update platypus2 with new terragen layout (same pkg for resource and …

…data source)

docs/platypus2/go.mod

@@ -11,8 +11,8 @@ require (
 	github.com/aws/karpenter v0.29.2
 	github.com/aws/karpenter-core v0.29.2
 	github.com/golingon/lingon v0.0.0-20240410151041-d6e1fef1f2a8
-	github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239
-	github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872
+	github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462
+	github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c
 	github.com/grafana/dashboard-linter v0.0.0-20230622143601-02e2cd156626
 	github.com/hashicorp/terraform-exec v0.20.0
 	github.com/hashicorp/terraform-json v0.21.0

docs/platypus2/go.sum

@@ -323,8 +323,12 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239 h1:vqnH3XOdT1FTebLSz2vDe+BB1q6c2CQOvly1WG5g1aM=
 github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY=
+github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462 h1:fZEzgoxPn+VEdefCUJ3xcEKA/fXigq2/0QOM1bE44oo=
+github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY=
 github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872 h1:9H3VZ/Eq51t2W3Aycfk7wvgLTM7fokuo4jqq0wmBcis=
 github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA=
+github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c h1:9HhF/oFSptpg9lmXsJGXE3PBe8CAnWGcYkdY1vAXV3A=
+github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=

docs/platypus2/infra/csi_ebs.go

@@ -6,13 +6,13 @@ package infra
 import (
 	"github.com/golingon/lingon/pkg/terra"
 	"github.com/golingon/terra-aws/aws_eks_addon"
+	"github.com/golingon/terra-aws/aws_iam_policy_document"
 	"github.com/golingon/terra-aws/aws_iam_role"
 	"github.com/golingon/terra-aws/aws_iam_role_policy_attachment"
-	"github.com/golingon/terra-aws/data_aws_iam_policy_document"
 )
 
 type CSI struct {
-	CSIDriver *aws_eks_addon.AwsEksAddon `validate:"required"`
+	CSIDriver *aws_eks_addon.Resource `validate:"required"`
 	IAMRole   `validate:"required"`
 }
 
@@ -23,10 +23,10 @@ type CSIOpts struct {
 }
 
 type IAMRole struct {
-	AssumeRolePolicy *data_aws_iam_policy_document.AwsIamPolicyDocument         `validate:"required"`
-	Role             *aws_iam_role.AwsIamRole                                   `validate:"required"`
-	RolePolicy       *data_aws_iam_policy_document.AwsIamPolicyDocument         `validate:"required"`
-	PolicyAttach     *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"`
+	AssumeRolePolicy *aws_iam_policy_document.DataSource      `validate:"required"`
+	Role             *aws_iam_role.Resource                   `validate:"required"`
+	RolePolicy       *aws_iam_policy_document.DataSource      `validate:"required"`
+	PolicyAttach     *aws_iam_role_policy_attachment.Resource `validate:"required"`
 }
 
 func NewCSIEBS(opts CSIOpts) *CSI {
@@ -48,14 +48,14 @@ func NewCSIEBS(opts CSIOpts) *CSI {
 }
 
 func newIAMRole(opts CSIOpts) *IAMRole {
-	assumeRolePolicy := data_aws_iam_policy_document.New(
-		"csi_assume_role", data_aws_iam_policy_document.Args{
-			Statement: []data_aws_iam_policy_document.Statement{
+	assumeRolePolicy := aws_iam_policy_document.Data(
+		"csi_assume_role", aws_iam_policy_document.DataArgs{
+			Statement: []aws_iam_policy_document.DataStatement{
 				{
 					Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")),
 					Effect:  S("Allow"),
 
-					Condition: []data_aws_iam_policy_document.Condition{
+					Condition: []aws_iam_policy_document.DataStatementCondition{
 						{
 							Test:     S("StringEquals"),
 							Variable: S(opts.OIDCProviderURL + ":sub"),
@@ -71,7 +71,7 @@ func newIAMRole(opts CSIOpts) *IAMRole {
 							Values:   terra.ListString("sts.amazonaws.com"),
 						},
 					},
-					Principals: []data_aws_iam_policy_document.Principals{
+					Principals: []aws_iam_policy_document.DataStatementPrincipals{
 						{
 							Type:        S("Federated"),
 							Identifiers: terra.Set(S(opts.OIDCProviderArn)),
@@ -83,12 +83,12 @@ func newIAMRole(opts CSIOpts) *IAMRole {
 	)
 
