From fb69a91df3ff9bd34891a93221a802b6ec7fd7dd Mon Sep 17 00:00:00 2001
From: Alex Ouzounis <alex@ouzi.dev>
Date: Tue, 22 Oct 2019 12:08:26 +0100
Subject: [PATCH] feat: remove not needed outputs (#7)

---
 main.tf                                  | 66 ++-----------------
 outputs.tf                               | 81 +-----------------------
 templates/_prow_github_oauth_config.yaml |  6 --
 templates/_prow_values.yaml              | 37 -----------
 4 files changed, 8 insertions(+), 182 deletions(-)
 delete mode 100644 templates/_prow_github_oauth_config.yaml
 delete mode 100644 templates/_prow_values.yaml

diff --git a/main.tf b/main.tf
index f446c9b..2656514 100644
--- a/main.tf
+++ b/main.tf
@@ -1,64 +1,13 @@
-
-
 ## Data
 
 data "google_compute_zones" "available" {}
 
-data "credstash_secret" "github_bot_token" {
-  name = var.github_bot_token_credstash_key
-}
-
-data "credstash_secret" "github_bot_ssh_key" {
-  name = var.github_bot_ssh_key_credstash_key
-}
-
-data "credstash_secret" "prow_github_oauth_client_secret" {
-  name = var.prow_github_oauth_client_secret_credstash_key
-}
-
-data "credstash_secret" "prow_github_oauth_client_id" {
-  name = var.prow_github_oauth_client_id_credstash_key
-}
-
-data "credstash_secret" "prow_cluster_github_oauth_client_secret" {
-  name = var.prow_cluster_github_oauth_client_secret_credstash_key
-}
-
-data "credstash_secret" "prow_cluster_github_oauth_client_id" {
-  name = var.prow_cluster_github_oauth_client_id_credstash_key
-}
-
-data "credstash_secret" "slack_bot_token" {
-  name = var.slack_bot_token_credstash_key
-}
-
-data "credstash_secret" "dockerconfig" {
-  name = var.dockerconfig_credstash_key
-}
-data "google_client_config" "current" {
-}
-
 ## ID of this infrastructure - we use this for uniquness and tracking resources
 resource "random_string" "id" {
   length  = 8
   special = false
 }
 
-resource "random_string" "prow_github_oauth_cookie_secret" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "prow_cluster_github_oauth_cookie_secret" {
-  length  = 8
-  special = false
-}
-
-resource "random_string" "prow_cookie_secret" {
-  length  = 8
-  special = false
-}
-
 ## locals
 locals {
   infra_id      = random_string.id.result
@@ -126,6 +75,7 @@ resource "google_service_account" "prow_bucket_editor" {
   display_name = "Service Account for the Prow artefact bucket"
 }
 
+### Set IAM for Prow to write/read the artefacts in the bucket
 resource "google_storage_bucket_iam_member" "prow_bucket_editor" {
   bucket = google_storage_bucket.prow_bucket.name
   role   = "roles/storage.objectAdmin"
@@ -137,12 +87,13 @@ resource "google_service_account_key" "prow_bucket_editor_key" {
   service_account_id = google_service_account.prow_bucket_editor.name
 }
 
-### Service Account for CertManager to create DNS entries
+### Service Account for  Cert-Manager to create DNS entries
 resource "google_service_account" "certmanager_dns_editor" {
   account_id   = "certmanager"
   display_name = "Service Account for CertManager to manage dns entries"
 }
 
+### Set IAM for  Cert-Manager to admin clouddns
 resource "google_project_iam_member" "certmanager_dns_editor_role" {
   role   = "roles/dns.admin"
   member = "serviceAccount:${google_service_account.certmanager_dns_editor.email}"
@@ -153,24 +104,19 @@ resource "google_service_account_key" "certmanager_dns_editor_key" {
   service_account_id = google_service_account.certmanager_dns_editor.name
 }
 
-### Token for Prow Webhook secret
-resource "random_string" "hmac_token" {
-  length  = 30
-  special = false
-}
-
 ### Service Account for Terraform
 resource "google_service_account" "prow_terraform" {
   account_id   = "prow-tf"
   display_name = "Service account for Prow to execute Terraform Google Provider Resources"
 }
 
