update docs, remove files

patch-aws-auth/README.md

@@ -29,9 +29,13 @@ aws_auth_roles = [
 module "awsauth_base_users" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=feature-patch-aws-auth"
 
-  cluster_name = "adsd-cumulus-dev"
-  aws_auth_users = var.aws_auth_users
-  aws_auth_roles = var.aws_auth_roles
+  profile              = "123456789012-ma6-gov"
+  region               = "us-gov-east-1"
+  cluster_name         = "adsd-cumulus-dev"
+  aws_auth_users       = var.aws_auth_users
+  aws_auth_roles       = var.aws_auth_roles
+  # optional
+  keep_temporary_files = false
 }
 ```
 
@@ -59,6 +63,7 @@ No modules.
 |------|------|
 | [null_resource.kubeconfig](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.patch-aws-auth](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.remove_temporary_files](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
@@ -78,6 +83,7 @@ No modules.
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS Kubernetes version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster.  Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EKS worker node instance type (default: t3.xlarge) | `string` | `"t3.xlarge"` | no |
+| <a name="input_keep_temporary_files"></a> [keep\_temporary\_files](#input\_keep\_temporary\_files) | This module creates temporary files in setup/patch-aws-auth.TIMESTAMP.*.  This flag determines whether to keep or remove them (default: false) | `bool` | `false` | no |
 | <a name="input_nodegroup_desired_size"></a> [nodegroup\_desired\_size](#input\_nodegroup\_desired\_size) | EKS Nodegroup desire size (default: 1) | `number` | `1` | no |
 | <a name="input_nodegroup_instance_disk_size"></a> [nodegroup\_instance\_disk\_size](#input\_nodegroup\_instance\_disk\_size) | The size of EKS nodegroup EBS disk in gigabytes (default: 40) | `number` | `40` | no |
 | <a name="input_nodegroup_maximum_size"></a> [nodegroup\_maximum\_size](#input\_nodegroup\_maximum\_size) | EKs Nodegroup maximum size (default: 16) | `number` | `16` | no |

patch-aws-auth/kubeconfig.tf

@@ -2,9 +2,9 @@
 # requires kubectl command in the path
 
 resource "null_resource" "kubeconfig" {
-  #  triggers = { 
-  #    always_run = timestamp()
-  #  }
+  triggers = {
+    always_run = timestamp()
+  }
   provisioner "local-exec" {
     command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
   }
@@ -19,7 +19,7 @@ resource "null_resource" "kubeconfig" {
       AWS_PROFILE = var.profile
       AWS_REGION  = local.region
     }
-    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/aws-auth.kube.config"
+    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/${local.tmp_filename_prefix}.kube.config"
   }
   depends_on = [data.aws_eks_cluster.cluster]
 }

patch-aws-auth/locals.tf

@@ -2,5 +2,7 @@ locals {
   region               = var.region == "" ? data.aws_region.current.name : var.region
   aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
   aws_eks_cluster      = data.aws_eks_cluster.cluster
+
+  tmp_filename_prefix = format("patch-aws-auth.%v", timestamp())
 }
 

patch-aws-auth/main.tf

@@ -30,9 +30,13 @@
 * module "awsauth_base_users" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=feature-patch-aws-auth"
 * 
-*   cluster_name = "adsd-cumulus-dev"
-*   aws_auth_users = var.aws_auth_users
-*   aws_auth_roles = var.aws_auth_roles
+*   profile              = "123456789012-ma6-gov"
+*   region               = "us-gov-east-1"
+*   cluster_name         = "adsd-cumulus-dev"
+*   aws_auth_users       = var.aws_auth_users
+*   aws_auth_roles       = var.aws_auth_roles
+*   # optional
+*   keep_temporary_files = false
 * }
 * ```
 */
@@ -147,11 +151,20 @@ resource "null_resource" "patch-aws-auth" {
   }
   provisioner "local-exec" {
     working_dir = "${path.root}/setup"
-    command     = "echo '${local.patch}' > config_map.aws-auth.patch.yaml"
+    command     = "echo '${local.patch}' > ${local.tmp_filename_prefix}.config_map.patch.yaml"
   }
   provisioner "local-exec" {
     working_dir = "${path.root}/setup"
-    command     = "kubectl --kubeconfig aws-auth.kube.config patch --type merge -n kube-system configmap/aws-auth --patch-file config_map.aws-auth.patch.yaml"
+    command     = "kubectl --kubeconfig ${local.tmp_filename_prefix}.kube.config patch --type merge -n kube-system configmap/aws-auth --patch-file ${local.tmp_filename_prefix}.config_map.patch.yaml"
+  }
+}
+
+resource "null_resource" "remove_temporary_files" {
+  count = var.keep_temporary_files ? 0 : 1
+
+  provisioner "local-exec" {
+    working_dir = "${path.root}/setup"
+    command     = "rm ${local.tmp_filename_prefix}.*"
   }
 }