🐛 fix([roles]): comment out cicd-deployer and dba roles

README.md

@@ -50,67 +50,27 @@ sys     0m2.015s
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_awsauth_cluster-roles"></a> [awsauth\_cluster-roles](#module\_awsauth\_cluster-roles) | git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth | tf-upgrade |
 | <a name="module_efs"></a> [efs](#module\_efs) | git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/ | master |
-| <a name="module_group_cicd_deployer"></a> [group\_cicd\_deployer](#module\_group\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-group.git | n/a |
-| <a name="module_group_dba_administrator"></a> [group\_dba\_administrator](#module\_group\_dba\_administrator) | git@github.e.it.census.gov:terraform-modules/aws-iam-group.git | n/a |
-| <a name="module_role_cicd_deployer"></a> [role\_cicd\_deployer](#module\_role\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | tf-upgrade |
-| <a name="module_role_dba_administrator"></a> [role\_dba\_administrator](#module\_role\_dba\_administrator) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | tf-upgrade |
-| <a name="module_service_cicd_deployer"></a> [service\_cicd\_deployer](#module\_service\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-user.git | tf-upgrade |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_iam_policy.cicd_deployer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.dba_administrator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_cluster_role.cicd_deployer_application_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.cicd_deployer_istio_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.cicd_deployer_istiosystem_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.dba_administrator_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_namespace.cicd_managed_namespaces](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.dba_managed_namespaces](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.telemetry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_role_binding.dba_admin_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_application_istio_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_application_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_istio_role_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
-| [aws_iam_policy.cicd_deployer_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy_document.cicd_deployer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.cicd_deployer_allow_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.dba_administrator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.dba_administrator_allow_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cicd_k8s_group_name"></a> [cicd\_k8s\_group\_name](#input\_cicd\_k8s\_group\_name) | The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster) | `string` | `"cicd-deployer"` | no |
-| <a name="input_cicd_k8s_user_name"></a> [cicd\_k8s\_user\_name](#input\_cicd\_k8s\_user\_name) | The user name of CICD Deployer | `string` | `"cicd-deployer"` | no |
-| <a name="input_cicd_managed_namespaces"></a> [cicd\_managed\_namespaces](#input\_cicd\_managed\_namespaces) | Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix) | `list(any)` | `[]` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| <a name="input_dba_admin_rolebinding_name"></a> [dba\_admin\_rolebinding\_name](#input\_dba\_admin\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"dba-admin-rolebinding"` | no |
-| <a name="input_dba_administrator_role_name"></a> [dba\_administrator\_role\_name](#input\_dba\_administrator\_role\_name) | The kubernetes cluster role name of DBA Administrator | `string` | `"dba-admin-role"` | no |
-| <a name="input_dba_k8s_group_name"></a> [dba\_k8s\_group\_name](#input\_dba\_k8s\_group\_name) | The Group name of dba-admin belongs to (excluding prefix for service account and cluster) | `string` | `"dba-admin"` | no |
-| <a name="input_dba_k8s_user_name"></a> [dba\_k8s\_user\_name](#input\_dba\_k8s\_user\_name) | the user name of DBA Administrator | `string` | `"dba-admin"` | no |
-| <a name="input_dba_managed_namespaces"></a> [dba\_managed\_namespaces](#input\_dba\_managed\_namespaces) | DBA admin managed namespaces (excluding cluster name prefix) | `list(any)` | `[]` | no |
-| <a name="input_deployer_application_istio_role_name"></a> [deployer\_application\_istio\_role\_name](#input\_deployer\_application\_istio\_role\_name) | The kubernetes cluster role name of CICD Deployer | `string` | `"deployer-application-istio-role"` | no |
-| <a name="input_deployer_application_istio_rolebinding_name"></a> [deployer\_application\_istio\_rolebinding\_name](#input\_deployer\_application\_istio\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"deployer-application-istio-rolebinding"` | no |
-| <a name="input_deployer_application_role_name"></a> [deployer\_application\_role\_name](#input\_deployer\_application\_role\_name) | The kubernetes cluster role name of CICD Deployer | `string` | `"deployer-application-role"` | no |
-| <a name="input_deployer_application_rolebinding_name"></a> [deployer\_application\_rolebinding\_name](#input\_deployer\_application\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"deployer-application-rolebinding"` | no |
-| <a name="input_deployer_istiosystem_role_name"></a> [deployer\_istiosystem\_role\_name](#input\_deployer\_istiosystem\_role\_name) | The kubernetes cluster role name of CIDR Deployer | `string` | `"deployer-istiosystem-role"` | no |
-| <a name="input_istio_installed_namespace"></a> [istio\_installed\_namespace](#input\_istio\_installed\_namespace) | Namespace that Istio installed | `string` | `"istio-system"` | no |
 | <a name="input_operators_ns"></a> [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS config profile | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
@@ -125,13 +85,8 @@ sys     0m2.015s
 
