wip

lab/_envcommon/helm-provider.hcl

@@ -1,34 +1,30 @@
-dependency "eks" {
-  config_path = "${get_original_terragrunt_dir()}/../eks"
-  # mock_outputs_allowed_terraform_commands = ["plan", "validate"]
-  mock_outputs = {
-    cluster_name = "a-cluster-name"
+generate "helm-provider" {
+  path      = "helm-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+%{if startswith(local.module_name, "tfmod-eks-") ~}
+provider "helm" {
+  kubernetes {
+    host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
+    cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
+    }
   }
 }
 
-inputs = {
-  cluster_name = dependency.eks.outputs.cluster_name
-}
+data "aws_eks_cluster" "this" {
+  name = local.cluster_name
 
-# Generate a k8s provider block
-generate "helm_provider" {
-  path      = "helm-provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<-EOF
-%{if "${dependency.eks.outputs.cluster_name}" != "a-cluster-name" ~}
-  data "aws_eks_cluster" "helm" {
-    name = "${dependency.eks.outputs.cluster_name}"
-  }
-  data "aws_eks_cluster_auth" "helm" {
-    name = "${dependency.eks.outputs.cluster_name}"
-  }
-  provider "helm" {
-    kubernetes {
-      host                   = data.aws_eks_cluster.helm.endpoint
-      cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm.certificate_authority[0].data)
-      token                  = data.aws_eks_cluster_auth.helm.token
+  lifecycle {
+    postcondition {
+      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
+      error_message = "EKS cluster must be active to use this provider"
     }
   }
-%{ endif ~}
+}
+%{endif~}
 EOF
 }

lab/_envcommon/kube-provider.hcl

@@ -1,19 +1,28 @@
-%{if cluster_name != "a-cluster-name"~}
-data "aws_eks_cluster" "kube" {
-  name = "${cluster_name}"
+generate "kube-provider" {
+  path      = "kube-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+%{ if startswith(local.module_name, "tfmod-eks-") ~}
+provider "kubernetes" {
+  host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
+  cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
+  }
 }
-data "aws_eks_cluster_auth" "kube" {
-  name = "${cluster_name}"
+
+data "aws_eks_cluster" "this" {
+  name = local.cluster_name
+
+  lifecycle {
+    postcondition {
+      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
+      error_message = "EKS cluster must be active to use this provider"
+    }
+  }
 }
-%{endif~}
-provider "kubernetes" {
-  %{if cluster_name != "a-cluster-name"~}
-  host                   = data.aws_eks_cluster.kube.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube.certificate_authority[0].data)
-  token                  = data.aws_eks_cluster_auth.kube.token
-  %{else~}
-  host                   = ""
-  cluster_ca_certificate = ""
-  token                  = ""
-  %{endif~}
+%{ endif }
+EOF
 }

lab/root.hcl

@@ -40,7 +40,7 @@ locals {
   state_table_name    = local.common_vars.locals.state_table_name
   terraform           = local.cluster_vars.locals.terraform
   terragrunt          = local.cluster_vars.locals.terragrunt
-  module_name         = trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")
+  module_name         = get_original_terragrunt_dir()
 }
 
 # Configure Terragrunt to automatically store tfstate files in an S3 bucket
@@ -65,7 +65,7 @@ remote_state {
     enable_lock_table_ssencryption     = false # use only if non-encrypted DynamoDB Lock Table for the OpenTofu/Terraform State is required and/or the NoSQL database service does not support server-side encryption
   }
 }
-# https://github.com/gruntwork-io/terragrunt/issues/2726
+
 # Generate an AWS provider block
 generate "aws-provider" {
   path      = "aws-provider.tf"
@@ -76,6 +76,8 @@ generate "aws-provider" {
     profile = "${local.aws_profile}"
     default_tags {
       tags = {
+        cluster_name = "${local.cluster_name}"
+        module_name = "${local.module_name}"
         created_by = "${local.creator}"
         created_for = "${local.creator}"
         created_reason = "${local.created_reason}"
@@ -103,18 +105,6 @@ include "kube_provider" {
   path = "${dirname(find_in_parent_folders())}/_envcommon/kube-provider.hcl"
 }
 
-generate "variables" {
-  path      = "variables.tf"
-  if_exists = "overwrite"
-  contents  = <<-EOF
-variable "create_eks" {
-  description = "Controls if EKS cluster should be created (affects all AWS resources)"
-  type        = bool
-  default     = true
-}
-EOF
-}
-
 # ---------------------------------------------------------------------------------------------------------------------
 # GLOBAL PARAMETERS
 # These variables apply to all configurations in this subfolder. These are automatically merged into the child