maybe works?

SCT-Engineering · Feb 12, 2025 · 9013e98 · 9013e98
1 parent 2187382
commit 9013e98
Show file tree

Hide file tree

Showing 16 changed files with 105 additions and 1,477 deletions.
diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl
@@ -1,30 +1,36 @@
-generate "helm-provider" {
-  path      = "helm-provider.tf"
-  if_exists = "overwrite"
-  contents  = <<-EOF
-%{if startswith(local.module_name, "tfmod-eks-") ~}
-provider "helm" {
-  kubernetes {
-    host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
-    cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
-    exec {
-      api_version = "client.authentication.k8s.io/v1beta1"
-      command     = "aws"
-      args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
-    }
+dependency "eks" {
+  config_path                             = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+    region       = "an-aws-region"
   }
 }
 
-data "aws_eks_cluster" "this" {
-  name = local.cluster_name
+inputs = {
+  cluster_name = dependency.eks.outputs.cluster_name
+}
 
-  lifecycle {
-    postcondition {
-      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
-      error_message = "EKS cluster must be active to use this provider"
+generate "helm_provider" {
+  path      = "helm-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+  %{if var.cluster_name != "a-cluster-name"~}
+  data "aws_eks_cluster" "helm" {
+    name = var.cluster_name
+  }
+  data "aws_eks_cluster_auth" "helm" {
+    name = var.cluster_name
+  }
+  %{endif~}
+  provider "helm" {
+    kubernetes {
+      %{if var.cluster_name != "a-cluster-name"~}
+      host                   = try(data.aws_eks_cluster.helm.endpoint, "")
+      cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.helm.certificate_authority[0].data), null)
+      token = try(data.aws_eks_cluster_auth.helm.token, null)
+      %{endif~}
     }
   }
-}
-%{endif~}
 EOF
 }
diff --git a/lab/_envcommon/kube-provider.hcl b/lab/_envcommon/kube-provider.hcl
@@ -1,28 +1,34 @@
-generate "kube-provider" {
-  path      = "kube-provider.tf"
-  if_exists = "overwrite"
-  contents  = <<-EOF
-%{ if startswith(local.module_name, "tfmod-eks-") ~}
-provider "kubernetes" {
-  host                   = coalesce(try(data.aws_eks_cluster.this.endpoint, ""), "dummy")
-  cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this.certificate_authority[0].data), null)
-  exec {
-    api_version = "client.authentication.k8s.io/v1beta1"
-    command     = "aws"
-    args = ["eks", "get-token", "--cluster-name", try(data.aws_eks_cluster.this.name, local.cluster_name), "--region", local.aws_region]
+dependency "eks" {
+  config_path                             = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+    region       = "an-aws-region"
   }
 }
 
-data "aws_eks_cluster" "this" {
-  name = local.cluster_name
+inputs = {
+  cluster_name = dependency.eks.outputs.cluster_name
+}
 
-  lifecycle {
-    postcondition {
-      condition     = self.status == "ACTIVE" || terraform.workspace == "default"
-      error_message = "EKS cluster must be active to use this provider"
-    }
+generate "kube_provider" {
+  path      = "kube-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+  %{if var.cluster_name != "a-cluster-name"~}
+  data "aws_eks_cluster" "kube" {
+    name = var.cluster_name
+  }
+  data "aws_eks_cluster_auth" "kube" {
+    name = var.cluster_name
+  }
+  %{endif~}
+  provider "kubernetes" {
+    %{if var.cluster_name != "a-cluster-name"~}
+    host                   = try(data.aws_eks_cluster.this[0].endpoint, "")
+    cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data), null)
+    token = try(data.aws_eks_cluster_auth.kube.token, null)
+    %{endif~}
   }
-}
-%{ endif }
 EOF
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl
@@ -13,8 +13,8 @@ terraform {
 }
 
 dependency "eks" {
-  config_path = "../eks"
-  mock_outputs_allowed_terraform_commands = ["plan", "validate"]
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name      = "a-cluster-name"
     oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
@@ -14,8 +14,8 @@ terraform {
 }
 