 | Name | Description |
 |------|-------------|
-| <a name="output_info_cicd_deployer"></a> [info\_cicd\_deployer](#output\_info\_cicd\_deployer) | CID Deployer IAM details |
-| <a name="output_info_dba_administrator"></a> [info\_dba\_administrator](#output\_info\_dba\_administrator) | DBA Adminstrator IAM details |
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
-| <a name="output_role_dba_administrator_arn"></a> [role\_dba\_administrator\_arn](#output\_role\_dba\_administrator\_arn) | DBA Adminstrator role ARN |
 | <a name="output_rwo_storage_class"></a> [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
 | <a name="output_rwx_storage_class"></a> [rwx\_storage\_class](#output\_rwx\_storage\_class) | Kubernetes storage class that supports read/write many. |
-| <a name="output_service_cicd_deployer_arn"></a> [service\_cicd\_deployer\_arn](#output\_service\_cicd\_deployer\_arn) | CICD Deployer user ARN |
-| <a name="output_service_cicd_deployer_username"></a> [service\_cicd\_deployer\_username](#output\_service\_cicd\_deployer\_username) | CICD Deployer username |
 <!-- END_TF_DOCS -->

aws_data.tf

@@ -3,10 +3,10 @@ data "aws_ebs_default_kms_key" "current" {}
 data "aws_kms_key" "ebs_key" {
   key_id = data.aws_ebs_default_kms_key.current.key_arn
 }
-data "aws_caller_identity" "current" {}
+# data "aws_caller_identity" "current" {}
 
-data "aws_region" "current" {}
+# data "aws_region" "current" {}
 
-data "aws_arn" "current" {
-  arn = data.aws_caller_identity.current.arn
-}
+# data "aws_arn" "current" {
+#   arn = data.aws_caller_identity.current.arn
+# }

main.tf

@@ -1,6 +1,6 @@
 locals {
-  iam_arn    = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
-  common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.id, data.aws_caller_identity.current.account_id)
+  # iam_arn    = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
+  # common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.id, data.aws_caller_identity.current.account_id)
   base_tags = {
     "eks-cluster-name"      = var.cluster_name
     "boc:tf_module_version" = local.module_version
@@ -95,33 +95,33 @@ resource "kubernetes_namespace" "telemetry" {
   }
 }
 
-locals {
-  aws_auth_users = [
-    {
-      userarn      = module.service_cicd_deployer.user_arn
-      aws_username = ""
-      username     = var.cicd_k8s_user_name
-      groups       = [local.cicd_k8s_group_name]
-    },
-  ]
-  aws_auth_roles = [
-    {
-      rolearn : module.role_dba_administrator.role_arn
-      aws_rolename : ""
-      username : var.dba_k8s_user_name
-      groups = [local.dba_k8s_group_name]
-    },
-  ]
-}
+# locals {
+#   aws_auth_users = [
+#     {
+#       userarn      = module.service_cicd_deployer.user_arn
+#       aws_username = ""
+#       username     = var.cicd_k8s_user_name
+#       groups       = [local.cicd_k8s_group_name]
+#     },
+#   ]
+#   aws_auth_roles = [
+#     {
+#       rolearn : module.role_dba_administrator.role_arn
+#       aws_rolename : ""
+#       username : var.dba_k8s_user_name
+#       groups = [local.dba_k8s_group_name]
+#     },
+#   ]
+# }
 
-module "awsauth_cluster-roles" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=tf-upgrade"
+# module "awsauth_cluster-roles" {
+#   source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=tf-upgrade"
 
-  region         = var.region
-  profile        = var.profile
-  cluster_name   = var.cluster_name
-  aws_auth_users = local.aws_auth_users
-  aws_auth_roles = local.aws_auth_roles
+#   region         = var.region
+#   profile        = var.profile
+#   cluster_name   = var.cluster_name
+#   aws_auth_users = local.aws_auth_users
+#   aws_auth_roles = local.aws_auth_roles
 
-  keep_temporary_files = false
-}
+#   keep_temporary_files = false
+# }

variables.tf

@@ -9,6 +9,7 @@ variable "region" {
   type        = string
 }
 
+# tflint-ignore: terraform_unused_declarations
 variable "profile" {
   description = "AWS config profile"
   type        = string
@@ -53,84 +54,84 @@ variable "tags" {
   default     = {}
 }
 
