Refactor README and ROADMAP for clarity; update Terraform configurati…

…ons and remove deprecated variables
SCT-Engineering · Sep 4, 2025 · 94a5183 · 94a5183
1 parent 2d1a997
commit 94a5183
Show file tree

Hide file tree

Showing 10 changed files with 138 additions and 171 deletions.
diff --git a/README.md b/README.md
@@ -87,42 +87,6 @@ output "repository_url" {
 }
 ```
 
-### Centralized Management Example
-
-You can use this module to manage multiple EKS cluster repositories from a central location:
-
-```hcl
-# Production EKS Cluster Repository
-module "prod_eks_cluster" {
-  source = "github.com/HappyPathway/terraform-eks-deployment"
-
-  repository_name           = "eks-prod-cluster"
-  repository_template_owner = "HappyPathway"
-  repository_template       = "template-eks-cluster"
-  repository_teams          = {
-    "platform-team" = "admin",
-    "prod-sre-team" = "maintain"
-  }
-  
-  # ...other configuration omitted for brevity
-}
-
-# Development EKS Cluster Repository
-module "dev_eks_cluster" {
-  source = "github.com/HappyPathway/terraform-eks-deployment"
-
-  repository_name           = "eks-dev-cluster"
-  repository_template_owner = "HappyPathway"
-  repository_template       = "template-eks-cluster"
-  repository_teams          = {
-    "platform-team" = "admin",
-    "dev-team"      = "maintain"
-  }
-  
-  # ...other configuration omitted for brevity
-}
-```
-
 ## Generated Files
 
 The module automatically generates the following files in your new repository:

diff --git a/ROADMAP.md b/ROADMAP.md
@@ -1,62 +1,47 @@
-# EKS Cluster Template Roadmap
+# EKS Cluster Deployment Roadmap
 
 ## Current Architecture
-- Template repository (`template-eks-cluster`) serves as the base for creating new EKS cluster configurations
-- Uses Terraform GitHub repo module to create new repositories from the template
-- Implements managed and non-managed extra files functionality
-- Supports configuration through `config.json`
+- **Terraform-Native Workflow**: The module provides a fully Terraform-native workflow for bootstrapping a single GitHub repository for an EKS cluster.
+- **Declarative Configuration**: It uses a set of input variables (`account_config`, `vpc_config`, `cluster_config`) to define a cluster's configuration.
+- **Dynamic HCL Generation**: The module automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) from internal templates.
+- **Wrapper Module**: This module acts as a sophisticated wrapper around the `terraform-github-repo` module, orchestrating repository creation, file generation, and team permission management.
 
 ## Planned Enhancements
 
-### 1. Automated Cluster Setup (High Priority)
-- [x] Add GitHub Actions workflows with workflow_dispatch triggers
-- [x] Implement automated terragrunt command execution for cluster building
-  - [x] Support for plan/apply/destroy commands
-  - [x] Environment-specific execution
-  - [x] Automated testing framework
-- [ ] Configure workflows to run on specific runners for credential management
-- [ ] Create templatized GitHub Actions workflow files
-- [ ] Enable direct cluster creation without manual repository cloning
-
-### 2. File Management System (Medium Priority)
-- [ ] Implement wrapper module for repo module
-- [ ] Add support for crafting and injecting various configuration files
-- [ ] Define file lifecycle management strategy
-  - [ ] Managed files (controlled by workspace)
-  - [ ] Non-managed files (user-modifiable)
-
-### 3. Version Management (Medium Priority)
-- [ ] Implement version control strategy for `default-versions.hcl`
-- [ ] Create system for managing platform release versions
-- [ ] Set up version override mechanism
-  - [ ] Default versions in template repo
-  - [ ] Override capability in workspace creating repos
-
-### 4. Configuration Management (Low Priority)
-- [ ] Enhance Makefile and Ansible playbook integration
-- [ ] Improve configuration file templating
-- [ ] Add validation for configuration files
+### 1. Version and Configuration Management (High Priority)
+- [x] Implement version control strategy for `default-versions.hcl`
+- [x] Create system for managing platform release versions
+- [x] Set up version override mechanism
+- [ ] Add validation for configuration files to fail early on invalid inputs.
+- [ ] Integrate a robust versioning strategy for the module itself, using tags.
+
+### 2. Automated Cluster Deployment (Medium Priority)
+- [ ] Create templatized GitHub Actions workflow files that can be injected into the created repository.
+- [ ] Configure workflows to run on specific runners for secure credential management.
+- [ ] Implement automated `terragrunt plan/apply` execution within the generated workflows.
+
+### 3. Module and Documentation Refinements (Low Priority)
+- [ ] Enhance documentation with more detailed examples, including edge cases.
+- [ ] Add contribution guidelines and a developer guide.
