diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a5d954d15..4a543c5b2a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,14 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [[v1.9.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.8.0...HEAD)] - 2019-01-??] -### Added +## [[v2.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.8.0...HEAD)] - 2019-01-??] +### Added +- (Breaking Change) New input variables `map_accounts_count`, `map_roles_count` and `map_users_count` to allow using computed values as part of `map_accounts`, `map_roles` and `map_users` configs (by @chili-man on behalf of OpenGov). - Added ability to choose local-exec interpreter (by @rothandrew) ### Changed - - Added `--with-aggregate-type-defaults` option to terraform-docs (by @max-rocket-internet) ## [[v1.8.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.7.0...v1.8.0)] - 2018-12-04] diff --git a/README.md b/README.md index 19054bd1e8..9636e60f6e 100644 --- a/README.md +++ b/README.md @@ -107,25 +107,28 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `` | no | | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `1.10` | no | | config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Should end in a forward slash `/` . | string | `./` | no | -| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `[]` | no | +| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `` | no | | kubeconfig\_aws\_authenticator\_command | Command to use to to fetch AWS EKS credentials. | string | `aws-iam-authenticator` | no | -| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list | `[]` | no | -| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `{}` | no | +| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list | `` | no | +| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `` | no | | kubeconfig\_name | Override the default name used for items kubeconfig. | string | `` | no | -| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list | `[ "/bin/sh", "-c" ]` | no | +| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list | `` | no | | manage\_aws\_auth | Whether to write and apply the aws-auth configmap file. | string | `true` | no | -| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | -| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | -| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | +| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | +| map\_accounts\_count | The count of accounts in the map_accounts list. | string | `0` | no | +| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | +| map\_roles\_count | The count of roles in the map_roles list. | string | `0` | no | +| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | +| map\_users\_count | The count of roles in the map_users list. | string | `0` | no | | subnets | A list of subnets to place the EKS cluster and workers within. | list | - | yes | -| tags | A map of tags to add to all resources. | map | `{}` | no | +| tags | A map of tags to add to all resources. | map | `` | no | | vpc\_id | VPC where the cluster and workers will be deployed. | string | - | yes | -| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `[]` | no | +| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `` | no | | worker\_group\_count | The number of maps contained within the worker_groups list. | string | `1` | no | -| worker\_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | +| worker\_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | `` | no | | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no | | worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `1025` | no | -| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys. | map | `{}` | no | +| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in locals.tf for valid keys. | map | `` | no | | write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `true` | no | ## Outputs @@ -144,3 +147,4 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker\_security\_group\_id | Security group ID attached to the EKS workers. | | workers\_asg\_arns | IDs of the autoscaling groups containing workers. | | workers\_asg\_names | Names of the autoscaling groups containing workers. | + diff --git a/aws_auth.tf b/aws_auth.tf index 7a559fadb6..50c6e86bd1 100644 --- a/aws_auth.tf +++ b/aws_auth.tf @@ -42,7 +42,7 @@ data "template_file" "config_map_aws_auth" { } data "template_file" "map_users" { - count = "${length(var.map_users)}" + count = "${var.map_users_count}" template = "${file("${path.module}/templates/config-map-aws-auth-map_users.yaml.tpl")}" vars { @@ -53,7 +53,7 @@ data "template_file" "map_users" { } data "template_file" "map_roles" { - count = "${length(var.map_roles)}" + count = "${var.map_roles_count}" template = "${file("${path.module}/templates/config-map-aws-auth-map_roles.yaml.tpl")}" vars { @@ -64,7 +64,7 @@ data "template_file" "map_roles" { } data "template_file" "map_accounts" { - count = "${length(var.map_accounts)}" + count = "${var.map_accounts_count}" template = "${file("${path.module}/templates/config-map-aws-auth-map_accounts.yaml.tpl")}" vars { diff --git a/examples/eks_test_fixture/main.tf b/examples/eks_test_fixture/main.tf index 29f3c77f2f..81159297d9 100644 --- a/examples/eks_test_fixture/main.tf +++ b/examples/eks_test_fixture/main.tf @@ -136,6 +136,9 @@ module "eks" { worker_group_count = "2" worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"] map_roles = "${var.map_roles}" + map_roles_count = "${var.map_roles_count}" map_users = "${var.map_users}" + map_users_count = "${var.map_users_count}" map_accounts = "${var.map_accounts}" + map_accounts_count = "${var.map_accounts_count}" } diff --git a/examples/eks_test_fixture/variables.tf b/examples/eks_test_fixture/variables.tf index 1c5f631d89..0a7798a480 100644 --- a/examples/eks_test_fixture/variables.tf +++ b/examples/eks_test_fixture/variables.tf @@ -12,6 +12,12 @@ variable "map_accounts" { ] } +variable "map_accounts_count" { + description = "The count of accounts in the map_accounts list." + type = "string" + default = 2 +} + variable "map_roles" { description = "Additional IAM roles to add to the aws-auth configmap." type = "list" @@ -25,6 +31,12 @@ variable "map_roles" { ] } +variable "map_roles_count" { + description = "The count of roles in the map_roles list." + type = "string" + default = 1 +} + variable "map_users" { description = "Additional IAM users to add to the aws-auth configmap." type = "list" @@ -42,3 +54,9 @@ variable "map_users" { }, ] } + +variable "map_users_count" { + description = "The count of roles in the map_users list." + type = "string" + default = 2 +} diff --git a/variables.tf b/variables.tf index c0b27cd682..0f4ba2cce6 100644 --- a/variables.tf +++ b/variables.tf @@ -33,18 +33,36 @@ variable "map_accounts" { default = [] } +variable "map_accounts_count" { + description = "The count of accounts in the map_accounts list." + type = "string" + default = 0 +} + variable "map_roles" { description = "Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." type = "list" default = [] } +variable "map_roles_count" { + description = "The count of roles in the map_roles list." + type = "string" + default = 0 +} + variable "map_users" { description = "Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." type = "list" default = [] } +variable "map_users_count" { + description = "The count of roles in the map_users list." + type = "string" + default = 0 +} + variable "subnets" { description = "A list of subnets to place the EKS cluster and workers within." type = "list"