From a58647d9bbf0d102f12d55379cb34fc152c3ede4 Mon Sep 17 00:00:00 2001
From: Budi Darmawan <vbudi@us.ibm.com>
Date: Wed, 26 May 2021 22:18:49 -0500
Subject: [PATCH] ocp46-parsed

---
 bootstrap/main.tf        |  2 +-
 bootstrap/variables.tf   | 16 +++-------
 config.tf                | 67 ++++++++--------------------------------
 install/installer.tf     | 34 ++++++++++----------
 install/variables.tf     |  5 ---
 main.tf                  | 48 ++++++++++------------------
 terraform.tfvars.example |  2 --
 variables-aws.tf         |  8 ++---
 vpc/aws_endpoints.tf     | 48 +++++++++++++---------------
 9 files changed, 74 insertions(+), 156 deletions(-)

diff --git a/bootstrap/main.tf b/bootstrap/main.tf
index a14b380..8d16657 100644
--- a/bootstrap/main.tf
+++ b/bootstrap/main.tf
@@ -16,7 +16,7 @@ data "aws_partition" "current" {}
 data "aws_ebs_default_kms_key" "current" {}
 
 resource "aws_s3_bucket" "ignition" {
-  bucket = var.ignition_bucket
+  # bucket = var.ignition_bucket
   acl = "private"
 
   tags = merge(
diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf
index ee94efa..390df08 100644
--- a/bootstrap/variables.tf
+++ b/bootstrap/variables.tf
@@ -13,18 +13,10 @@ variable "ignition" {
   description = "The content of the bootstrap ignition file."
 }
 
-variable "ignition_bucket" {
-  type        = string
-  description = "The S3 bucket where the ignition configuration is stored"
-}
-
-variable "ignition_stub" {
-  type        = string
-  description = <<EOF
-The stub Ignition config that should be used to boot the bootstrap instance. This already points to the presigned URL for the s3 bucket
-specified in ignition_bucket.
-EOF
-}
+#variable "ignition_bucket" {
+#  type        = string
+#  description = "The S3 bucket where the ignition configuration is stored"
+#}
 
 variable "instance_type" {
   type = string
diff --git a/config.tf b/config.tf
index 70a2bdb..ea25604 100644
--- a/config.tf
+++ b/config.tf
@@ -30,71 +30,30 @@ EOF
 
 }
 
-variable "cluster_domain" {
+variable "cluster_name" {
   type = string
 
   description = <<EOF
-The domain of the cluster. It must NOT contain a trailing period. Some
-DNS providers will automatically add this if necessary.
-
-All the records for the cluster are created under this domain.
-
-Note: This field MUST be set manually prior to creating the cluster.
-EOF
-
-}
-// This variable is generated by OpenShift internally. Do not modify
-variable "cluster_id" {
-  type = string
-
-  description = <<EOF
-(internal) The OpenShift cluster id.
-
-This cluster id must be of max length 27 and must have only alphanumeric or hyphen characters.
-EOF
-
-}
-
-variable "use_ipv4" {
-  type = bool
-  default = true
-  description = <<EOF
-Should the cluster be created with ipv4 networking. (default = true)
-EOF
-
-}
-
-variable "use_ipv6" {
-  type = bool
-  description = <<EOF
-Should the cluster be created with ipv6 networking.
-EOF
-
-  default = false
-}
-
-variable "openshift_pull_secret" {
-  type        = string
-  default     = "./openshift_pull_secret.json"
-}
-
-variable "openshift_installer_url" {
-  type        = string
-  description = <<EOF
-The URL to download OpenShift installer.
-
-default is "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest"
-To install a specific version, use https://mirror.openshift.com/pub/openshift-v4/clients/ocp/<version>
+The name of the cluster. It will be suffixed by the base_domain to make cluster_domain.
 EOF
-  default     = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest"
 }
 
 variable "aws_access_key_id" {
   type        = string
-  description = "AWS access key"
+  description = "AWS Key"
 }
 
 variable "aws_secret_access_key" {
   type        = string
   description = "AWS Secret"
 }
+
+variable "openshift_pull_secret" {
+  type = string
+  description = "File containing pull secret - get it from https://cloud.redhat.com/openshift/install/pull-secret"
+}
+
+variable "openshift_installer_url" {
+  type = string
+  description = "URL of the appropriate OpenShift installer under https://mirror.openshift.com/pub/openshift-v4/clients/ocp/"
+}
\ No newline at end of file
diff --git a/install/installer.tf b/install/installer.tf
index 3ead73d..e0e211f 100644
--- a/install/installer.tf
+++ b/install/installer.tf
@@ -1,7 +1,7 @@
-locals {
+#locals {
 #  infrastructure_id = "${var.infrastructure_id != "" ? "${var.infrastructure_id}" : "${var.clustername}-${random_id.clusterid.hex}"}"
-  infrastructure_id = var.infrastructure_id
-}
+#  infrastructure_id = 
+#}
 