+- [ ] Refactor and clean up any legacy code or unused variables.
+
+## Completed Milestones
+
+- **Terraform-Native Migration**: Successfully replaced the legacy Lambda/Ansible workflow with a unified, Terraform-native solution for repository bootstrapping.
+- **File Management System**: Implemented a robust system for crafting and injecting configuration files directly via Terraform, fulfilling the core requirement of the "File Management System" epic.
 
 ## Technical Considerations
-1. File Lifecycle Management:
-   - Managed files: Controlled by workspace
-   - Non-managed files: User-modifiable post-creation
-   - Version-specific files: Platform release coordination
-
-2. Automation Requirements:
-   - GitHub Actions runner configuration
-   - Credential management
-   - Workflow templating
-   - Terragrunt integration
-
-3. Version Control Strategy:
-   - Module version collections
-   - Platform release versions
-   - Override mechanisms
+1.  **Automation Requirements**:
+    -   GitHub Actions runner configuration for secure AWS authentication.
+    -   Workflow templating to dynamically generate CI/CD pipelines.
+    -   Seamless Terragrunt integration within the automated workflows.
+
+2.  **Version Control Strategy**:
+    -   Centralized management of component versions (EKS, Istio, etc.).
+    -   Clear override mechanisms for environment-specific versioning.
 
 ## Success Criteria
-- Fully automated cluster creation process
-- Minimal manual intervention required
-- Proper version management system
-- Clear file lifecycle management
-- Secure credential handling
+-   Fully automated repository and cluster configuration process.
+-   A clear, maintainable, and scalable version management system.
+-   Secure and automated CI/CD pipelines for deploying EKS clusters.
+-   Comprehensive documentation that empowers users and contributors.
diff --git a/examples/basic/.terraform_commits b/examples/basic/.terraform_commits
@@ -0,0 +1,26 @@
+[
+  {
+    "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a",
+    "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow",
+    "author": "Your Name",
+    "timestamp": "2025-09-04T13:49:32.940158"
+  },
+  {
+    "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a",
+    "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow",
+    "author": "Your Name",
+    "timestamp": "2025-09-04T13:52:48.384810"
+  },
+  {
+    "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a",
+    "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow",
+    "author": "Your Name",
+    "timestamp": "2025-09-04T14:36:08.594715"
+  },
+  {
+    "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a",
+    "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow",
+    "author": "Your Name",
+    "timestamp": "2025-09-04T15:59:08.094373"
+  }
+]
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -1,43 +1,42 @@
+provider "aws" {
+}
+
+data "aws_secretsmanager_secret_version" "github_token" {
+  secret_id = "/eks-cluster-deployment/github_token"
+}
+
 provider "github" {
-  # Configuration expected from environment variables:
-  # GITHUB_TOKEN
-  # GITHUB_OWNER (optional)
+  token = data.aws_secretsmanager_secret_version.github_token.secret_string
 }
 
 module "eks_deployment" {
   source = "../../"
 
   # Repository configuration
-  repository_name           = "eks-test-cluster"
-  repository_template_owner = "HappyPathway"
-  repository_template       = "template-eks-cluster"
+  name                = "eks-test-cluster"
+  template_repo_org   = "SCT-Engineering"
+  repository_template = "template-eks-cluster"
+  is_private          = false # Set to false to make the repository public
   repository_teams = {
     "platform-team" = "admin",
     "devops-team"   = "maintain",
     "developers"    = "push"
   }
 
   # Basic settings
-  organization      = "my-org"
+  organization      = "SCT-Engineering"
   environment       = "dev"
-  region            = "us-east-1"
+  region            = "us-gov-west-1"
   github_server_url = "https://github.e.it.census.gov"
 
-  # Account configuration
-  account_config = {
-    account_name     = "dev-account"
-    aws_account_id   = "123456789012"
-    environment_abbr = "dev"
-  }
-
-  # VPC configuration
-  vpc_config = {
-    vpc_name        = "dev-vpc"
-    vpc_domain_name = "dev.example.com"
-  }
-
   # Cluster configuration
   cluster_config = {
+    account_name           = "dev-account"
+    aws_account_id         = "123456789012"
+    environment_abbr       = "dev"
+    aws_profile            = "default"
+    vpc_name               = "dev-vpc"
+    vpc_domain_name        = "dev.example.com"
     cluster_name           = "dev-eks-01"
     cluster_mailing_list   = "team@example.com"
     eks_instance_disk_size = 100

diff --git a/examples/basic/varfiles/default.json b/examples/basic/varfiles/default.json
@@ -0,0 +1 @@
+{}
diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
diff --git a/main.tf b/main.tf
@@ -1,26 +1,25 @@
 locals {
-  # Render the HCL files from templates
   rendered_files = {
     "root.hcl" : templatefile("${path.module}/templates/root.hcl.tf.tpl", {
       environment = var.environment
     }),
-    "${var.environment}/account.hcl" : templatefile("${path.module}/templates/account.hcl.tf.tpl", {
-      account_name     = var.account_config.account_name,
-      aws_account_id   = var.account_config.aws_account_id,
+    "environment/account.hcl" : templatefile("${path.module}/templates/account.hcl.tf.tpl", {
+      account_name     = var.cluster_config.account_name,
+      aws_account_id   = var.cluster_config.aws_account_id,
       environment      = var.environment,
-      environment_abbr = var.account_config.environment_abbr
+      environment_abbr = var.cluster_config.environment_abbr
     }),
-    "${var.environment}/${var.region}/region.hcl" : templatefile("${path.module}/templates/region.hcl.tf.tpl", {
-      environment = var.environment,
-      aws_region  = var.region
+    "environment/region/region.hcl" : templatefile("${path.module}/templates/region.hcl.tf.tpl", {
+      aws_region  = var.region,
+      environment = var.environment
     }),
-    "${var.environment}/${var.region}/vpc/vpc.hcl" : templatefile("${path.module}/templates/vpc.hcl.tf.tpl", {
+    "environment/region/vpc/vpc.hcl" : templatefile("${path.module}/templates/vpc.hcl.tf.tpl", {
+      vpc_name        = var.cluster_config.vpc_name,
+      vpc_domain_name = var.cluster_config.vpc_domain_name,
       environment     = var.environment,
-      aws_region      = var.region,
-      vpc_name        = var.vpc_config.vpc_name,
-      vpc_domain_name = var.vpc_config.vpc_domain_name
+      aws_region      = var.region
     }),
-    "${var.environment}/${var.region}/vpc/${var.cluster_config.cluster_name}/cluster.hcl" : templatefile("${path.module}/templates/cluster.hcl.tf.tpl", {
+    "environment/region/vpc/cluster/cluster.hcl" : templatefile("${path.module}/templates/cluster.hcl.tf.tpl", {
       cluster_name                = var.cluster_config.cluster_name,
       cluster_mailing_list        = var.cluster_config.cluster_mailing_list,
       eks_instance_disk_size      = var.cluster_config.eks_instance_disk_size,
@@ -36,26 +35,25 @@ locals {
     }),
     "README.md" : templatefile("${path.module}/templates/README.md.tf.tpl", {
       environment  = var.environment,
-      aws_region   = var.region,
-      cluster_name = var.cluster_config.cluster_name
+      cluster_name = var.cluster_config.cluster_name,
+      aws_region   = var.region
     })
   }
 }
 
 module "github_repo" {
-  source = "HappyPathway/repo/github"
+  source = "github.com/HappyPathway/terraform-github-repo"
 
-  name                    = var.repository_name
+  name                    = var.name
   repo_org                = var.organization
   github_repo_description = "EKS Cluster Configuration for ${var.cluster_config.cluster_name}"
   github_repo_topics      = ["eks", "kubernetes", "terraform", "infrastructure"]
+  force_name              = var.force_name
 
-  template = {
-    owner      = var.repository_template_owner
-    repository = var.repository_template
-  }
+  template_repo_org = var.repository_template_owner
+  template_repo     = var.repository_template
 
-  github_is_private   = true
+  github_is_private   = var.is_private
   github_has_issues   = true
   github_has_wiki     = true
   github_has_projects = true
@@ -66,12 +64,19 @@ module "github_repo" {
       content = content
     }
   ]
-
-  teams = var.repository_teams
+  archive_on_destroy = false
+  github_org_teams = [
+    for team, permission in var.repository_teams : {
+      team_name    = team
+      permission   = permission
+      slug         = lower(replace(team, " ", "-"))
+      id           = null # Changed from team_id to id as expected by the module
+      bypass_rules = false
+    }
+  ]
 }
 
 # The EKS deployment logic will go here, and will be skipped if create_repository is true.
-# For now, we are just implementing the repository creation part.
 
 output "repository_url" {
   description = "URL of the created repository"

diff --git a/providers.tf b/providers.tf
@@ -4,11 +4,9 @@ terraform {
       source  = "integrations/github"
       version = ">= 5.0"
     }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
   }
-}
-
-provider "github" {
-  # Configuration is expected from environment variables:
-  # GITHUB_TOKEN
-  # GITHUB_OWNER (optional)
 }
diff --git a/templates/README.md.tf.tpl b/templates/README.md.tf.tpl
@@ -16,7 +16,7 @@ To apply this configuration:
 
 1. Change to the directory of the module you want to deploy:
    ```
-   cd ${environment}/${aws_region}/vpc/${cluster_name}/eks
+   cd environment/region/vpc/cluster/eks
    ```
 
 2. Initialize and apply the Terragrunt configuration: