From 29893ab163832769a86a1c8707cfba7f2460e5b1 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Wed, 18 Dec 2024 19:09:22 -0500
Subject: [PATCH 01/73] remove kubectl

---
 README.md                            | 21 +------------
 aws_data.tf                          |  5 +++
 copy_images.tf => copy_images.tf.off | 24 ++------------
 eks_console_access.tf                | 28 ++++++-----------
 main.tf                              |  6 ----
 outputs.tf                           | 46 +++++++++++++--------------
 requirements.tf                      |  4 ---
 variables.tf                         | 47 ++++++++--------------------
 8 files changed, 54 insertions(+), 127 deletions(-)
 create mode 100644 aws_data.tf
 rename copy_images.tf => copy_images.tf.off (51%)

diff --git a/README.md b/README.md
index 519c385..bbac286 100644
--- a/README.md
+++ b/README.md
@@ -8,13 +8,6 @@ The module configures an eks cluster with additional components after the cluste
   - A gp2-encrypted storage class is created
   - An efs storage class is created
     - This storage class is returned as the `rwx_storage_class`
-- cluster-autoscaler
-  - Monitors cpu/memory usage by components being deployed to the clsuter.
-    - When the cluster is out of capacity, the autoscaler will add nodes to the cluster up to the maximum size of the node group.
-    - When the autoscaler detects excess capacity, the autoscaler will cause EKS to migrate pods running on the node to a different node and then remove the node from the cluster.
-
-When selecting which version of the cluster-autoscaler to install, use the one that is closest to the same version as the `cluster_version` or slightly higher.
-The cluster-autoscaler uses the kuberentes scheduling algorithm to appropriate scale the cluster, and if the autoscaler version sufficiently divirges from the kubernetes version, the autoscaler will scale the node groups incorrectly.
 
 A successful apply will yield:
 Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
@@ -45,7 +38,6 @@ sys     0m2.015s
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
 
 ## Providers
@@ -54,7 +46,6 @@ sys     0m2.015s
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.73.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
-| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | 1.14.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
@@ -62,13 +53,12 @@ sys     0m2.015s
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_efs"></a> [efs](#module\_efs) | git@github.e.it.census.gov:terraform-modules/aws-efs.git | master |
-| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [kubectl_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -76,18 +66,13 @@ sys     0m2.015s
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.access_documents](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| <a name="input_eks_managed_node_groups_autoscaling_group_names"></a> [eks\_managed\_node\_groups\_autoscaling\_group\_names](#input\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | `list(string)` | n/a | yes |
-| <a name="input_kubectl_image_tag"></a> [kubectl\_image\_tag](#input\_kubectl\_image\_tag) | The version of bitnami/kubectl image to use. | `string` | `"1.30.4"` | no |
-| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | `string` | n/a | yes |
 | <a name="input_operators_ns"></a> [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no |
-| <a name="input_profile"></a> [profile](#input\_profile) | AWS config profile | `string` | `""` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
 | <a name="input_security_group_all_worker_mgmt_id"></a> [security\_group\_all\_worker\_mgmt\_id](#input\_security\_group\_all\_worker\_mgmt\_id) | The security group representing all of the worker nodes in the cluster. | `string` | n/a | yes |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes |
@@ -99,10 +84,6 @@ sys     0m2.015s
 
 | Name | Description |
 |------|-------------|
-| <a name="output_kubectl_image_full_path"></a> [kubectl\_image\_full\_path](#output\_kubectl\_image\_full\_path) | The full URI to access the kubectl image including the registry/repository:tag |
-| <a name="output_kubectl_image_registry"></a> [kubectl\_image\_registry](#output\_kubectl\_image\_registry) | The registry portion of the URI to access the kubectl image |
-| <a name="output_kubectl_image_repository"></a> [kubectl\_image\_repository](#output\_kubectl\_image\_repository) | The repository portion of the URI to access the kubectl image |
-| <a name="output_kubectl_image_tag"></a> [kubectl\_image\_tag](#output\_kubectl\_image\_tag) | The tag portion of the URI to access the kubectl image |
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
 | <a name="output_rwo_storage_class"></a> [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
diff --git a/aws_data.tf b/aws_data.tf
new file mode 100644
index 0000000..96cd77c
--- /dev/null
+++ b/aws_data.tf
@@ -0,0 +1,5 @@
+data "aws_ebs_default_kms_key" "current" {}
+
+data "aws_kms_key" "ebs_key" {
+  key_id = data.aws_ebs_default_kms_key.current.key_arn
+}
diff --git a/copy_images.tf b/copy_images.tf.off
similarity index 51%
rename from copy_images.tf
rename to copy_images.tf.off
index b3c0dcd..dccba9e 100644
--- a/copy_images.tf
+++ b/copy_images.tf.off
@@ -1,17 +1,7 @@
 locals {
-  # autoscaler_key = format("%v#%v", "cluster-autoscaler", var.cluster_autoscaler_tag)
   kubectl_key = format("%v#%v", "kubectl", var.kubectl_image_tag)
 
   image_config = [
-    # {
-    #   enabled         = true
-    #   dest_path       = null
-    #   name            = "cluster-autoscaler"
-    #   source_image    = "autoscaling/cluster-autoscaler"
-    #   source_registry = "registry.k8s.io"
-    #   source_tag      = null
-    #   tag             = var.cluster_autoscaler_tag
-    # },
     {
       enabled         = true
       dest_path       = null
@@ -20,7 +10,7 @@ locals {
       source_registry = "docker.io"
       source_tag      = var.kubectl_image_tag
       tag             = var.kubectl_image_tag
-    },
+    }
   ]
 }
 
@@ -32,18 +22,8 @@ module "images" {
   image_config     = local.image_config
   tags             = {}
 
-  ### optional
-  ##  account_alias        = ""
-  ##  account_id           = ""
-  ##  destination_password = ""
-  ##  destination_username = ""
-  ##  override_prefixes    = {}
-  ##  region               = ""
-  ##  source_password      = ""
-  ##  source_username      = ""
-
   enable_lifecycle_policy = true
   lifecycle_policy_all    = true
   force_delete            = true
-
+  lifecycle_policy_keep_count = 3
 }
diff --git a/eks_console_access.tf b/eks_console_access.tf
index a8a0637..744b81c 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,30 +25,22 @@ locals {
     },
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr }
+  all_access_documents = flatten([
+    for cr_name, cr_data in local.cluster_roles_map : [
+      yamldecode(data.http.cluster_roles[cr_name].body)
+    ] if cr_data.enabled
+  ])
 }
 
-
+# Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
   for_each = local.cluster_roles_map
   url      = each.value.url
 }
 
-data "kubectl_file_documents" "access_documents" {
-  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-
-  content = data.http.cluster_roles[each.key].body
-}
-
-locals {
-  all_access_documents = flatten([
-    for cr_name, cr_data in local.cluster_roles_map : [
-      for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc
-    ] if cr_data.enabled
-  ])
-}
-
-resource "kubectl_manifest" "deploy_cluster_roles" {
-  count = length(local.all_access_documents)
+# Apply the Kubernetes manifests to the cluster
+resource "kubernetes_manifest" "deploy_cluster_roles" {
+  for_each = { for idx, doc in local.all_access_documents : idx => doc }
 
-  yaml_body = local.all_access_documents[count.index]
+  manifest = each.value
 }
diff --git a/main.tf b/main.tf
index 09b0604..dfa9dc5 100644
--- a/main.tf
+++ b/main.tf
@@ -1,9 +1,3 @@
-data "aws_ebs_default_kms_key" "current" {}
-
-data "aws_kms_key" "ebs_key" {
-  key_id = data.aws_ebs_default_kms_key.current.key_arn
-}
-
 locals {
   base_tags = {
     "eks-cluster-name"      = var.cluster_name
diff --git a/outputs.tf b/outputs.tf
index ab60443..e221d4e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -26,26 +26,26 @@ output "rwx_storage_class" {
   value       = kubernetes_storage_class.efs_sc.metadata[0].name
 }
 
-################################################################################
-# Details about kubectl image
-################################################################################
-
-output "kubectl_image_full_path" {
-  description = "The full URI to access the kubectl image including the registry/repository:tag"
-  value       = module.images.images[local.kubectl_key].dest_full_path
-}
-
-output "kubectl_image_registry" {
-  description = "The registry portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].dest_registry
-}
-
-output "kubectl_image_repository" {
-  description = "The repository portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].dest_repository
-}
-
-output "kubectl_image_tag" {
-  description = "The tag portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].tag
-}
+# ################################################################################
+# # Details about kubectl image
+# ################################################################################
+
+# output "kubectl_image_full_path" {
+#   description = "The full URI to access the kubectl image including the registry/repository:tag"
+#   value       = module.images.images[local.kubectl_key].dest_full_path
+# }
+
+# output "kubectl_image_registry" {
+#   description = "The registry portion of the URI to access the kubectl image"
+#   value       = module.images.images[local.kubectl_key].dest_registry
+# }
+
+# output "kubectl_image_repository" {
+#   description = "The repository portion of the URI to access the kubectl image"
+#   value       = module.images.images[local.kubectl_key].dest_repository
+# }
+
+# output "kubectl_image_tag" {
+#   description = "The tag portion of the URI to access the kubectl image"
+#   value       = module.images.images[local.kubectl_key].tag
+# }
diff --git a/requirements.tf b/requirements.tf
index 48cbf58..871794c 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -10,10 +10,6 @@ terraform {
       source  = "hashicorp/http"
       version = ">= 2.1.0"
     }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14.0"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
diff --git a/variables.tf b/variables.tf
index 5c4c702..c2d1be1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,12 +9,6 @@ variable "region" {
   type        = string
 }
 
-variable "profile" {
-  description = "AWS config profile"
-  type        = string
-  default     = ""
-}
-
 variable "vpc_id" {
   description = "Specify the VPC id that is used by this cluster"
   type        = string
@@ -30,17 +24,17 @@ variable "security_group_all_worker_mgmt_id" {
   type        = string
 }
 
-# tflint-ignore: terraform_unused_declarations
-variable "eks_managed_node_groups_autoscaling_group_names" {
-  description = "List of the autoscaling group names created by EKS managed node groups"
-  type        = list(string)
-}
+# # tflint-ignore: terraform_unused_declarations
+# variable "eks_managed_node_groups_autoscaling_group_names" {
+#   description = "List of the autoscaling group names created by EKS managed node groups"
+#   type        = list(string)
+# }
 
-# tflint-ignore: terraform_unused_declarations
-variable "oidc_provider_arn" {
-  description = "The ARN of the OIDC Provider if `enable_irsa = true`"
-  type        = string
-}
+# # tflint-ignore: terraform_unused_declarations
+# variable "oidc_provider_arn" {
+#   description = "The ARN of the OIDC Provider if `enable_irsa = true`"
+#   type        = string
+# }
 
 variable "operators_ns" {
   description = "Namespace to create where operators will be installed."
@@ -60,23 +54,8 @@ variable "tags" {
   default     = {}
 }
 
-variable "kubectl_image_tag" {
-  description = "The version of bitnami/kubectl image to use."
-  type        = string
-  default     = "1.30.4"
-}
-
-# # helm add repo autoscaler "https://kubernetes.github.io/autoscaler"
-# # helm search repo -l autoscaler/cluster-autoscaler
-# variable "cluster_autoscaler_chart_version" {
-#   description = "The helm chart of the cluster-autoscaler most closely matching the Kuberentes version.  Review output of `helm add repo autoscaler 'https://kubernetes.github.io/autoscaler'` (if the repo hasn't been added previously) and `helm search repo -l autoscaler/cluster-autoscaler`"
-#   type        = string
-#   default     = "9.37.0"
-# }
-
-# # helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:
-# variable "cluster_autoscaler_tag" {
-#   description = "Image tag of cluster-autoscaler associated with the cluster_autoscaler_chart_version helm chart.  `helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:`"
+# variable "kubectl_image_tag" {
+#   description = "The version of bitnami/kubectl image to use."
 #   type        = string
-#   default     = "v1.30.0"
+#   default     = "1.30.4"
 # }

From 0393d71be066da4ced140e601a8df17ddf707d28 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 15:21:22 -0500
Subject: [PATCH 02/73] verify enabled prior to decode

---
 README.md             | 4 ++--
 eks_console_access.tf | 8 ++------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index bbac286..db8db8f 100644
--- a/README.md
+++ b/README.md
@@ -44,9 +44,9 @@ sys     0m2.015s
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.73.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
 
 ## Modules
 
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 744b81c..4419c97 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -24,12 +24,8 @@ locals {
       enabled = false
     },
   ]
-  cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr }
-  all_access_documents = flatten([
-    for cr_name, cr_data in local.cluster_roles_map : [
-      yamldecode(data.http.cluster_roles[cr_name].body)
-    ] if cr_data.enabled
-  ])
+  cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
+  all_access_documents = flatten([for cr_name, cr_data in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[cr_name].body)] if cr_data.enabled])
 }
 
 # Fetch the YAML files from the specified URLs

From 65006328dd8ddd4be7b438270ae8912e0057a857 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 15:35:50 -0500
Subject: [PATCH 03/73] use cr_url directly

---
 README.md             |  6 +-----
 eks_console_access.tf |  6 ++++--
 outputs.tf            | 24 ------------------------
 variables.tf          | 18 ------------------
 4 files changed, 5 insertions(+), 49 deletions(-)

diff --git a/README.md b/README.md
index db8db8f..4b6bd84 100644
--- a/README.md
+++ b/README.md
@@ -12,12 +12,8 @@ The module configures an eks cluster with additional components after the cluste
 A successful apply will yield:
 Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
 Outputs:
-kubectl_image_full_path = "224384469011.dkr.ecr.us-gov-east-1.amazonaws.com/platform-eng-eks-mcm/kubectl:1.27.14"
-kubectl_image_registry = "224384469011.dkr.ecr.us-gov-east-1.amazonaws.com"
-kubectl_image_repository = "platform-eng-eks-mcm/kubectl"
-kubectl_image_tag = "1.27.14"
 module_name = "tfmod-eks-configuration"
-module_version = "0.0.2"
+module_version = "0.1.1"
 rwo_storage_class = "gp3-encrypted"
 rwx_storage_class = "efs"
 real    2m4.048s
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 4419c97..d39c38b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,15 +25,17 @@ locals {
     },
   ]
   cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  all_access_documents = flatten([for cr_name, cr_data in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[cr_name].body)] if cr_data.enabled])
+  all_access_documents = flatten([for cr_name, cr_url in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[cr_url])] if cr_data.enabled])
 }
 
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
   for_each = local.cluster_roles_map
-  url      = each.value.url
+
+  url = each.value.url
 }
 
+
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for idx, doc in local.all_access_documents : idx => doc }
diff --git a/outputs.tf b/outputs.tf
index e221d4e..d5e5656 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -25,27 +25,3 @@ output "rwx_storage_class" {
   description = "Kubernetes storage class that supports read/write many."
   value       = kubernetes_storage_class.efs_sc.metadata[0].name
 }
-
-# ################################################################################
-# # Details about kubectl image
-# ################################################################################
-
-# output "kubectl_image_full_path" {
-#   description = "The full URI to access the kubectl image including the registry/repository:tag"
-#   value       = module.images.images[local.kubectl_key].dest_full_path
-# }
-
-# output "kubectl_image_registry" {
-#   description = "The registry portion of the URI to access the kubectl image"
-#   value       = module.images.images[local.kubectl_key].dest_registry
-# }
-
-# output "kubectl_image_repository" {
-#   description = "The repository portion of the URI to access the kubectl image"
-#   value       = module.images.images[local.kubectl_key].dest_repository
-# }
-
-# output "kubectl_image_tag" {
-#   description = "The tag portion of the URI to access the kubectl image"
-#   value       = module.images.images[local.kubectl_key].tag
-# }
diff --git a/variables.tf b/variables.tf
index c2d1be1..4f4ada5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -24,18 +24,6 @@ variable "security_group_all_worker_mgmt_id" {
   type        = string
 }
 
-# # tflint-ignore: terraform_unused_declarations
-# variable "eks_managed_node_groups_autoscaling_group_names" {
-#   description = "List of the autoscaling group names created by EKS managed node groups"
-#   type        = list(string)
-# }
-
-# # tflint-ignore: terraform_unused_declarations
-# variable "oidc_provider_arn" {
-#   description = "The ARN of the OIDC Provider if `enable_irsa = true`"
-#   type        = string
-# }
-
 variable "operators_ns" {
   description = "Namespace to create where operators will be installed."
   type        = string
@@ -53,9 +41,3 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
-
-# variable "kubectl_image_tag" {
-#   description = "The version of bitnami/kubectl image to use."
-#   type        = string
-#   default     = "1.30.4"
-# }

From 153f947f8de30c51abf6f7a17974b7c0ee46bac2 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 15:40:48 -0500
Subject: [PATCH 04/73] use cr_url directly v2

---
 eks_console_access.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index d39c38b..af35436 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -31,8 +31,7 @@ locals {
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
   for_each = local.cluster_roles_map
-
-  url = each.value.url
+  url      = each.value.url
 }
 
 

From 0c26103707d5d67b43f4ec672469cf3498451732 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 15:47:38 -0500
Subject: [PATCH 05/73] use cr_url via map

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index af35436..ad3bf20 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,7 +25,7 @@ locals {
     },
   ]
   cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  all_access_documents = flatten([for cr_name, cr_url in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[cr_url])] if cr_data.enabled])
+  all_access_documents = flatten([for name, url in local.cluster_roles : [yamldecode(data.http.cluster_roles[name].body)]])
 }
 
 # Fetch the YAML files from the specified URLs

From b831a3fe78788f2fc4dcbb6a6c7ccf01c47837d9 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:02:37 -0500
Subject: [PATCH 06/73] use url via map v2

---
 eks_console_access.tf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index ad3bf20..ddf1ca3 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,7 +25,7 @@ locals {
     },
   ]
   cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  all_access_documents = flatten([for name, url in local.cluster_roles : [yamldecode(data.http.cluster_roles[name].body)]])
+  all_access_documents = flatten([for name, url in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[name].body)]])
 }
 
 # Fetch the YAML files from the specified URLs
@@ -34,10 +34,8 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for idx, doc in local.all_access_documents : idx => doc }
-
   manifest = each.value
 }

From 07a749f06403ca840f8b861bedfe350a67cbad56 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:04:51 -0500
Subject: [PATCH 07/73] from the data not the map

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index ddf1ca3..efb64d3 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,7 +25,7 @@ locals {
     },
   ]
   cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  all_access_documents = flatten([for name, url in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[name].body)]])
+  all_access_documents = flatten([for name, cr in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[name].body)]])
 }
 
 # Fetch the YAML files from the specified URLs

From 80c4f2f81163b22bc41834dd61f27d57d767c09f Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:11:58 -0500
Subject: [PATCH 08/73] start over

---
 eks_console_access.tf | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index efb64d3..eebb559 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -24,8 +24,7 @@ locals {
       enabled = false
     },
   ]
-  cluster_roles_map    = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  all_access_documents = flatten([for name, cr in local.cluster_roles_map : [yamldecode(data.http.cluster_roles[name].body)]])
+  cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -36,6 +35,6 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for idx, doc in local.all_access_documents : idx => doc }
-  manifest = each.value
+  for_each = local.cluster_roles_map
+  manifest = data.http.cluster_roles[each.key].body
 }

From 72c10d9006135913abca880f0d2402b796baf7d1 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:13:33 -0500
Subject: [PATCH 09/73] expects a map not string

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index eebb559..5b5e248 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -36,5 +36,5 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = data.http.cluster_roles[each.key].body
+  manifest = yamldecode(data.http.cluster_roles[each.key].body)
 }

From 13152b885881fd2a7f2bd52e73a5948e89435384 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:35:03 -0500
Subject: [PATCH 10/73] try each.url

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5b5e248..475c076 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -30,7 +30,7 @@ locals {
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
   for_each = local.cluster_roles_map
-  url      = each.value.url
+  url      = each.url
 }
 
 # Apply the Kubernetes manifests to the cluster

From 3af08e2c0c2529558e03173eb6800ec3175dc18d Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:36:55 -0500
Subject: [PATCH 11/73] without yamldecode

---
 eks_console_access.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 475c076..eebb559 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -30,11 +30,11 @@ locals {
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
   for_each = local.cluster_roles_map
-  url      = each.url
+  url      = each.value.url
 }
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = yamldecode(data.http.cluster_roles[each.key].body)
+  manifest = data.http.cluster_roles[each.key].body
 }

