terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

feat: Add `aws_auth_configmap_prevent_destroy`

Open nitrocode opened this issue 3 years ago β€’ 0 comments

Description

  • Add aws_auth_configmap_prevent_destroy

Motivation and Context

I want to avoid destroying the config map by mistake by toggling an input

Breaking Changes

None

How Has This Been Tested?

  • ~I have updated at least one of the examples/* to demonstrate and validate my change(s)~
    • I purposely did not as this would break the test since the test wants to apply and destroy the resources, the kubernetes_config_map would fail to be destroyed.
  • [x] I have tested and validated these changes using one or more of the provided examples/* projects
  • [x] I have executed pre-commit run -a on my pull request

references

  • https://www.terraform.io/language/meta-arguments/lifecycle
  • https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/

commands

Using the defaults with manage_aws_auth_configmap = true, we see the existing kubernetes_config_map_v1_data without the lifecycle hook.

  # module.eks.kubernetes_config_map_v1_data.aws_auth[0] will be created
  + resource "kubernetes_config_map_v1_data" "aws_auth" {
      + data  = (known after apply)
      + force = true
      + id    = (known after apply)

      + metadata {
          + name      = "aws-auth"
          + namespace = "kube-system"
        }
    }

With the following

manage_aws_auth_configmap = true

aws_auth_configmap_prevent_destroy = true

We see the new one created. Note that the lifecycle is hidden but it is there as seen by the name of the resource.

  # module.eks.kubernetes_config_map_v1_data.aws_auth_prevent_destroy[0] will be created
  + resource "kubernetes_config_map_v1_data" "aws_auth_prevent_destroy" {
      + data  = (known after apply)
      + force = true
      + id    = (known after apply)

      + metadata {
          + name      = "aws-auth"
          + namespace = "kube-system"
        }
    }

With the following

create_aws_auth_configmap = true

aws_auth_configmap_prevent_destroy = true

manage_aws_auth_configmap = false

We see the new one created. Note that the lifecycle is hidden but it is there as seen by the name of the resource.

  # module.eks.kubernetes_config_map.aws_auth_prevent_destroy[0] will be created
  + resource "kubernetes_config_map" "aws_auth_prevent_destroy" {
      + data = (known after apply)
      + id   = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "aws-auth"
          + namespace        = "kube-system"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

nitrocode avatar Sep 15 '22 20:09 nitrocode