 resource "null_resource" "openshift_installer" {
   provisioner "local-exec" {
@@ -182,7 +182,7 @@ status:
   apiServerInternalURI: https://api-int.${var.clustername}.${var.domain}:6443
   apiServerURL: https://api.${var.clustername}.${var.domain}:6443
   etcdDiscoveryDomain: ${var.clustername}.${var.domain}
-  infrastructureName: ${local.infrastructure_id}
+  infrastructureName: ${data.local_file.infrastructureID.content}
   platform: AWS
   platformStatus:
     aws:
@@ -225,8 +225,8 @@ spec:
   baseDomain: ${var.clustername}.${var.domain}
   privateZone:
       tags:
-        Name: ${local.infrastructure_id}-int
-        kubernetes.io/cluster/${local.infrastructure_id}: owned
+        Name: ${data.local_file.infrastructureID.content}-int
+        kubernetes.io/cluster/${data.local_file.infrastructureID.content}: owned
   publicZone:
     id: ${var.dns_public_id}
 status: {}
@@ -265,23 +265,23 @@ kind: MachineSet
 metadata:
   creationTimestamp: null
   labels:
-    machine.openshift.io/cluster-api-cluster: ${local.infrastructure_id}
-  name: ${local.infrastructure_id}-worker-${element(var.aws_worker_availability_zones, count.index)}
+    machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+  name: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
   namespace: openshift-machine-api
 spec:
   replicas: 1
   selector:
     matchLabels:
-      machine.openshift.io/cluster-api-cluster: ${local.infrastructure_id}
-      machine.openshift.io/cluster-api-machineset: ${local.infrastructure_id}-worker-${element(var.aws_worker_availability_zones, count.index)}
+      machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+      machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
   template:
     metadata:
       creationTimestamp: null
       labels:
-        machine.openshift.io/cluster-api-cluster: ${local.infrastructure_id}
+        machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
         machine.openshift.io/cluster-api-machine-role: worker
         machine.openshift.io/cluster-api-machine-type: worker
-        machine.openshift.io/cluster-api-machineset: ${local.infrastructure_id}-worker-${element(var.aws_worker_availability_zones, count.index)}
+        machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
     spec:
       metadata:
         creationTimestamp: null
@@ -299,7 +299,7 @@ spec:
             name: aws-cloud-credentials
           deviceIndex: 0
           iamInstanceProfile:
-            id: ${local.infrastructure_id}-worker-profile
+            id: ${data.local_file.infrastructureID.content}-worker-profile
           instanceType: ${var.aws_worker_instance_type}
           kind: AWSMachineProviderConfig
           metadata:
@@ -312,14 +312,14 @@ spec:
           - filters:
             - name: tag:Name
               values:
-              - ${local.infrastructure_id}-worker-sg
+              - ${data.local_file.infrastructureID.content}-worker-sg
           subnet:
             filters:
             - name: tag:Name
               values:
-              - ${local.infrastructure_id}-private-${element(var.aws_worker_availability_zones, count.index)}
+              - ${data.local_file.infrastructureID.content}-private-${element(var.aws_worker_availability_zones, count.index)}
           tags:
-          - name: kubernetes.io/cluster/${local.infrastructure_id}
+          - name: kubernetes.io/cluster/${data.local_file.infrastructureID.content}
             value: owned
           userDataSecret:
             name: worker-user-data
@@ -457,7 +457,7 @@ resource "null_resource" "generate_ignition_config" {
 
 resource "null_resource" "extractInfrastructureID" {
   depends_on = [
-    null_resource.generate_ignition_config
+    null_resource.generate_manifests
   ]
 
   provisioner "local-exec" {
diff --git a/install/variables.tf b/install/variables.tf
index b9f2ffa..0ff3c0f 100644
--- a/install/variables.tf
+++ b/install/variables.tf
@@ -1,8 +1,3 @@
-variable "infrastructure_id" {
-  type        = string
-  description = "The identifier for infra resources."
-}
-
 variable "clustername" {
   type        = string
   description = "The identifier for the cluster."
diff --git a/main.tf b/main.tf
index 60cb6f6..224cace 100644
--- a/main.tf
+++ b/main.tf
@@ -12,24 +12,25 @@ provider "aws" {
 