From 911896402a9c74a36526dc664f614fca3f30e277 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:48:27 -0500
Subject: [PATCH 12/73] yamldecode or unmarshal error

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index eebb559..5b5e248 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -36,5 +36,5 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = data.http.cluster_roles[each.key].body
+  manifest = yamldecode(data.http.cluster_roles[each.key].body)
 }

From b9b9a4e91b08dfd9d115cb7d7e38c65418909b2d Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 16:50:02 -0500
Subject: [PATCH 13/73] add trimspace

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5b5e248..afa33eb 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -36,5 +36,5 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = yamldecode(data.http.cluster_roles[each.key].body)
+  manifest = yamldecode(trimspace(data.http.cluster_roles[each.key].body))
 }

From b3e7722c3b8885a59a30d1b32f6a3567fa4833f3 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:01:58 -0500
Subject: [PATCH 14/73] nope

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index afa33eb..5b5e248 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -36,5 +36,5 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = yamldecode(trimspace(data.http.cluster_roles[each.key].body))
+  manifest = yamldecode(data.http.cluster_roles[each.key].body)
 }

From 556dbd521966611b06e0601498f7c122e5950052 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:04:49 -0500
Subject: [PATCH 15/73] add null

---
 README.md             |  5 ++++-
 eks_console_access.tf | 31 ++++++++++++++++++++++++++++---
 requirements.tf       |  5 ++++-
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 4b6bd84..5c05be2 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ sys     0m2.015s
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 1.0 |
 
 ## Providers
 
@@ -43,6 +44,7 @@ sys     0m2.015s
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 1.0 |
 
 ## Modules
 
@@ -54,11 +56,12 @@ sys     0m2.015s
 
 | Name | Type |
 |------|------|
-| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
+| [null_resource.apply_cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5b5e248..766e46a 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,8 +33,33 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-# Apply the Kubernetes manifests to the cluster
-resource "kubernetes_manifest" "deploy_cluster_roles" {
+# # Apply the Kubernetes manifests to the cluster
+# resource "kubernetes_manifest" "deploy_cluster_roles" {
+#   for_each = local.cluster_roles_map
+#   manifest = yamldecode(data.http.cluster_roles[each.key].body)
+# }
+
+resource "null_resource" "cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = yamldecode(data.http.cluster_roles[each.key].body)
+  triggers = {
+    roles     = join(",", [each.key, each.value.url])
+    directory = null_resource.setup_directory.triggers.directory
+  }
+  provisioner "local-exec" {
+    command = "echo '${data.http.cluster_roles[each.key].body}' > ${self.triggers.directory}/${each.value.name}.yaml"
+  }
+}
+
+resource "null_resource" "apply_cluster_roles" {
+  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+  triggers = {
+    roles = join(",", [each.key, each.value.url])
+  }
+  depends_on = [null_resource.kubeconfig]
+  provisioner "local-exec" {
+    environment = {
+      KUBECONFIG = "${path.root}/setup/kube.config"
+    }
+    command = "kubectl apply -f setup/${each.value.name}.yaml"
+  }
 }
diff --git a/requirements.tf b/requirements.tf
index 871794c..293d403 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,6 +14,9 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
     }
-
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 1.0"
+    }
   }
 }

From e545867c602d6c052d3a738620a5a5859db05c09 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:06:37 -0500
Subject: [PATCH 16/73] strip dir stuff

---
 eks_console_access.tf | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 766e46a..ee2f871 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -42,11 +42,10 @@ data "http" "cluster_roles" {
 resource "null_resource" "cluster_roles" {
   for_each = local.cluster_roles_map
   triggers = {
-    roles     = join(",", [each.key, each.value.url])
-    directory = null_resource.setup_directory.triggers.directory
+    roles = join(",", [each.key, each.value.url])
   }
   provisioner "local-exec" {
-    command = "echo '${data.http.cluster_roles[each.key].body}' > ${self.triggers.directory}/${each.value.name}.yaml"
+    command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
   }
 }
 
@@ -60,6 +59,6 @@ resource "null_resource" "apply_cluster_roles" {
     environment = {
       KUBECONFIG = "${path.root}/setup/kube.config"
     }
-    command = "kubectl apply -f setup/${each.value.name}.yaml"
+    command = "kubectl apply -f ${each.value.name}.yaml"
   }
 }

From c412cc6c3484de57180f18f69e9e58900fae40de Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:07:29 -0500
Subject: [PATCH 17/73] remove depends

---
 eks_console_access.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index ee2f871..a535329 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -54,7 +54,6 @@ resource "null_resource" "apply_cluster_roles" {
   triggers = {
     roles = join(",", [each.key, each.value.url])
   }
-  depends_on = [null_resource.kubeconfig]
   provisioner "local-exec" {
     environment = {
       KUBECONFIG = "${path.root}/setup/kube.config"

From b12cd5041a35fdd5055afa40deb0d0c1f8365aa9 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:09:19 -0500
Subject: [PATCH 18/73] remove kubeconfig

---
 eks_console_access.tf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index a535329..024a916 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -55,9 +55,6 @@ resource "null_resource" "apply_cluster_roles" {
     roles = join(",", [each.key, each.value.url])
   }
   provisioner "local-exec" {
-    environment = {
-      KUBECONFIG = "${path.root}/setup/kube.config"
-    }
     command = "kubectl apply -f ${each.value.name}.yaml"
   }
 }

From 9760a7003faad673c92c9b46ece95b061e230e95 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:17:48 -0500
Subject: [PATCH 19/73] use null to pull file

---
 README.md             |  2 +-
 eks_console_access.tf | 26 +++++++++++++-------------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 5c05be2..7eb2587 100644
--- a/README.md
+++ b/README.md
@@ -56,11 +56,11 @@ sys     0m2.015s
 
 | Name | Type |
 |------|------|
+| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
-| [null_resource.apply_cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 024a916..8f326f0 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,12 +33,6 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-# # Apply the Kubernetes manifests to the cluster
-# resource "kubernetes_manifest" "deploy_cluster_roles" {
-#   for_each = local.cluster_roles_map
-#   manifest = yamldecode(data.http.cluster_roles[each.key].body)
-# }
-
 resource "null_resource" "cluster_roles" {
   for_each = local.cluster_roles_map
   triggers = {
@@ -49,12 +43,18 @@ resource "null_resource" "cluster_roles" {
   }
 }
 
-resource "null_resource" "apply_cluster_roles" {
+# # Apply the Kubernetes manifests to the cluster
+resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  triggers = {
-    roles = join(",", [each.key, each.value.url])
-  }
-  provisioner "local-exec" {
-    command = "kubectl apply -f ${each.value.name}.yaml"
-  }
+  manifest = yamldecode(file("${each.value.name}.yaml"))
 }
+
+# resource "null_resource" "apply_cluster_roles" {
+#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+#   triggers = {
+#     roles = join(",", [each.key, each.value.url])
+#   }
+#   provisioner "local-exec" {
+#     command = "kubectl apply -f ${each.value.name}.yaml"
+#   }
+# }

From 0f2b7aba86a4df412dbe9cdce0a18b9d2821988b Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:19:06 -0500
Subject: [PATCH 20/73] add depends

---
 eks_console_access.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 8f326f0..ae53e55 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -45,8 +45,9 @@ resource "null_resource" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = yamldecode(file("${each.value.name}.yaml"))
+  depends_on = [null_resource.cluster_roles]
+  for_each   = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+  manifest   = yamldecode(file("${each.value.name}.yaml"))
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 10444d5c86486f15b95778b277fc770c0a6fd796 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:22:31 -0500
Subject: [PATCH 21/73] cannonical example

---
 README.md             |  3 ---
 eks_console_access.tf | 24 ++++++++++++------------
 requirements.tf       |  4 ----
 3 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 7eb2587..4b6bd84 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,6 @@ sys     0m2.015s
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 1.0 |
 
 ## Providers
 
@@ -44,7 +43,6 @@ sys     0m2.015s
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 1.0 |
 
 ## Modules
 
@@ -61,7 +59,6 @@ sys     0m2.015s
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
-| [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index ae53e55..7759a51 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,21 +33,21 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-resource "null_resource" "cluster_roles" {
-  for_each = local.cluster_roles_map
-  triggers = {
-    roles = join(",", [each.key, each.value.url])
-  }
-  provisioner "local-exec" {
-    command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
-  }
-}
+# resource "null_resource" "cluster_roles" {
+#   for_each = local.cluster_roles_map
+#   triggers = {
+#     roles = join(",", [each.key, each.value.url])
+#   }
+#   provisioner "local-exec" {
+#     command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
+#   }
+# }
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  depends_on = [null_resource.cluster_roles]
-  for_each   = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest   = yamldecode(file("${each.value.name}.yaml"))
+  # depends_on = [null_resource.cluster_roles]
+  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+  manifest = yamldecode(data.http.cluster_roles[each.key].body)
 }
 
 # resource "null_resource" "apply_cluster_roles" {
diff --git a/requirements.tf b/requirements.tf
index 293d403..912400a 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,9 +14,5 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
     }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 1.0"
-    }
   }
 }

From cd4ce1c5899cac933412e6ff695e866d6dcca3c6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:31:10 -0500
Subject: [PATCH 22/73] json to yaml

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 7759a51..cbc5825 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = yamldecode(data.http.cluster_roles[each.key].body)
+  manifest = yamldecode(jsonencode(data.http.cluster_roles[each.key].body))
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From cf3869a0c3a5e1c8b010bd31df79909d0a10d905 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:38:52 -0500
Subject: [PATCH 23/73] maybe build a map

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index cbc5825..f646cc3 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = yamldecode(jsonencode(data.http.cluster_roles[each.key].body))
+  manifest = join(",", [each.key, yamldecode(data.http.cluster_roles[each.key].body)])
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 85154e1d702422dd114aef08d0776e2ebd38b2cb Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:40:54 -0500
Subject: [PATCH 24/73] no join

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index f646cc3..0f69b91 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = join(",", [each.key, yamldecode(data.http.cluster_roles[each.key].body)])
+  manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 926daa2a412fb49d89326b33d99775cc049ee74f Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:54:20 -0500
Subject: [PATCH 25/73] yaml mangling

---
 eks_console_access.tf | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 0f69b91..5abcd85 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -44,10 +44,24 @@ data "http" "cluster_roles" {
 # }
 
