From ad5313174d3315500b4090937221f1afad5bc9b3 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 17 Apr 2025 01:18:32 -0400
Subject: [PATCH] wip

---
 .github/platform-tg-infra.code-workspace      |  3 ++
 lab/_envcommon/common-variables.hcl           | 10 ++---
 .../vpc/csvd-platform-lab-mcm/cluster.hcl     |  5 +++
 .../eks-dns/terragrunt.hcl                    |  2 +-
 .../eks-metrics-server/terragrunt.hcl         |  1 +
 lab/root.hcl                                  | 37 ++++++++++++++++---
 6 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace
index cefac38..fbc4a1f 100644
--- a/.github/platform-tg-infra.code-workspace
+++ b/.github/platform-tg-infra.code-workspace
@@ -83,6 +83,9 @@
 		{
 			"name": "tfmod-tempo",
 			"path": "../../tfmod-tempo"
+		},
+		{
+			"path": "../../../terraform-modules/aws-ecr-copy-images"
 		}
 	]
 }
diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl
index 3979206..bfdaeac 100644
--- a/lab/_envcommon/common-variables.hcl
+++ b/lab/_envcommon/common-variables.hcl
@@ -6,10 +6,6 @@
 # that are common across all environments/accounts.
 # ---------------------------------------------------------------------------------------------------------------------
 locals {
-  organization          = "census:ocio:csvd"
-  finops_project_name   = "csvd_platformbaseline"
-  finops_project_number = "fs0000000078"
-  finops_project_role   = "csvd_platformbaseline_app"
   state_bucket_prefix   = "inf-tfstate"
   state_table_name      = "tf_remote_state"
   route53_endpoints = {
@@ -20,12 +16,14 @@ locals {
       "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
     }
   }
+  eecr_account_id = local.enterprise_ecr_account.lab["account_id"]
+
   enterprise_ecr_account = {
     lab = {
-      account_id = "269222635945"
+      "account_id" = "269222635945"
     }
     prod = {
-      account_id = "067074201825"
+      "account_id" = "067074201825"
     }
   }
 }
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl
index c64bdb5..a724fcf 100644
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl
+++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl
@@ -6,6 +6,11 @@ locals {
   eks_ng_desired_size    = 2
   eks_ng_max_size        = 10
   eks_ng_min_size        = 2
+  organization          = "census:ocio:csvd"
+  finops_project_name   = "csvd_platformbaseline"
+  finops_project_number = "fs0000000078"
+  finops_project_role   = "csvd_platformbaseline_app"
+
   tags = {
     "slim:schedule" = "8:00-17:00"
     "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl
index f9ca879..f9fda09 100644
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl
+++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl
@@ -56,7 +56,7 @@ inputs = {
   account_id      = include.root.inputs.aws_account_id
   profile         = include.root.inputs.aws_profile
   region          = include.root.inputs.aws_region
-  eecr_account_id = include.root.inputs.eecr_account_id
+  eecr_account_id = include.root.inputs.enterprise_ecr_account
 
   # Cluster Configuration
   cluster_name = include.root.inputs.cluster_name
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl
index ede644a..8862a26 100644
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl
+++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl
@@ -41,6 +41,7 @@ inputs = {
   # AWS Configuration
   account_id      = include.root.inputs.aws_account_id
   eecr_account_id = include.root.inputs.eecr_account_id
+  eecr_profile    = include.root.inputs.eecr_profile
   profile         = include.root.inputs.aws_profile
   region          = include.root.inputs.aws_region
 
diff --git a/lab/root.hcl b/lab/root.hcl
index 4ea2332..0035dbf 100644
--- a/lab/root.hcl
+++ b/lab/root.hcl
@@ -24,17 +24,26 @@ locals {
   # Automatically load vpc-level variables
   vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl"))
 
+ root_locals_for_inputs = {
+    is_module_enabled     = local.is_module_enabled
+    module_name           = local.module_name
+    eecr_profile          = local.eecr_profile
+    # Add any other locals you want to expose
+    # only expose things not already included via local.xxx_vars.locals.*
+  }
 
   # Extract the variables we need for easy access
   account_id            = local.account_vars.locals.aws_account_id
+  account_name          = local.account_vars.locals.account_name
   aws_profile           = local.account_vars.locals.aws_profile
   aws_region            = local.region_vars.locals.aws_region
   cluster_name          = local.cluster_vars.locals.cluster_name
+  eecr_account_id       = local.common_vars.locals.eecr_account_id
+  eecr_profile          = replace(local.aws_profile, local.account_id, local.eecr_account_id)
   environment_abbr      = local.account_vars.locals.environment_abbr
-  eecr_account_id       = local.common_vars.locals.enterprise_ecr_account.lab.account_id
-  finops_project_name   = local.common_vars.locals.finops_project_name
-  finops_project_number = local.common_vars.locals.finops_project_number
-  finops_project_role   = local.common_vars.locals.finops_project_role
+  finops_project_name   = local.cluster_vars.locals.finops_project_name
+  finops_project_number = local.cluster_vars.locals.finops_project_number
+  finops_project_role   = local.cluster_vars.locals.finops_project_role
   is_eks_module         = local.module_name == "eks"
   is_module_enabled = merge(
     { for module in local.versions.locals.core_modules : module => true },
@@ -43,7 +52,7 @@ locals {
   )
   module_name           = basename(get_original_terragrunt_dir())
   module_overrides      = local.cluster_vars.locals.module_enablement_overrides
-  organization          = local.common_vars.locals.organization
+  organization          = local.cluster_vars.locals.organization
   state_bucket_prefix   = local.common_vars.locals.state_bucket_prefix
   state_table_name      = local.common_vars.locals.state_table_name
 }
@@ -147,6 +156,21 @@ generate "aws-provider" {
 EOF
 }
 
+generate "eecr-provider" {
+  path      = "eecr-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+  provider "aws" {
+    alias   = "eecr"
+    profile = var.profile
+    assume_role {
+      role_arn     = format("arn:%v:iam::%v:role/r-ent-ecr", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
+      session_name = var.os_username
+    }
+  }
+EOF
+}
+
 # ---------------------------------------------------------------------------------------------------------------------
 # GLOBAL PARAMETERS
 # These variables apply to all configurations in this subfolder. These are automatically merged into the child
@@ -161,5 +185,6 @@ inputs = merge(
   local.common_vars.locals,
   local.region_vars.locals,
   local.versions.locals,
-  local.vpc_vars.locals
+  local.vpc_vars.locals,
+  local.root_locals_for_inputs
 )