feat: support generic adoption variables

.github/workflows/terraform.yml

@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.1.x
+          terraform_version: "1.5.5"
 
       - name: Terraform fmt
         run: terraform fmt -recursive -write=false -check -diff .
@@ -27,13 +27,13 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform_version: [1.1.x]
+        terraform_version: ["1.5.5"]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Terraform ${{ matrix.terraform_version }}
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ matrix.terraform_version }}
 

aws_load_balancer_controller.tf

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 data "aws_iam_policy_document" "aws_load_balancer_controller" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "iam:CreateServiceLinkedRole",
@@ -237,6 +239,8 @@ data "aws_iam_policy_document" "aws_load_balancer_controller" {
 }
 
 data "aws_iam_policy_document" "aws_load_balancer_controller_sts" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "sts:AssumeRoleWithWebIdentity"
@@ -258,7 +262,7 @@ resource "aws_iam_role" "aws_load_balancer_controller" {
   count                = var.enable_resource_creation ? 1 : 0
   name                 = format("%s-lbc-role", module.eks.cluster_id)
   description          = format("Role used by IRSA and the KSA aws-load-balancer-controller on StreamNative Cloud EKS cluster %s", module.eks.cluster_id)
-  assume_role_policy   = data.aws_iam_policy_document.aws_load_balancer_controller_sts.json
+  assume_role_policy   = data.aws_iam_policy_document.aws_load_balancer_controller_sts.0.json
   path                 = "/StreamNative/"
   permissions_boundary = var.permissions_boundary_arn
   tags                 = local.tags
@@ -275,7 +279,7 @@ resource "aws_iam_policy" "aws_load_balancer_controller" {
   name        = format("%s-AWSLoadBalancerControllerPolicy", module.eks.cluster_id)
   description = "Policy that defines the permissions for the AWS Load Balancer Controller addon service running in a StreamNative Cloud EKS cluster"
   path        = "/StreamNative/"
-  policy      = data.aws_iam_policy_document.aws_load_balancer_controller.json
+  policy      = data.aws_iam_policy_document.aws_load_balancer_controller.0.json
   tags        = local.tags
 }
 

cert_manager.tf

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 data "aws_iam_policy_document" "cert_manager" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     sid = "Changes"
     actions = [
@@ -49,6 +51,8 @@ data "aws_iam_policy_document" "cert_manager" {
 }
 
 data "aws_iam_policy_document" "cert_manager_sts" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "sts:AssumeRoleWithWebIdentity"
@@ -70,7 +74,7 @@ resource "aws_iam_role" "cert_manager" {
   count                = var.enable_resource_creation ? 1 : 0
   name                 = format("%s-cm-role", module.eks.cluster_id)
   description          = format("Role assumed by IRSA and the KSA cert-manager on StreamNative Cloud EKS cluster %s", module.eks.cluster_id)
-  assume_role_policy   = data.aws_iam_policy_document.cert_manager_sts.json
+  assume_role_policy   = data.aws_iam_policy_document.cert_manager_sts.0.json
   path                 = "/StreamNative/"
   permissions_boundary = var.permissions_boundary_arn
   tags                 = local.tags
@@ -87,7 +91,7 @@ resource "aws_iam_policy" "cert_manager" {
   name        = format("%s-CertManagerPolicy", module.eks.cluster_id)
   description = "Policy that defines the permissions for the Cert-Manager addon service running in a StreamNative Cloud EKS cluster"
   path        = "/StreamNative/"
-  policy      = data.aws_iam_policy_document.cert_manager.json
+  policy      = data.aws_iam_policy_document.cert_manager.0.json
   tags        = local.tags
 }
 

cluster_autoscaler.tf

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 data "aws_iam_policy_document" "cluster_autoscaler" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     effect = "Allow"
 
@@ -51,6 +53,8 @@ data "aws_iam_policy_document" "cluster_autoscaler" {
 }
 
 data "aws_iam_policy_document" "cluster_autoscaler_sts" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "sts:AssumeRoleWithWebIdentity"
@@ -77,7 +81,7 @@ resource "aws_iam_role" "cluster_autoscaler" {
   count                = var.enable_resource_creation ? 1 : 0
   name                 = format("%s-ca-role", module.eks.cluster_id)
   description          = format("Role used by IRSA and the KSA cluster-autoscaler on StreamNative Cloud EKS cluster %s", module.eks.cluster_id)
-  assume_role_policy   = data.aws_iam_policy_document.cluster_autoscaler_sts.json
+  assume_role_policy   = data.aws_iam_policy_document.cluster_autoscaler_sts.0.json
   path                 = "/StreamNative/"
   permissions_boundary = var.permissions_boundary_arn
   tags                 = local.tags
@@ -94,7 +98,7 @@ resource "aws_iam_policy" "cluster_autoscaler" {
   name        = format("%s-ClusterAutoscalerPolicy", module.eks.cluster_id)
   description = "Policy that defines the permissions for the Cluster Autoscaler addon service running in a StreamNative Cloud EKS cluster"
   path        = "/StreamNative/"
-  policy      = data.aws_iam_policy_document.cluster_autoscaler.json
+  policy      = data.aws_iam_policy_document.cluster_autoscaler.0.json
   tags        = local.tags
 }
 

csi.tf

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 data "aws_iam_policy_document" "csi" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "ec2:CreateSnapshot",
@@ -142,6 +144,8 @@ data "aws_iam_policy_document" "csi" {
 }
 