 # # Apply the Kubernetes manifests to the cluster
+# resource "kubernetes_manifest" "deploy_cluster_roles" {
+#   # depends_on = [null_resource.cluster_roles]
+#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+#   manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
+# }
+
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  # depends_on = [null_resource.cluster_roles]
-  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
+  for_each = {
+    for value in [
+      for yaml in split(
+        "\n---\n",
+        "\n${replace(data.http.cluster_roles[each.key].body, "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
+      ) :
+      yamldecode(yaml)
+      if trimspace(replace(yaml, "/(?m)(^[[:blank:]]*(#.*)?$)+/", "")) != ""
+    ] : "${value["kind"]}--${value["metadata"]["name"]}" => value
+  }
+  manifest = each.value
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 2f10cec3d2ebef62c39a7d7fbea7e156a1f0ddf3 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:57:19 -0500
Subject: [PATCH 26/73] idk

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5abcd85..57aec29 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -55,7 +55,7 @@ resource "kubernetes_manifest" "deploy_cluster_roles" {
     for value in [
       for yaml in split(
         "\n---\n",
-        "\n${replace(data.http.cluster_roles[each.key].body, "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
+        "${replace(data.http.cluster_roles[each.key].body, "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
       ) :
       yamldecode(yaml)
       if trimspace(replace(yaml, "/(?m)(^[[:blank:]]*(#.*)?$)+/", "")) != ""

From bc04393217bbfaa9f492bbe2140de1c4f93a10b8 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 17:59:35 -0500
Subject: [PATCH 27/73] idk2

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 57aec29..60b208f 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -55,7 +55,7 @@ resource "kubernetes_manifest" "deploy_cluster_roles" {
     for value in [
       for yaml in split(
         "\n---\n",
-        "${replace(data.http.cluster_roles[each.key].body, "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
+        "${replace(yamldecode(data.http.cluster_roles[each.key].body), "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
       ) :
       yamldecode(yaml)
       if trimspace(replace(yaml, "/(?m)(^[[:blank:]]*(#.*)?$)+/", "")) != ""

From d2b13efecfc89aac8802cfe68edd45340c0cb6e5 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 18:08:23 -0500
Subject: [PATCH 28/73] file intermediate

---
 README.md             |  3 +++
 eks_console_access.tf | 38 ++++++++++++--------------------------
 requirements.tf       |  4 ++++
 3 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/README.md b/README.md
index 4b6bd84..7eb2587 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ sys     0m2.015s
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 1.0 |
 
 ## Providers
 
@@ -43,6 +44,7 @@ sys     0m2.015s
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 1.0 |
 
 ## Modules
 
@@ -59,6 +61,7 @@ sys     0m2.015s
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
+| [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 60b208f..8b90588 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,35 +33,21 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-# resource "null_resource" "cluster_roles" {
-#   for_each = local.cluster_roles_map
-#   triggers = {
-#     roles = join(",", [each.key, each.value.url])
-#   }
-#   provisioner "local-exec" {
-#     command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
-#   }
-# }
+resource "null_resource" "cluster_roles" {
+  for_each = local.cluster_roles_map
+  triggers = {
+    roles = join(",", [each.key, each.value.url])
+  }
+  provisioner "local-exec" {
+    command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
+  }
+}
 
 # # Apply the Kubernetes manifests to the cluster
-# resource "kubernetes_manifest" "deploy_cluster_roles" {
-#   # depends_on = [null_resource.cluster_roles]
-#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-#   manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
-# }
-
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = {
-    for value in [
-      for yaml in split(
-        "\n---\n",
-        "${replace(yamldecode(data.http.cluster_roles[each.key].body), "/(?m)^---[[:blank:]]*(#.*)?$/", "---")}\n"
-      ) :
-      yamldecode(yaml)
-      if trimspace(replace(yaml, "/(?m)(^[[:blank:]]*(#.*)?$)+/", "")) != ""
-    ] : "${value["kind"]}--${value["metadata"]["name"]}" => value
-  }
-  manifest = each.value
+  # depends_on = [null_resource.cluster_roles]
+  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+  manifest = [yamldecode("${each.value.name}.yaml")]
 }
 
 # resource "null_resource" "apply_cluster_roles" {
diff --git a/requirements.tf b/requirements.tf
index 912400a..293d403 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,5 +14,9 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 1.0"
+    }
   }
 }

From 2a7e02df3c5015f16a8dfcf8dada79eae5ceb1c7 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 18:09:58 -0500
Subject: [PATCH 29/73] file intermediate

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 8b90588..54e529f 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ resource "null_resource" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [yamldecode("${each.value.name}.yaml")]
+  manifest = "${each.value.name}.yaml"
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 829736454fde80e84f26f6060af7a6a95ded816b Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 18:11:22 -0500
Subject: [PATCH 30/73] maybe

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 54e529f..6a4ecd2 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ resource "null_resource" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = "${each.value.name}.yaml"
+  manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 3305954e7bc68b663f662e8c6333d43c1e1f66e6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 18:47:11 -0500
Subject: [PATCH 31/73] try a split

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 6a4ecd2..5510879 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ resource "null_resource" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [yamldecode(data.http.cluster_roles[each.key].body)]
+  manifest = [yamldecode(split("---", data.http.cluster_roles[each.key].body))]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From ebfacf74a89d5954067daf7ae9724b2e4ed44c55 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 18:48:58 -0500
Subject: [PATCH 32/73] invert

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5510879..9543f95 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ resource "null_resource" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [yamldecode(split("---", data.http.cluster_roles[each.key].body))]
+  manifest = [split("---", yamldecode(data.http.cluster_roles[each.key].body))]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 466c10d76e5f7763c511175ddbc2580579a4843c Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:04:01 -0500
Subject: [PATCH 33/73] try provider function

---
 README.md             |  3 ---
 eks_console_access.tf | 23 +++++++++++++----------
 requirements.tf       |  4 ----
 3 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 7eb2587..4b6bd84 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,6 @@ sys     0m2.015s
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 1.0 |
 
 ## Providers
 
@@ -44,7 +43,6 @@ sys     0m2.015s
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 1.0 |
 
 ## Modules
 
@@ -61,7 +59,6 @@ sys     0m2.015s
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
-| [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 9543f95..8dc01f9 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,21 +33,24 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-resource "null_resource" "cluster_roles" {
-  for_each = local.cluster_roles_map
-  triggers = {
-    roles = join(",", [each.key, each.value.url])
-  }
-  provisioner "local-exec" {
-    command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
-  }
-}
+# resource "null_resource" "cluster_roles" {
+#   for_each = local.cluster_roles_map
+#   triggers = {
+#     roles = join(",", [each.key, each.value.url])
+#   }
+#   provisioner "local-exec" {
+#     command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
+#   }
+# }
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [split("---", yamldecode(data.http.cluster_roles[each.key].body))]
+  triggers = {
+    roles = join(",", [each.key, each.value.url])
+  }
+  manifest = manifest_decode(data.http.cluster_roles[each.key].body)
 }
 
 # resource "null_resource" "apply_cluster_roles" {
diff --git a/requirements.tf b/requirements.tf
index 293d403..912400a 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,9 +14,5 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
     }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 1.0"
-    }
   }
 }

From dc2b116e5ec64c92d8cab0415faa03e06c51eb94 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:24:44 -0500
Subject: [PATCH 34/73] fully qualified function

---
 .pre-commit-config.yaml | 20 ++++++++++----------
 eks_console_access.tf   |  6 +-----
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bdad379..bb1a43e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -46,16 +46,16 @@ repos:
     - id: terraform_docs
       args:
         - --hook-config=--parallelism-ci-cpu-cores=2
-    - id: terraform_tflint
-      name: Terraform validate with tflint
-      description: Validates all Terraform configuration files with TFLint.
-      require_serial: true
-      entry: hooks/terraform_tflint.sh
-      language: script
-      files: (\.tf|\.tfvars)$
-      exclude: \.(terraform/.*|terragrunt-cache)$
-      args:
-        - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terraform_tflint
+    #   name: Terraform validate with tflint
+    #   description: Validates all Terraform configuration files with TFLint.
+    #   require_serial: true
+    #   entry: hooks/terraform_tflint.sh
+    #   language: script
+    #   files: (\.tf|\.tfvars)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
     - id: terragrunt_fmt
       name: Terragrunt fmt
       description: Rewrites all Terragrunt configuration files to a canonical format.
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 8dc01f9..923529e 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -45,12 +45,8 @@ data "http" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  # depends_on = [null_resource.cluster_roles]
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  triggers = {
-    roles = join(",", [each.key, each.value.url])
-  }
-  manifest = manifest_decode(data.http.cluster_roles[each.key].body)
+  manifest = provider::kubernetes::manifest_decode(data.http.cluster_roles[each.key].body)
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 004d45d84b6390baad81e5e2a5df2021be0aef98 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:26:04 -0500
Subject: [PATCH 35/73] use multi

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 923529e..06c9ad5 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,7 +46,7 @@ data "http" "cluster_roles" {
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = provider::kubernetes::manifest_decode(data.http.cluster_roles[each.key].body)
+  manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 98431bd61aa338b694c0ac6bac293888d7f88711 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:32:37 -0500
Subject: [PATCH 36/73] split again

---
 eks_console_access.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 06c9ad5..4d21c12 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,7 +46,8 @@ data "http" "cluster_roles" {
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
+  # manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
+  manifest = split("---\n", data.http.cluster_roles[each.key].body)
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 7682267395f7ee402ebab7ed919be2086c783788 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:34:23 -0500
Subject: [PATCH 37/73] join split

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 4d21c12..2e45804 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
   # manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest = split("---\n", data.http.cluster_roles[each.key].body)
+  manifest = [join(",", split("---\n", data.http.cluster_roles[each.key].body))]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 5628747b52499c209fee43fe1e85642a070f9d53 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:35:32 -0500
Subject: [PATCH 38/73] no join

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 2e45804..9036485 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
   # manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest = [join(",", split("---\n", data.http.cluster_roles[each.key].body))]
+  manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From 321a66d14989725fe725241bafc85c13d35e957c Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:36:39 -0500
Subject: [PATCH 39/73] back to func

---
 eks_console_access.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 9036485..45fbf54 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,8 +46,8 @@ data "http" "cluster_roles" {
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  # manifest = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
+  manifest = [provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)]
+  # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 }
 
 # resource "null_resource" "apply_cluster_roles" {

From ec24288f205175f92b1e6c0392eaf5416004cbe5 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:42:04 -0500
Subject: [PATCH 40/73] write map