   skip_region_validation = var.aws_skip_region_validation
 
-  endpoints {
-    ec2     = lookup(var.custom_endpoints, "ec2", null)
-    elb     = lookup(var.custom_endpoints, "elasticloadbalancing", null)
-    iam     = lookup(var.custom_endpoints, "iam", null)
-    route53 = lookup(var.custom_endpoints, "route53", null)
-    s3      = lookup(var.custom_endpoints, "s3", null)
-    sts     = lookup(var.custom_endpoints, "sts", null)
-  }
+#  endpoints {
+#    ec2     = lookup(var.custom_endpoints, "ec2", null)
+#    elb     = lookup(var.custom_endpoints, "elasticloadbalancing", null)
+#    iam     = lookup(var.custom_endpoints, "iam", null)
+#    route53 = lookup(var.custom_endpoints, "route53", null)
+#    s3      = lookup(var.custom_endpoints, "s3", null)
+#    sts     = lookup(var.custom_endpoints, "sts", null)
+#  }
+
 }
 
 module "bootstrap" {
   source = "./bootstrap"
 
-  ami                      = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id
+  ami                      = var.aws_ami
   instance_type            = var.aws_bootstrap_instance_type
   cluster_id               = module.installer.infraID
   ignition                 = module.installer.bootstrap_ign
-  ignition_bucket          = var.aws_ignition_bucket
+  # ignition_bucket          = var.aws_ignition_bucket
   subnet_id                = var.aws_publish_strategy == "External" ? module.vpc.az_to_public_subnet_id[var.aws_azs[0]] : module.vpc.az_to_private_subnet_id[var.aws_azs[0]]
   target_group_arns        = module.vpc.aws_lb_target_group_arns
   target_group_arns_length = module.vpc.aws_lb_target_group_arns_length
@@ -61,7 +62,7 @@ module "masters" {
   root_volume_kms_key_id   = var.aws_master_root_volume_kms_key_id
   target_group_arns        = module.vpc.aws_lb_target_group_arns
   target_group_arns_length = module.vpc.aws_lb_target_group_arns_length
-  ec2_ami                  = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id
+  ec2_ami                  = var.aws_ami
   user_data_ign            = module.installer.master_ign
   publish_strategy         = var.aws_publish_strategy
 }
@@ -83,7 +84,7 @@ module "dns" {
   api_internal_lb_dns_name = module.vpc.aws_lb_api_internal_dns_name
   api_internal_lb_zone_id  = module.vpc.aws_lb_api_internal_zone_id
   base_domain              = var.base_domain
-  cluster_domain           = "${var.clustername}.${var.base_domain}"
+  cluster_domain           = "${var.cluster_name}.${var.base_domain}"
   cluster_id               = module.installer.infraID
   tags                     = local.tags
   vpc_id                   = module.vpc.vpc_id
@@ -94,7 +95,7 @@ module "dns" {
 module "vpc" {
   source = "./vpc"
 
-  cidr_block       = var.machine_cidr
+  cidr_blocks      = [ var.machine_cidr ]
   cluster_id       = module.installer.infraID
   region           = var.aws_region
   vpc              = var.aws_vpc
@@ -107,29 +108,12 @@ module "vpc" {
   tags = local.tags
 }
 
-resource "aws_ami_copy" "imported" {
-  count             = var.aws_region != var.aws_ami_region ? 1 : 0
-  name              = "${module.installer.infraID}-master"
-  source_ami_id     = var.aws_ami
-  source_ami_region = var.aws_ami_region
-  encrypted         = true
-
-  tags = merge(
-    {
-      "Name"         = "${module.installer.infraID}-ami-${var.aws_region}"
-      "sourceAMI"    = var.aws_ami
-      "sourceRegion" = var.aws_ami_region
-    },
-    local.tags,
-  )
-}
-
 module "installer" {
   source = "./install"
 
-  ami = aws_ami_copy.main.id
+  ami = var.aws_ami
   dns_public_id = module.dns.public_dns_id
-  clustername = var.clustername
+  clustername = var.cluster_name
   domain = var.base_domain
   aws_region = var.aws_region
   aws_access_key_id = var.aws_access_key_id
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index 2f025cb..d5f2d08 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -1,4 +1,3 @@
-cluster_id = "ocp4-9n2nn"
 clustername = "ocp4"
 base_domain = "example.com"
 openshift_pull_secret = "./openshift_pull_secret.json"
@@ -8,7 +7,6 @@ aws_access_key_id = "AAAA"
 aws_secret_access_key = "AbcDefGhiJkl"
 aws_ami = "ami-06f85a7940faa3217"
 aws_extra_tags = {
-  "kubernetes.io/cluster/ocp4-9n2nn" = "owned",
   "owner" = "admin"
   }
 aws_azs = [
diff --git a/variables-aws.tf b/variables-aws.tf
index 882ede8..915887b 100644
--- a/variables-aws.tf
+++ b/variables-aws.tf
@@ -30,11 +30,6 @@ variable "aws_ami" {
   description = "AMI for all nodes.  An encrypted copy of this AMI will be used.  Example: `ami-foobar123`."
 }
 