+### Set IAM for Prow Terraform to edit the whole project
 resource "google_project_iam_member" "prow_terraform" {
   role   = "roles/editor"
   member = "serviceAccount:${google_service_account.prow_terraform.email}"
 }
 
-### Key for the Cert-Manager Service Account
+### Key for the Prow TF Service Account
 resource "google_service_account_key" "prow_terraform" {
   service_account_id = google_service_account.prow_terraform.name
 }
@@ -181,10 +127,12 @@ resource "aws_iam_user" "prow_terraform" {
   tags = local.tags
 }
 
+### AWS Service Account access key
 resource "aws_iam_access_key" "prow_terraform" {
   user = "${aws_iam_user.prow_terraform.name}"
 }
 
+### AWS Service Account IAM policy
 resource "aws_iam_user_policy" "prow_terraform" {
   name = "tf_aws_service_account_${local.infra_id}"
   user = "${aws_iam_user.prow_terraform.name}"
diff --git a/outputs.tf b/outputs.tf
index becb37a..40c353e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -14,7 +14,7 @@ output "gke_name" {
 }
 
 output "cluster_ca_certificate" {
-  value = modules.gke-cluster.cluster_ca_certificate
+  value = module.gke-cluster.cluster_ca_certificate
   sensitive = true
 }
 