---
 eks_console_access.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 45fbf54..e63fc64 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,7 +46,10 @@ data "http" "cluster_roles" {
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = [provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)]
+  manifest = {
+    name  = data.http.cluster_roles[each.key]
+    value = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
+  }
   # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 }
 

From 0167dd263e8188b4999919ffbc9e92e06b4865b8 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 13 Jan 2025 19:50:39 -0500
Subject: [PATCH 41/73] loop on manifest

---
 eks_console_access.tf | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index e63fc64..a92ef6c 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,6 +25,7 @@ locals {
     },
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
+  # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
 }
 
 # Fetch the YAML files from the specified URLs
@@ -45,11 +46,8 @@ data "http" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-  manifest = {
-    name  = data.http.cluster_roles[each.key]
-    value = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  }
+  for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
+  manifest = each.value
   # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 }
 

From 34b5751ac6bab8a419ba6494d014f530135f207d Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 14 Jan 2025 12:15:10 -0500
Subject: [PATCH 42/73] for_each refactor

---
 eks_console_access.tf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index a92ef6c..1af7b77 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -30,7 +30,7 @@ locals {
 
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
-  for_each = local.cluster_roles_map
+  for_each = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   url      = each.value.url
 }
 
@@ -46,10 +46,11 @@ data "http" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
+  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => manifest }
   manifest = each.value
-  # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 }
+# for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
+# manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 
 # resource "null_resource" "apply_cluster_roles" {
 #   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }

From f69fbb0d70b89fb32019b903e5cdc85e718d6ff8 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 21:46:26 -0500
Subject: [PATCH 43/73] add cond

---
 README.md             | 6 +++---
 eks_console_access.tf | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 4b6bd84..33187df 100644
--- a/README.md
+++ b/README.md
@@ -40,9 +40,9 @@ sys     0m2.015s
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
-| <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
+| <a name="provider_http"></a> [http](#provider\_http) | >= 2.1.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
 
 ## Modules
 
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 1af7b77..5e285de 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,7 +46,7 @@ data "http" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => manifest }
+  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => manifest if manifest.kind }
   manifest = each.value
 }
 # for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }

From 6bcc94c6e8032162b9e1592c9768d73829b3bc3a Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 21:51:54 -0500
Subject: [PATCH 44/73] cannonical example

---
 eks_console_access.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5e285de..ab315ed 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -46,9 +46,15 @@ data "http" "cluster_roles" {
 
 # # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => manifest if manifest.kind }
+  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => doc if doc.metadata }
   manifest = each.value
 }
+
+# resource "kubernetes_manifest" "projects" {
+#   for_each = { for manifest in provider::kubernetes::manifest_decode_multi(file("${path.module}/bootstrap/projects.yaml")) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
+#   manifest = each.value
+# }
+
 # for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
 # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 

From 84d943496b788644b8c604b5339037c289aeb9de Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:13:00 -0500
Subject: [PATCH 45/73] add name hack

---
 eks_console_access.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index ab315ed..55604af 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -44,10 +44,10 @@ data "http" "cluster_roles" {
 #   }
 # }
 
-# # Apply the Kubernetes manifests to the cluster
+# Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = { for doc in local.cluster_roles_map : provider::kubernetes::manifest_decode_multi(doc) => doc if doc.metadata }
-  manifest = each.value
+  for_each = local.cluster_roles_map
+  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
 }
 
 # resource "kubernetes_manifest" "projects" {

From 7cbfb567d67b461ec315e05058e7c61ae30fa155 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:15:04 -0500
Subject: [PATCH 46/73] no namespace attrib

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 55604af..a1a73f3 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
+  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
 }
 
 # resource "kubernetes_manifest" "projects" {

From 9945a9bab8cbc55b6dfb4c0d5e2ab1eca5641892 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:18:14 -0500
Subject: [PATCH 47/73] replace with yamldecode

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index a1a73f3..c099af8 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
+  manifest = { for manifest in yamldecode(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
 }
 
 # resource "kubernetes_manifest" "projects" {

From 4173a05c8ed4366f2c82040620c0df5e61db794e Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:19:26 -0500
Subject: [PATCH 48/73] no body

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index c099af8..20bd839 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in yamldecode(data.http.cluster_roles[each.key].body) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
+  manifest = { for manifest in yamldecode(data.http.cluster_roles[each.key]) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
 }
 
 # resource "kubernetes_manifest" "projects" {

From edf113444d41e3e3dfd419f042ac064d2ec6bea6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:36:16 -0500
Subject: [PATCH 49/73] synatx

---
 eks_console_access.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 20bd839..d4a7a01 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,11 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in yamldecode(data.http.cluster_roles[each.key]) : "${lower(manifest.kind)}-${manifest.metadata.name}" => manifest }
+  manifest = { for manifest in yamldecode("${data.http.cluster_roles[each.key].body}") : lower("${lmanifest.kind}-${manifest.metadata.name}") => manifest }
+
+  wait {
+    rollout = true
+  }
 }
 
 # resource "kubernetes_manifest" "projects" {

From dfbfba6c6b0b423090d48ed9f34b40659fd6f786 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:37:28 -0500
Subject: [PATCH 50/73] typo

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index d4a7a01..16fe83e 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in yamldecode("${data.http.cluster_roles[each.key].body}") : lower("${lmanifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in yamldecode("${data.http.cluster_roles[each.key].body}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 6b8d4059899e6f140fc7f240e4b3cb1c603fe8c7 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:39:42 -0500
Subject: [PATCH 51/73] provider func again

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 16fe83e..61e378f 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in yamldecode("${data.http.cluster_roles[each.key].body}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in provider::kubernetes::manifest_decode_multi("${data.http.cluster_roles[each.key].body}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 8e9a4c241bb58202f553fb211bf0cbbf8efe81c5 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 22:59:22 -0500
Subject: [PATCH 52/73] use local intermediate

---
 eks_console_access.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 61e378f..9d6dfed 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,11 +26,12 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
+  manifest_doc = { for crm in local.cluster_roles_map : data.http.cluster_roles[crm.key].body => crm }
 }
 
 # Fetch the YAML files from the specified URLs
 data "http" "cluster_roles" {
-  for_each = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
+  for_each = local.cluster_roles_map
   url      = each.value.url
 }
 
@@ -47,7 +48,7 @@ data "http" "cluster_roles" {
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = { for manifest in provider::kubernetes::manifest_decode_multi("${data.http.cluster_roles[each.key].body}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(local.manifest_doc) : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 1c8d9ffd450b6f4fae7510692b19a8e03ccc99f5 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:03:21 -0500
Subject: [PATCH 53/73] typos

---
 eks_console_access.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 9d6dfed..24edcb7 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for crm in local.cluster_roles_map : data.http.cluster_roles[crm.key].body => crm }
+  manifest_doc = { for crm in local.cluster_roles_map : data.http.cluster_roles[crm.name].body => crm }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -47,7 +47,6 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  for_each = local.cluster_roles_map
   manifest = { for manifest in provider::kubernetes::manifest_decode_multi(local.manifest_doc) : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {

From 549d1afa4013875157b76f0db445407802ed00d6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:05:19 -0500
Subject: [PATCH 54/73] interpolate

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 24edcb7..8d08d93 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = { for manifest in provider::kubernetes::manifest_decode_multi(local.manifest_doc) : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in provider::kubernetes::manifest_decode_multi("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 1c963eb51329a05e82b1eb31da3b2aa521627fb1 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:06:57 -0500
Subject: [PATCH 55/73] ugh

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 8d08d93..e32547b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = { for manifest in provider::kubernetes::manifest_decode_multi("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in yamldecode("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 0255881593c95a7c6e951962b8d8ce7a8dcf3bf3 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:09:14 -0500
Subject: [PATCH 56/73] jsonencode

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index e32547b..ef0ab6e 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = { for manifest in yamldecode("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in yamldecode(jsonencode("${local.manifest_doc}")) : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 2c70e8e578ad9892215cd06f0f2425f613183eef Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:11:27 -0500
Subject: [PATCH 57/73] move to local

---
 eks_console_access.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index ef0ab6e..61994cc 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for crm in local.cluster_roles_map : data.http.cluster_roles[crm.name].body => crm }
+  manifest_doc = { for crm in local.cluster_roles_map : jsonencode(data.http.cluster_roles[crm.name].body) => crm }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = { for manifest in yamldecode(jsonencode("${local.manifest_doc}")) : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = { for manifest in yamldecode("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
 
   wait {
     rollout = true

From 0ab01dc6fac17e96788bc8e5514b2c60a2cd42fa Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:17:03 -0500
Subject: [PATCH 58/73] maybe

---
 eks_console_access.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 61994cc..5fc6719 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for crm in local.cluster_roles_map : jsonencode(data.http.cluster_roles[crm.name].body) => crm }
+  manifest_doc = { for name in local.cluster_roles_map : yamldecode(data.http.cluster_roles[name].body) => crm }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -47,7 +47,7 @@ data "http" "cluster_roles" {
 
 # Apply the Kubernetes manifests to the cluster
 resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = { for manifest in yamldecode("${local.manifest_doc}") : lower("${manifest.kind}-${manifest.metadata.name}") => manifest }
+  manifest = local.manifest_doc
 
   wait {
     rollout = true

From 606c961eec3426d61132c60057f2d6adbdb6315a Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:18:03 -0500
Subject: [PATCH 59/73] name

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5fc6719..b7a312b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for name in local.cluster_roles_map : yamldecode(data.http.cluster_roles[name].body) => crm }
+  manifest_doc = { for name in local.cluster_roles_map : yamldecode(data.http.cluster_roles[name].body) => name }
 }
 
 # Fetch the YAML files from the specified URLs

From 68bfd3062c060737c6be39ff4316b72e3d3f7f49 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:19:38 -0500
Subject: [PATCH 60/73] cleanup ref

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index b7a312b..1a2124e 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for name in local.cluster_roles_map : yamldecode(data.http.cluster_roles[name].body) => name }
+  manifest_doc = { for item in local.cluster_roles_map : yamldecode(data.http.cluster_roles[item.name].body) => item }
 }
 
 # Fetch the YAML files from the specified URLs

From b0b3de9ae112af48e11a486d0b969644c5289cd1 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:21:45 -0500
Subject: [PATCH 61/73] force interpolate

