From bfa3383374b9e8f43683d1d34fc824a561c255ce Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 6 Mar 2025 16:55:58 -0500
Subject: [PATCH] remove secret

---
 README.md    |   4 --
 main.tf      | 176 +++++++++++++--------------------------------------
 variables.tf |   5 --
 3 files changed, 44 insertions(+), 141 deletions(-)

diff --git a/README.md b/README.md
index 0cac009..271170e 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,6 @@
 | Name | Version |
 |------|---------|
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.36.0 |
 
 ## Modules
 
@@ -28,8 +27,6 @@
 | Name | Type |
 |------|------|
 | [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_secret.kiali_grafana](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.grafana_admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
 
 ## Inputs
 
@@ -38,7 +35,6 @@
 | <a name="input_cluster_domain"></a> [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
 | <a name="input_grafana_internal_url"></a> [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
-| <a name="input_grafana_namespace"></a> [grafana\_namespace](#input\_grafana\_namespace) | The namespace holding the grafana instance, used to look up the grafana password. | `string` | n/a | yes |
 | <a name="input_grafana_public_url"></a> [grafana\_public\_url](#input\_grafana\_public\_url) | The URL incoming traffic from outisde the cluster uses to access grafana. | `string` | n/a | yes |
 | <a name="input_grafana_secret_name"></a> [grafana\_secret\_name](#input\_grafana\_secret\_name) | The secret in the <grafana\_namespace> holding the grafana admin password. | `string` | n/a | yes |
 | <a name="input_istio_namespace"></a> [istio\_namespace](#input\_istio\_namespace) | The namespace where istio has been deployed. | `string` | `"istio-system"` | no |
diff --git a/main.tf b/main.tf
index f9da684..7a6845f 100644
--- a/main.tf
+++ b/main.tf
@@ -7,26 +7,12 @@ locals {
   public_domain = var.cluster_domain
 }
 
-data "kubernetes_secret" "grafana_admin" {
-  metadata {
-    name      = var.grafana_secret_name
-    namespace = var.grafana_namespace
-  }
-}
-
-resource "kubernetes_secret" "kiali_grafana" {
-  metadata {
-    name      = "kiali"
-    namespace = var.namespace
-  }
-
-  data = {
-    grafana_password = data.kubernetes_secret.grafana_admin.data["admin-password"]
-  }
-  lifecycle {
-    ignore_changes = [metadata, data]
-  }
-}
+# data "kubernetes_secret" "grafana_admin" {
+#   metadata {
+#     name      = var.grafana_secret_name
+#     namespace = var.grafana_namespace
+#   }
+# }
 
 # data "kubernetes_namespace" "keycloak" {
 #   count = local.have_keycloak ? 1 : 0
@@ -107,120 +93,46 @@ resource "helm_release" "kiali_operator" {
   }
   set {
     name  = "grafanaSecretName"
-    value = kubernetes_secret.kiali_grafana.metadata[0].name
-  }
-  set {
-    name  = "tracing.tempo_config.datasource_uid"
-    value = var.tempo_datasource_id
-  }
-
-  
+    value = var.grafana_secret_name
+  }
+
+  #  dynamic "set" {
+  #    for_each = local.have_keycloak ? ["openid"] : ["anonymous"]
+  #    content {
+  #      name  = "kialiAuthStrategy"
+  #      value = set.value
+  #    }
+  #  }
+  #  dynamic "set" {
+  #    for_each = local.have_keycloak ? [var.sso_client_id] : []
+  #    content {
+  #      name  = "openid.clientId"
+  #      value = set.value
+  #    }
+  #  }
+  #  dynamic "set" {
+  #    for_each = local.have_keycloak ? [var.sso_client_secret] : []
+  #    content {
+  #      name  = "openid.secret"
+  #      value = set.value
+  #    }
+  #  }
+  #  dynamic "set" {
+  #    for_each = local.have_keycloak ? [local.keycloak_issuer_uri] : []
+  #    content {
+  #      name  = "openid.issuerUri"
+  #      value = set.value
+  #    }
+  #  }
+  #  dynamic "set" {
+  #    for_each = local.have_keycloak ? ["username_claim"] : []
+  #    content {
+  #      name  = "openid.username_claim"
+  #      value = set.value
+  #    }
+  #  }
 }
 
