断言失败会导致测试失败。
模拟提供商:模拟提供商行为,无需创建真实基础设施(自Terraform 1.7.0起可用)。
测试模式:测试以应用模式(默认,创建真实基础设施)或计划模式(验证逻辑,不创建资源)运行。

File Structure

文件结构

Terraform test files use the 
.tftest.hcl
or 
.tftest.json
extension and are typically organized in a 
tests/
directory. Use clear naming conventions to distinguish between unit tests (plan mode) and integration tests (apply mode):
my-module/
├── main.tf
├── variables.tf
├── outputs.tf
└── tests/
    ├── unit_test.tftest.hcl      # Unit test (plan mode)
    └── integration_test.tftest.hcl  # Integration test (apply mode - creates real resources)
Terraform测试文件使用
.tftest.hcl
.tftest.json
扩展名,通常组织在
tests/
目录中。使用清晰的命名约定区分单元测试(计划模式)和集成测试(应用模式):
my-module/
├── main.tf
├── variables.tf
├── outputs.tf
└── tests/
    ├── unit_test.tftest.hcl      # 单元测试(计划模式)
    └── integration_test.tftest.hcl  # 集成测试(应用模式 - 创建真实资源)

Refactoring Patterns

重构模式

Pattern 1: Resource Grouping

模式1:资源分组

Extract related resources into cohesive modules:
  • Networking (VPC, Subnets, Route Tables)
  • Compute (ASG, Launch Templates, Load Balancers)
  • Data (RDS, ElastiCache, S3)
将相关资源提取到内聚的模块中:
  • 网络(VPC、子网、路由表)
  • 计算(ASG、启动模板、负载均衡器)
  • 数据(RDS、ElastiCache、S3)

Pattern 2: Configuration Layering

模式2:配置分层

hcl
undefined
hcl
undefined

Base module with defaults

Base module with defaults

module "vpc_base" { source = "./modules/vpc-base"

Minimal required inputs

}
module "vpc_base" { source = "./modules/vpc-base"

Minimal required inputs

}

Environment-specific wrapper

Environment-specific wrapper

module "vpc_prod" { source = "./modules/vpc-production"

Inherits from base, adds prod-specific config

}
undefined
module "vpc_prod" { source = "./modules/vpc-production"

Inherits from base, adds prod-specific config

}
undefined

Pattern 3: Composition

模式3:组合

hcl
undefined
hcl
undefined

Small, focused modules

Small, focused modules

module "vpc" { source = "./modules/vpc" }
module "security_groups" { source = "./modules/security-groups" vpc_id = module.vpc.vpc_id }
module "application" { source = "./modules/application" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids sg_ids = module.security_groups.app_sg_ids }
undefined
module "vpc" { source = "./modules/vpc" }
module "security_groups" { source = "./modules/security-groups" vpc_id = module.vpc.vpc_id }
module "application" { source = "./modules/application" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids sg_ids = module.security_groups.app_sg_ids }
undefined

Common Pitfalls

常见陷阱

1. Over-Abstraction

1. 过度抽象

hcl
undefined
hcl
undefined

❌ Don't create overly generic modules

❌ Don't create overly generic modules

variable "resources" { type = map(map(any)) # Too flexible, hard to validate }
variable "resources" { type = map(map(any)) # Too flexible, hard to validate }

✅ Do use specific, typed interfaces

✅ Do use specific, typed interfaces

variable "database_config" { type = object({ engine = string instance_class = string }) }
undefined
variable "database_config" { type = object({ engine = string instance_class = string }) }
undefined

2. Tight Coupling

2. 紧密耦合

hcl
undefined
hcl
undefined

❌ Don't couple modules through direct references

❌ Don't couple modules through direct references

module A

module A

output "instance_id" { value = aws_instance.app.id }
output "instance_id" { value = aws_instance.app.id }

module B (in same config)

module B (in same config)

resource "aws_eip" "app" { instance = module.a.instance_id # Tight coupling }
resource "aws_eip" "app" { instance = module.a.instance_id # Tight coupling }

✅ Do pass dependencies through root module

✅ Do pass dependencies through root module

module "compute" { source = "./modules/compute" }
resource "aws_eip" "app" { instance = module.compute.instance_id }
undefined
module "compute" { source = "./modules/compute" }
resource "aws_eip" "app" { instance = module.compute.instance_id }
undefined

3. State Migration Errors

3. 状态迁移错误

Always test migration in non-production first:
bash
undefined
始终先在非生产环境测试迁移:
bash
undefined

Create plan to verify no changes after migration

Create plan to verify no changes after migration

terraform plan -out=migration.tfplan
terraform plan -out=migration.tfplan

Review carefully

Review carefully

terraform show migration.tfplan
terraform show migration.tfplan

Apply only if plan shows no changes

Apply only if plan shows no changes

terraform apply migration.tfplan
undefined
terraform apply migration.tfplan
undefined

Version Control Strategy

版本控制策略

hcl
undefined
hcl
undefined

Use semantic versioning for modules

Use semantic versioning for modules

module "vpc" { source = "git::https://github.com/org/terraform-modules.git//vpc?ref=v1.2.0" version = "~> 1.2" }
module "vpc" { source = "git::https://github.com/org/terraform-modules.git//vpc?ref=v1.2.0" version = "~> 1.2" }

Pin to specific versions in production

Pin to specific versions in production

Use version ranges in development

Use version ranges in development

undefined
undefined

Success Criteria

成功标准

  • Module has single, well-defined responsibility
  • All variables have descriptions and types
  • Validation rules prevent invalid configurations
  • Outputs provide sufficient information for consumers
  • Documentation includes usage examples
  • Tests verify module behavior
  • State migration completed without resource recreation
  • No plan differences after refactoring
  • 模块具有单一、明确的职责
  • 所有变量都有描述和类型
  • 验证规则可防止无效配置
  • 输出为使用者提供足够的信息
  • 文档包含使用示例
  • 测试可验证模块行为
  • 状态迁移完成且无资源重建
  • 重构后计划无差异

Related Skills

相关技能

Resources

参考资源

Revision History

修订历史

VersionDateChanges
1.0.02025-11-07Initial skill definition
版本日期变更
1.0.02025-11-07初始技能定义