 	// small utility function to avoid repeting fields in the policy
-	cond := func(action, v, val string) data_aws_iam_policy_document.Statement {
-		return data_aws_iam_policy_document.Statement{
+	cond := func(action, v, val string) aws_iam_policy_document.DataStatement {
+		return aws_iam_policy_document.DataStatement{
 			Effect:    S("Allow"),
 			Actions:   terra.SetString(action),
 			Resources: terra.SetString("*"),
-			Condition: []data_aws_iam_policy_document.Condition{
+			Condition: []aws_iam_policy_document.DataStatementCondition{
 				{
 					Test:     S("StringLike"),
 					Variable: S(v),
@@ -101,9 +101,9 @@ func newIAMRole(opts CSIOpts) *IAMRole {
 	// converted from
 	// https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/example-iam-policy.json
 	//
-	policy := data_aws_iam_policy_document.New(
-		"csiebs", data_aws_iam_policy_document.Args{
-			Statement: []data_aws_iam_policy_document.Statement{
+	policy := aws_iam_policy_document.Data(
+		"csiebs", aws_iam_policy_document.DataArgs{
+			Statement: []aws_iam_policy_document.DataStatement{
 				{
 					Effect: S("Allow"),
 					Actions: terra.SetString(
@@ -127,7 +127,7 @@ func newIAMRole(opts CSIOpts) *IAMRole {
 						"arn:aws:ec2:*:*:volume/*",
 						"arn:aws:ec2:*:*:snapshot/*",
 					),
-					Condition: []data_aws_iam_policy_document.Condition{
+					Condition: []aws_iam_policy_document.DataStatementCondition{
 						{
 							Test:     S("StringEquals"),
 							Variable: S("ec2:CreateAction"),

docs/platypus2/infra/eks.go

@@ -9,12 +9,12 @@ import (
 	"github.com/golingon/lingon/pkg/terra"
 	"github.com/golingon/terra-aws/aws_eks_cluster"
 	"github.com/golingon/terra-aws/aws_iam_openid_connect_provider"
+	"github.com/golingon/terra-aws/aws_iam_policy_document"
 	"github.com/golingon/terra-aws/aws_iam_role"
 	"github.com/golingon/terra-aws/aws_iam_role_policy_attachment"
 	"github.com/golingon/terra-aws/aws_security_group"
 	"github.com/golingon/terra-aws/aws_security_group_rule"
-	"github.com/golingon/terra-aws/data_aws_iam_policy_document"
-	"github.com/golingon/terra_tls/data_tls_certificate"
+	"github.com/golingon/terra_tls/tls_certificate"
 )
 
 var (
@@ -36,20 +36,20 @@ type ClusterOpts struct {
 }
 
 type Cluster struct {
-	EKSCluster           *aws_eks_cluster.AwsEksCluster                             `validate:"required"`
-	IAMPolicyDocument    *data_aws_iam_policy_document.AwsIamPolicyDocument         `validate:"required"`
-	IAMRole              *aws_iam_role.AwsIamRole                                   `validate:"required"`
-	IAMRoleClusterPolicy *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"`
-	IAMRoleVPCController *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"`
+	EKSCluster           *aws_eks_cluster.Resource                `validate:"required"`
+	IAMPolicyDocument    *aws_iam_policy_document.DataSource      `validate:"required"`
+	IAMRole              *aws_iam_role.Resource                   `validate:"required"`
+	IAMRoleClusterPolicy *aws_iam_role_policy_attachment.Resource `validate:"required"`
+	IAMRoleVPCController *aws_iam_role_policy_attachment.Resource `validate:"required"`
 
 	// SecurityGroup is the AWS security group for both the EKS control plane
 	// and worker nodes
-	SecurityGroup   *aws_security_group.AwsSecurityGroup          `validate:"required"`
-	IngressAllowAll *aws_security_group_rule.AwsSecurityGroupRule `validate:"required"`
-	EgressAllowAll  *aws_security_group_rule.AwsSecurityGroupRule `validate:"required"`
+	SecurityGroup   *aws_security_group.Resource      `validate:"required"`
+	IngressAllowAll *aws_security_group_rule.Resource `validate:"required"`
+	EgressAllowAll  *aws_security_group_rule.Resource `validate:"required"`
 
