Merge pull request #16 from truefoundry/remove-platform-features-enabled

Remove platform_feature_enabled input
truefoundry · Nov 18, 2024 · 3f2337b · 3f2337b
2 parents 4df7772 + e3bb740
commit 3f2337b
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 54 deletions.
diff --git a/buckets.tf b/buckets.tf
@@ -1,5 +1,5 @@
 module "truefoundry_bucket" {
-  count   = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
+  count   = var.feature_blob_storage_enabled ? 1 : 0
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "3.15.0"
 
@@ -72,4 +72,4 @@ module "truefoundry_bucket" {
       max_age_seconds = 3000
     }
   ]
-}
+}
diff --git a/iam.tf b/iam.tf
@@ -1,5 +1,5 @@
 data "aws_iam_policy_document" "truefoundry_platform_feature_s3_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
+  count = var.feature_blob_storage_enabled ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -14,7 +14,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_s3_policy_document"
 }
 
 data "aws_iam_policy_document" "truefoundry_platform_feature_parameter_store_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
+  count = var.feature_parameter_store_enabled ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -32,7 +32,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_parameter_store_pol
 }
 
 data "aws_iam_policy_document" "truefoundry_platform_feature_secrets_manager_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
+  count = var.feature_secrets_manager_enabled ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -51,7 +51,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_secrets_manager_pol
 }
 
 data "aws_iam_policy_document" "truefoundry_platform_feature_ecr_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
+  count = var.feature_docker_registry_enabled ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -94,7 +94,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_ecr_policy_document
 }
 
 data "aws_iam_policy_document" "truefoundry_platform_feature_cluster_integration_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_cluster_integration_enabled ? 1 : 0 : 0
+  count = var.feature_cluster_integration_enabled ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -141,41 +141,41 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_cluster_integration
 
 
 resource "aws_iam_policy" "truefoundry_platform_feature_s3_policy" {
-  count       = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-s3-access"
+  count       = var.feature_blob_storage_enabled ? 1 : 0
+  name_prefix = "${local.truefoundry_unique_name}-s3-access-"
   description = "IAM policy for TrueFoundry user for platform features blob storage"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_s3_policy_document[0].json
   tags        = local.tags
 }
 
 resource "aws_iam_policy" "truefoundry_platform_feature_parameter_store_policy" {
-  count       = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-parameter-store-access"
+  count       = var.feature_parameter_store_enabled ? 1 : 0
+  name_prefix = "${local.truefoundry_unique_name}-parameter-store-access-"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document[0].json
   tags        = local.tags
 }
 
 resource "aws_iam_policy" "truefoundry_platform_feature_secrets_manager_policy" {
-  count       = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-secrets-manager-access"
+  count       = var.feature_secrets_manager_enabled ? 1 : 0
+  name_prefix = "${local.truefoundry_unique_name}-secrets-manager-access-"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_secrets_manager_policy_document[0].json
   tags        = local.tags
 }
 
 resource "aws_iam_policy" "truefoundry_platform_feature_ecr_policy" {
-  count       = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-ecr-access"
+  count       = var.feature_docker_registry_enabled ? 1 : 0
+  name_prefix = "${local.truefoundry_unique_name}-ecr-access-"
   description = "IAM policy for TrueFoundry user for platform features docker registry"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document[0].json
   tags        = local.tags
 }
 
 
 resource "aws_iam_policy" "truefoundry_platform_feature_cluster_integration_policy" {
-  count       = var.platform_feature_enabled ? var.feature_cluster_integration_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-cluster-integration-access"
+  count       = var.feature_cluster_integration_enabled ? 1 : 0
+  name_prefix = "${local.truefoundry_unique_name}-cluster-integration-access-"
   description = "IAM policy for TrueFoundry user for platform features cluster integration"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document[0].json
   tags        = local.tags
@@ -186,7 +186,7 @@ resource "aws_iam_policy" "truefoundry_platform_feature_cluster_integration_poli
 ################################################################################
 