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 1a2124e..2b37f6f 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for item in local.cluster_roles_map : yamldecode(data.http.cluster_roles[item.name].body) => item }
+  manifest_doc = { for item in local.cluster_roles_map : yamldecode("${data.http.cluster_roles[item.name].body}") => item }
 }
 
 # Fetch the YAML files from the specified URLs

From ab77c13f45cb29e464caa98a8273fb6eb515729b Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 16 Jan 2025 23:23:11 -0500
Subject: [PATCH 62/73] maybe

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 2b37f6f..b1ab23b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for item in local.cluster_roles_map : yamldecode("${data.http.cluster_roles[item.name].body}") => item }
+  manifest_doc = { for item in local.cluster_roles_map : "${data.http.cluster_roles[item.name].body}" => item }
 }
 
 # Fetch the YAML files from the specified URLs

From 622c204ac6179650c2fb3d59b9b1ce0cd0cdfe1a Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 16:39:45 -0500
Subject: [PATCH 63/73] use helm

---
 .pre-commit-config.yaml                       |   2 +-
 README.md                                     |   4 +-
 eks-console-full-access/.helmignore           |  23 ++++
 eks-console-full-access/Chart.yaml            |  21 ++++
 .../templates/_helpers.tpl                    |  62 ++++++++++
 .../templates/binding-rbac.yaml               |  15 +++
 .../templates/clusterrole-rbac.yaml           | 107 ++++++++++++++++++
 eks-console-full-access/values.yaml           |   1 +
 eks-console-restricted-access/.helmignore     |  23 ++++
 eks-console-restricted-access/Chart.yaml      |  21 ++++
 .../templates/_helpers.tpl                    |  62 ++++++++++
 .../templates/clusterrole-binding-rbac.yaml   |  15 +++
 .../templates/clusterrole-rbac.yaml           |  15 +++
 .../templates/role-binding-rbac.yaml          |  15 +++
 .../templates/role-rbac.yaml                  | 105 +++++++++++++++++
 eks-console-restricted-access/values.yaml     |   1 +
 eks_console_access.tf                         |  44 +++++--
 requirements.tf                               |   4 +
 variables.tf                                  |  21 ++++
 19 files changed, 551 insertions(+), 10 deletions(-)
 create mode 100644 eks-console-full-access/.helmignore
 create mode 100644 eks-console-full-access/Chart.yaml
 create mode 100644 eks-console-full-access/templates/_helpers.tpl
 create mode 100644 eks-console-full-access/templates/binding-rbac.yaml
 create mode 100644 eks-console-full-access/templates/clusterrole-rbac.yaml
 create mode 100644 eks-console-full-access/values.yaml
 create mode 100644 eks-console-restricted-access/.helmignore
 create mode 100644 eks-console-restricted-access/Chart.yaml
 create mode 100644 eks-console-restricted-access/templates/_helpers.tpl
 create mode 100644 eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
 create mode 100644 eks-console-restricted-access/templates/clusterrole-rbac.yaml
 create mode 100644 eks-console-restricted-access/templates/role-binding-rbac.yaml
 create mode 100644 eks-console-restricted-access/templates/role-rbac.yaml
 create mode 100644 eks-console-restricted-access/values.yaml

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bb1a43e..a16edd6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,7 +14,7 @@ repos:
     - id: trailing-whitespace
       args: [--markdown-linebreak-ext=md]
       exclude: CHANGELOG.md
-    - id: check-yaml
+    # - id: check-yaml
     - id: check-merge-conflict
     - id: check-executables-have-shebangs
 
diff --git a/README.md b/README.md
index 33187df..5160189 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,7 @@ sys     0m2.015s
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
 
@@ -41,6 +42,7 @@ sys     0m2.015s
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 2.1.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
 
@@ -54,7 +56,7 @@ sys     0m2.015s
 
 | Name | Type |
 |------|------|
-| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
diff --git a/eks-console-full-access/.helmignore b/eks-console-full-access/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/eks-console-full-access/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/eks-console-full-access/Chart.yaml b/eks-console-full-access/Chart.yaml
new file mode 100644
index 0000000..f0ef17b
--- /dev/null
+++ b/eks-console-full-access/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: eks-console-full
+description: A Helm chart for Kubernetes
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
diff --git a/eks-console-full-access/templates/_helpers.tpl b/eks-console-full-access/templates/_helpers.tpl
new file mode 100644
index 0000000..6aaacb3
--- /dev/null
+++ b/eks-console-full-access/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eks-console-full.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eks-console-full.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eks-console-full.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eks-console-full.labels" -}}
+helm.sh/chart: {{ include "eks-console-full.chart" . }}
+{{ include "eks-console-full.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eks-console-full.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eks-console-full.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eks-console-full.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eks-console-full.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/eks-console-full-access/templates/binding-rbac.yaml b/eks-console-full-access/templates/binding-rbac.yaml
new file mode 100644
index 0000000..338d35e
--- /dev/null
+++ b/eks-console-full-access/templates/binding-rbac.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "eks-console-full.fullname" . }}-binding
+  labels:
+  {{- include "eks-console-full.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ include "eks-console-full.fullname" . }}-clusterrole'
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: eks-console-dashboard-full-access-group
+  namespace: '{{ .Release.Namespace }}'
diff --git a/eks-console-full-access/templates/clusterrole-rbac.yaml b/eks-console-full-access/templates/clusterrole-rbac.yaml
new file mode 100644
index 0000000..13d420c
--- /dev/null
+++ b/eks-console-full-access/templates/clusterrole-rbac.yaml
@@ -0,0 +1,107 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "eks-console-full.fullname" . }}-clusterrole
+  labels:
+  {{- include "eks-console-full.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  - pods
+  - configmaps
+  - endpoints
+  - events
+  - limitranges
+  - persistentvolumeclaims
+  - podtemplates
+  - replicationcontrollers
+  - resourcequotas
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - statefulsets
+  - replicasets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - ingresses
+  - networkpolicies
+  - replicasets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csistoragecapacities
+  verbs:
+  - get
+  - list
diff --git a/eks-console-full-access/values.yaml b/eks-console-full-access/values.yaml
new file mode 100644
index 0000000..e4779cd
--- /dev/null
+++ b/eks-console-full-access/values.yaml
@@ -0,0 +1 @@
+kubernetesClusterDomain: cluster.local
diff --git a/eks-console-restricted-access/.helmignore b/eks-console-restricted-access/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/eks-console-restricted-access/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/eks-console-restricted-access/Chart.yaml b/eks-console-restricted-access/Chart.yaml
new file mode 100644
index 0000000..0d3d930
--- /dev/null
+++ b/eks-console-restricted-access/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: eks-console-restricted
+description: A Helm chart for Kubernetes
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
diff --git a/eks-console-restricted-access/templates/_helpers.tpl b/eks-console-restricted-access/templates/_helpers.tpl
new file mode 100644
index 0000000..d8ad369
--- /dev/null
+++ b/eks-console-restricted-access/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eks-console-restricted.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eks-console-restricted.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eks-console-restricted.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eks-console-restricted.labels" -}}
+helm.sh/chart: {{ include "eks-console-restricted.chart" . }}
+{{ include "eks-console-restricted.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eks-console-restricted.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eks-console-restricted.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eks-console-restricted.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eks-console-restricted.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml b/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
new file mode 100644
index 0000000..69c3653
--- /dev/null
+++ b/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "eks-console-restricted.fullname" . }}-clusterrole-binding
+  labels:
+  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ include "eks-console-restricted.fullname" . }}-clusterrole'
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: eks-console-dashboard-restricted-access-group
+  namespace: '{{ .Release.Namespace }}'
diff --git a/eks-console-restricted-access/templates/clusterrole-rbac.yaml b/eks-console-restricted-access/templates/clusterrole-rbac.yaml
new file mode 100644
index 0000000..b7ebd38
--- /dev/null
+++ b/eks-console-restricted-access/templates/clusterrole-rbac.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "eks-console-restricted.fullname" . }}-clusterrole
+  labels:
+  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  verbs:
+  - get
+  - list
diff --git a/eks-console-restricted-access/templates/role-binding-rbac.yaml b/eks-console-restricted-access/templates/role-binding-rbac.yaml
new file mode 100644
index 0000000..e6dcdda
--- /dev/null
+++ b/eks-console-restricted-access/templates/role-binding-rbac.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "eks-console-restricted.fullname" . }}-role-binding
+  labels:
+  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: '{{ include "eks-console-restricted.fullname" . }}-role'
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: eks-console-dashboard-restricted-access-group
+  namespace: '{{ .Release.Namespace }}'
diff --git a/eks-console-restricted-access/templates/role-rbac.yaml b/eks-console-restricted-access/templates/role-rbac.yaml
new file mode 100644
index 0000000..a2e454e
--- /dev/null
+++ b/eks-console-restricted-access/templates/role-rbac.yaml
@@ -0,0 +1,105 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "eks-console-restricted.fullname" . }}-role
+  labels:
+  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - configmaps
+  - endpoints
+  - events
+  - limitranges
+  - persistentvolumeclaims
+  - podtemplates
+  - replicationcontrollers
+  - resourcequotas
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - statefulsets
+  - replicasets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - ingresses
+  - networkpolicies
+  - replicasets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csistoragecapacities
+  verbs:
+  - get
+  - list
diff --git a/eks-console-restricted-access/values.yaml b/eks-console-restricted-access/values.yaml
new file mode 100644
index 0000000..e4779cd
--- /dev/null
+++ b/eks-console-restricted-access/values.yaml
@@ -0,0 +1 @@
+kubernetesClusterDomain: cluster.local
diff --git a/eks_console_access.tf b/eks_console_access.tf
index b1ab23b..dd6a46b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -26,7 +26,7 @@ locals {
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
   # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  manifest_doc = { for item in local.cluster_roles_map : "${data.http.cluster_roles[item.name].body}" => item }
+  # manifest_doc = { for item in local.cluster_roles_map : "${data.http.cluster_roles[item.name].body}" => item }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -45,14 +45,14 @@ data "http" "cluster_roles" {
 #   }
 # }
 
-# Apply the Kubernetes manifests to the cluster
-resource "kubernetes_manifest" "deploy_cluster_roles" {
-  manifest = local.manifest_doc
+# # Apply the Kubernetes manifests to the cluster
+# resource "kubernetes_manifest" "deploy_cluster_roles" {
+#   manifest = local.manifest_doc
 
