feat: add support for disabling wayfinder default resources from bein…

…g created on install or update

README.md

@@ -127,6 +127,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_venafi_apikey"></a> [venafi\_apikey](#input\_venafi\_apikey) | Venafi API key - required if using Venafi cluster issuer | `string` | `""` | no |
 | <a name="input_venafi_zone"></a> [venafi\_zone](#input\_venafi\_zone) | Venafi zone - required if using Venafi cluster issuer | `string` | `""` | no |
 | <a name="input_wayfinder_idp_details"></a> [wayfinder\_idp\_details](#input\_wayfinder\_idp\_details) | The IDP details to use for Wayfinder to enable SSO | <pre>object({<br/>    type          = string<br/>    clientId      = optional(string)<br/>    clientSecret  = optional(string)<br/>    serverUrl     = optional(string)<br/>    azureTenantId = optional(string)<br/>  })</pre> | <pre>{<br/>  "azureTenantId": "",<br/>  "clientId": null,<br/>  "clientSecret": null,<br/>  "serverUrl": "",<br/>  "type": "none"<br/>}</pre> | no |
+| <a name="input_wayfinder_no_defaults"></a> [wayfinder\_no\_defaults](#input\_wayfinder\_no\_defaults) | Set to true to stop Wayfinder from applying compiled-in defaults (e.g. default roles, cluster plans, etc). | `bool` | `true` | no |
 | <a name="input_wayfinder_release_channel"></a> [wayfinder\_release\_channel](#input\_wayfinder\_release\_channel) | The release channel to use for Wayfinder | `string` | `"wayfinder-releases"` | no |
 | <a name="input_wayfinder_version"></a> [wayfinder\_version](#input\_wayfinder\_version) | The version to use for Wayfinder | `string` | `"v2.9.7"` | no |
 

manifests/wayfinder-values.yml.tpl

@@ -26,6 +26,7 @@ enableLocalAdminUser: ${enable_localadmin_user}
 mysql:
   pvc:
     storageClass: "${storage_class}"
+noDefaults: ${no_defaults}
 ui:
   cloudOrder: "['azure','aws','gcp']"
   enabled: true

variables.tf

@@ -327,6 +327,12 @@ variable "wayfinder_licence_key" {
   sensitive   = true
 }
 
+variable "wayfinder_no_defaults" {
+  description = "Set to true to stop Wayfinder from applying compiled-in defaults (e.g. default roles, cluster plans, etc)."
+  type        = bool
+  default     = true
+}
+
 variable "wayfinder_release_channel" {
   description = "The release channel to use for Wayfinder"
   type        = string

wayfinder.tf

@@ -144,19 +144,20 @@ resource "helm_release" "wayfinder" {
 
   values = [
     templatefile("${path.module}/manifests/wayfinder-values.yml.tpl", {
+      aksManagementSubnet           = var.aks_vnet_subnet_id
       api_hostname                  = var.wayfinder_domain_name_api
       clusterissuer                 = var.clusterissuer
-      issuerkind                    = var.clusterissuer == "adcs-issuer" ? "ClusterAdcsIssuer" : "ClusterIssuer"
-      issuergroup                   = var.clusterissuer == "adcs-issuer" ? "adcs.certmanager.csf.nokia.com" : "cert-manager.io"
       disable_local_login           = var.wayfinder_idp_details["type"] == "none" ? false : var.disable_local_login
       enable_localadmin_user        = var.create_localadmin_user
+      issuergroup                   = var.clusterissuer == "adcs-issuer" ? "adcs.certmanager.csf.nokia.com" : "cert-manager.io"
+      issuerkind                    = var.clusterissuer == "adcs-issuer" ? "ClusterAdcsIssuer" : "ClusterIssuer"
+      no_defaults                   = var.wayfinder_no_defaults
+      private_link_resourcegroup    = local.private_link_resourcegroup
+      region                        = var.location
       storage_class                 = "managed"
       ui_hostname                   = var.wayfinder_domain_name_ui
       wayfinder_client_id           = azurerm_user_assigned_identity.wayfinder_main.client_id
       wayfinder_instance_identifier = var.wayfinder_instance_id
-      aksManagementSubnet           = var.aks_vnet_subnet_id
-      region                        = var.location
-      private_link_resourcegroup    = local.private_link_resourcegroup
     })
   ]