feat: remove not needed outputs (#7)

ouzi-dev · Oct 22, 2019 · fb69a91 · fb69a91
1 parent 0ca4171
commit fb69a91
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 182 deletions.
diff --git a/main.tf b/main.tf
@@ -1,64 +1,13 @@
-
-
 ## Data
 
 data "google_compute_zones" "available" {}
 
-data "credstash_secret" "github_bot_token" {
-  name = var.github_bot_token_credstash_key
-}
-
-data "credstash_secret" "github_bot_ssh_key" {
-  name = var.github_bot_ssh_key_credstash_key
-}
-
-data "credstash_secret" "prow_github_oauth_client_secret" {
-  name = var.prow_github_oauth_client_secret_credstash_key
-}
-
-data "credstash_secret" "prow_github_oauth_client_id" {
-  name = var.prow_github_oauth_client_id_credstash_key
-}
-
-data "credstash_secret" "prow_cluster_github_oauth_client_secret" {
-  name = var.prow_cluster_github_oauth_client_secret_credstash_key
-}
-
-data "credstash_secret" "prow_cluster_github_oauth_client_id" {
-  name = var.prow_cluster_github_oauth_client_id_credstash_key
-}
-
-data "credstash_secret" "slack_bot_token" {
-  name = var.slack_bot_token_credstash_key
-}
-
-data "credstash_secret" "dockerconfig" {
-  name = var.dockerconfig_credstash_key
-}
-data "google_client_config" "current" {
-}
-
 ## ID of this infrastructure - we use this for uniquness and tracking resources
 resource "random_string" "id" {
   length  = 8
   special = false
 }
 
-resource "random_string" "prow_github_oauth_cookie_secret" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "prow_cluster_github_oauth_cookie_secret" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "prow_cookie_secret" {
-  length  = 8
-  special = false
-}
-
 ## locals
 locals {
   infra_id      = random_string.id.result
@@ -126,6 +75,7 @@ resource "google_service_account" "prow_bucket_editor" {
   display_name = "Service Account for the Prow artefact bucket"
 }
 
+### Set IAM for Prow to write/read the artefacts in the bucket
 resource "google_storage_bucket_iam_member" "prow_bucket_editor" {
   bucket = google_storage_bucket.prow_bucket.name
   role   = "roles/storage.objectAdmin"
@@ -137,12 +87,13 @@ resource "google_service_account_key" "prow_bucket_editor_key" {
   service_account_id = google_service_account.prow_bucket_editor.name
 }
 
-### Service Account for CertManager to create DNS entries
+### Service Account for  Cert-Manager to create DNS entries
 resource "google_service_account" "certmanager_dns_editor" {
   account_id   = "certmanager"
   display_name = "Service Account for CertManager to manage dns entries"
 }
 
+### Set IAM for  Cert-Manager to admin clouddns
 resource "google_project_iam_member" "certmanager_dns_editor_role" {
   role   = "roles/dns.admin"
   member = "serviceAccount:${google_service_account.certmanager_dns_editor.email}"
@@ -153,24 +104,19 @@ resource "google_service_account_key" "certmanager_dns_editor_key" {
   service_account_id = google_service_account.certmanager_dns_editor.name
 }
 
-### Token for Prow Webhook secret
-resource "random_string" "hmac_token" {
-  length  = 30
-  special = false
-}
-
 ### Service Account for Terraform
 resource "google_service_account" "prow_terraform" {
   account_id   = "prow-tf"
   display_name = "Service account for Prow to execute Terraform Google Provider Resources"
 }
 
+### Set IAM for Prow Terraform to edit the whole project
 resource "google_project_iam_member" "prow_terraform" {
   role   = "roles/editor"
   member = "serviceAccount:${google_service_account.prow_terraform.email}"
 }
 
-### Key for the Cert-Manager Service Account
+### Key for the Prow TF Service Account
 resource "google_service_account_key" "prow_terraform" {
   service_account_id = google_service_account.prow_terraform.name
 }
@@ -181,10 +127,12 @@ resource "aws_iam_user" "prow_terraform" {
   tags = local.tags
 }
 
+### AWS Service Account access key
 resource "aws_iam_access_key" "prow_terraform" {
   user = "${aws_iam_user.prow_terraform.name}"
 }
 
+### AWS Service Account IAM policy
 resource "aws_iam_user_policy" "prow_terraform" {
   name = "tf_aws_service_account_${local.infra_id}"
   user = "${aws_iam_user.prow_terraform.name}"

diff --git a/outputs.tf b/outputs.tf
@@ -14,7 +14,7 @@ output "gke_name" {
 }
 
 output "cluster_ca_certificate" {
-  value = modules.gke-cluster.cluster_ca_certificate
+  value = module.gke-cluster.cluster_ca_certificate
   sensitive = true
 }
 
