feat/improving outputs (#15)

feat: saves credentials/configs to an s3 file for the particular cluster example: s3://bucket-name/test-refactor-2.example.com/configurations/credentials.json * terraform-docs: automated action --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
GlueOps · Mar 23, 2023 · d963e87 · d963e87
1 parent 6cac262
commit d963e87
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 32 deletions.
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ This Terraform module creates various resources for managing multi-cloud prerequ
 | Name | Version |
 |------|---------|
 | <a name="provider_aws.clientaccount"></a> [aws.clientaccount](#provider\_aws.clientaccount) | 4.59.0 |
+| <a name="provider_aws.primaryregion"></a> [aws.primaryregion](#provider\_aws.primaryregion) | 4.59.0 |
 | <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | 4.2.0 |
 
 ## Modules
@@ -63,6 +64,7 @@ This Terraform module creates various resources for managing multi-cloud prerequ
 | [aws_route53_record.wildcard_for_apps](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/resources/route53_record) | resource |
 | [aws_route53_zone.clusters](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/resources/route53_zone) | resource |
 | [aws_route53_zone.main](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/resources/route53_zone) | resource |
+| [aws_s3_bucket_object.combined_outputs](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/resources/s3_bucket_object) | resource |
 | [cloudflare_record.delegation_ns_record_first](https://registry.terraform.io/providers/cloudflare/cloudflare/4.2.0/docs/resources/record) | resource |
 | [cloudflare_record.delegation_ns_record_fourth](https://registry.terraform.io/providers/cloudflare/cloudflare/4.2.0/docs/resources/record) | resource |
 | [cloudflare_record.delegation_ns_record_second](https://registry.terraform.io/providers/cloudflare/cloudflare/4.2.0/docs/resources/record) | resource |
@@ -84,11 +86,5 @@ This Terraform module creates various resources for managing multi-cloud prerequ
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_certmanager_iam_credentials"></a> [certmanager\_iam\_credentials](#output\_certmanager\_iam\_credentials) | A map of IAM Access Keys to Route53 for Cert Manager. One per Cluster Environment |
-| <a name="output_externaldns_iam_credentials"></a> [externaldns\_iam\_credentials](#output\_externaldns\_iam\_credentials) | A map of IAM Access Keys to Route53 for External DNS. One per Cluster Environment |
-| <a name="output_loki_s3_iam_credentials"></a> [loki\_s3\_iam\_credentials](#output\_loki\_s3\_iam\_credentials) | A map of IAM Access Keys to S3 for Loki. One per Cluster Environment |
-| <a name="output_opsgenie_prometheus_api_keys"></a> [opsgenie\_prometheus\_api\_keys](#output\_opsgenie\_prometheus\_api\_keys) | A map of OpsGenie API Keys. One per Cluster Environment |
-| <a name="output_vault_s3_iam_credentials"></a> [vault\_s3\_iam\_credentials](#output\_vault\_s3\_iam\_credentials) | A map of IAM Access Keys to S3 for vault backups. One per Cluster Environment |
+No outputs.
 <!-- END_TF_DOCS -->
diff --git a/iam-user-cert-manager.tf b/iam-user-cert-manager.tf
@@ -16,8 +16,3 @@ resource "aws_iam_access_key" "certmanager" {
   provider = aws.clientaccount
   user     = each.value.name
 }
-
-output "certmanager_iam_credentials" {
-  value = { for user, keys in aws_iam_access_key.certmanager : user => keys }
-  description = "A map of IAM Access Keys to Route53 for Cert Manager. One per Cluster Environment"
-}
diff --git a/iam-user-external-dns.tf b/iam-user-external-dns.tf
@@ -16,8 +16,3 @@ resource "aws_iam_access_key" "externaldns" {
   provider = aws.clientaccount
   user     = each.value.name
 }
-
-output "externaldns_iam_credentials" {
-  value = { for user, keys in aws_iam_access_key.externaldns : user => keys }
-  description = "A map of IAM Access Keys to Route53 for External DNS. One per Cluster Environment"
-}
diff --git a/iam-user-loki-s3.tf b/iam-user-loki-s3.tf
@@ -17,7 +17,3 @@ resource "aws_iam_access_key" "loki_s3" {
   user     = each.value.name
 }
 
