From bed82efcec4bc22b573a610d816c80216e3af046 Mon Sep 17 00:00:00 2001
From: iuri aranda <iuri@giantswarm.io>
Date: Wed, 18 Dec 2024 16:54:42 +0100
Subject: [PATCH] Create tf stack to apply all capa controller roles CF stacks

---
 aws-account-setup/main.tf                    | 46 ++++++++++++++++++++
 aws-account-setup/variables.tf               | 13 ++++++
 capa-controller-role/giantswarm-capa-role.tf |  9 ++--
 3 files changed, 65 insertions(+), 3 deletions(-)
 create mode 100644 aws-account-setup/main.tf
 create mode 100644 aws-account-setup/variables.tf

diff --git a/aws-account-setup/main.tf b/aws-account-setup/main.tf
new file mode 100644
index 0000000..2224bf4
--- /dev/null
+++ b/aws-account-setup/main.tf
@@ -0,0 +1,46 @@
+locals {
+  mc_account_flat = flatten([
+    for mc_name, mc in var.management_clusters : [
+      for account in mc.aws_account : {
+        name = mc_name
+        aws_account = account
+        oidc_provider_domain = mc.oidc_provider_domain
+      }
+    ]
+  ])
+
+  mc_account_map = {
+    for i in local.mc_account_flat : "${i.name}-${i.aws_account.account_id}" => i
+  }
+}
+
+provider "aws" {
+  alias = "main"
+  region = each.value.aws_account.region
+  for_each = local.mc_account_map
+
+  assume_role {
+    role_arn = "arn:${each.value.aws_account.aws_partition}:iam::${each.value.aws_account.account_id}:role/GiantSwarmAdmin"
+  }
+}
+
+module "capa_controller_role" {
+  source = "../capa-controller-role"
+  for_each = local.mc_account_map
+  providers = {
+    aws = aws.main[each.key]
+  }
+
+  installation_name = each.value.name
+  management_cluster_oidc_provider_domain = each.value.oidc_provider_domain
+  byovpc = each.value.aws_account.byovpc
+  # gs_user_account = TODO
+
+  # TBD
+  # additional_policies = each.value.aws_account.additional_policies
+  # additional_policies_arns = each.value.aws_account.additional_policies_arns
+}
+
+output "mc_account_setup" {
+  value = {for k, v in module.mc_account_setup : k => v}
+}
diff --git a/aws-account-setup/variables.tf b/aws-account-setup/variables.tf
new file mode 100644
index 0000000..ae49dc2
--- /dev/null
+++ b/aws-account-setup/variables.tf
@@ -0,0 +1,13 @@
+variable "management_clusters" {
+  type = map(object({
+    aws_account = list(object({
+      account_id = string
+      region = string
+      aws_partition = string
+      byovpc = bool
+      additional_policies = list(string)
+      additional_policies_arns = list(string)
+    })),
+    oidc_provider_domain = string
+  }))
+}
diff --git a/capa-controller-role/giantswarm-capa-role.tf b/capa-controller-role/giantswarm-capa-role.tf
index 25af21b..21185d4 100644
--- a/capa-controller-role/giantswarm-capa-role.tf
+++ b/capa-controller-role/giantswarm-capa-role.tf
@@ -36,9 +36,12 @@ locals {
   }
 }
 
-provider "aws" {
-  ignore_tags {
-    keys = ["maintainer", "owner", "repo"]
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.81.0"
+    }
   }
 }