@@ -24,43 +24,6 @@ output "prow_bucket_svc_account_key" {
   sensitive = true
 }
 
-output "prow_webhook_hmac_token" {
-  value     = random_string.hmac_token.result
-  sensitive = true
-}
-
-output "prow_github_bot_token" {
-  value     = data.credstash_secret.github_bot_token.value
-  sensitive = true
-}
-
-output "prow_github_bot_ssh_key" {
-  value     = data.credstash_secret.github_bot_ssh_key.value
-  sensitive = true
-}
-
-output "prow_github_oauth_client_id" {
-  value     = data.credstash_secret.prow_github_oauth_client_id.value
-  sensitive = true
-}
-
-output "prow_github_oauth_client_secret" {
-  value     = data.credstash_secret.prow_github_oauth_client_secret.value
-  sensitive = true
-}
-
-output "prow_github_oauth_config" {
-  value = templatefile("${path.module}/templates/_prow_github_oauth_config.yaml",
-    {
-      client_id          = data.credstash_secret.prow_github_oauth_client_id.value,
-      client_secret      = data.credstash_secret.prow_github_oauth_client_secret.value,
-      redirect_url       = "https://${local.prow_base_url}/github-login/redirect",
-      final_redirect_url = "https://${local.prow_base_url}/pr",
-    }
-  )
-  sensitive = true
-}
-
 output "prow_terraform_gcloud_svc_account_key" {
   value     = google_service_account_key.prow_terraform.private_key
   sensitive = true
@@ -92,46 +55,4 @@ output "prow_github_org" {
 output "certmanager_svc_account_key" {
   value     = google_service_account_key.certmanager_dns_editor_key.private_key
   sensitive = true
-}
-
-output "valuesyaml" {
-  value = base64encode(templatefile(
-    "${path.module}/templates/_prow_values.yaml",
-    {
-      gcloud_region                                    = var.gcloud_region,
-      gcloud_project                                   = var.gcloud_project,
-      gke_name                                         = local.gke_name,
-      gke_authenticator_groups_security_group          = var.gke_authenticator_groups_security_group,
-      prow_terraform_gcloud_svc_account_key            = google_service_account_key.prow_terraform.private_key,
-      prow_terraform_aws_svc_account_access_key_id     = base64encode(aws_iam_access_key.prow_terraform.id),
-      prow_terraform_aws_svc_account_secret_access_key = base64encode(aws_iam_access_key.prow_terraform.secret),
-      prow_base_url                                    = local.prow_base_url,
-      prow_bucket_svc_account_key                      = google_service_account_key.prow_bucket_editor_key.private_key,
-      prow_webhook_hmac_token                          = base64encode(random_string.hmac_token.result),
-      prow_cookie_secret                               = base64encode(random_string.prow_cookie_secret.result),
-      prow_artefacts_bucket_name                       = google_storage_bucket.prow_bucket.name,
-      prow_github_bot_token                            = base64encode(data.credstash_secret.github_bot_token.value),
-      prow_github_bot_ssh_key                          = base64encode(data.credstash_secret.github_bot_ssh_key.value),
-      prow_github_org                                  = var.github_org,
-      oauth_client_id                                  = base64encode(data.credstash_secret.prow_cluster_github_oauth_client_id.value),
-      oauth_client_secret                              = base64encode(data.credstash_secret.prow_cluster_github_oauth_client_secret.value),
-      oauth_cookie_secret                              = base64encode(random_string.prow_cluster_github_oauth_cookie_secret.result),
-      prow_github_oauth_config = base64encode(
-        templatefile("${path.module}/templates/_prow_github_oauth_config.yaml",
-          {
-            client_id          = data.credstash_secret.prow_github_oauth_client_id.value,
-            client_secret      = data.credstash_secret.prow_github_oauth_client_secret.value,
-            redirect_url       = "https://${local.prow_base_url}/github-login/redirect",
-            final_redirect_url = "https://${local.prow_base_url}/pr",
-          }
-        )
-      ),
-      prow_redirect_url           = "${local.prow_base_url}/github-login/redirect",
-      prow_final_redirect_url     = "${local.prow_base_url}/pr",
-      certmanager_svc_account_key = google_service_account_key.certmanager_dns_editor_key.private_key
-      slack_token                 = base64encode(data.credstash_secret.slack_bot_token.value)
-      dockerconfig                = base64encode(data.credstash_secret.dockerconfig.value)
-    }
-  ))
-  sensitive = true
 }
diff --git a/templates/_prow_github_oauth_config.yaml b/templates/_prow_github_oauth_config.yaml
diff --git a/templates/_prow_values.yaml b/templates/_prow_values.yaml