-variable "aws_ami_region" {
-  type        = string
-  description = "Region for the AMI for all nodes.  An encrypted copy of this AMI will be used.  Example: `ami-foobar123`."
-}
-
 variable "aws_extra_tags" {
   type = map(string)
 
@@ -95,7 +90,7 @@ EOF
 
 variable "aws_master_root_volume_encrypted" {
   type = bool
-
+  default = true
   description = <<EOF
 Indicates whether the root EBS volume for master is encrypted. Encrypted Amazon EBS volumes
 may only be attached to machines that support Amazon EBS encryption.
@@ -150,6 +145,7 @@ variable "aws_publish_strategy" {
 
 variable "aws_skip_region_validation" {
   type        = bool
+  default     = false
   description = "This decides if the AWS provider should validate if the region is known."
 }
 
diff --git a/vpc/aws_endpoints.tf b/vpc/aws_endpoints.tf
index 59d36f0..574cb2e 100644
--- a/vpc/aws_endpoints.tf
+++ b/vpc/aws_endpoints.tf
@@ -17,9 +17,9 @@ resource "aws_vpc_endpoint" "private_ec2" {
   subnet_ids =  aws_subnet.private_subnet.*.id
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-ec2-vpce"
-    )
+    tomap({
+      "Name" = "${var.cluster_id}-ec2-vpce"
+    })
   )
 
 }
@@ -44,9 +44,9 @@ resource "aws_vpc_endpoint" "private_ecr" {
   subnet_ids =  aws_subnet.private_subnet.*.id
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-ecr-vpce"
-    )
+    tomap({
+      "Name" = "${var.cluster_id}-ecr-vpce"
+    })
   )
 
 }
@@ -71,9 +71,9 @@ resource "aws_vpc_endpoint" "private_elb" {
   subnet_ids =  aws_subnet.private_subnet.*.id
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-elb-vpce"
-    )
+    tomap({
+      "Name" = "${var.cluster_id}-elb-vpce"
+    })
   )
 
 }
@@ -84,9 +84,9 @@ resource "aws_security_group" "private_ec2_api" {
 
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-private-ec2-api",
-    )
+    tomap({
+      "Name" = "${var.cluster_id}-private-ec2-api",
+    })
   )
 }
 
@@ -97,9 +97,7 @@ resource "aws_security_group_rule" "private_ec2_ingress" {
   from_port   = 0
   to_port     = 65535
   protocol    = "tcp"
-  cidr_blocks = [
-     var.cidr_block
-  ]
+  cidr_blocks = var.cidr_blocks
 
   security_group_id =  aws_security_group.private_ec2_api.id
 }
@@ -124,9 +122,9 @@ resource "aws_security_group" "private_ecr_api" {
 
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-private-ecr-api",
-    )
+    tomap({
+      "Name" = "${var.cluster_id}-private-ecr-api",
+    })
   )
 }
 
@@ -138,9 +136,7 @@ resource "aws_security_group_rule" "private_ecr_ingress" {
   from_port   = 0
   to_port     = 65535
   protocol    = "tcp"
-  cidr_blocks = [
-     var.cidr_block
-  ]
+  cidr_blocks = var.cidr_blocks
 
   security_group_id =  aws_security_group.private_ecr_api[0].id
 }
@@ -166,9 +162,9 @@ resource "aws_security_group" "private_elb_api" {
 
   tags =  merge(
     var.tags,
-    map(
-      "Name",  "${var.cluster_id}-private-elb-api",
-    )
+    tomap({
+      "Name" =  "${var.cluster_id}-private-elb-api",
+    })
   )
 }
 
@@ -180,9 +176,7 @@ resource "aws_security_group_rule" "private_elb_ingress" {
   from_port   = 0
   to_port     = 65535
   protocol    = "tcp"
-  cidr_blocks = [
-     var.cidr_block
-  ]
+  cidr_blocks = var.cidr_blocks
 
   security_group_id =  aws_security_group.private_elb_api[0].id
 }