wip

SCT-Engineering · Feb 8, 2025 · 6d3740d · 6d3740d
1 parent 4a7abfb
commit 6d3740d
Show file tree

Hide file tree

Showing 4 changed files with 1,466 additions and 46 deletions.
diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl
@@ -1,21 +1,30 @@
-%{if cluster_name != "a-cluster-name"~}
-data "aws_eks_cluster" "helm" {
-  name = "${cluster_name}"
-}
-data "aws_eks_cluster_auth" "helm" {
-  name = "${cluster_name}"
-}
-%{endif~}
+generate "helm-provider" {
+  path      = "helm-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+%{if startswith(local.module_name, "tfmod-eks-") ~}
 provider "helm" {
   kubernetes {
-  %{if cluster_name != "a-cluster-name"~}
-    host                   = data.aws_eks_cluster.helm.endpoint
-    cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm.certificate_authority[0].data)
-    token                  = data.aws_eks_cluster_auth.helm.token
-  %{else~}
-    host                   = ""
-    cluster_ca_certificate = ""
-    token                  = ""
-  %{endif~}
+    host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
+    cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
+    }
   }
 }
+
+data "aws_eks_cluster" "this" {
+  name = local.cluster_name
+
+  lifecycle {
+    postcondition {
+      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
+      error_message = "EKS cluster must be active to use this provider"
+    }
+  }
+}
+%{endif~}
+EOF
+}
diff --git a/lab/_envcommon/kube-provider.hcl b/lab/_envcommon/kube-provider.hcl
@@ -1,19 +1,28 @@
-%{if cluster_name != "a-cluster-name"~}
-data "aws_eks_cluster" "kube" {
-  name = "${cluster_name}"
+generate "kube-provider" {
+  path      = "kube-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+%{ if startswith(local.module_name, "tfmod-eks-") ~}
+provider "kubernetes" {
+  host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
+  cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
+  }
 }
-data "aws_eks_cluster_auth" "kube" {
-  name = "${cluster_name}"
+
+data "aws_eks_cluster" "this" {
+  name = local.cluster_name
+
+  lifecycle {
+    postcondition {
+      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
+      error_message = "EKS cluster must be active to use this provider"
+    }
+  }
 }
-%{endif~}
-provider "kubernetes" {
-  %{if cluster_name != "a-cluster-name"~}
-  host                   = data.aws_eks_cluster.kube.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube.certificate_authority[0].data)
-  token                  = data.aws_eks_cluster_auth.kube.token
-  %{else~}
-  host                   = ""
-  cluster_ca_certificate = ""
-  token                  = ""
-  %{endif~}
+%{ endif }
+EOF
 }
diff --git a/lab/root.hcl b/lab/root.hcl
@@ -40,6 +40,7 @@ locals {
   state_table_name    = local.common_vars.locals.state_table_name
   terraform           = local.cluster_vars.locals.terraform
   terragrunt          = local.cluster_vars.locals.terragrunt
+  module_name         = get_original_terragrunt_dir()
 }
 
 # Configure Terragrunt to automatically store tfstate files in an S3 bucket
@@ -64,7 +65,7 @@ remote_state {
     enable_lock_table_ssencryption     = false # use only if non-encrypted DynamoDB Lock Table for the OpenTofu/Terraform State is required and/or the NoSQL database service does not support server-side encryption
   }
 }
-# https://github.com/gruntwork-io/terragrunt/issues/2726
+
 # Generate an AWS provider block
 generate "aws-provider" {
   path      = "aws-provider.tf"
@@ -75,6 +76,8 @@ generate "aws-provider" {
     profile = "${local.aws_profile}"
     default_tags {
       tags = {
+        cluster_name = "${local.cluster_name}"
+        module_name = "${local.module_name}"
         created_by = "${local.creator}"
         created_for = "${local.creator}"
         created_reason = "${local.created_reason}"
@@ -94,20 +97,12 @@ generate "aws-provider" {
 EOF
 }
 
-generate "helm_provider" {
-  path      = "helm-provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = templatefile("${get_repo_root()}/lab/_envcommon/helm-provider.hcl", {
-    cluster_name = local.cluster_name
-  })
+include "helm_provider" {
+  path = "${dirname(find_in_parent_folders())}/_envcommon/helm-provider.hcl"
 }
 
-generate "kube_provider" {
-  path      = "kube-provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = templatefile("${get_repo_root()}/lab/_envcommon/kube-provider.hcl", {
-    cluster_name = local.cluster_name
-  })
+include "kube_provider" {
+  path = "${dirname(find_in_parent_folders())}/_envcommon/kube-provider.hcl"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------