 resource "aws_iam_role" "truefoundry_platform_feature_iam_role" {
-  count                 = var.platform_feature_enabled ? 1 : 0
+  count                 = var.platform_user_enabled ? 0 : 1
   name                  = var.platform_role_enable_override ? var.platform_role_override_name : null
   description           = "IAM role for TrueFoundry platform to access S3 bucket, SSM, ECR and EKS"
   name_prefix           = var.platform_role_enable_override ? null : "${local.truefoundry_unique_name}-iam-role-"
@@ -208,31 +208,31 @@ resource "aws_iam_role" "truefoundry_platform_feature_iam_role" {
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_s3_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
+  count      = var.feature_blob_storage_enabled && !var.platform_user_enabled ? 1 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_s3_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_parameter_store_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
+  count      = var.feature_parameter_store_enabled && !var.platform_user_enabled ? 1 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_parameter_store_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_secrets_manager_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
+  count      = var.feature_secrets_manager_enabled && !var.platform_user_enabled ? 1 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_ecr_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
+  count      = var.feature_docker_registry_enabled && !var.platform_user_enabled ? 1 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_ecr_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_cluster_integration_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_cluster_integration_enabled ? 1 : 0 : 0
+  count      = var.feature_cluster_integration_enabled && !var.platform_user_enabled ? 1 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy[0].arn
 }
@@ -242,7 +242,7 @@ resource "aws_iam_role_policy_attachment" "truefoundry_platform_cluster_integrat
 # IAM user
 ################################################################################
 resource "aws_iam_user" "truefoundry_platform_user" {
-  count = var.platform_feature_enabled && var.platform_user_enabled ? 1 : 0
+  count = var.platform_user_enabled ? 1 : 0
 
   name          = var.platform_user_name_override_enabled ? var.platform_user_override_name : "${local.truefoundry_unique_name}-user"
   path          = "/truefoundry/"
@@ -251,37 +251,37 @@ resource "aws_iam_user" "truefoundry_platform_user" {
 }
 
 resource "aws_iam_access_key" "truefoundry_platform_user_keys" {
-  count = var.platform_feature_enabled && var.platform_user_enabled ? 1 : 0
+  count = var.platform_user_enabled ? 1 : 0
 
   user = aws_iam_user.truefoundry_platform_user[0].name
 }
 
 resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_s3_policy_attachment" {
-  count      = var.platform_feature_enabled ? (var.feature_blob_storage_enabled && var.platform_user_enabled) ? 1 : 0 : 0
+  count      = var.feature_blob_storage_enabled && var.platform_user_enabled ? 1 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_s3_policy[0].arn
 }
 
 resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_parameter_store_policy_attachment" {
-  count      = var.platform_feature_enabled ? (var.feature_parameter_store_enabled && var.platform_user_enabled) ? 1 : 0 : 0
+  count      = var.feature_parameter_store_enabled && var.platform_user_enabled ? 1 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_parameter_store_policy[0].arn
 }
 
 resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_secrets_manager_policy_attachment" {
-  count      = var.platform_feature_enabled ? (var.feature_secrets_manager_enabled && var.platform_user_enabled) ? 1 : 0 : 0
+  count      = var.feature_secrets_manager_enabled && var.platform_user_enabled ? 1 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy[0].arn
 }
 
 resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_ecr_policy_attachment" {
-  count      = var.platform_feature_enabled ? (var.feature_docker_registry_enabled && var.platform_user_enabled) ? 1 : 0 : 0
+  count      = var.feature_docker_registry_enabled && var.platform_user_enabled ? 1 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_ecr_policy[0].arn
 }
 
 resource "aws_iam_user_policy_attachment" "truefoundry_platform_user_cluster_integration_policy_attachment" {
-  count      = var.platform_feature_enabled ? (var.feature_cluster_integration_enabled && var.platform_user_enabled) ? 1 : 0 : 0
+  count      = var.feature_cluster_integration_enabled && var.platform_user_enabled ? 1 : 0
   user       = aws_iam_user.truefoundry_platform_user[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy[0].arn
 }
diff --git a/output.tf b/output.tf
@@ -3,57 +3,57 @@
 ################################################################################
 # IAM role details
 ################################################################################
+output "platform_iam_role_enabled" {
+  description = "Flag to enable IAM role for the platform. If false, the user will be created."
+  value       = !var.platform_user_enabled
+}
+
 output "platform_iam_role_arn" {
   description = "The platform IAM role arn"
-  value       = var.platform_feature_enabled ? aws_iam_role.truefoundry_platform_feature_iam_role[0].arn : ""
+  value       = var.platform_user_enabled ? "" : aws_iam_role.truefoundry_platform_feature_iam_role[0].arn
 }
 
 output "platform_iam_role_assume_role_arns" {
   description = "The role arns that can assume the platform IAM role"
-  value       = var.platform_feature_enabled ? var.control_plane_roles : []
+  value       = var.platform_user_enabled ? [] : var.control_plane_roles
 }
 
 output "platform_iam_role_policy_arns" {
   description = "The platform IAM role policy arns"
-  value       = local.truefoundry_platform_policy_arns
-}
-
-output "platform_iam_role_enabled" {
-  description = "Flag to enable IAM role for the platform. Either this or or `platform_user_enabled` should be enabled"
-  value       = var.platform_feature_enabled
+  value       = var.platform_user_enabled ? [] : local.truefoundry_platform_policy_arns
 }
 
