diff --git a/docs/platypus2/go.mod b/docs/platypus2/go.mod index 5bb0469..6029eb8 100644 --- a/docs/platypus2/go.mod +++ b/docs/platypus2/go.mod @@ -11,8 +11,8 @@ require ( github.com/aws/karpenter v0.29.2 github.com/aws/karpenter-core v0.29.2 github.com/golingon/lingon v0.0.0-20240410151041-d6e1fef1f2a8 - github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239 - github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872 + github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462 + github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c github.com/grafana/dashboard-linter v0.0.0-20230622143601-02e2cd156626 github.com/hashicorp/terraform-exec v0.20.0 github.com/hashicorp/terraform-json v0.21.0 diff --git a/docs/platypus2/go.sum b/docs/platypus2/go.sum index 762c0be..fe127d6 100644 --- a/docs/platypus2/go.sum +++ b/docs/platypus2/go.sum @@ -323,8 +323,12 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239 h1:vqnH3XOdT1FTebLSz2vDe+BB1q6c2CQOvly1WG5g1aM= github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY= +github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462 h1:fZEzgoxPn+VEdefCUJ3xcEKA/fXigq2/0QOM1bE44oo= +github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY= github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872 h1:9H3VZ/Eq51t2W3Aycfk7wvgLTM7fokuo4jqq0wmBcis= github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA= +github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c h1:9HhF/oFSptpg9lmXsJGXE3PBe8CAnWGcYkdY1vAXV3A= +github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= diff --git a/docs/platypus2/infra/csi_ebs.go b/docs/platypus2/infra/csi_ebs.go index 2e80739..2534ec0 100644 --- a/docs/platypus2/infra/csi_ebs.go +++ b/docs/platypus2/infra/csi_ebs.go @@ -6,13 +6,13 @@ package infra import ( "github.com/golingon/lingon/pkg/terra" "github.com/golingon/terra-aws/aws_eks_addon" + "github.com/golingon/terra-aws/aws_iam_policy_document" "github.com/golingon/terra-aws/aws_iam_role" "github.com/golingon/terra-aws/aws_iam_role_policy_attachment" - "github.com/golingon/terra-aws/data_aws_iam_policy_document" ) type CSI struct { - CSIDriver *aws_eks_addon.AwsEksAddon `validate:"required"` + CSIDriver *aws_eks_addon.Resource `validate:"required"` IAMRole `validate:"required"` } @@ -23,10 +23,10 @@ type CSIOpts struct { } type IAMRole struct { - AssumeRolePolicy *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - Role *aws_iam_role.AwsIamRole `validate:"required"` - RolePolicy *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - PolicyAttach *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"` + AssumeRolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + Role *aws_iam_role.Resource `validate:"required"` + RolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttach *aws_iam_role_policy_attachment.Resource `validate:"required"` } func NewCSIEBS(opts CSIOpts) *CSI { @@ -48,14 +48,14 @@ func NewCSIEBS(opts CSIOpts) *CSI { } func newIAMRole(opts CSIOpts) *IAMRole { - assumeRolePolicy := data_aws_iam_policy_document.New( - "csi_assume_role", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + assumeRolePolicy := aws_iam_policy_document.Data( + "csi_assume_role", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")), Effect: S("Allow"), - Condition: []data_aws_iam_policy_document.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S(opts.OIDCProviderURL + ":sub"), @@ -71,7 +71,7 @@ func newIAMRole(opts CSIOpts) *IAMRole { Values: terra.ListString("sts.amazonaws.com"), }, }, - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Federated"), Identifiers: terra.Set(S(opts.OIDCProviderArn)), @@ -83,12 +83,12 @@ func newIAMRole(opts CSIOpts) *IAMRole { ) // small utility function to avoid repeting fields in the policy - cond := func(action, v, val string) data_aws_iam_policy_document.Statement { - return data_aws_iam_policy_document.Statement{ + cond := func(action, v, val string) aws_iam_policy_document.DataStatement { + return aws_iam_policy_document.DataStatement{ Effect: S("Allow"), Actions: terra.SetString(action), Resources: terra.SetString("*"), - Condition: []data_aws_iam_policy_document.