-  wait {
-    rollout = true
-  }
-}
+#   wait {
+#     rollout = true
+#   }
+# }
 
 # resource "kubernetes_manifest" "projects" {
 #   for_each = { for manifest in provider::kubernetes::manifest_decode_multi(file("${path.module}/bootstrap/projects.yaml")) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
@@ -71,3 +71,31 @@ resource "kubernetes_manifest" "deploy_cluster_roles" {
 #     command = "kubectl apply -f ${each.value.name}.yaml"
 #   }
 # }
+# data "kubectl_file_documents" "access_documents" {
+#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+
+#   content = data.http.cluster_roles[each.key].body
+# }
+
+# locals {
+#   all_access_documents = flatten([
+#     for cr_name, cr_data in local.cluster_roles_map : [
+#       for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc
+#     ] if cr_data.enabled
+#   ])
+# }
+
+# resource "kubectl_manifest" "deploy_cluster_roles" {
+#   count = length(local.all_access_documents)
+
+#   yaml_body = local.all_access_documents[count.index]
+# }
+
+resource "helm_release" "console_access" {
+  for_each   = local.cluster_roles_map
+  chart      = each.key
+  name       = each.key
+  namespace  = "default"
+  version    = local.release_version
+  repository = "./${each.key}"
+}
diff --git a/requirements.tf b/requirements.tf
index 912400a..75101fd 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -6,6 +6,10 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 5.14.0"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.11.0"
+    }
     http = {
       source  = "hashicorp/http"
       version = ">= 2.1.0"
diff --git a/variables.tf b/variables.tf
index 4f4ada5..9b69a09 100644
--- a/variables.tf
+++ b/variables.tf
@@ -41,3 +41,24 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+# variable "kubectl_image_tag" {
+#   description = "The version of bitnami/kubectl image to use."
+#   type        = string
+#   default     = "1.30.4"
+# }
+
+# # helm add repo autoscaler "https://kubernetes.github.io/autoscaler"
+# # helm search repo -l autoscaler/cluster-autoscaler
+# variable "cluster_autoscaler_chart_version" {
+#   description = "The helm chart of the cluster-autoscaler most closely matching the Kuberentes version.  Review output of `helm add repo autoscaler 'https://kubernetes.github.io/autoscaler'` (if the repo hasn't been added previously) and `helm search repo -l autoscaler/cluster-autoscaler`"
+#   type        = string
+#   default     = "9.37.0"
+# }
+
+# # helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:
+# variable "cluster_autoscaler_tag" {
+#   description = "Image tag of cluster-autoscaler associated with the cluster_autoscaler_chart_version helm chart.  `helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:`"
+#   type        = string
+#   default     = "v1.30.0"
+# }

From 641515c1299ecb70750349e9d9ca04aa95abde64 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 16:49:22 -0500
Subject: [PATCH 64/73] regenerate the charts

---
 eks-console-full-access/Chart.yaml            |  4 ++--
 .../templates/_helpers.tpl                    | 20 +++++++++----------
 .../templates/binding-rbac.yaml               |  6 +++---
 .../templates/clusterrole-rbac.yaml           |  4 ++--
 eks-console-restricted-access/Chart.yaml      |  4 ++--
 .../templates/_helpers.tpl                    | 20 +++++++++----------
 .../templates/clusterrole-binding-rbac.yaml   |  6 +++---
 .../templates/clusterrole-rbac.yaml           |  4 ++--
 .../templates/role-binding-rbac.yaml          |  6 +++---
 .../templates/role-rbac.yaml                  |  4 ++--
 10 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/eks-console-full-access/Chart.yaml b/eks-console-full-access/Chart.yaml
index f0ef17b..137d260 100644
--- a/eks-console-full-access/Chart.yaml
+++ b/eks-console-full-access/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-name: eks-console-full
-description: A Helm chart for Kubernetes
+name: eks-console-full-access
+description: A Helm chart for Kubernetes to install aws console access for eks
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
diff --git a/eks-console-full-access/templates/_helpers.tpl b/eks-console-full-access/templates/_helpers.tpl
index 6aaacb3..8fca6cc 100644
--- a/eks-console-full-access/templates/_helpers.tpl
+++ b/eks-console-full-access/templates/_helpers.tpl
@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "eks-console-full.name" -}}
+{{- define "eks-console-full-access.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "eks-console-full.fullname" -}}
+{{- define "eks-console-full-access.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "eks-console-full.chart" -}}
+{{- define "eks-console-full-access.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "eks-console-full.labels" -}}
-helm.sh/chart: {{ include "eks-console-full.chart" . }}
-{{ include "eks-console-full.selectorLabels" . }}
+{{- define "eks-console-full-access.labels" -}}
+helm.sh/chart: {{ include "eks-console-full-access.chart" . }}
+{{ include "eks-console-full-access.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "eks-console-full.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "eks-console-full.name" . }}
+{{- define "eks-console-full-access.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eks-console-full-access.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "eks-console-full.serviceAccountName" -}}
+{{- define "eks-console-full-access.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "eks-console-full.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "eks-console-full-access.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
diff --git a/eks-console-full-access/templates/binding-rbac.yaml b/eks-console-full-access/templates/binding-rbac.yaml
index 338d35e..7f19abc 100644
--- a/eks-console-full-access/templates/binding-rbac.yaml
+++ b/eks-console-full-access/templates/binding-rbac.yaml
@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "eks-console-full.fullname" . }}-binding
+  name: {{ include "eks-console-full-access.fullname" . }}-binding
   labels:
-  {{- include "eks-console-full.labels" . | nindent 4 }}
+  {{- include "eks-console-full-access.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: '{{ include "eks-console-full.fullname" . }}-clusterrole'
+  name: '{{ include "eks-console-full-access.fullname" . }}-clusterrole'
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
diff --git a/eks-console-full-access/templates/clusterrole-rbac.yaml b/eks-console-full-access/templates/clusterrole-rbac.yaml
index 13d420c..f1613b2 100644
--- a/eks-console-full-access/templates/clusterrole-rbac.yaml
+++ b/eks-console-full-access/templates/clusterrole-rbac.yaml
@@ -1,9 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "eks-console-full.fullname" . }}-clusterrole
+  name: {{ include "eks-console-full-access.fullname" . }}-clusterrole
   labels:
-  {{- include "eks-console-full.labels" . | nindent 4 }}
+  {{- include "eks-console-full-access.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
diff --git a/eks-console-restricted-access/Chart.yaml b/eks-console-restricted-access/Chart.yaml
index 0d3d930..03fca01 100644
--- a/eks-console-restricted-access/Chart.yaml
+++ b/eks-console-restricted-access/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-name: eks-console-restricted
-description: A Helm chart for Kubernetes
+name: eks-console-restricted-access
+description: A Helm chart for Kubernetes to install eks console access in aws
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
diff --git a/eks-console-restricted-access/templates/_helpers.tpl b/eks-console-restricted-access/templates/_helpers.tpl
index d8ad369..c1918ee 100644
--- a/eks-console-restricted-access/templates/_helpers.tpl
+++ b/eks-console-restricted-access/templates/_helpers.tpl
@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "eks-console-restricted.name" -}}
+{{- define "eks-console-restricted-access.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "eks-console-restricted.fullname" -}}
+{{- define "eks-console-restricted-access.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "eks-console-restricted.chart" -}}
+{{- define "eks-console-restricted-access.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "eks-console-restricted.labels" -}}
-helm.sh/chart: {{ include "eks-console-restricted.chart" . }}
-{{ include "eks-console-restricted.selectorLabels" . }}
+{{- define "eks-console-restricted-access.labels" -}}
+helm.sh/chart: {{ include "eks-console-restricted-access.chart" . }}
+{{ include "eks-console-restricted-access.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "eks-console-restricted.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "eks-console-restricted.name" . }}
+{{- define "eks-console-restricted-access.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eks-console-restricted-access.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "eks-console-restricted.serviceAccountName" -}}
+{{- define "eks-console-restricted-access.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "eks-console-restricted.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "eks-console-restricted-access.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
diff --git a/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml b/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
index 69c3653..86910b3 100644
--- a/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
+++ b/eks-console-restricted-access/templates/clusterrole-binding-rbac.yaml
@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "eks-console-restricted.fullname" . }}-clusterrole-binding
+  name: {{ include "eks-console-restricted-access.fullname" . }}-clusterrole-binding
   labels:
-  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+  {{- include "eks-console-restricted-access.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: '{{ include "eks-console-restricted.fullname" . }}-clusterrole'
+  name: '{{ include "eks-console-restricted-access.fullname" . }}-clusterrole'
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
diff --git a/eks-console-restricted-access/templates/clusterrole-rbac.yaml b/eks-console-restricted-access/templates/clusterrole-rbac.yaml
index b7ebd38..bdb4739 100644
--- a/eks-console-restricted-access/templates/clusterrole-rbac.yaml
+++ b/eks-console-restricted-access/templates/clusterrole-rbac.yaml
@@ -1,9 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "eks-console-restricted.fullname" . }}-clusterrole
+  name: {{ include "eks-console-restricted-access.fullname" . }}-clusterrole
   labels:
-  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+  {{- include "eks-console-restricted-access.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
diff --git a/eks-console-restricted-access/templates/role-binding-rbac.yaml b/eks-console-restricted-access/templates/role-binding-rbac.yaml
index e6dcdda..84cc221 100644
--- a/eks-console-restricted-access/templates/role-binding-rbac.yaml
+++ b/eks-console-restricted-access/templates/role-binding-rbac.yaml
@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "eks-console-restricted.fullname" . }}-role-binding
+  name: {{ include "eks-console-restricted-access.fullname" . }}-role-binding
   labels:
-  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+  {{- include "eks-console-restricted-access.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: '{{ include "eks-console-restricted.fullname" . }}-role'
+  name: '{{ include "eks-console-restricted-access.fullname" . }}-role'
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
diff --git a/eks-console-restricted-access/templates/role-rbac.yaml b/eks-console-restricted-access/templates/role-rbac.yaml
index a2e454e..63dbd0a 100644
--- a/eks-console-restricted-access/templates/role-rbac.yaml
+++ b/eks-console-restricted-access/templates/role-rbac.yaml
@@ -1,9 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "eks-console-restricted.fullname" . }}-role
+  name: {{ include "eks-console-restricted-access.fullname" . }}-role
   labels:
-  {{- include "eks-console-restricted.labels" . | nindent 4 }}
+  {{- include "eks-console-restricted-access.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""