 dependency "eks" {
-  config_path = "../eks"
-  mock_outputs_allowed_terraform_commands = ["plan", "validate"]
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_certificate_authority_data              = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }]
     cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl
@@ -13,16 +13,16 @@ terraform {
 }
 
 dependency "eks" {
-  config_path = "../eks"
-  mock_outputs_allowed_terraform_commands = ["plan", "validate"]
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
   }
 }
 
 dependency "istio" {
-  config_path = "../eks-istio"
-  mock_outputs_allowed_terraform_commands = ["plan", "validate"]
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     istio_ingress_lb = {
       dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl
@@ -5,22 +5,24 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name = "a-cluster-name"
   }
 }
 
 dependency "eks-loki" {
-  config_path = "../eks-loki"
+  config_path                             = "../eks-loki"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     rwo_storage_class = "gp3-encrypted"
   }
@@ -41,4 +43,5 @@ inputs = {
   grafana_tag                   = include.root.inputs.grafana_tag
   download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
   init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
+  release_version               = include.root.inputs.release_version
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl
@@ -13,7 +13,8 @@ terraform {
 }
 
 dependency "eks" {
-  config_path = "${get_original_terragrunt_dir()}/../eks"
+  config_path                             = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name = "a-cluster-name"
   }

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl
@@ -5,15 +5,16 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name    = "a-cluster-name"
     vpc_domain_name = "example.com"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl
@@ -14,6 +14,7 @@ terraform {
 
 dependency "eks" {
   config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_endpoint  = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com"
     cluster_name      = "a-cluster-name"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable
@@ -15,6 +15,7 @@ terraform {
 
 dependency "eks" {
   config_path = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name = "a-cluster-name"
   }

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl
@@ -5,15 +5,16 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name      = "a-cluster-name"
     oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl
@@ -5,15 +5,16 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name = "a-cluster-name"
   }

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl
@@ -5,15 +5,16 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name = "a-cluster-name"
   }

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl
@@ -5,15 +5,16 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=main"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
   mock_outputs = {
     cluster_name      = "a-cluster-name"
     oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"

diff --git a/lab/root.hcl b/lab/root.hcl
@@ -40,7 +40,15 @@ locals {
   state_table_name    = local.common_vars.locals.state_table_name
   terraform           = local.cluster_vars.locals.terraform
   terragrunt          = local.cluster_vars.locals.terragrunt
-  module_name         = get_original_terragrunt_dir()
+  module_name         = basename(get_original_terragrunt_dir())
+
+  # Check if current module is the EKS module
+  is_eks_module = local.module_name == "eks"
+
+  # Load provider configurations if not in EKS module
+  kube_provider = local.is_eks_module ? {} : read_terragrunt_config("${get_repo_root()}/lab/_envcommon/kube-provider.hcl")
+  helm_provider = local.is_eks_module ? {} : read_terragrunt_config("${get_repo_root()}/lab/_envcommon/helm-provider.hcl")
+
 }
 
 # Configure Terragrunt to automatically store tfstate files in an S3 bucket
@@ -97,12 +105,16 @@ generate "aws-provider" {
 EOF
 }
 
-include "helm_provider" {
-  path = "${dirname(find_in_parent_folders())}/_envcommon/helm-provider.hcl"
+generate "kube_provider" {
+  path      = local.kube_provider.generate.kube_provider.path
+  if_exists = local.kube_provider.generate.kube_provider.if_exists
+  contents  = local.is_eks_module ? "" : local.kube_provider.generate.kube_provider.contents
 }
 
-include "kube_provider" {
-  path = "${dirname(find_in_parent_folders())}/_envcommon/kube-provider.hcl"
+generate "helm_provider" {
+  path      = local.helm_provider.generate.helm_provider.path
+  if_exists = local.helm_provider.generate.helm_provider.if_exists
+  contents  = local.is_eks_module ? "" : local.helm_provider.generate.helm_provider.contents
 }
 
 # ---------------------------------------------------------------------------------------------------------------------