Merge pull request #7 from jverce/remove-deprecated-function-calls

Refactor usage of deprecated `list` function

Author: ivankatliarchuk

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.1.0
+  rev: v3.4.0
   hooks:
   - id: check-added-large-files
     args: ['--maxkb=500']
@@ -17,7 +17,7 @@ repos:
   - id: detect-aws-credentials
     args: ['--allow-missing-credentials']
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.31.0
+  rev: v1.50.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs

.terraform.lock.hcl

@@ -1,5 +1,4 @@
 config {
-  deep_check = false
   ignore_module = {}
   varfile = []
 }

.tflint.hcl

@@ -117,52 +117,72 @@ Here's the gist of using it directly from github.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12 |
-| helm | >= 1.2 |
-| kubernetes | >= 1.11.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 1.2 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 1.11.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
-| helm | >= 1.2 |
-| kubernetes | >= 1.11.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 1.2 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 1.11.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| app | A Release is an instance of a chart running in a Kubernetes cluster. | `map` | `{}` | no |
-| app\_deploy | Whether or not to deploy app | `bool` | `true` | no |
-| bucket | Backup and Restore bucket. | `string` | n/a | yes |
-| cluster\_name | Cluster name. | `string` | n/a | yes |
-| description | Namespace description | `string` | `"velero-back-up-and-restore"` | no |
-| iam\_deploy | Whether or not to deploy iam role | `bool` | `true` | no |
-| iam\_role\_name | Name of the Velero IAM role | `string` | `""` | no |
-| name | Namespace name | `string` | `"velero"` | no |
-| namespace\_deploy | Whether or not to deploy namespace | `bool` | `false` | no |
-| openid\_connect\_provider\_uri | OpenID Connect Provider for EKS to enable IRSA. | `string` | n/a | yes |
-| repository | VMware Tanzu repository for Helm repos. | `string` | `"https://vmware-tanzu.github.io/helm-charts"` | no |
-| tags | A mapping of tags to assign to the object. | `map` | `{}` | no |
-| values | List of values in raw yaml to pass to helm. Values will be merged. | `list(string)` | n/a | yes |
+| <a name="input_app"></a> [app](#input\_app) | A Release is an instance of a chart running in a Kubernetes cluster. | `map(any)` | `{}` | no |
+| <a name="input_app_deploy"></a> [app\_deploy](#input\_app\_deploy) | Whether or not to deploy app | `bool` | `true` | no |
+| <a name="input_bucket"></a> [bucket](#input\_bucket) | Backup and Restore bucket. | `string` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Cluster name. | `string` | n/a | yes |
+| <a name="input_description"></a> [description](#input\_description) | Namespace description | `string` | `"velero-back-up-and-restore"` | no |
+| <a name="input_iam_deploy"></a> [iam\_deploy](#input\_iam\_deploy) | whther or not to deploy iam role | `bool` | `true` | no |
+| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of the Velero IAM role | `string` | `""` | no |
+| <a name="input_name"></a> [name](#input\_name) | Installation name | `string` | `"velero"` | no |
+| <a name="input_namespace_deploy"></a> [namespace\_deploy](#input\_namespace\_deploy) | Whether or not to deploy namespace | `bool` | `false` | no |
+| <a name="input_namespace_name"></a> [namespace\_name](#input\_namespace\_name) | Kubernetes namespace name | `string` | `null` | no |
+| <a name="input_openid_connect_provider_uri"></a> [openid\_connect\_provider\_uri](#input\_openid\_connect\_provider\_uri) | OpenID Connect Provider for EKS to enable IRSA. | `string` | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | VMware Tanzu repository for Helm repos. | `string` | `"https://vmware-tanzu.github.io/helm-charts"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the object. | `map(any)` | `{}` | no |
+| <a name="input_values"></a> [values](#input\_values) | List of values in raw yaml to pass to helm. Values will be merged. | `list(string)` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| namespace\_name | Namespace name |
-
+| <a name="output_namespace_name"></a> [namespace\_name](#output\_namespace\_name) | Namespace name |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Commands
 
 <!-- START makefile-doc -->
 ```
-$ make help
+$ make help 
+make[1]: Entering directory '/home/jay/dev/altitude-sports/terraform-kubernetes-velero'
 hooks                          Commit hooks setup
 validate                       Validate with pre-commit hooks
 changelog                      Update changelog
+make[1]: Leaving directory '/home/jay/dev/altitude-sports/terraform-kubernetes-velero' 
 ```
 <!-- END makefile-doc -->
 

