Groundwork new workflows (#143)

* Groundwork new workflows

* fix regex

Author: max-lobur

examples/complete/main.tf

@@ -22,14 +22,6 @@ locals {
   # https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/deploy/subnet_discovery.md
   tags = { "kubernetes.io/cluster/${module.label.id}" = "shared" }
 
-  # required tags to make ALB ingress work https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
-  public_subnets_additional_tags = {
-    "kubernetes.io/role/elb" : 1
-  }
-  private_subnets_additional_tags = {
-    "kubernetes.io/role/internal-elb" : 1
-  }
-
   allow_all_ingress_rule = {
     key              = "allow_all_ingress"
     type             = "ingress"

examples/complete/variables.tf

@@ -31,36 +31,6 @@ variable "cluster_log_retention_period" {
   description = "Number of days to retain cluster logs. Requires `enabled_cluster_log_types` to be set. See https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html."
 }
 
-variable "map_additional_aws_accounts" {
-  description = "Additional AWS account numbers to add to `config-map-aws-auth` ConfigMap"
-  type        = list(string)
-  default     = []
-}
-
-variable "map_additional_iam_roles" {
-  description = "Additional IAM roles to add to `config-map-aws-auth` ConfigMap"
-
-  type = list(object({
-    rolearn  = string
-    username = string
-    groups   = list(string)
-  }))
-
-  default = []
-}
-
-variable "map_additional_iam_users" {
-  description = "Additional IAM users to add to `config-map-aws-auth` ConfigMap"
-
-  type = list(object({
-    userarn  = string
-    username = string
-    groups   = list(string)
-  }))
-
-  default = []
-}
-
 variable "oidc_provider_enabled" {
   type        = bool
   default     = true
@@ -125,18 +95,6 @@ variable "min_size" {
   description = "The minimum size of the AutoScaling Group"
 }
 
-variable "launch_template_id" {
-  type        = string
-  description = "The ID of a custom launch template to use for the EKS node group."
-  default     = null
-}
-
-variable "launch_template_version" {
-  type        = string
-  description = "A specific version of the above specific launch template"
-  default     = null
-}
-
 variable "before_cluster_joining_userdata" {
   type        = string
   default     = ""

iam.tf

@@ -1,6 +1,6 @@
 locals {
   create_role           = local.enabled && length(var.node_role_arn) == 0
-  aws_policy_prefix     = local.create_role ? format("arn:%s:iam::aws:policy", join("", data.aws_partition.current.*.partition)) : ""
+  aws_policy_prefix     = local.create_role ? format("arn:%s:iam::aws:policy", join("", data.aws_partition.current[*].partition)) : ""
   node_role_policy_arns = sort(var.node_role_policy_arns)
 }
 
@@ -25,27 +25,27 @@ data "aws_iam_policy_document" "assume_role" {
 resource "aws_iam_role" "default" {
   count                = local.create_role ? 1 : 0
   name                 = module.label.id
-  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role.*.json)
+  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role[*].json)
   permissions_boundary = var.node_role_permissions_boundary
   tags                 = module.label.tags
 }
 
 resource "aws_iam_role_policy_attachment" "amazon_eks_worker_node_policy" {
   count      = local.create_role ? 1 : 0
   policy_arn = format("%s/%s", local.aws_policy_prefix, "AmazonEKSWorkerNodePolicy")
-  role       = join("", aws_iam_role.default.*.name)
+  role       = join("", aws_iam_role.default[*].name)
 }
 
 resource "aws_iam_role_policy_attachment" "amazon_ec2_container_registry_read_only" {
   count      = local.create_role ? 1 : 0
   policy_arn = format("%s/%s", local.aws_policy_prefix, "AmazonEC2ContainerRegistryReadOnly")
-  role       = join("", aws_iam_role.default.*.name)
+  role       = join("", aws_iam_role.default[*].name)
 }
 
 resource "aws_iam_role_policy_attachment" "existing_policies_for_eks_workers_role" {
   count      = local.create_role ? length(var.node_role_policy_arns) : 0
   policy_arn = local.node_role_policy_arns[count.index]
-  role       = join("", aws_iam_role.default.*.name)
+  role       = join("", aws_iam_role.default[*].name)
 }
 
 # Create a CNI policy that is a merger of AmazonEKS_CNI_Policy and required IPv6 permissions
@@ -79,7 +79,7 @@ data "aws_iam_policy_document" "ipv6_eks_cni_policy" {
       "ec2:CreateTags"
     ]
     resources = [
-      "arn:${join("", data.aws_partition.current.*.partition)}:ec2:*:*:network-interface/*"
+      "arn:${join("", data.aws_partition.current[*].partition)}:ec2:*:*:network-interface/*"
     ]
   }
 }
@@ -88,13 +88,13 @@ resource "aws_iam_policy" "ipv6_eks_cni_policy" {
   count = local.create_role && var.node_role_cni_policy_enabled ? 1 : 0
 
   name   = "${module.this.id}-CNI_Policy"
-  policy = join("", data.aws_iam_policy_document.ipv6_eks_cni_policy.*.json)
+  policy = join("", data.aws_iam_policy_document.ipv6_eks_cni_policy[*].json)
 }
 
 resource "aws_iam_role_policy_attachment" "ipv6_eks_cni_policy" {
   count = local.create_role && var.node_role_cni_policy_enabled ? 1 : 0
 