 data "aws_iam_policy_document" "csi_sts" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "sts:AssumeRoleWithWebIdentity"
@@ -168,7 +172,7 @@ resource "aws_iam_role" "csi" {
   count                = var.enable_resource_creation ? 1 : 0
   name                 = format("%s-csi-role", module.eks.cluster_id)
   description          = format("Role used by IRSA and the KSA ebs-csi-controller-sa on StreamNative Cloud EKS cluster %s", module.eks.cluster_id)
-  assume_role_policy   = data.aws_iam_policy_document.csi_sts.json
+  assume_role_policy   = data.aws_iam_policy_document.csi_sts.0.json
   path                 = "/StreamNative/"
   permissions_boundary = var.permissions_boundary_arn
   tags                 = local.tags
@@ -185,7 +189,7 @@ resource "aws_iam_policy" "csi" {
   name        = format("%s-CsiPolicy", module.eks.cluster_id)
   description = "Policy that defines the permissions for the EBS Container Storage Interface CSI addon service running in a StreamNative Cloud EKS cluster"
   path        = "/StreamNative/"
-  policy      = data.aws_iam_policy_document.csi.json
+  policy      = data.aws_iam_policy_document.csi.0.json
   tags        = local.tags
 }
 

examples/example-with-vpc/main.tf

@@ -35,11 +35,11 @@ terraform {
 ### These data sources are required by the Kubernetes and Helm providers in order to connect to the newly provisioned cluster
 #######
 data "aws_eks_cluster" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 data "aws_caller_identity" "current" {}

examples/root-example/main.tf

@@ -25,11 +25,11 @@ variable "region" {
 ### These data sources are required by the Kubernetes and Helm providers in order to connect to the newly provisioned cluster
 #######
 data "aws_eks_cluster" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 provider "aws" {

examples/streamnative-platform/main.tf

@@ -47,11 +47,11 @@ provider "kubernetes" {
 }
 
 data "aws_eks_cluster" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = module.sn_cluster.eks_cluster_id
+  name = module.sn_cluster.eks_cluster_name
 }
 
 data "aws_caller_identity" "current" {}
@@ -131,7 +131,7 @@ module "sn_bootstrap" {
 module "sn_tiered_storage_resources" {
   source = "github.com/streamnative/terraform-aws-cloud//modules/tiered-storage-resources?ref=v2.2.4-alpha"
 
-  cluster_name     = module.sn_cluster.eks_cluster_id
+  cluster_name     = module.sn_cluster.eks_cluster_name
   oidc_issuer      = module.sn_cluster.eks_cluster_identity_oidc_issuer_string
   pulsar_namespace = local.pulsar_namespace
 
@@ -151,7 +151,7 @@ module "sn_tiered_storage_resources" {
 module "sn_tiered_storage_vault_resources" {
   source = "github.com/streamnative/terraform-aws-cloud//modules/vault-resources?ref=v2.2.4-alpha"
 
-  cluster_name     = module.sn_cluster.eks_cluster_id
+  cluster_name     = module.sn_cluster.eks_cluster_name
   oidc_issuer      = module.sn_cluster.eks_cluster_identity_oidc_issuer_string
   pulsar_namespace = local.pulsar_namespace
 
@@ -183,11 +183,11 @@ output "cleanup_for_destroying_cluster" {
 }
 
 output "connect_to_cluster" {
-  value = format("aws eks update-kubeconfig --name %s --kubeconfig ~/.kube/config --region %s", module.sn_cluster.eks_cluster_id, local.region)
+  value = format("aws eks update-kubeconfig --name %s --kubeconfig ~/.kube/config --region %s", module.sn_cluster.eks_cluster_name, local.region)
 }
 
-output "eks_cluster_id" {
-  value = module.sn_cluster.eks_cluster_id
+output "eks_cluster_name" {
+  value = module.sn_cluster.eks_cluster_name
 }
 
 output "vpc_id" {

external_dns.tf

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 data "aws_iam_policy_document" "external_dns" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     sid = "ChangeResourceRecordSets"
     actions = [
@@ -39,6 +41,8 @@ data "aws_iam_policy_document" "external_dns" {
 }
 
 data "aws_iam_policy_document" "external_dns_sts" {
+  count = var.enable_resource_creation ? 1 : 0
+
   statement {
     actions = [
       "sts:AssumeRoleWithWebIdentity"
@@ -60,7 +64,7 @@ resource "aws_iam_role" "external_dns" {
   count                = var.enable_resource_creation ? 1 : 0
   name                 = format("%s-extdns-role", module.eks.cluster_id)
   description          = format("Role used by IRSA and the KSA external-dns on StreamNative Cloud EKS cluster %s", module.eks.cluster_id)
-  assume_role_policy   = data.aws_iam_policy_document.external_dns_sts.json
+  assume_role_policy   = data.aws_iam_policy_document.external_dns_sts.0.json
   path                 = "/StreamNative/"
   permissions_boundary = var.permissions_boundary_arn
   tags                 = local.tags
@@ -77,7 +81,7 @@ resource "aws_iam_policy" "external_dns" {
   name        = format("%s-ExternalDnsPolicy", module.eks.cluster_id)
   description = "Policy that defines the permissions for the ExternalDNS addon service running in a StreamNative Cloud EKS cluster"
   path        = "/StreamNative/"
-  policy      = data.aws_iam_policy_document.external_dns.json
+  policy      = data.aws_iam_policy_document.external_dns.0.json
   tags        = local.tags
 }