Merge pull request #15 from truefoundry/update-platform-outputs

DeeAjayi · web-flow · commit 4df777252ff9 · 2024-11-18T08:07:21.000+01:00
Update platform outputs
diff --git a/iam.tf b/iam.tf
@@ -187,8 +187,9 @@ resource "aws_iam_policy" "truefoundry_platform_feature_cluster_integration_poli
 
 resource "aws_iam_role" "truefoundry_platform_feature_iam_role" {
   count                 = var.platform_feature_enabled ? 1 : 0
-  name                  = var.platform_role_enable_override ? var.platform_role_override_name : "${local.truefoundry_unique_name}-iam-role"
-  description           = "IAM role for TrueFoundry to access S3 bucket, SSM and ECR"
+  name                  = var.platform_role_enable_override ? var.platform_role_override_name : null
+  description           = "IAM role for TrueFoundry platform to access S3 bucket, SSM, ECR and EKS"
+  name_prefix           = var.platform_role_enable_override ? null : "${local.truefoundry_unique_name}-iam-role-"
   force_detach_policies = true
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
@@ -283,4 +284,4 @@ resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_cluster_int
   count      = var.platform_feature_enabled ? (var.feature_cluster_integration_enabled && var.platform_user_enabled) ? 1 : 0 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy[0].arn
-}
+}
diff --git a/output.tf b/output.tf
@@ -1,31 +1,34 @@
 # From https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/outputs.tf
 
 ################################################################################
-# User details
+# IAM role details
 ################################################################################
-
-output "platform_iam_role_name" {
-  description = "Then name of the IAM role"
-  value       = var.platform_feature_enabled ? aws_iam_role.truefoundry_platform_feature_iam_role[0].name : ""
-}
-
 output "platform_iam_role_arn" {
-  description = "The IAM role resource arn"
+  description = "The platform IAM role arn"
   value       = var.platform_feature_enabled ? aws_iam_role.truefoundry_platform_feature_iam_role[0].arn : ""
 }
 
 output "platform_iam_role_assume_role_arns" {
-  description = "The IAM role arns which has been assume by platform_iam_role"
+  description = "The role arns that can assume the platform IAM role"
   value       = var.platform_feature_enabled ? var.control_plane_roles : []
 }
 
 output "platform_iam_role_policy_arns" {
-  description = "The list of ARNs of policies directly assigned to the IAM user"
+  description = "The platform IAM role policy arns"
   value       = local.truefoundry_platform_policy_arns
 }
 
+output "platform_iam_role_enabled" {
+  description = "Flag to enable IAM role for the platform. Either this or or `platform_user_enabled` should be enabled"
+  value       = var.platform_feature_enabled
+}
+
+################################################################################
+# User details
+################################################################################
+
 output "platform_user_enabled" {
-  description = "The user is enabled"
+  description = "Flag to enable user for the platform. Either this or `platform_iam_role_enabled` should be enabled"
   value       = var.platform_feature_enabled && var.platform_user_enabled
 }
 
@@ -48,20 +51,54 @@ output "platform_user_arn" {
 ################################################################################
 # Bucket details
 ################################################################################
-output "platform_user_bucket_name" {
-  description = "The bucket's ID/name"
+output "platform_bucket_enabled" {
+  description = "Flag to enable S3 bucket for the platform"
+  value       = var.platform_feature_enabled && var.feature_blob_storage_enabled
+}
+
+output "platform_bucket_name" {
+  description = "Name/ID of the S3 bucket"
   value       = var.feature_blob_storage_enabled ? module.truefoundry_bucket[0].s3_bucket_id : ""
 }
 
-output "platform_user_bucket_arn" {
-  description = "The bucket's arn"
+output "platform_bucket_arn" {
+  description = "ARN of the S3 bucket"
   value       = var.feature_blob_storage_enabled ? module.truefoundry_bucket[0].s3_bucket_arn : ""
 }
 
 ################################################################################
 # ECR details
 ################################################################################
-output "platform_user_ecr_url" {
+output "platform_ecr_enabled" {
+  description = "Flag to enable ECR for the platform"
+  value       = var.platform_feature_enabled && var.feature_docker_registry_enabled
+}
+
+output "platform_ecr_url" {
   description = "The ECR url to connect"
   value       = var.feature_docker_registry_enabled ? "${var.aws_account_id}.dkr.ecr.${var.aws_region}.amazonaws.com" : ""
 }
+
+################################################################################
+# Secrets Manager details
+################################################################################
+output "platform_secrets_manager_enabled" {
+  description = "Flag to enable Secrets Manager for the platform"
+  value       = var.platform_feature_enabled && var.feature_secrets_manager_enabled
+}
+
+################################################################################
+# Parameter Store details
+################################################################################
+output "platform_ssm_enabled" {
+  description = "Flag to enable Parameter Store for the platform"
+  value       = var.platform_feature_enabled && var.feature_parameter_store_enabled
+}
+
+################################################################################
+# Cluster integration details
+################################################################################
+output "platform_cluster_integration_enabled" {
+  description = "Flag to enable cluster integration for the platform"
+  value       = var.platform_feature_enabled && var.feature_cluster_integration_enabled
+}
diff --git a/upgrade-guide.md b/upgrade-guide.md
@@ -1,7 +1,17 @@
 # AWS Platform Features Upgrade Guide
 This guide helps in migration from the old terraform modules to the new one.
 
-# Updgrade guide to AWS platform features module from 0.2.2 to 0.3.0
+# Upgrade guide to AWS platform features module from 0.3.0 to 0.4.0
+1. When upgrading terraform version for platform features ensure that you are running on the latest version `0.3.x` and the platform features is upgraded to the newer 0.4.x version.
+2. When the `platform_role_enable_override` is set to `false`, then a iam role wil be created with a unique prefix
+3. The following output variables have been replaced with the new ones;
+   - `platform_user_bucket_name` to `platform_bucket_name`
+   - `platform_user_bucket_arn` to `platform_bucket_arn`
+   - `platform_user_ecr_url` to `platform_ecr_url`
+4. The following outputs have been removed;
+   - `platform_iam_role_name`
+
+# Upgrade guide to AWS platform features module from 0.2.2 to 0.3.0
 1. When upgrading terraform version for platform features ensure that you are running on version `0.2.x` and the platform features is upgraded to the newer 0.3.x version.
 2. Update the following variables;
    - `feature_secrets_enabled` to `feature_parameter_store_enabled`
diff --git a/variables.tf b/variables.tf
@@ -40,7 +40,7 @@ variable "control_plane_roles" {
 }
 
 variable "platform_role_enable_override" {
-  description = "Enable overriding the platform role name. You need to pass s3_override_name to pass the bucket name"
+  description = "Enable overriding the platform role name. You need to pass blob_storage_override_name to pass the bucket name"
   type        = bool
   default     = false
 }
@@ -89,7 +89,7 @@ variable "feature_blob_storage_enabled" {
 }
 
 variable "blob_storage_enable_override" {
-  description = "Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass s3_override_name to pass the bucket name"
+  description = "Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass blob_storage_override_name to pass the bucket name"
   type        = bool
   default     = false
 }

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ variable "control_plane_roles" {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`variable "platform_role_enable_override" {`
`43`		`- description = "Enable overriding the platform role name. You need to pass s3_override_name to pass the bucket name"`
	`43`	`+ description = "Enable overriding the platform role name. You need to pass blob_storage_override_name to pass the bucket name"`
`44`	`44`	`type = bool`
`45`	`45`	`default = false`
`46`	`46`	`}`
`@@ -89,7 +89,7 @@ variable "feature_blob_storage_enabled" {`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`variable "blob_storage_enable_override" {`
`92`		`- description = "Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass s3_override_name to pass the bucket name"`
	`92`	`+ description = "Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass blob_storage_override_name to pass the bucket name"`
`93`	`93`	`type = bool`
`94`	`94`	`default = false`
`95`	`95`	`}`