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringLike"), Variable: S(v), @@ -101,9 +101,9 @@ func newIAMRole(opts CSIOpts) *IAMRole { // converted from // https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/example-iam-policy.json // - policy := data_aws_iam_policy_document.New( - "csiebs", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + policy := aws_iam_policy_document.Data( + "csiebs", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Effect: S("Allow"), Actions: terra.SetString( @@ -127,7 +127,7 @@ func newIAMRole(opts CSIOpts) *IAMRole { "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", ), - Condition: []data_aws_iam_policy_document.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S("ec2:CreateAction"), diff --git a/docs/platypus2/infra/eks.go b/docs/platypus2/infra/eks.go index 8c54f21..016eb20 100644 --- a/docs/platypus2/infra/eks.go +++ b/docs/platypus2/infra/eks.go @@ -9,12 +9,12 @@ import ( "github.com/golingon/lingon/pkg/terra" "github.com/golingon/terra-aws/aws_eks_cluster" "github.com/golingon/terra-aws/aws_iam_openid_connect_provider" + "github.com/golingon/terra-aws/aws_iam_policy_document" "github.com/golingon/terra-aws/aws_iam_role" "github.com/golingon/terra-aws/aws_iam_role_policy_attachment" "github.com/golingon/terra-aws/aws_security_group" "github.com/golingon/terra-aws/aws_security_group_rule" - "github.com/golingon/terra-aws/data_aws_iam_policy_document" - "github.com/golingon/terra_tls/data_tls_certificate" + "github.com/golingon/terra_tls/tls_certificate" ) var ( @@ -36,20 +36,20 @@ type ClusterOpts struct { } type Cluster struct { - EKSCluster *aws_eks_cluster.AwsEksCluster `validate:"required"` - IAMPolicyDocument *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - IAMRole *aws_iam_role.AwsIamRole `validate:"required"` - IAMRoleClusterPolicy *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"` - IAMRoleVPCController *aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required"` + EKSCluster *aws_eks_cluster.Resource `validate:"required"` + IAMPolicyDocument *aws_iam_policy_document.DataSource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + IAMRoleClusterPolicy *aws_iam_role_policy_attachment.Resource `validate:"required"` + IAMRoleVPCController *aws_iam_role_policy_attachment.Resource `validate:"required"` // SecurityGroup is the AWS security group for both the EKS control plane // and worker nodes - SecurityGroup *aws_security_group.AwsSecurityGroup `validate:"required"` - IngressAllowAll *aws_security_group_rule.AwsSecurityGroupRule `validate:"required"` - EgressAllowAll *aws_security_group_rule.AwsSecurityGroupRule `validate:"required"` + SecurityGroup *aws_security_group.Resource `validate:"required"` + IngressAllowAll *aws_security_group_rule.Resource `validate:"required"` + EgressAllowAll *aws_security_group_rule.Resource `validate:"required"` - TLSCert *data_tls_certificate.TlsCertificate `validate:"required"` - IAMOIDCProvider *aws_iam_openid_connect_provider.AwsIamOpenidConnectProvider `validate:"required"` + TLSCert *tls_certificate.DataSource `validate:"required"` + IAMOIDCProvider *aws_iam_openid_connect_provider.Resource `validate:"required"` } func NewCluster(opts ClusterOpts) *Cluster { @@ -96,13 +96,13 @@ func NewCluster(opts ClusterOpts) *Cluster { }, ) - iamPolicyDocument := data_aws_iam_policy_document.New( - "eks", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + iamPolicyDocument := aws_iam_policy_document.Data( + "eks", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("EKSClusterAssumeRole"), Actions: terra.Set(S("sts:AssumeRole")), - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.Set(S("eks.amazonaws.com")), @@ -157,8 +157,8 @@ func NewCluster(opts ClusterOpts) *Cluster { // ), // } - tlsCert := data_tls_certificate.New( - "eks", data_tls_certificate.Args{ + tlsCert := tls_certificate.Data( + "eks", tls_certificate.DataArgs{ Url: eksCluster.Attributes(). Identity(). Index(0). diff --git a/docs/platypus2/infra/s3.go b/docs/platypus2/infra/s3.go index 7dc91a4..b0a2a51 100644 --- a/docs/platypus2/infra/s3.go +++ b/docs/platypus2/infra/s3.go @@ -12,12 +12,12 @@ import ( ) type Bucket struct { - S3 *aws_s3_bucket.AwsS3Bucket `validate:"required"` + S3 *aws_s3_bucket.Resource `validate:"required"` // ACL *aws.S3BucketAcl // `validate:"required"` - Versioning *aws_s3_bucket_versioning.AwsS3BucketVersioning `validate:"required"` - PublicAccess *aws_s3_bucket_public_access_block.AwsS3BucketPublicAccessBlock `validate:"required"` - SSE *aws_s3_bucket_server_side_encryption_configuration.AwsS3BucketServerSideEncryptionConfiguration `validate:"required"` + Versioning *aws_s3_bucket_versioning.Resource `validate:"required"` + PublicAccess *aws_s3_bucket_public_access_block.Resource `validate:"required"` + SSE *aws_s3_bucket_server_side_encryption_configuration.Resource `validate:"required"` } func NewBucket(bucketName string) *Bucket { @@ -79,7 +79,7 @@ func NewBucket(bucketName string) *Bucket { func RuleEncryptKMS() []aws_s3_bucket_server_side_encryption_configuration.Rule { return []aws_s3_bucket_server_side_encryption_configuration.Rule{ { - ApplyServerSideEncryptionByDefault: &aws_s3_bucket_server_side_encryption_configuration.ApplyServerSideEncryptionByDefault{ + ApplyServerSideEncryptionByDefault: &aws_s3_bucket_server_side_encryption_configuration.RuleApplyServerSideEncryptionByDefault{ SseAlgorithm: S("aws:kms"), }, }, diff --git a/docs/platypus2/infra/vpc.go b/docs/platypus2/infra/vpc.go index e4c0ed3..b5b0464 100644 --- a/docs/platypus2/infra/vpc.go +++ b/docs/platypus2/infra/vpc.go @@ -28,21 +28,21 @@ type Opts struct { } type AWSVPC struct { - VPC *aws_vpc.AwsVpc `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` - PublicSubnets [3]*aws_subnet.AwsSubnet `validate:"required,dive,required"` - PublicRT *aws_route_table.AwsRouteTable `validate:"required"` - PublicRoute *aws_route.AwsRoute `validate:"required"` - PublicRTAssocs [3]*aws_route_table_association.AwsRouteTableAssociation `validate:"required,dive,required"` + PublicSubnets [3]*aws_subnet.Resource `validate:"required,dive,required"` + PublicRT *aws_route_table.Resource `validate:"required"` + PublicRoute *aws_route.Resource `validate:"required"` + PublicRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"` - PrivateSubnets [3]*aws_subnet.AwsSubnet `validate:"required,dive,required"` - PrivateRTs [3]*aws_route_table.AwsRouteTable `validate:"required,dive,required"` - PrivateRoutes [3]*aws_route.AwsRoute `validate:"required,dive,required"` - PrivateRTAssocs [3]*aws_route_table_association.AwsRouteTableAssociation `validate:"required,dive,required"` + PrivateSubnets [3]*aws_subnet.Resource `validate:"required,dive,required"` + PrivateRTs [3]*aws_route_table.Resource `validate:"required,dive,required"` + PrivateRoutes [3]*aws_route.Resource `validate:"required,dive,required"` + PrivateRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"` - InternetGateway *aws_internet_gateway.AwsInternetGateway `validate:"required"` - EIPNat [3]*aws_eip.AwsEip `validate:"required,dive,required"` - NatGateways [3]*aws_nat_gateway.AwsNatGateway `validate:"required,dive,required"` + InternetGateway *aws_internet_gateway.Resource `validate:"required"` + EIPNat [3]*aws_eip.Resource `validate:"required,dive,required"` + NatGateways [3]*aws_nat_gateway.Resource `validate:"required,dive,required"` } func NewAWSVPC(opts Opts) *AWSVPC { @@ -75,7 +75,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { }, ) - eipNats := [3]*aws_eip.AwsEip{} + eipNats := [3]*aws_eip.Resource{} for i := 0; i < 3; i++ { eipNats[i] = aws_eip.New( fmt.Sprintf("nats_%d", i), aws_eip.Args{ @@ -86,7 +86,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - publicSubnets := [3]*aws_subnet.AwsSubnet{} + publicSubnets := [3]*aws_subnet.Resource{} for i := 0; i < 3; i++ { publicSubnets[i] = aws_subnet.New( fmt.Sprintf("public_%d", i), aws_subnet.Args{ @@ -113,7 +113,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { }, ) - pubRTAssocs := [3]*aws_route_table_association.AwsRouteTableAssociation{} + pubRTAssocs := [3]*aws_route_table_association.Resource{} for i := 0; i < 3; i++ { pubRTAssocs[i] = aws_route_table_association.New( fmt.Sprintf("public_%d", i), aws_route_table_association.Args{ @@ -123,7 +123,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - natGateways := [3]*aws_nat_gateway.AwsNatGateway{} + natGateways := [3]*aws_nat_gateway.Resource{} for i := 0; i < 3; i++ { ng := aws_nat_gateway.New( fmt.Sprintf("nat_gateway_%d", i), aws_nat_gateway.Args{ @@ -136,7 +136,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { natGateways[i] = ng } - privateSubnets := [3]*aws_subnet.AwsSubnet{} + privateSubnets := [3]*aws_subnet.Resource{} for i := 0; i < 3; i++ { privateSubnets[i] = aws_subnet.New( fmt.Sprintf("private_%d", i), aws_subnet.Args{ @@ -152,7 +152,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - privateRTs := [3]*aws_route_table.AwsRouteTable{} + privateRTs := [3]*aws_route_table.Resource{} for i := 0; i < 3; i++ { privateRTs[i] = aws_route_table.New( fmt.Sprintf("private_%d", i), aws_route_table.Args{ @@ -161,7 +161,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { }, ) } - privateRoutes := [3]*aws_route.AwsRoute{} + privateRoutes := [3]*aws_route.Resource{} for i := 0; i < 3; i++ { privateRoutes[i] = aws_route.New( fmt.Sprintf("private_%d", i), aws_route.Args{ @@ -172,7 +172,7 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - privateRTAssocs := [3]*aws_route_table_association.AwsRouteTableAssociation{} + privateRTAssocs := [3]*aws_route_table_association.Resource{} for i := 0; i < 3; i++ { privateRTAssocs[i] = aws_route_table_association.New( fmt.Sprintf("private_%d", i), aws_route_table_association.Args{ diff --git a/docs/platypus2/karpenter/infra.go b/docs/platypus2/karpenter/infra.go index f012009..30f203f 100644 --- a/docs/platypus2/karpenter/infra.go +++ b/docs/platypus2/karpenter/infra.go @@ -6,10 +6,10 @@ package karpenter import ( "fmt" + "github.com/golingon/terra-aws/aws_iam_policy_document" "github.com/golingon/terra-aws/aws_iam_role" "github.com/golingon/terra-aws/aws_sqs_queue" "github.com/golingon/terra-aws/aws_sqs_queue_policy" - "github.com/golingon/terra-aws/data_aws_iam_policy_document" "github.com/golingon/lingon/pkg/terra" ) @@ -43,9 +43,9 @@ type Controller struct { } type NodeTerminationQueue struct { - SimpleQueue *aws_sqs_queue.AwsSqsQueue `validate:"required"` - QueuePolicy *aws_sqs_queue_policy.AwsSqsQueuePolicy `validate:"required"` - QueuePolicyDocument *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` + SimpleQueue *aws_sqs_queue.Resource `validate:"required"` + QueuePolicy *aws_sqs_queue_policy.Resource `validate:"required"` + QueuePolicyDocument *aws_iam_policy_document.DataSource `validate:"required"` } func NewInfra(opts InfraOpts) Infra { @@ -57,7 +57,7 @@ func NewInfra(opts InfraOpts) Infra { } } -func newController(opts InfraOpts, ipRole *aws_iam_role.AwsIamRole) Controller { +func newController(opts InfraOpts, ipRole *aws_iam_role.Resource) Controller { queue := newNodeTerminationQueue(opts) return Controller{ IAMRole: newIAMRole(opts, ipRole, queue.SimpleQueue), @@ -66,28 +66,28 @@ func newController(opts InfraOpts, ipRole *aws_iam_role.AwsIamRole) Controller { } type IAMRole struct { - AssumeRolePolicy *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - Role *aws_iam_role.AwsIamRole `validate:"required"` - RolePolicy *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` + AssumeRolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + Role *aws_iam_role.Resource `validate:"required"` + RolePolicy *aws_iam_policy_document.DataSource `validate:"required"` } func newIAMRole( opts InfraOpts, - ipRole *aws_iam_role.AwsIamRole, - queue *aws_sqs_queue.AwsSqsQueue, + ipRole *aws_iam_role.Resource, + queue *aws_sqs_queue.Resource, ) IAMRole { - assumeRolePolicy := data_aws_iam_policy_document.New( - KA.Name+"_assume_role", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + assumeRolePolicy := aws_iam_policy_document.Data( + KA.Name+"_assume_role", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")), - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Federated"), Identifiers: terra.Set(S(opts.OIDCProviderArn)), }, }, - Condition: []data_aws_iam_policy_document.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S(opts.OIDCProviderURL + ":sub"), @@ -109,9 +109,9 @@ func newIAMRole( }, }, ) - policy := data_aws_iam_policy_document.New( - KA.Name, data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + policy := aws_iam_policy_document.Data( + KA.Name, aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.SetString( "ec2:DescribeImages", @@ -141,7 +141,7 @@ func newIAMRole( ), Effect: S("Allow"), Resources: terra.SetString("*"), - Condition: []data_aws_iam_policy_document.