diff --git a/patch-aws-auth/README.md b/patch-aws-auth/README.md
index 0636c42..469d317 100644
--- a/patch-aws-auth/README.md
+++ b/patch-aws-auth/README.md
@@ -29,9 +29,13 @@ aws_auth_roles = [
module "awsauth_base_users" {
source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=feature-patch-aws-auth"
- cluster_name = "adsd-cumulus-dev"
- aws_auth_users = var.aws_auth_users
- aws_auth_roles = var.aws_auth_roles
+ profile = "123456789012-ma6-gov"
+ region = "us-gov-east-1"
+ cluster_name = "adsd-cumulus-dev"
+ aws_auth_users = var.aws_auth_users
+ aws_auth_roles = var.aws_auth_roles
+ # optional
+ keep_temporary_files = false
}
```
@@ -59,6 +63,7 @@ No modules.
|------|------|
| [null_resource.kubeconfig](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [null_resource.patch-aws-auth](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.remove_temporary_files](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
@@ -78,6 +83,7 @@ No modules.
| [cluster\_version](#input\_cluster\_version) | The EKS Kubernetes version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no |
| [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no |
| [instance\_type](#input\_instance\_type) | EKS worker node instance type (default: t3.xlarge) | `string` | `"t3.xlarge"` | no |
+| [keep\_temporary\_files](#input\_keep\_temporary\_files) | This module creates temporary files in setup/patch-aws-auth.TIMESTAMP.*. This flag determines whether to keep or remove them (default: false) | `bool` | `false` | no |
| [nodegroup\_desired\_size](#input\_nodegroup\_desired\_size) | EKS Nodegroup desire size (default: 1) | `number` | `1` | no |
| [nodegroup\_instance\_disk\_size](#input\_nodegroup\_instance\_disk\_size) | The size of EKS nodegroup EBS disk in gigabytes (default: 40) | `number` | `40` | no |
| [nodegroup\_maximum\_size](#input\_nodegroup\_maximum\_size) | EKs Nodegroup maximum size (default: 16) | `number` | `16` | no |
diff --git a/patch-aws-auth/kubeconfig.tf b/patch-aws-auth/kubeconfig.tf
index 2f298bd..df93dc3 100644
--- a/patch-aws-auth/kubeconfig.tf
+++ b/patch-aws-auth/kubeconfig.tf
@@ -2,9 +2,9 @@
# requires kubectl command in the path
resource "null_resource" "kubeconfig" {
- # triggers = {
- # always_run = timestamp()
- # }
+ triggers = {
+ always_run = timestamp()
+ }
provisioner "local-exec" {
command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
}
@@ -19,7 +19,7 @@ resource "null_resource" "kubeconfig" {
AWS_PROFILE = var.profile
AWS_REGION = local.region
}
- command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/aws-auth.kube.config"
+ command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/${local.tmp_filename_prefix}.kube.config"
}
depends_on = [data.aws_eks_cluster.cluster]
}
diff --git a/patch-aws-auth/locals.tf b/patch-aws-auth/locals.tf
index 37bfcf0..b55ae7b 100644
--- a/patch-aws-auth/locals.tf
+++ b/patch-aws-auth/locals.tf
@@ -2,5 +2,7 @@ locals {
region = var.region == "" ? data.aws_region.current.name : var.region
aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
aws_eks_cluster = data.aws_eks_cluster.cluster
+
+ tmp_filename_prefix = format("patch-aws-auth.%v", timestamp())
}
diff --git a/patch-aws-auth/main.tf b/patch-aws-auth/main.tf
index b78480d..cc31aab 100644
--- a/patch-aws-auth/main.tf
+++ b/patch-aws-auth/main.tf
@@ -30,9 +30,13 @@
* module "awsauth_base_users" {
* source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=feature-patch-aws-auth"
*
-* cluster_name = "adsd-cumulus-dev"
-* aws_auth_users = var.aws_auth_users
-* aws_auth_roles = var.aws_auth_roles
+* profile = "123456789012-ma6-gov"
+* region = "us-gov-east-1"
+* cluster_name = "adsd-cumulus-dev"
+* aws_auth_users = var.aws_auth_users
+* aws_auth_roles = var.aws_auth_roles
+* # optional
+* keep_temporary_files = false
* }
* ```
*/
@@ -147,11 +151,20 @@ resource "null_resource" "patch-aws-auth" {
}
provisioner "local-exec" {
working_dir = "${path.root}/setup"
- command = "echo '${local.patch}' > config_map.aws-auth.patch.yaml"
+ command = "echo '${local.patch}' > ${local.tmp_filename_prefix}.config_map.patch.yaml"
}
provisioner "local-exec" {
working_dir = "${path.root}/setup"
- command = "kubectl --kubeconfig aws-auth.kube.config patch --type merge -n kube-system configmap/aws-auth --patch-file config_map.aws-auth.patch.yaml"
+ command = "kubectl --kubeconfig ${local.tmp_filename_prefix}.kube.config patch --type merge -n kube-system configmap/aws-auth --patch-file ${local.tmp_filename_prefix}.config_map.patch.yaml"
+ }
+}
+
+resource "null_resource" "remove_temporary_files" {
+ count = var.keep_temporary_files ? 0 : 1
+
+ provisioner "local-exec" {
+ working_dir = "${path.root}/setup"
+ command = "rm ${local.tmp_filename_prefix}.*"
}
}