From d8cc1b47963e7c5d5b555473fe70b806c232b034 Mon Sep 17 00:00:00 2001
From: Harshit  Luthra <love.coolsachin@gmail.com>
Date: Mon, 2 Dec 2024 22:01:00 +0530
Subject: [PATCH] refactor(terraform): remove aws_eks_cluster data source and
 use oidc_provider_url variable (#21)

* refactor(terraform): remove aws_eks_cluster data source and use oidc_provider_url variable

Remove dependency on aws_eks_cluster data source for OIDC provider URL.
Introduce oidc_provider_url variable for more flexibility and modularity.

* terraform-docs: automated action

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 README.md    | 2 +-
 iam.tf       | 4 ----
 locals.tf    | 4 ++--
 variables.tf | 6 ++++++
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 642f10c..0a36216 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@ Truefoundry AWS platform features
 | [aws_iam_user_policy_attachment.truefoundry_platform_user_parameter_store_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
 | [aws_iam_user_policy_attachment.truefoundry_platform_user_s3_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
 | [aws_iam_user_policy_attachment.truefoundry_platform_user_secrets_manager_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
-| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -71,6 +70,7 @@ Truefoundry AWS platform features
 | <a name="input_feature_secrets_manager_enabled"></a> [feature\_secrets\_manager\_enabled](#input\_feature\_secrets\_manager\_enabled) | Enable secrets manager feature in the platform | `bool` | `false` | no |
 | <a name="input_flyte_propeller_serviceaccount_name"></a> [flyte\_propeller\_serviceaccount\_name](#input\_flyte\_propeller\_serviceaccount\_name) | Name for the Flyte Propeller service account | `string` | `"flytepropeller"` | no |
 | <a name="input_flyte_propeller_serviceaccount_namespace"></a> [flyte\_propeller\_serviceaccount\_namespace](#input\_flyte\_propeller\_serviceaccount\_namespace) | Namespace for the Flyte Propeller service account | `string` | `"tfy-workflow-propeller"` | no |
+| <a name="input_oidc_provider_url"></a> [oidc\_provider\_url](#input\_oidc\_provider\_url) | OIDC provider URL | `string` | `""` | no |
 | <a name="input_platform_role_enable_override"></a> [platform\_role\_enable\_override](#input\_platform\_role\_enable\_override) | Enable overriding the platform role name. You need to pass blob\_storage\_override\_name to pass the bucket name | `bool` | `false` | no |
 | <a name="input_platform_role_override_name"></a> [platform\_role\_override\_name](#input\_platform\_role\_override\_name) | Platform IAM role name which will have access to S3 bucket, SSM and ECR | `string` | `""` | no |
 | <a name="input_platform_user_enabled"></a> [platform\_user\_enabled](#input\_platform\_user\_enabled) | Enable creation of a platform feature user | `bool` | `false` | no |
diff --git a/iam.tf b/iam.tf
index dcc418f..f18cbf8 100644
--- a/iam.tf
+++ b/iam.tf
@@ -1,7 +1,3 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-
 data "aws_iam_policy_document" "truefoundry_platform_feature_s3_policy_document" {
   count = var.feature_blob_storage_enabled ? 1 : 0
   statement {
diff --git a/locals.tf b/locals.tf
index 6125e0d..1b9de54 100644
--- a/locals.tf
+++ b/locals.tf
@@ -17,6 +17,6 @@ locals {
   ]
   truefoundry_platform_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]
 
-  oidc_provider_url    = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")
-  iam_role_name_prefix = trimsuffix(substr("${local.truefoundry_unique_name}-iam-role-", 0, 37), "-")
+  oidc_provider_url    = replace(var.oidc_provider_url, "https://", "")
+  iam_role_name_prefix = substr("${local.truefoundry_unique_name}-iam-role", 0, 37)
 }
diff --git a/variables.tf b/variables.tf
index c6fd9f9..41a23d0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -14,6 +14,12 @@ variable "aws_region" {
   type        = string
 }
 
+variable "oidc_provider_url" {
+  description = "OIDC provider URL"
+  type        = string
+  default     = ""
+}
+
 ################################################################################
 # Cluster
 ################################################################################