fix: more cleanup of old operators (waf/webacl) (#245)

* fix: more cleanup of old operators (waf/webacl)

* fix: cluster_environments variable

* docs: automated update of terraform docs

* chore: bump platform version

* docs: automated update of terraform docs

* chore: update platform version

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

README.md

@@ -48,7 +48,7 @@ No requirements.
 | <a name="module_captain_repository_files"></a> [captain\_repository\_files](#module\_captain\_repository\_files) | ./modules/github-captain-repository-files/0.1.0 | n/a |
 | <a name="module_common_s3"></a> [common\_s3](#module\_common\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
 | <a name="module_dnssec_key"></a> [dnssec\_key](#module\_dnssec\_key) | git::https://github.com/GlueOps/terraform-module-cloud-aws-dnssec-kms-key.git | v0.3.0 |
-| <a name="module_glueops_platform_helm_values"></a> [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.51.0 |
+| <a name="module_glueops_platform_helm_values"></a> [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.51.1 |
 | <a name="module_loki_s3"></a> [loki\_s3](#module\_loki\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
 | <a name="module_opsgenie_teams"></a> [opsgenie\_teams](#module\_opsgenie\_teams) | ./modules/opsgenie/0.1.0 | n/a |
 | <a name="module_tenant_readmes"></a> [tenant\_readmes](#module\_tenant\_readmes) | ./modules/tenant-readme/0.1.0 | n/a |
@@ -110,7 +110,7 @@ No requirements.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_backup_region"></a> [backup\_region](#input\_backup\_region) | The secondary S3 region to create S3 bucket in used for backups. This should be different than the primary region and will have the data from the primary region replicated to it. | `string` | n/a | yes |
-| <a name="input_cluster_environments"></a> [cluster\_environments](#input\_cluster\_environments) | The cluster environments and their respective github app ids | <pre>list(object({<br/>    environment_name                     = string<br/>    host_network_enabled                 = bool<br/>    github_oauth_app_client_id           = string<br/>    github_oauth_app_client_secret       = string<br/>    github_tenant_app_id                 = string<br/>    github_tenant_app_installation_id    = string<br/>    github_tenant_app_b64enc_private_key = string<br/>    admin_github_org_name                = string<br/>    tenant_github_org_name               = string<br/>    vault_github_org_team_policy_mappings = list(object({<br/>      oidc_groups = list(string)<br/>      policy_name = string<br/>    }))<br/>    argocd_rbac_policies = string<br/>    glueops_kubernetes_operators = object({<br/>      waf = object({<br/>        aws_access_key = string<br/>        aws_secret     = string<br/>      })<br/>      web_acl = object({<br/>        aws_access_key = string<br/>        aws_secret     = string<br/>      })<br/>    })<br/>  }))</pre> | <pre>[<br/>  {<br/>    "admin_github_org_name": "GlueOps",<br/>    "argocd_rbac_policies": "      g, GlueOps:argocd_super_admins, role:admin\n      g, glueops-rocks:developers, role:developers\n      p, role:developers, clusters, get, *, allow\n      p, role:developers, *, get, development, allow\n      p, role:developers, repositories, *, development/*, allow\n      p, role:developers, applications, *, development/*, allow\n      p, role:developers, exec, *, development/*, allow\n",<br/>    "environment_name": "test",<br/>    "github_oauth_app_client_id": "oauth-app-id",<br/>    "github_oauth_app_client_secret": "oauth-app-secret",<br/>    "github_tenant_app_b64enc_private_key": "tenant-github-app-b64enc-private-key",<br/>    "github_tenant_app_id": "tenant-github-app-id",<br/>    "github_tenant_app_installation_id": "tenant-github-app-installation-id",<br/>    "glueops_kubernetes_operators": {<br/>      "waf": {<br/>        "aws_access_key": "aws-access-key-secret-id",<br/>        "aws_secret": "aws-access-secret"<br/>      },<br/>      "web_acl": {<br/>        "aws_access_key": "aws-access-key-secret-id",<br/>        "aws_secret": "aws-access-secret"<br/>      }<br/>    },<br/>    "host_network_enabled": true,<br/>    "tenant_github_org_name": "glueops-rocks",<br/>    "vault_github_org_team_policy_mappings": [<br/>      {<br/>        "oidc_groups": [<br/>          "GlueOps:vault_super_admins"<br/>        ],<br/>        "policy_name": "editor"<br/>      },<br/>      {<br/>        "oidc_groups": [<br/>          "GlueOps:vault_super_admins",<br/>          "testing-okta:developers"<br/>        ],<br/>        "policy_name": "reader"<br/>      }<br/>    ]<br/>  }<br/>]</pre> | no |
+| <a name="input_cluster_environments"></a> [cluster\_environments](#input\_cluster\_environments) | The cluster environments and their respective github app ids | <pre>list(object({<br/>    environment_name                     = string<br/>    host_network_enabled                 = bool<br/>    github_oauth_app_client_id           = string<br/>    github_oauth_app_client_secret       = string<br/>    github_tenant_app_id                 = string<br/>    github_tenant_app_installation_id    = string<br/>    github_tenant_app_b64enc_private_key = string<br/>    admin_github_org_name                = string<br/>    tenant_github_org_name               = string<br/>    vault_github_org_team_policy_mappings = list(object({<br/>      oidc_groups = list(string)<br/>      policy_name = string<br/>    }))<br/>    argocd_rbac_policies = string<br/>  }))</pre> | <pre>[<br/>  {<br/>    "admin_github_org_name": "GlueOps",<br/>    "argocd_rbac_policies": "      g, GlueOps:argocd_super_admins, role:admin\n      g, glueops-rocks:developers, role:developers\n      p, role:developers, clusters, get, *, allow\n      p, role:developers, *, get, development, allow\n      p, role:developers, repositories, *, development/*, allow\n      p, role:developers, applications, *, development/*, allow\n      p, role:developers, exec, *, development/*, allow\n",<br/>    "environment_name": "test",<br/>    "github_oauth_app_client_id": "oauth-app-id",<br/>    "github_oauth_app_client_secret": "oauth-app-secret",<br/>    "github_tenant_app_b64enc_private_key": "tenant-github-app-b64enc-private-key",<br/>    "github_tenant_app_id": "tenant-github-app-id",<br/>    "github_tenant_app_installation_id": "tenant-github-app-installation-id",<br/>    "host_network_enabled": true,<br/>    "tenant_github_org_name": "glueops-rocks",<br/>    "vault_github_org_team_policy_mappings": [<br/>      {<br/>        "oidc_groups": [<br/>          "GlueOps:vault_super_admins"<br/>        ],<br/>        "policy_name": "editor"<br/>      },<br/>      {<br/>        "oidc_groups": [<br/>          "GlueOps:vault_super_admins",<br/>          "testing-okta:developers"<br/>        ],<br/>        "policy_name": "reader"<br/>      }<br/>    ]<br/>  }<br/>]</pre> | no |
 | <a name="input_github_owner"></a> [github\_owner](#input\_github\_owner) | The GitHub Owner where the tenant repo will be deployed. | `string` | n/a | yes |
 | <a name="input_management_tenant_dns_aws_account_id"></a> [management\_tenant\_dns\_aws\_account\_id](#input\_management\_tenant\_dns\_aws\_account\_id) | The company AWS account id for the management-tenant-dns account | `string` | n/a | yes |
 | <a name="input_management_tenant_dns_zoneid"></a> [management\_tenant\_dns\_zoneid](#input\_management\_tenant\_dns\_zoneid) | The Route53 ZoneID that all the delegation is coming from. | `string` | n/a | yes |