README.md

@@ -1,4 +1,4 @@
-data aws_iam_policy_document assume_role {
+data "aws_iam_policy_document" "assume_role" {
   statement {
     sid = "serviceaccount"
 
@@ -22,7 +22,7 @@ data aws_iam_policy_document assume_role {
   }
 }
 
-data aws_iam_policy_document policy {
+data "aws_iam_policy_document" "policy" {
   statement {
     sid = "ec2"
 
@@ -61,9 +61,9 @@ data aws_iam_policy_document policy {
   }
 }
 
-resource aws_iam_role this {
-  count              = var.iam_deploy ? 1 : 0
-  name               = var.iam_role_name == "" ? format("%s-%s", var.cluster_name, var.name) : var.iam_role_name
+resource "aws_iam_role" "this" {
+  count = var.iam_deploy ? 1 : 0
+  name  = var.iam_role_name == "" ? format("%s-%s", var.cluster_name, var.name) : var.iam_role_name
 
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
   tags = merge(var.tags,
@@ -73,7 +73,7 @@ resource aws_iam_role this {
   )
 }
 
-resource aws_iam_role_policy this {
+resource "aws_iam_role_policy" "this" {
   count  = var.iam_deploy ? 1 : 0
   name   = format("%s-%s", var.cluster_name, var.name)
   role   = element(aws_iam_role.this.*.id, 0)

iam.tf

@@ -1,4 +1,5 @@
 locals {
-  namespace  = element(concat([for entry in kubernetes_namespace.this : entry.id], list("")), 0)
-  account_id = data.aws_caller_identity.current.account_id
+  namespace_name = coalesce(var.namespace_name, var.name)
+  namespace      = data.kubernetes_namespace.this.metadata[0].name
+  account_id     = data.aws_caller_identity.current.account_id
 }

locals.tf

@@ -1,17 +1,29 @@
-resource kubernetes_namespace this {
+resource "kubernetes_namespace" "this" {
   count = var.namespace_deploy ? 1 : 0
 
   metadata {
-    name = var.name
+    name = local.namespace_name
 
     labels = {
-      name        = var.name
+      name        = local.namespace_name
       description = var.description
     }
   }
 }
 
-resource helm_release this {
+# Retrieving this data will ensure that the target Kubernetes namespace exists
+# before proceeding.
+data "kubernetes_namespace" "this" {
+  metadata {
+    name = local.namespace_name
+  }
+
+  depends_on = [
+    kubernetes_namespace.this,
+  ]
+}
+
+resource "helm_release" "this" {
   count = var.app_deploy ? 1 : 0
 
   name       = var.name
@@ -26,12 +38,12 @@ resource helm_release this {
   lint          = lookup(var.app, "lint", true)
   version       = lookup(var.app, "version", "2.13.2")
 
-  values = concat(var.values, list(<<EOF
-serviceAccount:
-  server:
-    create: true
-    annotations:
-      eks.amazonaws.com/role-arn: "${aws_iam_role.this.arn}"
-EOF
-  ))
+  values = concat(
+    var.values,
+    tolist([
+      templatefile("${path.module}/value_templates/serviceaccount.template.yaml", {
+        EKS_ROLE_ARN = aws_iam_role.this[0].arn
+      }),
+    ]),
+  )
 }

main.tf

@@ -0,0 +1,5 @@
+serviceAccount:
+  server:
+    create: true
+    annotations:
+      eks.amazonaws.com/role-arn: '${EKS_ROLE_ARN}'

value_templates/serviceaccount.template.yaml

@@ -23,7 +23,13 @@ variable "iam_deploy" {
 
 variable "name" {
   default     = "velero"
-  description = "Namespace name"
+  description = "Installation name"
+  type        = string
+}
+
+variable "namespace_name" {
+  default     = null
+  description = "Kubernetes namespace name"
   type        = string
 }
 

variables.tf

@@ -2,7 +2,8 @@ terraform {
   required_version = ">= 0.12"
 
   required_providers {
-    kubernetes = ">= 1.11.0"
+    aws        = ">= 3.0"
     helm       = ">= 1.2"
+    kubernetes = ">= 1.11.0"
   }
 }