From 6ff481e0efbfaae179ff56d64cd75c5fa325f8a1 Mon Sep 17 00:00:00 2001
From: Ali Mukadam <ali.mukadam@oracle.com>
Date: Mon, 27 Sep 2021 22:14:51 +1000
Subject: [PATCH] fix: separated all templates from locals into a new file
 templates. (#394)

Added a new variable debug_mode that we can turn on to debug scripts.
Only create the namespace if the value is not default.

Signed-off-by: Ali Mukadam <ali.mukadam@oracle.com>
---
 main.tf                              |   2 +
 modules/extensions/kubeconfig.tf     |  24 -------
 modules/extensions/locals.tf         |  74 -------------------
 modules/extensions/scripts/secret.sh |  10 +--
 modules/extensions/templates.tf      | 103 +++++++++++++++++++++++++++
 modules/extensions/variables.tf      |   4 ++
 terraform.tfvars.example             |   4 +-
 variables.tf                         |   8 ++-
 8 files changed, 125 insertions(+), 104 deletions(-)
 create mode 100644 modules/extensions/templates.tf

diff --git a/main.tf b/main.tf
index 6eb7ed13..18e7dacb 100644
--- a/main.tf
+++ b/main.tf
@@ -310,6 +310,8 @@ module "extensions" {
   nodepool_upgrade_method = var.nodepool_upgrade_method
   node_pools_to_drain     = var.node_pools_to_drain
 
+  debug_mode = var.debug_mode
+  
   depends_on = [
     module.bastion,
     module.network,
diff --git a/modules/extensions/kubeconfig.tf b/modules/extensions/kubeconfig.tf
index 5108833a..b1a43708 100644
--- a/modules/extensions/kubeconfig.tf
+++ b/modules/extensions/kubeconfig.tf
@@ -1,30 +1,6 @@
 # Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-locals {
-  generate_kubeconfig_template = templatefile("${path.module}/scripts/generate_kubeconfig.template.sh",
-    {
-      cluster-id = var.cluster_id
-      region     = var.region
-    }
-  )
-
-  token_helper_template = templatefile("${path.module}/scripts/token_helper.template.sh",
-    {
-      cluster-id = var.cluster_id
-      region     = var.region
-    }
-  )
-
-  set_credentials_template = templatefile("${path.module}/scripts/kubeconfig_set_credentials.template.sh",
-    {
-      cluster-id    = var.cluster_id
-      cluster-id-11 = substr(var.cluster_id, (length(var.cluster_id) - 11), length(var.cluster_id))
-      region        = var.region
-    }
-  )
-}
-
 data "oci_containerengine_cluster_kube_config" "kube_config" {
   cluster_id = var.cluster_id
 }
diff --git a/modules/extensions/locals.tf b/modules/extensions/locals.tf
index b36440c3..2bc22b4d 100644
--- a/modules/extensions/locals.tf
+++ b/modules/extensions/locals.tf
@@ -28,78 +28,4 @@ locals {
   post_provisioning_ops = var.create_bastion_host == true && var.bastion_state == "RUNNING" && var.create_operator == true && var.operator_state == "RUNNING" && var.enable_operator_instance_principal == true ? true : false
 