-  policy_arn = join("", aws_iam_policy.ipv6_eks_cni_policy.*.arn)
-  role       = join("", aws_iam_role.default.*.name)
+  policy_arn = join("", aws_iam_policy.ipv6_eks_cni_policy[*].arn)
+  role       = join("", aws_iam_role.default[*].name)
 }
 

main.tf

@@ -71,7 +71,7 @@ locals {
   is_windows = can(regex("WINDOWS", var.ami_type))
   ng = {
     cluster_name  = var.cluster_name
-    node_role_arn = local.create_role ? join("", aws_iam_role.default.*.arn) : try(var.node_role_arn[0], null)
+    node_role_arn = local.create_role ? join("", aws_iam_role.default[*].arn) : try(var.node_role_arn[0], null)
     # Keep sorted so that change in order does not trigger replacement via random_pet
     subnet_ids = sort(var.subnet_ids)
     # Always supply instance types via the node group, not the launch template,
@@ -202,7 +202,7 @@ resource "aws_eks_node_group" "default" {
 # except for count, lifecycle, and node_group_name.
 resource "aws_eks_node_group" "cbd" {
   count           = local.enabled && var.create_before_destroy ? 1 : 0
-  node_group_name = format("%v%v%v", module.label.id, module.label.delimiter, join("", random_pet.cbd.*.id))
+  node_group_name = format("%v%v%v", module.label.id, module.label.delimiter, join("", random_pet.cbd[*].id))
 
   lifecycle {
     create_before_destroy = true

outputs.tf

@@ -1,41 +1,41 @@
 output "eks_node_group_role_arn" {
   description = "ARN of the worker nodes IAM role"
-  value       = join("", aws_iam_role.default.*.arn)
+  value       = join("", aws_iam_role.default[*].arn)
 }
 
 output "eks_node_group_role_name" {
   description = "Name of the worker nodes IAM role"
-  value       = join("", aws_iam_role.default.*.name)
+  value       = join("", aws_iam_role.default[*].name)
 }
 
 output "eks_node_group_id" {
   description = "EKS Cluster name and EKS Node Group name separated by a colon"
-  value       = join("", aws_eks_node_group.default.*.id, aws_eks_node_group.cbd.*.id)
+  value       = join("", aws_eks_node_group.default[*].id, aws_eks_node_group.cbd[*].id)
 }
 
 output "eks_node_group_arn" {
   description = "Amazon Resource Name (ARN) of the EKS Node Group"
-  value       = join("", aws_eks_node_group.default.*.arn, aws_eks_node_group.cbd.*.arn)
+  value       = join("", aws_eks_node_group.default[*].arn, aws_eks_node_group.cbd[*].arn)
 }
 
 output "eks_node_group_resources" {
   description = "List of objects containing information about underlying resources of the EKS Node Group"
-  value       = local.enabled ? (var.create_before_destroy ? aws_eks_node_group.cbd.*.resources : aws_eks_node_group.default.*.resources) : []
+  value       = local.enabled ? (var.create_before_destroy ? aws_eks_node_group.cbd[*].resources : aws_eks_node_group.default[*].resources) : []
 }
 
 output "eks_node_group_status" {
   description = "Status of the EKS Node Group"
-  value       = join("", aws_eks_node_group.default.*.status, aws_eks_node_group.cbd.*.status)
+  value       = join("", aws_eks_node_group.default[*].status, aws_eks_node_group.cbd[*].status)
 }
 
 output "eks_node_group_remote_access_security_group_id" {
   description = "The ID of the security group generated to allow SSH access to the nodes, if this module generated one"
-  value       = join("", module.ssh_access.*.id)
+  value       = join("", module.ssh_access[*].id)
 }
 
 output "eks_node_group_cbd_pet_name" {
   description = "The pet name of this node group, if this module generated one"
-  value       = join("", random_pet.cbd.*.id)
+  value       = join("", random_pet.cbd[*].id)
 }
 
 output "eks_node_group_launch_template_id" {
@@ -45,7 +45,7 @@ output "eks_node_group_launch_template_id" {
 
 output "eks_node_group_launch_template_name" {
   description = "The name of the launch template used for this node group"
-  value       = local.enabled ? (local.fetch_launch_template ? join("", data.aws_launch_template.this.*.name) : join("", aws_launch_template.default.*.name)) : null
+  value       = local.enabled ? (local.fetch_launch_template ? join("", data.aws_launch_template.this[*].name) : join("", aws_launch_template.default[*].name)) : null
 }
 
 output "eks_node_group_tags_all" {