Supply count for map_accounts, map_roles and map_users (#205)

* Added map_roles_count and user_roles_count (#1) * Update readme for new vars * updated tests to include count * fix syntax error * updated changelog * Added map_accounts_count variable for consistency * Fix counts in example and user latest terraform-docs to generate readme
terraform-aws-modules · Dec 13, 2018 · 1822a67 · 1822a67
1 parent 37f18c1
commit 1822a67
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,14 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
 project adheres to [Semantic Versioning](http://semver.org/).
 
-## [[v1.9.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.8.0...HEAD)] - 2019-01-??]
 
-### Added
+## [[v2.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.8.0...HEAD)] - 2019-01-??]
 
+### Added
+- (Breaking Change) New input variables `map_accounts_count`, `map_roles_count` and `map_users_count` to allow using computed values as part of `map_accounts`, `map_roles` and `map_users` configs (by @chili-man on behalf of OpenGov).
 - Added ability to choose local-exec interpreter (by @rothandrew)
 
 ### Changed
-
 - Added `--with-aggregate-type-defaults` option to terraform-docs (by @max-rocket-internet)
 
 ## [[v1.8.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.7.0...v1.8.0)] - 2018-12-04]

diff --git a/README.md b/README.md
@@ -107,25 +107,28 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `` | no |
 | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `1.10` | no |
 | config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Should end in a forward slash `/` . | string | `./` | no |
-| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `[]` | no |
+| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `<list>` | no |
 | kubeconfig\_aws\_authenticator\_command | Command to use to to fetch AWS EKS credentials. | string | `aws-iam-authenticator` | no |
-| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list | `[]` | no |
-| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `{}` | no |
+| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list | `<list>` | no |
+| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `<map>` | no |
 | kubeconfig\_name | Override the default name used for items kubeconfig. | string | `` | no |
-| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list | `[ "/bin/sh", "-c" ]` | no |
+| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list | `<list>` | no |
 | manage\_aws\_auth | Whether to write and apply the aws-auth configmap file. | string | `true` | no |
-| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
-| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
-| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `<list>` | no |
+| map\_accounts\_count | The count of accounts in the map_accounts list. | string | `0` | no |
+| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `<list>` | no |
+| map\_roles\_count | The count of roles in the map_roles list. | string | `0` | no |
+| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `<list>` | no |
+| map\_users\_count | The count of roles in the map_users list. | string | `0` | no |
 | subnets | A list of subnets to place the EKS cluster and workers within. | list | - | yes |
-| tags | A map of tags to add to all resources. | map | `{}` | no |
+| tags | A map of tags to add to all resources. | map | `<map>` | no |
 | vpc\_id | VPC where the cluster and workers will be deployed. | string | - | yes |
-| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `[]` | no |
+| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `<list>` | no |
 | worker\_group\_count | The number of maps contained within the worker_groups list. | string | `1` | no |
-| worker\_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no |
+| worker\_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | `<list>` | no |
 | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no |
 | worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `1025` | no |
-| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys. | map | `{}` | no |
+| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys. | map | `<map>` | no |
 | write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `true` | no |
 
 ## Outputs
@@ -144,3 +147,4 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | worker\_security\_group\_id | Security group ID attached to the EKS workers. |
 | workers\_asg\_arns | IDs of the autoscaling groups containing workers. |
 | workers\_asg\_names | Names of the autoscaling groups containing workers. |
+
diff --git a/aws_auth.tf b/aws_auth.tf
@@ -42,7 +42,7 @@ data "template_file" "config_map_aws_auth" {
 }
 
 data "template_file" "map_users" {
-  count    = "${length(var.map_users)}"
+  count    = "${var.map_users_count}"
   template = "${file("${path.module}/templates/config-map-aws-auth-map_users.yaml.tpl")}"
 
   vars {
@@ -53,7 +53,7 @@ data "template_file" "map_users" {
 }
 
 data "template_file" "map_roles" {
-  count    = "${length(var.map_roles)}"
+  count    = "${var.map_roles_count}"
   template = "${file("${path.module}/templates/config-map-aws-auth-map_roles.yaml.tpl")}"
 
   vars {
@@ -64,7 +64,7 @@ data "template_file" "map_roles" {
 }
 
 data "template_file" "map_accounts" {
-  count    = "${length(var.map_accounts)}"
+  count    = "${var.map_accounts_count}"
   template = "${file("${path.module}/templates/config-map-aws-auth-map_accounts.yaml.tpl")}"
 
   vars {

diff --git a/examples/eks_test_fixture/main.tf b/examples/eks_test_fixture/main.tf
@@ -136,6 +136,9 @@ module "eks" {
   worker_group_count                   = "2"
   worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
   map_roles                            = "${var.map_roles}"
+  map_roles_count                      = "${var.map_roles_count}"
   map_users                            = "${var.map_users}"
+  map_users_count                      = "${var.map_users_count}"
   map_accounts                         = "${var.map_accounts}"
+  map_accounts_count                   = "${var.map_accounts_count}"
 }
diff --git a/examples/eks_test_fixture/variables.tf b/examples/eks_test_fixture/variables.tf
@@ -12,6 +12,12 @@ variable "map_accounts" {
   ]
 }
 
+variable "map_accounts_count" {
+  description = "The count of accounts in the map_accounts list."
+  type        = "string"
+  default     = 2
+}
+
 variable "map_roles" {
   description = "Additional IAM roles to add to the aws-auth configmap."
   type        = "list"
@@ -25,6 +31,12 @@ variable "map_roles" {
   ]
 }
 
+variable "map_roles_count" {
+  description = "The count of roles in the map_roles list."
+  type        = "string"
+  default     = 1
+}
+
 variable "map_users" {
   description = "Additional IAM users to add to the aws-auth configmap."
   type        = "list"
@@ -42,3 +54,9 @@ variable "map_users" {
     },
   ]
 }
+
+variable "map_users_count" {
+  description = "The count of roles in the map_users list."
+  type        = "string"
+  default     = 2
+}
diff --git a/variables.tf b/variables.tf
@@ -33,18 +33,36 @@ variable "map_accounts" {
   default     = []
 }
 
+variable "map_accounts_count" {
+  description = "The count of accounts in the map_accounts list."
+  type        = "string"
+  default     = 0
+}
+
 variable "map_roles" {
   description = "Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format."
   type        = "list"
   default     = []
 }
 
+variable "map_roles_count" {
+  description = "The count of roles in the map_roles list."
+  type        = "string"
+  default     = 0
+}
+
 variable "map_users" {
   description = "Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format."
   type        = "list"
   default     = []
 }
 
+variable "map_users_count" {
+  description = "The count of roles in the map_users list."
+  type        = "string"
+  default     = 0
+}
+
 variable "subnets" {
   description = "A list of subnets to place the EKS cluster and workers within."
   type        = "list"