Skip to content
This repository has been archived by the owner on Feb 22, 2023. It is now read-only.

Commit

Permalink
CR fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
bardielle committed Nov 30, 2022
1 parent 60596e7 commit e9a3d61
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ data "ocm_rosa_operator_roles" "operator_roles" {
}

module operator_roles {
source = "git::https://github.com/openshift-online/terraform-provider-ocm.git//modules/operator_roles"
source = "git::https://github.com/openshift-online/terraform-provider-ocm.git//modules/aws_roles"

cluster_id = ocm_cluster_rosa_classic.rosa_sts_cluster.id
rh_oidc_provider_thumbprint = ocm_cluster_rosa_classic.rosa_sts_cluster.sts.thumbprint
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ variable operator_role_prefix {

variable account_role_prefix {
type = string
default = ""
}

variable url {
Expand Down
2 changes: 1 addition & 1 deletion modules/aws_roles/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ This terraform module tries to replicate rosa CLI roles creation so that:

## Prerequisites

* AWS Admin Account
* AWS Admin Account configured by using AWS CLI in AWS configuration file
* OCM Account and OCM CLI
* ROSA CLI

Expand Down
2 changes: 1 addition & 1 deletion modules/aws_roles/operator_roles/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ variable rh_oidc_provider_url {
}

variable rh_oidc_provider_thumbprint {
description = "Thumbprint for https://rh-oidc.s3.us-east-1.amazonaws.com"
description = "Thumbprint for the variable `rh_oidc_provider_url`"
type = string
default = "917e732d330f9a12404f73d8bea36948b929dffc"
}
Expand Down
17 changes: 11 additions & 6 deletions provider/cluster_rosa_classic_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,9 @@ import (
)

const (
awsCloudProvider = "aws"
rosaProduct = "rosa"
serviceAccountFmt = "system:serviceaccount:%s:%s"
MinVersion = "4.10"
awsCloudProvider = "aws"
rosaProduct = "rosa"
MinVersion = "4.10"
)

type ClusterRosaClassicResourceType struct {
Expand Down Expand Up @@ -707,8 +706,14 @@ func (r *ClusterRosaClassicResource) populateState(ctx context.Context, object *
}

}
state.Sts.OperatorRolePrefix = types.String{
Value: sts.OperatorRolePrefix(),
// TODO: fix a bug in uhc-cluster-services
if state.Sts.OperatorRolePrefix.Unknown || state.Sts.OperatorRolePrefix.Null {
operatorRolePrefix, ok := sts.GetOperatorRolePrefix()
if ok {
state.Sts.OperatorRolePrefix = types.String{
Value: operatorRolePrefix,
}
}
}
thumbprint, err := getThumbprint(sts.OIDCEndpointURL())
if err != nil {
Expand Down
34 changes: 23 additions & 11 deletions provider/rosa_operator_roles_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,10 @@ type RosaOperatorRolesDataSource struct {
awsInquiries *cmv1.AWSInquiriesClient
}

const DefaultAccountRolePrefix = "ManagedOpenShift"
const (
DefaultAccountRolePrefix = "ManagedOpenShift"
serviceAccountFmt = "system:serviceaccount:%s:%s"
)

func (t *RosaOperatorRolesDataSourceType) GetSchema(ctx context.Context) (result tfsdk.Schema,
diags diag.Diagnostics) {
Expand Down Expand Up @@ -173,7 +176,7 @@ func (t *RosaOperatorRolesDataSource) Read(ctx context.Context, request tfsdk.Re
sts, ok := object.AWS().GetSTS()
if ok {
accountRolePrefix := DefaultAccountRolePrefix
if !state.AccountRolePrefix.Unknown && !state.AccountRolePrefix.Null {
if !state.AccountRolePrefix.Unknown && !state.AccountRolePrefix.Null && state.AccountRolePrefix.Value != "" {
accountRolePrefix = state.AccountRolePrefix.Value
}

Expand All @@ -191,12 +194,12 @@ func (t *RosaOperatorRolesDataSource) Read(ctx context.Context, request tfsdk.Re
Value: operatorRole.RoleARN(),
},
RoleName: types.String{
Value: getRoleName(state.OperatorRolePrefix.Value, operatorRole.Namespace(), operatorRole.Name()),
Value: getRoleName(state.OperatorRolePrefix.Value, operatorRole),
},
PolicyName: types.String{
Value: getRoleName(accountRolePrefix, operatorRole.Namespace(), operatorRole.Name()),
Value: getPolicyName(accountRolePrefix, operatorRole.Namespace(), operatorRole.Name()),
},
ServiceAccounts: getServiceAccount(stsOperatorMap[operatorRole.Namespace()].ServiceAccounts(), operatorRole.Namespace()),
ServiceAccounts: buildServiceAccountsArray(stsOperatorMap[operatorRole.Namespace()].ServiceAccounts(), operatorRole.Namespace()),
}
state.OperatorIAMRoles = append(state.OperatorIAMRoles, &r)
}
Expand All @@ -207,15 +210,24 @@ func (t *RosaOperatorRolesDataSource) Read(ctx context.Context, request tfsdk.Re
}

// TODO: should be in a separate repo
func getRoleName(prefix string, namespace string, name string) string {
roleName := fmt.Sprintf("%s-%s-%s", prefix, namespace, name)
if len(roleName) > 64 {
roleName = roleName[0:64]
func getRoleName(rolePrefix string, operatorRole *cmv1.OperatorIAMRole) string {
role := fmt.Sprintf("%s-%s-%s", rolePrefix, operatorRole.Namespace(), operatorRole.Name())
if len(role) > 64 {
role = role[0:64]
}
return role
}

// TODO: should be in a separate repo
func getPolicyName(prefix string, namespace string, name string) string {
policy := fmt.Sprintf("%s-%s-%s", prefix, namespace, name)
if len(policy) > 64 {
policy = policy[0:64]
}
return roleName
return policy
}

func getServiceAccount(serviceAccountArr []string, operatorNamespace string) types.List {
func buildServiceAccountsArray(serviceAccountArr []string, operatorNamespace string) types.List {
serviceAccounts := types.List{
ElemType: types.StringType,
Elems: []attr.Value{},
Expand Down
2 changes: 1 addition & 1 deletion provider/sts.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func stsResource() tfsdk.NestedAttributes {
Required: true,
},
"operator_role_prefix": {
Description: "Account Role prefix",
Description: "Operator IAM Role prefix",
Type: types.StringType,
Required: true,
},
Expand Down

0 comments on commit e9a3d61

Please sign in to comment.