 ################################################################################
 # User details
 ################################################################################
 
 output "platform_user_enabled" {
-  description = "Flag to enable user for the platform. Either this or `platform_iam_role_enabled` should be enabled"
-  value       = var.platform_feature_enabled && var.platform_user_enabled
+  description = "Flag to enable user for the platform. If false, the iam role will be created."
+  value       = var.platform_user_enabled
 }
 
 output "platform_user_access_key" {
   description = "The user access key ID"
-  value       = var.platform_feature_enabled && var.platform_user_enabled ? aws_iam_access_key.truefoundry_platform_user_keys[0].id : ""
+  value       = var.platform_user_enabled ? aws_iam_access_key.truefoundry_platform_user_keys[0].id : ""
 }
 
 output "platform_user_secret_key" {
   description = "The user secret key"
-  value       = var.platform_feature_enabled && var.platform_user_enabled ? aws_iam_access_key.truefoundry_platform_user_keys[0].secret : ""
+  value       = var.platform_user_enabled ? aws_iam_access_key.truefoundry_platform_user_keys[0].secret : ""
   sensitive   = true
 }
 
 output "platform_user_arn" {
   description = "The user IAM resource arn"
-  value       = var.platform_feature_enabled && var.platform_user_enabled ? aws_iam_user.truefoundry_platform_user[0].arn : ""
+  value       = var.platform_user_enabled ? aws_iam_user.truefoundry_platform_user[0].arn : ""
 }
 
 ################################################################################
 # Bucket details
 ################################################################################
 output "platform_bucket_enabled" {
   description = "Flag to enable S3 bucket for the platform"
-  value       = var.platform_feature_enabled && var.feature_blob_storage_enabled
+  value       = var.feature_blob_storage_enabled
 }
 
 output "platform_bucket_name" {
@@ -71,7 +71,7 @@ output "platform_bucket_arn" {
 ################################################################################
 output "platform_ecr_enabled" {
   description = "Flag to enable ECR for the platform"
-  value       = var.platform_feature_enabled && var.feature_docker_registry_enabled
+  value       = var.feature_docker_registry_enabled
 }
 
 output "platform_ecr_url" {
@@ -84,21 +84,21 @@ output "platform_ecr_url" {
 ################################################################################
 output "platform_secrets_manager_enabled" {
   description = "Flag to enable Secrets Manager for the platform"
-  value       = var.platform_feature_enabled && var.feature_secrets_manager_enabled
+  value       = var.feature_secrets_manager_enabled
 }
 
 ################################################################################
 # Parameter Store details
 ################################################################################
 output "platform_ssm_enabled" {
   description = "Flag to enable Parameter Store for the platform"
-  value       = var.platform_feature_enabled && var.feature_parameter_store_enabled
+  value       = var.feature_parameter_store_enabled
 }
 
 ################################################################################
 # Cluster integration details
 ################################################################################
 output "platform_cluster_integration_enabled" {
   description = "Flag to enable cluster integration for the platform"
-  value       = var.platform_feature_enabled && var.feature_cluster_integration_enabled
+  value       = var.feature_cluster_integration_enabled
 }
diff --git a/upgrade-guide.md b/upgrade-guide.md
@@ -10,6 +10,8 @@ This guide helps in migration from the old terraform modules to the new one.
    - `platform_user_ecr_url` to `platform_ecr_url`
 4. The following outputs have been removed;
    - `platform_iam_role_name`
+5. The following variables have been removed;
+   - `platform_feature_enabled`
 
 # Upgrade guide to AWS platform features module from 0.2.2 to 0.3.0
 1. When upgrading terraform version for platform features ensure that you are running on version `0.2.x` and the platform features is upgraded to the newer 0.3.x version.

diff --git a/variables.tf b/variables.tf
@@ -14,12 +14,6 @@ variable "aws_region" {
   type        = string
 }
 
-variable "platform_feature_enabled" {
-  description = "Enable platform features like docker registry, secrets manager and blob storage"
-  type        = bool
-  default     = true
-}
-
 ################################################################################
 # Cluster
 ################################################################################