-	TLSCert         *data_tls_certificate.TlsCertificate                         `validate:"required"`
-	IAMOIDCProvider *aws_iam_openid_connect_provider.AwsIamOpenidConnectProvider `validate:"required"`
+	TLSCert         *tls_certificate.DataSource               `validate:"required"`
+	IAMOIDCProvider *aws_iam_openid_connect_provider.Resource `validate:"required"`
 }
 
 func NewCluster(opts ClusterOpts) *Cluster {
@@ -96,13 +96,13 @@ func NewCluster(opts ClusterOpts) *Cluster {
 		},
 	)
 
-	iamPolicyDocument := data_aws_iam_policy_document.New(
-		"eks", data_aws_iam_policy_document.Args{
-			Statement: []data_aws_iam_policy_document.Statement{
+	iamPolicyDocument := aws_iam_policy_document.Data(
+		"eks", aws_iam_policy_document.DataArgs{
+			Statement: []aws_iam_policy_document.DataStatement{
 				{
 					Sid:     S("EKSClusterAssumeRole"),
 					Actions: terra.Set(S("sts:AssumeRole")),
-					Principals: []data_aws_iam_policy_document.Principals{
+					Principals: []aws_iam_policy_document.DataStatementPrincipals{
 						{
 							Type:        S("Service"),
 							Identifiers: terra.Set(S("eks.amazonaws.com")),
@@ -157,8 +157,8 @@ func NewCluster(opts ClusterOpts) *Cluster {
 	// 	),
 	// }
 
-	tlsCert := data_tls_certificate.New(
-		"eks", data_tls_certificate.Args{
+	tlsCert := tls_certificate.Data(
+		"eks", tls_certificate.DataArgs{
 			Url: eksCluster.Attributes().
 				Identity().
 				Index(0).

docs/platypus2/infra/s3.go

@@ -12,12 +12,12 @@ import (
 )
 
 type Bucket struct {
-	S3 *aws_s3_bucket.AwsS3Bucket `validate:"required"`
+	S3 *aws_s3_bucket.Resource `validate:"required"`
 	// ACL          *aws.S3BucketAcl
 	// `validate:"required"`
-	Versioning   *aws_s3_bucket_versioning.AwsS3BucketVersioning                                                  `validate:"required"`
-	PublicAccess *aws_s3_bucket_public_access_block.AwsS3BucketPublicAccessBlock                                  `validate:"required"`
-	SSE          *aws_s3_bucket_server_side_encryption_configuration.AwsS3BucketServerSideEncryptionConfiguration `validate:"required"`
+	Versioning   *aws_s3_bucket_versioning.Resource                           `validate:"required"`
+	PublicAccess *aws_s3_bucket_public_access_block.Resource                  `validate:"required"`
+	SSE          *aws_s3_bucket_server_side_encryption_configuration.Resource `validate:"required"`
 }
 
 func NewBucket(bucketName string) *Bucket {
@@ -79,7 +79,7 @@ func NewBucket(bucketName string) *Bucket {
 func RuleEncryptKMS() []aws_s3_bucket_server_side_encryption_configuration.Rule {
 	return []aws_s3_bucket_server_side_encryption_configuration.Rule{
 		{
-			ApplyServerSideEncryptionByDefault: &aws_s3_bucket_server_side_encryption_configuration.ApplyServerSideEncryptionByDefault{
+			ApplyServerSideEncryptionByDefault: &aws_s3_bucket_server_side_encryption_configuration.RuleApplyServerSideEncryptionByDefault{
 				SseAlgorithm: S("aws:kms"),
 			},
 		},

docs/platypus2/infra/vpc.go

@@ -28,21 +28,21 @@ type Opts struct {
 }
 
 type AWSVPC struct {
-	VPC *aws_vpc.AwsVpc `validate:"required"`
+	VPC *aws_vpc.Resource `validate:"required"`
 
-	PublicSubnets  [3]*aws_subnet.AwsSubnet                                 `validate:"required,dive,required"`
-	PublicRT       *aws_route_table.AwsRouteTable                           `validate:"required"`
-	PublicRoute    *aws_route.AwsRoute                                      `validate:"required"`
-	PublicRTAssocs [3]*aws_route_table_association.AwsRouteTableAssociation `validate:"required,dive,required"`
+	PublicSubnets  [3]*aws_subnet.Resource                  `validate:"required,dive,required"`
+	PublicRT       *aws_route_table.Resource                `validate:"required"`
+	PublicRoute    *aws_route.Resource                      `validate:"required"`
+	PublicRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"`
 
