chore: additions to migration script and cleanup variable usage

terraform/main.tf

@@ -13,12 +13,11 @@ terraform {
   }
 }
 
-# # Configure OCP infrastructure to setup the host and authentication token
-# provider "kubernetes" {
-#   load_config_file = "false"
-#   host             = var.kubernetes_host
-#   token            = var.kubernetes_token
-# }
+# Configure OCP infrastructure to setup the host and authentication token
+provider "kubernetes" {
+  host             = var.kubernetes_host
+  token            = var.kubernetes_token
+}
 
 # Configure GCP infrastructure to setup the credentials, default project and location (zone and/or region) for your resources
 provider "google" {
@@ -44,7 +43,7 @@ resource "google_service_account" "account" {
 # Assign Storage Admin role for the corresponding service accounts
 resource "google_storage_bucket_iam_member" "admin" {
   for_each   = { for v in var.apps : v => v }
-  bucket     = ${var.openshift_namespace}-each.value
+  bucket     = "${var.openshift_namespace}-${each.value}"
   role       = "roles/storage.admin"
   member     = "serviceAccount:${google_service_account.account[each.key].email}"
   depends_on = [google_service_account.account]
@@ -68,7 +67,7 @@ resource "google_project_iam_custom_role" "viewer_role" {
 # Assign Storage Viewer role for the corresponding service accounts
 resource "google_storage_bucket_iam_member" "viewer" {
   for_each   = { for v in var.apps : v => v }
-  bucket     = ${var.openshift_namespace}-each.value
+  bucket     = "${var.openshift_namespace}-${each.value}"
   role       = google_project_iam_custom_role.viewer_role.id
   member     = "serviceAccount:${google_service_account.viewer_account[each.key].email}"
   depends_on = [google_service_account.viewer_account]
@@ -77,38 +76,28 @@ resource "google_storage_bucket_iam_member" "viewer" {
 # Create keys for the service accounts
 resource "google_service_account_key" "key" {
   for_each           = { for v in var.apps : v => v }
-  service_account_id = ${var.openshift_namespace}-google_service_account.account[each.key].name
+  service_account_id = google_service_account.account[each.key].name
+}
+
+# Create keys for the viewer service accounts
+resource "google_service_account_key" "viewer_key" {
+  for_each           = { for v in var.apps : v => v }
+  service_account_id = google_service_account.viewer_account[each.key].name
 }
 
 resource "kubernetes_secret" "secret_sa" {
   for_each = { for v in var.apps : v => v }
   metadata {
     name      = "gcp-${var.openshift_namespace}-${each.value}-service-account-key"
-    namespace = ${var.openshift_namespace}
+    namespace = "${var.openshift_namespace}"
     labels = {
       created-by = "Terraform"
     }
   }
 
   data = {
-    "bucket_name"      = ${var.openshift_namespace}-each.value
+    "bucket_name"      = "${var.openshift_namespace}-${each.value}"
     "credentials.json" = base64decode(google_service_account_key.key[each.key].private_key)
     "viewer_credentials.json" = base64decode(google_service_account_key.viewer_key[each.key].private_key)
   }
 }
-
-resource "kubernetes_secret" "secret_tfc" {
-  for_each = { for v in var.kubernetes_namespaces : v => v }
-  metadata {
-    name      = "terraform-cloud-workspace"
-    namespace = each.key
-    labels = {
-      created-by = "Terraform"
-    }
-  }
-
-  data = {
-    "token"        = var.terraform_cloud_token
-    "workspace_id" = var.terraform_cloud_workspace_id
-  }
-}

terraform/tf-migration.sh

@@ -3,7 +3,7 @@ SOURCE_STATE_PATH="./temp-state/tfcloud.tfstate"
 TARGET_STATE_PATH="./temp-state/local.tfstate"
 
 NAMESPACE="c53ff1-dev"
-declare -a PATHS=("google_storage_bucket.bucket" "google_service_account.account")
+declare -a PATHS=("google_storage_bucket.bucket" "google_service_account.account" "google_storage_bucket_iam_member.admin" "google_service_account.viewer_account" "google_storage_bucket_iam_member.viewer" "google_service_account_key.key" "google_service_account_key.viewer_key" "kubernetes_secret.secret_sa")
 declare -a APPS=("cif-documents" "cif-backups")
 
 for path in "${PATHS[@]}"; do
@@ -15,3 +15,14 @@ for path in "${PATHS[@]}"; do
 
   done
 done
+
+# Need to think about this more
+declare -a UNLOOP_PATHS=("google_project_iam_custom_role.viewer_role")
+
+for path in "${UNLOOP_PATHS[@]}"; do
+  source_resource="${path}"
+  target_resource="${path}"
+
+  terraform state mv -state="${SOURCE_STATE_PATH}" -state-out="${TARGET_STATE_PATH}" "${source_resource}" "${target_resource}"
+
+done

terraform/variables.tf

@@ -31,16 +31,3 @@ variable "openshift_namespace" {
   type = string
   description = "The OCP project namespace"
 }
-
-variable "kubernetes_namespaces" {
-  type        = list(string)
-  description = "The OCP namespaces to run jobs"
-}
-
-variable "terraform_cloud_token" {
-  description = "The user/team token of Terraform Cloud"
-}
-
-variable "terraform_cloud_workspace_id" {
-  description = "The workspace id of Terraform Cloud"
-}