Keycloak and gatekeeper for k8s dashboard

lab/development/us-gov-east-1/vpc/platform-test-z/eks-gatekeeper/terragrunt.hcl

@@ -0,0 +1,97 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-gatekeeper"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.example.com"
+  }
+}
+
+# dependency "eks_grafana" {
+#   config_path                             = "../eks-grafana"
+#   mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+#   mock_outputs = {
+#     public_endpoint = "mock.grafaba.example.com"
+#   }
+# }
+
+dependency "eks_keycloak" {
+  config_path                             = "../eks-keycloak"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    user_auth_realm = "mock.keycloak.example.com/auth"
+    client_id       = "mock-client-id"
+    client_secret   = "mock-client-secret"
+    namespace       = "keycloak"
+  }
+}
+
+dependency "eks-k8s-dashboard" {
+  config_path                             = "../eks-k8s-dashboard"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace       = "telemetry"
+    internal_endpoint = {
+      hostname = "kubernetes-dashboard.telemetry.svc.cluster.local"
+      port_number = 80
+      url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/"
+    }
+    dashboard-user-token = "Iamanextremelylongstring"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+    "../eks-keycloak",
+    "../eks-k8s-dashboard",
+    # "../eks-grafana",
+    # "../eks-prometheus",
+  ]
+}
+
+inputs = {
+  # Base Cluster Config
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+  profile        = include.root.inputs.aws_profile
+
+  # Gatekeeper Standard Config
+  gatekeeper_tag             = include.root.inputs.gatekeeper_tag
+  gatekeeper_version         = include.root.inputs.gatekeeper_chart_version
+  keycloak_ns                = dependency.eks_keycloak.outputs.namespace
+  client_id                  = dependency.eks_keycloak.outputs.client_id
+  client_secret              = dependency.eks_keycloak.outputs.client_secret
+  keycloak_fqdn              = dependency.eks_keycloak.outputs.user_auth_realm
+
+  # Dashboard Gatekeeper Config 
+  application_name           = "dashboard"
+  namespace                  = include.root.inputs.namespaces["k8s-dashboard"]
+  dashboard_ns               = dependency.eks-k8s-dashboard.outputs.namespace
+  upstream_url               = dependency.eks-k8s-dashboard.outputs.internal_endpoint.url
+  dashboard_user_token       = dependency.eks-k8s-dashboard.outputs.dashboard-user-token
+}