   dynamic_group_rule_this_cluster = (var.use_encryption == true) ? "ALL {resource.type = 'cluster', resource.id = '${var.cluster_id}'}" : "null"
-
-  # scripting templates
-  update_dynamic_group_template = templatefile("${path.module}/scripts/update_dynamic_group.template.sh",
-    {
-      dynamic_group_id   = var.use_encryption == true ? var.kms_dynamic_group_id : "null"
-      dynamic_group_rule = local.dynamic_group_rule_this_cluster
-      home_region        = data.oci_identity_regions.home_region.regions[0].name
-    }
-  )
-
-  check_active_worker_template = templatefile("${path.module}/scripts/check_worker_active.template.sh",
-    {
-      check_node_active = var.check_node_active
-      total_nodes       = local.total_nodes
-    }
-  )
-
-  install_calico_template = templatefile("${path.module}/scripts/install_calico.template.sh",
-    {
-      calico_version     = var.calico_version
-      number_of_nodes    = local.total_nodes
-      pod_cidr           = var.pods_cidr
-      number_of_replicas = min(20, max((local.total_nodes) / 200, 3))
-    }
-  )
-
-  drain_template = templatefile("${path.module}/scripts/drain.template.sh", {})
-
-  drain_list_template = templatefile("${path.module}/scripts/drainlist.py",
-    {
-      cluster_id     = var.cluster_id
-      compartment_id = var.compartment_id
-      region         = var.region
-      pools_to_drain = var.label_prefix == "none" ? trim(join(",", formatlist("'%s'", var.node_pools_to_drain)), "'") : trim(join(",", formatlist("'%s-%s'", var.label_prefix, var.node_pools_to_drain)), "'")
-    }
-  )
-
-  install_kubectl_template = templatefile("${path.module}/scripts/install_kubectl.template.sh",
-    {
-      ol = var.operator_os_version
-    }
-  )
-
-  install_helm_template = templatefile("${path.module}/scripts/install_helm.template.sh", {})
-
-  metric_server_template = templatefile("${path.module}/scripts/install_metricserver.template.sh",
-    {
-      enable_vpa  = var.enable_vpa
-      vpa_version = var.vpa_version
-    }
-  )
-
-  secret_template = templatefile("${path.module}/scripts/secret.sh",
-    {
-      compartment_id = var.compartment_id
-      region         = var.region
-
-      email_address     = var.email_address
-      region_registry   = var.ocir_urls[var.region]
-      secret_id         = var.secret_id
-      secret_name       = var.secret_name
-      secret_namespace  = var.secret_namespace
-      tenancy_namespace = data.oci_objectstorage_namespace.object_storage_namespace.namespace
-      username          = var.username
-    }
-  )
-
-  create_service_account_template = templatefile("${path.module}/scripts/create_service_account.template.sh",
-    {
-      service_account_name                 = var.service_account_name
-      service_account_namespace            = var.service_account_namespace
-      service_account_cluster_role_binding = local.service_account_cluster_role_binding_name
-    }
-  )
 }
diff --git a/modules/extensions/scripts/secret.sh b/modules/extensions/scripts/secret.sh
index 9067a609..54446ba2 100644
--- a/modules/extensions/scripts/secret.sh
+++ b/modules/extensions/scripts/secret.sh
@@ -2,11 +2,13 @@
 # Copyright 2017, 2020, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-cat <<EOF | kubectl apply -f -
-apiVersion: v1
-kind: Namespace
-metadata:
+if [ ${secret_namespace} != default ]; then
+  cat <<EOF | kubectl apply -f -
+  apiVersion: v1
+  kind: Namespace
+  metadata:
     name: ${secret_namespace}
 EOF
+fi
 