-	PrivateSubnets  [3]*aws_subnet.AwsSubnet                                 `validate:"required,dive,required"`
-	PrivateRTs      [3]*aws_route_table.AwsRouteTable                        `validate:"required,dive,required"`
-	PrivateRoutes   [3]*aws_route.AwsRoute                                   `validate:"required,dive,required"`
-	PrivateRTAssocs [3]*aws_route_table_association.AwsRouteTableAssociation `validate:"required,dive,required"`
+	PrivateSubnets  [3]*aws_subnet.Resource                  `validate:"required,dive,required"`
+	PrivateRTs      [3]*aws_route_table.Resource             `validate:"required,dive,required"`
+	PrivateRoutes   [3]*aws_route.Resource                   `validate:"required,dive,required"`
+	PrivateRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"`
 
-	InternetGateway *aws_internet_gateway.AwsInternetGateway `validate:"required"`
-	EIPNat          [3]*aws_eip.AwsEip                       `validate:"required,dive,required"`
-	NatGateways     [3]*aws_nat_gateway.AwsNatGateway        `validate:"required,dive,required"`
+	InternetGateway *aws_internet_gateway.Resource `validate:"required"`
+	EIPNat          [3]*aws_eip.Resource           `validate:"required,dive,required"`
+	NatGateways     [3]*aws_nat_gateway.Resource   `validate:"required,dive,required"`
 }
 
 func NewAWSVPC(opts Opts) *AWSVPC {
@@ -75,7 +75,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		},
 	)
 
-	eipNats := [3]*aws_eip.AwsEip{}
+	eipNats := [3]*aws_eip.Resource{}
 	for i := 0; i < 3; i++ {
 		eipNats[i] = aws_eip.New(
 			fmt.Sprintf("nats_%d", i), aws_eip.Args{
@@ -86,7 +86,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		)
 	}
 
-	publicSubnets := [3]*aws_subnet.AwsSubnet{}
+	publicSubnets := [3]*aws_subnet.Resource{}
 	for i := 0; i < 3; i++ {
 		publicSubnets[i] = aws_subnet.New(
 			fmt.Sprintf("public_%d", i), aws_subnet.Args{
@@ -113,7 +113,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		},
 	)
 
-	pubRTAssocs := [3]*aws_route_table_association.AwsRouteTableAssociation{}
+	pubRTAssocs := [3]*aws_route_table_association.Resource{}
 	for i := 0; i < 3; i++ {
 		pubRTAssocs[i] = aws_route_table_association.New(
 			fmt.Sprintf("public_%d", i), aws_route_table_association.Args{
@@ -123,7 +123,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		)
 	}
 
-	natGateways := [3]*aws_nat_gateway.AwsNatGateway{}
+	natGateways := [3]*aws_nat_gateway.Resource{}
 	for i := 0; i < 3; i++ {
 		ng := aws_nat_gateway.New(
 			fmt.Sprintf("nat_gateway_%d", i), aws_nat_gateway.Args{
@@ -136,7 +136,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		natGateways[i] = ng
 	}
 
-	privateSubnets := [3]*aws_subnet.AwsSubnet{}
+	privateSubnets := [3]*aws_subnet.Resource{}
 	for i := 0; i < 3; i++ {
 		privateSubnets[i] = aws_subnet.New(
 			fmt.Sprintf("private_%d", i), aws_subnet.Args{
@@ -152,7 +152,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		)
 	}
 
-	privateRTs := [3]*aws_route_table.AwsRouteTable{}
+	privateRTs := [3]*aws_route_table.Resource{}
 	for i := 0; i < 3; i++ {
 		privateRTs[i] = aws_route_table.New(
 			fmt.Sprintf("private_%d", i), aws_route_table.Args{
@@ -161,7 +161,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 			},
 		)
 	}
-	privateRoutes := [3]*aws_route.AwsRoute{}
+	privateRoutes := [3]*aws_route.Resource{}
 	for i := 0; i < 3; i++ {
 		privateRoutes[i] = aws_route.New(
 			fmt.Sprintf("private_%d", i), aws_route.Args{
@@ -172,7 +172,7 @@ func NewAWSVPC(opts Opts) *AWSVPC {
 		)
 	}
 
-	privateRTAssocs := [3]*aws_route_table_association.AwsRouteTableAssociation{}
+	privateRTAssocs := [3]*aws_route_table_association.Resource{}
 	for i := 0; i < 3; i++ {
 		privateRTAssocs[i] = aws_route_table_association.New(
 			fmt.Sprintf("private_%d", i), aws_route_table_association.Args{