-output "loki_s3_iam_credentials" {
-  value = { for user, keys in aws_iam_access_key.loki_s3 : user => keys }
-  description = "A map of IAM Access Keys to S3 for Loki. One per Cluster Environment"
-}
diff --git a/iam-user-vault-backup-s3.tf b/iam-user-vault-backup-s3.tf
@@ -16,8 +16,3 @@ resource "aws_iam_access_key" "vault_s3" {
   provider = aws.clientaccount
   user     = each.value.name
 }
-
-output "vault_s3_iam_credentials" {
-  value = { for user, keys in aws_iam_access_key.vault_s3 : user => keys }
-  description = "A map of IAM Access Keys to S3 for vault backups. One per Cluster Environment"
-}
diff --git a/modules/multy-s3-bucket/0.1.0/s3-primary-bucket.tf b/modules/multy-s3-bucket/0.1.0/s3-primary-bucket.tf
@@ -7,6 +7,10 @@ output "primary_s3_bucket_arn" {
   value = aws_s3_bucket.primary.arn
 }
 
+output "primary_s3_bucket_id" {
+  value = aws_s3_bucket.primary.id
+}
+
 resource "aws_s3_bucket_acl" "primary" {
   provider = aws.primaryregion
   bucket   = aws_s3_bucket.primary.id

diff --git a/modules/opsgenie/0.1.0/main.tf b/modules/opsgenie/0.1.0/main.tf
@@ -28,7 +28,7 @@ resource "opsgenie_team" "teams" {
 
 resource "opsgenie_team_routing_rule" "routing_rules" {
   for_each = local.cluster_environments_set
-  
+
   name     = "${var.company_key}-${each.value}-routing-rule"
   team_id  = opsgenie_team.teams[each.key].id
   order    = 0

diff --git a/opsgenie.tf b/opsgenie.tf
@@ -4,8 +4,3 @@ module "opsgenie_teams" {
   company_key          = var.company_key
   cluster_environments = var.cluster_environments
 }
-
-output "opsgenie_prometheus_api_keys" {
-  value       = module.opsgenie_teams.opsgenie_prometheus_api_keys
-  description = "A map of OpsGenie API Keys. One per Cluster Environment"
-}
diff --git a/save-credentials-to-s3.tf b/save-credentials-to-s3.tf
@@ -0,0 +1,32 @@
+locals {
+  combined_outputs = {
+    opsgenie_credentials    = module.opsgenie_teams.opsgenie_prometheus_api_keys
+    certmanager_credentials = { for user, keys in aws_iam_access_key.certmanager : aws_route53_zone.clusters[user].name => keys }
+    externaldns_credentials = { for user, keys in aws_iam_access_key.externaldns : aws_route53_zone.clusters[user].name => keys }
+    loki_credentials        = { for user, keys in aws_iam_access_key.loki_s3 : aws_route53_zone.clusters[user].name => keys }
+    vault_credentials       = { for user, keys in aws_iam_access_key.vault_s3 : aws_route53_zone.clusters[user].name => keys }
+  }
+
+
+  cluster_names = toset([for k in keys(local.combined_outputs.certmanager_credentials) : k])
+
+  updated_combined_outputs = {
+    for name in local.cluster_names :
+    name => {
+      certmanager_credentials = local.combined_outputs.certmanager_credentials[name]
+      externaldns_credentials = local.combined_outputs.externaldns_credentials[name]
+      loki_credentials        = local.combined_outputs.loki_credentials[name]
+      opsgenie_credentials    = lookup(local.combined_outputs.opsgenie_credentials, split(".", name)[0], null)
+      vault_credentials       = local.combined_outputs.vault_credentials[name]
+    }
+  }
+}
+
+resource "aws_s3_bucket_object" "combined_outputs" {
+  for_each     = local.updated_combined_outputs
+  provider     = aws.primaryregion
+  bucket       = module.common_s3.primary_s3_bucket_id
+  key          = "${each.key}/configurations/credentials.json"
+  content      = jsonencode(each.value)
+  content_type = "application/json"
+}