-variable "deployer_istiosystem_role_name" {
-  description = "The kubernetes cluster role name of CIDR Deployer"
-  type        = string
-  default     = "deployer-istiosystem-role"
-}
-
-variable "deployer_application_role_name" {
-  description = "The kubernetes cluster role name of CICD Deployer"
-  type        = string
-  default     = "deployer-application-role"
-}
-
-variable "deployer_application_istio_role_name" {
-  description = "The kubernetes cluster role name of CICD Deployer"
-  type        = string
-  default     = "deployer-application-istio-role"
-}
-
-variable "dba_administrator_role_name" {
-  description = "The kubernetes cluster role name of DBA Administrator"
-  type        = string
-  default     = "dba-admin-role"
-}
-
-variable "istio_installed_namespace" {
-  description = "Namespace that Istio installed"
-  type        = string
-  default     = "istio-system"
-}
-
-variable "cicd_k8s_user_name" {
-  description = "The user name of CICD Deployer"
-  type        = string
-  default     = "cicd-deployer"
-}
-variable "cicd_k8s_group_name" {
-  description = "The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster)"
-  type        = string
-  default     = "cicd-deployer"
-}
-
-variable "dba_k8s_user_name" {
-  description = "the user name of DBA Administrator"
-  type        = string
-  default     = "dba-admin"
-}
-variable "dba_k8s_group_name" {
-  description = "The Group name of dba-admin belongs to (excluding prefix for service account and cluster)"
-  type        = string
-  default     = "dba-admin"
-}
-
-variable "deployer_application_rolebinding_name" {
-  description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
-  type        = string
-  default     = "deployer-application-rolebinding"
-}
-
-variable "deployer_application_istio_rolebinding_name" {
-  description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
-  type        = string
-  default     = "deployer-application-istio-rolebinding"
-}
-
-variable "dba_admin_rolebinding_name" {
-  description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
-  type        = string
-  default     = "dba-admin-rolebinding"
-}
-
-variable "cicd_managed_namespaces" {
-  description = "Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix)"
-  type        = list(any)
-  default     = []
-}
-
-variable "dba_managed_namespaces" {
-  description = "DBA admin managed namespaces (excluding cluster name prefix)"
-  type        = list(any)
-  default     = []
-}
+# variable "deployer_istiosystem_role_name" {
+#   description = "The kubernetes cluster role name of CIDR Deployer"
+#   type        = string
+#   default     = "deployer-istiosystem-role"
+# }
+
+# variable "deployer_application_role_name" {
+#   description = "The kubernetes cluster role name of CICD Deployer"
+#   type        = string
+#   default     = "deployer-application-role"
+# }
+
+# variable "deployer_application_istio_role_name" {
+#   description = "The kubernetes cluster role name of CICD Deployer"
+#   type        = string
+#   default     = "deployer-application-istio-role"
+# }
+
+# variable "dba_administrator_role_name" {
+#   description = "The kubernetes cluster role name of DBA Administrator"
+#   type        = string
+#   default     = "dba-admin-role"
+# }
+
+# variable "istio_installed_namespace" {
+#   description = "Namespace that Istio installed"
+#   type        = string
+#   default     = "istio-system"
+# }
+
+# variable "cicd_k8s_user_name" {
+#   description = "The user name of CICD Deployer"
+#   type        = string
+#   default     = "cicd-deployer"
+# }
+# variable "cicd_k8s_group_name" {
+#   description = "The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster)"
+#   type        = string
+#   default     = "cicd-deployer"
+# }
+
+# variable "dba_k8s_user_name" {
+#   description = "the user name of DBA Administrator"
+#   type        = string
+#   default     = "dba-admin"
+# }
+# variable "dba_k8s_group_name" {
+#   description = "The Group name of dba-admin belongs to (excluding prefix for service account and cluster)"
+#   type        = string
+#   default     = "dba-admin"
+# }
+
+# variable "deployer_application_rolebinding_name" {
+#   description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+#   type        = string
+#   default     = "deployer-application-rolebinding"
+# }
+
+# variable "deployer_application_istio_rolebinding_name" {
+#   description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+#   type        = string
+#   default     = "deployer-application-istio-rolebinding"
+# }
+
+# variable "dba_admin_rolebinding_name" {
+#   description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+#   type        = string
+#   default     = "dba-admin-rolebinding"
+# }
+
+# variable "cicd_managed_namespaces" {
+#   description = "Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix)"
+#   type        = list(any)
+#   default     = []
+# }
+
+# variable "dba_managed_namespaces" {
+#   description = "DBA admin managed namespaces (excluding cluster name prefix)"
+#   type        = list(any)
+#   default     = []
+# }