-# resource "helm_release" "kiali" {
-#   depends_on = [
-#     helm_release.kiali_operator,
-#     # module.preinstall,
-#   ]
-
-#   chart      = "kiali"
-#   name       = "kiali"
-#   namespace  = var.namespace
-#   repository = "./charts"
-#   # repository = "${path.module}/charts"
-
-#   set {
-#     name = "image_name"
-#     value = format("%v/%v",
-#       module.images.images[local.kiali_key].dest_registry,
-#       module.images.images[local.kiali_key].dest_repository
-#     )
-#   }
-#   set {
-#     name  = "image_version"
-#     value = module.images.images[local.kiali_key].tag
-#   }
-
-#   set {
-#     name  = "publicHostname"
-#     value = var.public_hostname
-#   }
-#   set {
-#     name  = "publicDomain"
-#     value = var.cluster_domain
-#   }
-#   set {
-#     name  = "istioNamespace"
-#     value = var.istio_namespace
-#   }
-#   set {
-#     name  = "prometheusInClusterUrl"
-#     value = var.prometheus_internal_url
-#   }
-#   set {
-#     name  = "jaegerInClusterUrl"
-#     value = var.jaeger_internal_url
-#   }
-#   set {
-#     name  = "grafanaInClusterUrl"
-#     value = var.grafana_internal_url
-#   }
-#   set {
-#     name  = "grafanaPublicUrl"
-#     value = var.grafana_public_url
-#   }
-#   set {
-#     name  = "grafanaUserName"
-#     value = "YWRtaW4="
-#     # value = "admin"
-#   }
-#   set {
-#     name  = "grafanaSecretName"
-#     value = "kiali"
-#   }
-#   set {
-#     name  = "grafanaPasswordKey"
-#     value = "grafana_password"
-#   }
-# }
-
-#  dynamic "set" {
-#    for_each = local.have_keycloak ? ["openid"] : ["anonymous"]
-#    content {
-#      name  = "kialiAuthStrategy"
-#      value = set.value
-#    }
-#  }
-#  dynamic "set" {
-#    for_each = local.have_keycloak ? [var.sso_client_id] : []
-#    content {
-#      name  = "openid.clientId"
-#      value = set.value
-#    }
-#  }
-#  dynamic "set" {
-#    for_each = local.have_keycloak ? [var.sso_client_secret] : []
-#    content {
-#      name  = "openid.secret"
-#      value = set.value
-#    }
-#  }
-#  dynamic "set" {
-#    for_each = local.have_keycloak ? [local.keycloak_issuer_uri] : []
-#    content {
-#      name  = "openid.issuerUri"
-#      value = set.value
-#    }
-#  }
-#  dynamic "set" {
-#    for_each = local.have_keycloak ? ["username_claim"] : []
-#    content {
-#      name  = "openid.username_claim"
-#      value = set.value
-#    }
-#  }
-
-
 # module "kiali_ingress" {
 #   depends_on = [helm_release.kiali]
 
diff --git a/variables.tf b/variables.tf
index d7f6408..2af2040 100644
--- a/variables.tf
+++ b/variables.tf
@@ -26,11 +26,6 @@ variable "istio_namespace" {
   default     = "istio-system"
 }
 
-variable "grafana_namespace" {
-  description = "The namespace holding the grafana instance, used to look up the grafana password."
-  type        = string
-}
-
 variable "grafana_secret_name" {
   description = "The secret in the <grafana_namespace> holding the grafana admin password."
   type        = string