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S( @@ -209,14 +209,14 @@ func newNodeTerminationQueue(opts InfraOpts) NodeTerminationQueue { MessageRetentionSeconds: terra.Number(300), }, ) - policyDoc := data_aws_iam_policy_document.New( - "node_termination_queue", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + policyDoc := aws_iam_policy_document.Data( + "node_termination_queue", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("SQSWrite"), Resources: terra.Set(queue.Attributes().Arn()), Actions: terra.SetString("sqs:SendMessage"), - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( diff --git a/docs/platypus2/karpenter/infra_fargateprofile.go b/docs/platypus2/karpenter/infra_fargateprofile.go index 11b469d..b13b464 100644 --- a/docs/platypus2/karpenter/infra_fargateprofile.go +++ b/docs/platypus2/karpenter/infra_fargateprofile.go @@ -7,9 +7,9 @@ import ( "fmt" "github.com/golingon/terra-aws/aws_eks_fargate_profile" + "github.com/golingon/terra-aws/aws_iam_policy_document" "github.com/golingon/terra-aws/aws_iam_role" "github.com/golingon/terra-aws/aws_iam_role_policy_attachment" - "github.com/golingon/terra-aws/data_aws_iam_policy_document" "github.com/golingon/lingon/pkg/terra" ) @@ -26,20 +26,20 @@ const ( // FargateProfile is the AWS EKS Fargate profile for the Karpenter pods to // run on type FargateProfile struct { - FargateProfile *aws_eks_fargate_profile.AwsEksFargateProfile `validate:"required"` - IAMRole *aws_iam_role.AwsIamRole `validate:"required"` - AssumeRole *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required,dive,required"` + FargateProfile *aws_eks_fargate_profile.Resource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + AssumeRole *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttachments []*aws_iam_role_policy_attachment.Resource `validate:"required,dive,required"` } func newFargateProfile(opts InfraOpts) FargateProfile { - arPolicy := data_aws_iam_policy_document.New( - "fargate", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + arPolicy := aws_iam_policy_document.Data( + "fargate", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Effect: S("Allow"), Actions: terra.SetString("sts:AssumeRole"), - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( @@ -68,7 +68,7 @@ func newFargateProfile(opts InfraOpts) FargateProfile { } policyAttachments := make( - []*aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment, + []*aws_iam_role_policy_attachment.Resource, len(policies), ) for i, policy := range policies { diff --git a/docs/platypus2/karpenter/infra_instanceprofile.go b/docs/platypus2/karpenter/infra_instanceprofile.go index fda5433..d8cd20c 100644 --- a/docs/platypus2/karpenter/infra_instanceprofile.go +++ b/docs/platypus2/karpenter/infra_instanceprofile.go @@ -7,9 +7,9 @@ import ( "fmt" "github.com/golingon/terra-aws/aws_iam_instance_profile" + "github.com/golingon/terra-aws/aws_iam_policy_document" "github.com/golingon/terra-aws/aws_iam_role" "github.com/golingon/terra-aws/aws_iam_role_policy_attachment" - "github.com/golingon/terra-aws/data_aws_iam_policy_document" "github.com/golingon/lingon/pkg/terra" ) @@ -17,21 +17,21 @@ import ( // InstanceProfile is the AWS EC2 Instance Profile for the nodes provisioned by // Karpenter to use. type InstanceProfile struct { - InstanceProfile *aws_iam_instance_profile.AwsIamInstanceProfile `validate:"required"` - IAMRole *aws_iam_role.AwsIamRole `validate:"required"` - AssumeRole *data_aws_iam_policy_document.AwsIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment `validate:"required,dive,required"` + InstanceProfile *aws_iam_instance_profile.Resource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + AssumeRole *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttachments []*aws_iam_role_policy_attachment.Resource `validate:"required,dive,required"` } func newInstanceProfile() InstanceProfile { - arPolicy := data_aws_iam_policy_document.New( - "eks_node", data_aws_iam_policy_document.Args{ - Statement: []data_aws_iam_policy_document.Statement{ + arPolicy := aws_iam_policy_document.Data( + "eks_node", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("EKSNodeAssumeRole"), Effect: S("Allow"), Actions: terra.SetString("sts:AssumeRole"), - Principals: []data_aws_iam_policy_document.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( @@ -62,7 +62,7 @@ func newInstanceProfile() InstanceProfile { } policyAttachments := make( - []*aws_iam_role_policy_attachment.AwsIamRolePolicyAttachment, + []*aws_iam_role_policy_attachment.Resource, len(policies), ) for i, policy := range policies {