 crtsecret=$(kubectl create secret docker-registry ${secret_name} -n ${secret_namespace} --docker-server=${region_registry} --docker-username=${tenancy_namespace}/${username} --docker-email=${email_address} --docker-password=`oci secrets secret-bundle get --raw-output --secret-id ${secret_id} --query "data.\"secret-bundle-content\".content" | base64 -d` --dry-run=client -o yaml | kubectl apply -f -)
\ No newline at end of file
diff --git a/modules/extensions/templates.tf b/modules/extensions/templates.tf
new file mode 100644
index 00000000..b644ebd8
--- /dev/null
+++ b/modules/extensions/templates.tf
@@ -0,0 +1,103 @@
+# Copyright 2017, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+locals {
+  # scripting templates
+
+  check_active_worker_template = templatefile("${path.module}/scripts/check_worker_active.template.sh",
+    {
+      check_node_active = var.check_node_active
+      total_nodes       = local.total_nodes
+    }
+  )
+
+  create_service_account_template = templatefile("${path.module}/scripts/create_service_account.template.sh",
+    {
+      service_account_name                 = var.service_account_name
+      service_account_namespace            = var.service_account_namespace
+      service_account_cluster_role_binding = local.service_account_cluster_role_binding_name
+    }
+  )
+  
+  drain_template = templatefile("${path.module}/scripts/drain.template.sh", {})
+
+  drain_list_template = templatefile("${path.module}/scripts/drainlist.py",
+    {
+      cluster_id     = var.cluster_id
+      compartment_id = var.compartment_id
+      region         = var.region
+      pools_to_drain = var.label_prefix == "none" ? trim(join(",", formatlist("'%s'", var.node_pools_to_drain)), "'") : trim(join(",", formatlist("'%s-%s'", var.label_prefix, var.node_pools_to_drain)), "'")
+    }
+  )
+
+  generate_kubeconfig_template = templatefile("${path.module}/scripts/generate_kubeconfig.template.sh",
+    {
+      cluster-id = var.cluster_id
+      region     = var.region
+    }
+  )
+
+  install_calico_template = templatefile("${path.module}/scripts/install_calico.template.sh",
+    {
+      calico_version     = var.calico_version
+      number_of_nodes    = local.total_nodes
+      pod_cidr           = var.pods_cidr
+      number_of_replicas = min(20, max((local.total_nodes) / 200, 3))
+    }
+  )
+
+  install_helm_template = templatefile("${path.module}/scripts/install_helm.template.sh", {})
+
+  install_kubectl_template = templatefile("${path.module}/scripts/install_kubectl.template.sh",
+    {
+      ol = var.operator_os_version
+    }
+  )
+
+  metric_server_template = templatefile("${path.module}/scripts/install_metricserver.template.sh",
+    {
+      enable_vpa  = var.enable_vpa
+      vpa_version = var.vpa_version
+    }
+  )
+
+  secret_template = templatefile("${path.module}/scripts/secret.sh",
+    {
+      compartment_id = var.compartment_id
+      region         = var.region
+
+      email_address     = var.email_address
+      region_registry   = var.ocir_urls[var.region]
+      secret_id         = var.secret_id
+      secret_name       = var.secret_name
+      secret_namespace  = var.secret_namespace
+      tenancy_namespace = data.oci_objectstorage_namespace.object_storage_namespace.namespace
+      username          = var.username
+    }
+  )
+
+  set_credentials_template = templatefile("${path.module}/scripts/kubeconfig_set_credentials.template.sh",
+    {
+      cluster-id    = var.cluster_id
+      cluster-id-11 = substr(var.cluster_id, (length(var.cluster_id) - 11), length(var.cluster_id))
+      region        = var.region
+    }
+  )
+
+  token_helper_template = templatefile("${path.module}/scripts/token_helper.template.sh",
+    {
+      cluster-id = var.cluster_id
+      region     = var.region
+    }
+  )
+
+  update_dynamic_group_template = templatefile("${path.module}/scripts/update_dynamic_group.template.sh",
+    {
+      dynamic_group_id   = var.use_encryption == true ? var.kms_dynamic_group_id : "null"
+      dynamic_group_rule = local.dynamic_group_rule_this_cluster
+      home_region        = data.oci_identity_regions.home_region.regions[0].name
+    }
+  )
+
+
+}
diff --git a/modules/extensions/variables.tf b/modules/extensions/variables.tf
index a031245d..f79edc5b 100644
--- a/modules/extensions/variables.tf
+++ b/modules/extensions/variables.tf
@@ -124,3 +124,7 @@ variable "nodepool_upgrade_method" {
 variable "node_pools_to_drain" {
   type = list(string)
 }
+
+variable "debug_mode" {
+  type        = bool
+}
\ No newline at end of file
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index d07d220d..da3f01c7 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -214,4 +214,6 @@ freeform_tags = {
     role        = "operator",
     security    = "high"
   }
-}
\ No newline at end of file
+}
+
+debug_mode = false
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 9e5f260a..332b7b5a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -31,7 +31,7 @@ variable "api_private_key_path" {
 variable "home_region" {
   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
   description = "The tenancy's home region. Required to perform identity operations."
-  type        = string  
+  type        = string
 }
 
 variable "region" {
@@ -741,3 +741,9 @@ variable "freeform_tags" {
   description = "Tags to apply to different resources."
   type        = map(any)
 }
+
+variable "debug_mode" {
+  default     = false
+  description = "Whether to turn on debug mode."
+  type        = bool
+}