generate-helm-values.tf

@@ -42,7 +42,7 @@ locals {
 
 module "glueops_platform_helm_values" {
   for_each                                   = local.environment_map
-  source                                     = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.51.0"
+  source                                     = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.51.1"
   captain_repo_b64encoded_private_deploy_key = base64encode(module.captain_repository[each.value.environment_name].private_deploy_key)
   captain_repo_ssh_clone_url                 = module.captain_repository[each.value.environment_name].ssh_clone_url
   this_is_development                        = var.this_is_development

modules/tenant-readme/0.1.0/readme.tf

@@ -42,7 +42,7 @@ locals {
   codespace_version         = "v0.49.0"
   argocd_crd_version        = var.argocd_app_version
   argocd_helm_chart_version = "7.5.2"
-  glueops_platform_version  = "v0.51.0" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf
+  glueops_platform_version  = "v0.51.1" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf
   tools_version             = "v0.11.1"
 }
 

variables.tf

@@ -54,16 +54,6 @@ variable "cluster_environments" {
       policy_name = string
     }))
     argocd_rbac_policies = string
-    glueops_kubernetes_operators = object({
-      waf = object({
-        aws_access_key = string
-        aws_secret     = string
-      })
-      web_acl = object({
-        aws_access_key = string
-        aws_secret     = string
-      })
-    })
   }))
   default = [
     {
@@ -76,16 +66,6 @@ variable "cluster_environments" {
       github_tenant_app_b64enc_private_key = "tenant-github-app-b64enc-private-key"
       admin_github_org_name                = "GlueOps"
       tenant_github_org_name               = "glueops-rocks"
-      glueops_kubernetes_operators = {
-        waf = {
-          aws_access_key = "aws-access-key-secret-id"
-          aws_secret     = "aws-access-secret"
-        },
-        web_acl = {
-          aws_access_key = "aws-access-key-secret-id"
-          aws_secret     = "aws-access-secret"
-        }
-      }
       vault_github_org_team_policy_mappings = [
         {
           oidc_groups = ["GlueOps:vault_super_admins"]