@@ -24,43 +24,6 @@ output "prow_bucket_svc_account_key" {
   sensitive = true
 }
 
-output "prow_webhook_hmac_token" {
-  value     = random_string.hmac_token.result
-  sensitive = true
-}
-
-output "prow_github_bot_token" {
-  value     = data.credstash_secret.github_bot_token.value
-  sensitive = true
-}
-
-output "prow_github_bot_ssh_key" {
-  value     = data.credstash_secret.github_bot_ssh_key.value
-  sensitive = true
-}
-
-output "prow_github_oauth_client_id" {
-  value     = data.credstash_secret.prow_github_oauth_client_id.value
-  sensitive = true
-}
-
-output "prow_github_oauth_client_secret" {
-  value     = data.credstash_secret.prow_github_oauth_client_secret.value
-  sensitive = true
-}
-
-output "prow_github_oauth_config" {
-  value = templatefile("${path.module}/templates/_prow_github_oauth_config.yaml",
-    {
-      client_id          = data.credstash_secret.prow_github_oauth_client_id.value,
-      client_secret      = data.credstash_secret.prow_github_oauth_client_secret.value,
-      redirect_url       = "https://${local.prow_base_url}/github-login/redirect",
-      final_redirect_url = "https://${local.prow_base_url}/pr",
-    }
-  )
-  sensitive = true
-}
-
 output "prow_terraform_gcloud_svc_account_key" {
   value     = google_service_account_key.prow_terraform.private_key
   sensitive = true
@@ -92,46 +55,4 @@ output "prow_github_org" {
 output "certmanager_svc_account_key" {
   value     = google_service_account_key.certmanager_dns_editor_key.private_key
   sensitive = true
-}
-
-output "valuesyaml" {
-  value = base64encode(templatefile(
-    "${path.module}/templates/_prow_values.yaml",
-    {
-      gcloud_region                                    = var.gcloud_region,
-      gcloud_project                                   = var.gcloud_project,
-      gke_name                                         = local.gke_name,
-      gke_authenticator_groups_security_group          = var.gke_authenticator_groups_security_group,
-      prow_terraform_gcloud_svc_account_key            = google_service_account_key.prow_terraform.private_key,
-      prow_terraform_aws_svc_account_access_key_id     = base64encode(aws_iam_access_key.prow_terraform.id),
-      prow_terraform_aws_svc_account_secret_access_key = base64encode(aws_iam_access_key.prow_terraform.secret),
-      prow_base_url                                    = local.prow_base_url,
-      prow_bucket_svc_account_key                      = google_service_account_key.prow_bucket_editor_key.private_key,
-      prow_webhook_hmac_token                          = base64encode(random_string.hmac_token.result),
-      prow_cookie_secret                               = base64encode(random_string.prow_cookie_secret.result),
-      prow_artefacts_bucket_name                       = google_storage_bucket.prow_bucket.name,
-      prow_github_bot_token                            = base64encode(data.credstash_secret.github_bot_token.value),
-      prow_github_bot_ssh_key                          = base64encode(data.credstash_secret.github_bot_ssh_key.value),
-      prow_github_org                                  = var.github_org,
-      oauth_client_id                                  = base64encode(data.credstash_secret.prow_cluster_github_oauth_client_id.value),
-      oauth_client_secret                              = base64encode(data.credstash_secret.prow_cluster_github_oauth_client_secret.value),
-      oauth_cookie_secret                              = base64encode(random_string.prow_cluster_github_oauth_cookie_secret.result),
-      prow_github_oauth_config = base64encode(
-        templatefile("${path.module}/templates/_prow_github_oauth_config.yaml",
-          {
-            client_id          = data.credstash_secret.prow_github_oauth_client_id.value,
-            client_secret      = data.credstash_secret.prow_github_oauth_client_secret.value,
-            redirect_url       = "https://${local.prow_base_url}/github-login/redirect",
-            final_redirect_url = "https://${local.prow_base_url}/pr",
-          }
-        )
-      ),
-      prow_redirect_url           = "${local.prow_base_url}/github-login/redirect",
-      prow_final_redirect_url     = "${local.prow_base_url}/pr",
-      certmanager_svc_account_key = google_service_account_key.certmanager_dns_editor_key.private_key
-      slack_token                 = base64encode(data.credstash_secret.slack_bot_token.value)
-      dockerconfig                = base64encode(data.credstash_secret.dockerconfig.value)
-    }
-  ))
-  sensitive = true
 }
\ No newline at end of file
diff --git a/templates/_prow_github_oauth_config.yaml b/templates/_prow_github_oauth_config.yaml
deleted file mode 100644
index e4e2f43..0000000
--- a/templates/_prow_github_oauth_config.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-client_id: ${client_id}
-client_secret: ${client_secret}
-redirect_url: ${redirect_url}
-final_redirect_url: ${final_redirect_url}
-scopes:
-  - repo  
\ No newline at end of file
diff --git a/templates/_prow_values.yaml b/templates/_prow_values.yaml
deleted file mode 100644
index 155bbdd..0000000
--- a/templates/_prow_values.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-gcloud:
-  region: ${gcloud_region}
-  project: ${gcloud_project}
-  prowterraform_gke_svc_account_key: ${prow_terraform_gcloud_svc_account_key}
-gke:
-  name: ${gke_name}
-  authenticator_groups_security_group: ${gke_authenticator_groups_security_group}
-aws:
-  terraform_user_access_key_id: ${prow_terraform_aws_svc_account_access_key_id}
-  terraform_user_secret_access_key: ${prow_terraform_aws_svc_account_secret_access_key}
-docker:
-  config: ${dockerconfig}
-prow:
-  baseurl: ${prow_base_url}
-  bucket_svc_account_key: ${prow_bucket_svc_account_key}
-  webhook_hmac_token: ${prow_webhook_hmac_token}
-  cookie_secret: ${prow_cookie_secret}
-  bucket_name: ${prow_artefacts_bucket_name}
-  redirect_url: ${prow_redirect_url}
-  final_redirect_url: ${prow_final_redirect_url}
-  oauth_config: ${prow_github_oauth_config}
-  job_url_template: 'https://${prow_base_url}/view/gcs/${prow_artefacts_bucket_name}/pr-logs/pull/{{.Spec.Refs.Repo}}/{{with index .Spec.Refs.Pulls 0}}{{.Number}}{{end}}/{{.Spec.Job}}/{{.Status.BuildID}}'
-  report_template: '[Full PR test history](https://${prow_base_url}/pr-history?org={{.Spec.Refs.Org}}&repo={{.Spec.Refs.Repo}}&pr={{with index .Spec.Refs.Pulls 0}}{{.Number}}{{end}})'
-github:
-  org: ${prow_github_org}
-  bot:
-    token: ${prow_github_bot_token}
-    ssh_key: ${prow_github_bot_ssh_key}
-oauth:
-  client_id: ${oauth_client_id}
-  client_secret: ${oauth_client_secret}
-  cookie_secret: ${oauth_cookie_secret}
-certmanager:
-  gke_svc_account_key: ${certmanager_svc_account_key}
-slack:
-  token: ${slack_token}
-  report_template: 'Job {{.Spec.Job}} of type {{.Spec.Type}} ended with state {{.Status.State}}. <{{.Status.URL}}|View logs>'
\ No newline at end of file