From 4b291d943e8ec5be05a62424a97532c729b2c49a Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 16:54:56 -0500
Subject: [PATCH 65/73] add new var for rlease_version

---
 README.md             | 1 +
 eks_console_access.tf | 2 +-
 variables.tf          | 9 ++++-----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 5160189..0fdd44c 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@ sys     0m2.015s
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
 | <a name="input_operators_ns"></a> [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
+| <a name="input_release_version"></a> [release\_version](#input\_release\_version) | The version of helm charts to use | `string` | n/a | yes |
 | <a name="input_security_group_all_worker_mgmt_id"></a> [security\_group\_all\_worker\_mgmt\_id](#input\_security\_group\_all\_worker\_mgmt\_id) | The security group representing all of the worker nodes in the cluster. | `string` | n/a | yes |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes |
 | <a name="input_tag_costallocation"></a> [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index dd6a46b..9a06fa5 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -96,6 +96,6 @@ resource "helm_release" "console_access" {
   chart      = each.key
   name       = each.key
   namespace  = "default"
-  version    = local.release_version
+  version    = var.release_version
   repository = "./${each.key}"
 }
diff --git a/variables.tf b/variables.tf
index 9b69a09..ac97721 100644
--- a/variables.tf
+++ b/variables.tf
@@ -42,11 +42,10 @@ variable "tags" {
   default     = {}
 }
 
-# variable "kubectl_image_tag" {
-#   description = "The version of bitnami/kubectl image to use."
-#   type        = string
-#   default     = "1.30.4"
-# }
+variable "release_version" {
+  description = "The version of helm charts to use"
+  type        = string
+}
 
 # # helm add repo autoscaler "https://kubernetes.github.io/autoscaler"
 # # helm search repo -l autoscaler/cluster-autoscaler

From b41202e19093325eec2284a3462829c34413d5c0 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 17:00:12 -0500
Subject: [PATCH 66/73] pathin

---
 eks_console_access.tf |  2 +-
 variables.tf          | 15 ---------------
 2 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 9a06fa5..a065714 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -97,5 +97,5 @@ resource "helm_release" "console_access" {
   name       = each.key
   namespace  = "default"
   version    = var.release_version
-  repository = "./${each.key}"
+  repository = "./${each.key}/"
 }
diff --git a/variables.tf b/variables.tf
index ac97721..4fad9b2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -46,18 +46,3 @@ variable "release_version" {
   description = "The version of helm charts to use"
   type        = string
 }
-
-# # helm add repo autoscaler "https://kubernetes.github.io/autoscaler"
-# # helm search repo -l autoscaler/cluster-autoscaler
-# variable "cluster_autoscaler_chart_version" {
-#   description = "The helm chart of the cluster-autoscaler most closely matching the Kuberentes version.  Review output of `helm add repo autoscaler 'https://kubernetes.github.io/autoscaler'` (if the repo hasn't been added previously) and `helm search repo -l autoscaler/cluster-autoscaler`"
-#   type        = string
-#   default     = "9.37.0"
-# }
-
-# # helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:
-# variable "cluster_autoscaler_tag" {
-#   description = "Image tag of cluster-autoscaler associated with the cluster_autoscaler_chart_version helm chart.  `helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:`"
-#   type        = string
-#   default     = "v1.30.0"
-# }

From a276f9e4ebf3b6c19c9634ead999c7090e9d3f11 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 17:08:21 -0500
Subject: [PATCH 67/73] no chart name?

---
 eks_console_access.tf | 32 --------------------------------
 1 file changed, 32 deletions(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index a065714..8751f4b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,8 +25,6 @@ locals {
     },
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
-  # roles = provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[each.key].body)
-  # manifest_doc = { for item in local.cluster_roles_map : "${data.http.cluster_roles[item.name].body}" => item }
 }
 
 # Fetch the YAML files from the specified URLs
@@ -62,38 +60,8 @@ data "http" "cluster_roles" {
 # for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
 # manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
 
-# resource "null_resource" "apply_cluster_roles" {
-#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-#   triggers = {
-#     roles = join(",", [each.key, each.value.url])
-#   }
-#   provisioner "local-exec" {
-#     command = "kubectl apply -f ${each.value.name}.yaml"
-#   }
-# }
-# data "kubectl_file_documents" "access_documents" {
-#   for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-
-#   content = data.http.cluster_roles[each.key].body
-# }
-
-# locals {
-#   all_access_documents = flatten([
-#     for cr_name, cr_data in local.cluster_roles_map : [
-#       for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc
-#     ] if cr_data.enabled
-#   ])
-# }
-
-# resource "kubectl_manifest" "deploy_cluster_roles" {
-#   count = length(local.all_access_documents)
-
-#   yaml_body = local.all_access_documents[count.index]
-# }
-
 resource "helm_release" "console_access" {
   for_each   = local.cluster_roles_map
-  chart      = each.key
   name       = each.key
   namespace  = "default"
   version    = var.release_version

From adc44c71f7d66784b057e818a1314ab0c0e127fc Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 17:09:54 -0500
Subject: [PATCH 68/73] interpolate

---
 eks_console_access.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 8751f4b..dd39be2 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -62,6 +62,7 @@ data "http" "cluster_roles" {
 
 resource "helm_release" "console_access" {
   for_each   = local.cluster_roles_map
+  chart      = each.key
   name       = each.key
   namespace  = "default"
   version    = var.release_version

From 6d8c51a4f2647a0cdb09fe0b0c645c4886c9b212 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 19:07:27 -0500
Subject: [PATCH 69/73] no trailing slash

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index dd39be2..6bf9d4a 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -66,5 +66,5 @@ resource "helm_release" "console_access" {
   name       = each.key
   namespace  = "default"
   version    = var.release_version
-  repository = "./${each.key}/"
+  repository = "./${each.key}"
 }

From e521fcf97631ac9f7493fdfc64f74e282ddd9d65 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 21 Jan 2025 19:08:45 -0500
Subject: [PATCH 70/73] local

---
 eks_console_access.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eks_console_access.tf b/eks_console_access.tf
index 6bf9d4a..5a54526 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -66,5 +66,5 @@ resource "helm_release" "console_access" {
   name       = each.key
   namespace  = "default"
   version    = var.release_version
-  repository = "./${each.key}"
+  repository = "./"
 }

From 25225f87966b703a23cb29ac0049d703ad0df6e7 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 24 Jan 2025 19:16:13 -0500
Subject: [PATCH 71/73] cleanup

---
 README.md             |  2 --
 eks_console_access.tf | 35 +----------------------------------
 2 files changed, 1 insertion(+), 36 deletions(-)

diff --git a/README.md b/README.md
index 0fdd44c..e17a9fb 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@ sys     0m2.015s
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
-| <a name="provider_http"></a> [http](#provider\_http) | >= 2.1.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
 
 ## Modules
@@ -63,7 +62,6 @@ sys     0m2.015s
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
-| [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 
 ## Inputs
 
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5a54526..d93964b 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -21,45 +21,12 @@ locals {
     {
       name    = "eks-console-restricted-access"
       url     = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-restricted-access.yaml"
-      enabled = false
+      enabled = true
     },
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
 }
 
-# Fetch the YAML files from the specified URLs
-data "http" "cluster_roles" {
-  for_each = local.cluster_roles_map
-  url      = each.value.url
-}
-
-# resource "null_resource" "cluster_roles" {
-#   for_each = local.cluster_roles_map
-#   triggers = {
-#     roles = join(",", [each.key, each.value.url])
-#   }
-#   provisioner "local-exec" {
-#     command = "echo '${data.http.cluster_roles[each.key].body}' > ${each.value.name}.yaml"
-#   }
-# }
-
-# # Apply the Kubernetes manifests to the cluster
-# resource "kubernetes_manifest" "deploy_cluster_roles" {
-#   manifest = local.manifest_doc
-
-#   wait {
-#     rollout = true
-#   }
-# }
-
-# resource "kubernetes_manifest" "projects" {
-#   for_each = { for manifest in provider::kubernetes::manifest_decode_multi(file("${path.module}/bootstrap/projects.yaml")) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
-#   manifest = each.value
-# }
-
-# for_each = { for manifest in provider::kubernetes::manifest_decode_multi(data.http.cluster_roles[].body) : "${lower(manifest.kind)}-${manifest.metadata.name}-${manifest.metadata.namespace}" => manifest }
-# manifest = [split("---\n", data.http.cluster_roles[each.key].body)]
-
 resource "helm_release" "console_access" {
   for_each   = local.cluster_roles_map
   chart      = each.key

From c4a4376002490f0e19f7172059652527b2b53950 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 24 Jan 2025 19:18:21 -0500
Subject: [PATCH 72/73] tflint

---
 .pre-commit-config.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a16edd6..fbcb79b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -46,16 +46,16 @@ repos:
     - id: terraform_docs
       args:
         - --hook-config=--parallelism-ci-cpu-cores=2
-    # - id: terraform_tflint
-    #   name: Terraform validate with tflint
-    #   description: Validates all Terraform configuration files with TFLint.
-    #   require_serial: true
-    #   entry: hooks/terraform_tflint.sh
-    #   language: script
-    #   files: (\.tf|\.tfvars)$
-    #   exclude: \.(terraform/.*|terragrunt-cache)$
-    #   args:
-    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_tflint
+      name: Terraform validate with tflint
+      description: Validates all Terraform configuration files with TFLint.
+      require_serial: true
+      entry: hooks/terraform_tflint.sh
+      language: script
+      files: (\.tf|\.tfvars)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
     - id: terragrunt_fmt
       name: Terragrunt fmt
       description: Rewrites all Terragrunt configuration files to a canonical format.

From bf4e9c34710c662d139be805ec3c5bf00d6c3341 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 24 Jan 2025 19:19:28 -0500
Subject: [PATCH 73/73] fixed

---
 README.md       | 7 +++----
 requirements.tf | 4 ----
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index e17a9fb..33fa384 100644
--- a/README.md
+++ b/README.md
@@ -34,16 +34,15 @@ sys     0m2.015s
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
-| <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.84.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
 
 ## Modules
 
diff --git a/requirements.tf b/requirements.tf
index 75101fd..ae62e15 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -10,10 +10,6 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.11.0"
     }
-    http = {
-      source  = "hashicorp/http"
-      version = ">= 2.1.0"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"