Merge pull request #6 from spectrocloud/oci-ecr-repository

Support for OCI repository.

examples/config/cluster/cluster-eks-dev.yaml

@@ -1,5 +1,5 @@
 name: eks-dev
-cloud_account: dev-030
+cloud_account: "${ACCOUNT_DEV_NAME}"
 profiles:
   infra:
     name: profile_infra
@@ -8,6 +8,7 @@ profiles:
         version: "1.20"
         override_type: params #[values, params, template]
         params:
+          MACHINE_POOL_ROLE_NAME: MACHINE_POOL_ROLE_NAME_1
           OIDC_IDENTITY_PROVIDER_NAME: eks-oidc # parameter value in cluster profile pack values should be "%OIDC_IDENTITY_PROVIDER_NAME%"
           OIDC_CLAIM_NAME: oidc-custom-claim # parameter value in cluster profile pack values should be "%OIDC_CLAIM_NAME%"
           OIDC_ISSUER_URL: https://123456-okta.com/111111/hello # parameter value in cluster profile pack values should be "%OIDC_ISSUER_URL%"
@@ -49,7 +50,7 @@ profiles:
           - PROFILE_NAME: security-app
             PROFILE_SPEC_NAME: security-app
   addons:
-    - name: profile_addon
+    - name: addon-profile-1
 cloud_config:
   aws_region: us-east-1
   aws_vpc_id: vpc-0bf456fc3c7bbe

examples/config/profile/profile-addon-1.yaml

@@ -324,11 +324,3 @@ packs:
             corednsPathPrefix: ""
             clientCert: ""
             clientCertKey: ""
-
-  - name: "spectro-byo-manifest"
-    type: "spectro"
-    layer: "addon"
-    server: "${ADDON_SPECTRO_REPO_URL}"
-    version: "1.0.0"
-    values: |
-      #Empty manifest.

examples/config/profile/profile-infra.yaml

@@ -56,8 +56,8 @@ packs:
         ## This self-managed IAM role(https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) should include the required
         ## policies - 'AmazonEKSWorkerNodePolicy','AmazonEC2ContainerRegistryReadOnly', 'AmazonSSMManagedInstanceCore' and 'AmazonEKS_CNI_Policy'
         ## NOTE: The roleName cannot have the prefix 'ng-role_' since this is reserved for spectro-generated roles
-        #managedMachinePool:
-        #roleName: {{ name of the self-managed role | format "${string}" }}
+        managedMachinePool:
+          roleName: "%MACHINE_POOL_ROLE_NAME%"
 
         ## A list of additional policies to attach to the node group role
         #roleAdditionalPolicies:

examples/config/registry/registry-dev-1.yaml

@@ -0,0 +1,7 @@
+name: "test-nik2"
+type: "ecr" # basic
+endpoint: "123456.dkr.ecr.us-west-1.amazonaws.com"
+is_private: true
+credential_type: "sts"
+arn: "arn:aws:iam::123456:role/stage-demo-ecr"
+external_id: "sjoinjioinM="

examples/config/registry/registry-dev-2.yaml

@@ -0,0 +1,7 @@
+name: "test-nik3"
+type: "ecr" # basic
+endpoint: "123456.dkr.ecr.us-west-1.amazonaws.com"
+is_private: true
+credential_type: "sts"
+arn: "arn:aws:iam::123456:role/stage-demo-ecr"
+external_id: "sjoinjoinM="

examples/mod_spectro_org.tf

@@ -1,5 +1,5 @@
 locals {
-  accounts_params = { ACCOUNT_DEV_NAME = "ehs-dev-030", ACCOUNT_PROD_NAME = "ehs-stg-004" }
+  accounts_params = { ACCOUNT_DEV_NAME = "dev-030", ACCOUNT_PROD_NAME = "prod-004" }
   bsl_params      = { BSL_NAME = "qa-sharma" }
   profile_params = {
     SPECTRO_REPO_URL       = "https://registry.spectrocloud.com",
@@ -41,13 +41,19 @@ module "SpectroOrg" {
     for k in fileset("config/project", "team-*.yaml") :
     trimsuffix(k, ".yaml") => yamldecode(templatefile("config/project/${k}", {}))
   }
+
+  registries = {
+    for k in fileset("config/registry", "registry-*.yaml") :
+    trimsuffix(k, ".yaml") => yamldecode(templatefile("config/registry/${k}", {}))
+  }
 }
 
 module "SpectroProject" {
+  depends_on = [module.SpectroOrg]
   source = "github.com/spectrocloud/terraform-spectrocloud-modules"
 
   clusters = {
     for k in fileset("config/cluster", "cluster-eks-*.yaml") :
-    trimsuffix(k, ".yaml") => yamldecode(templatefile("config/cluster/${k}", {}))
+    trimsuffix(k, ".yaml") => yamldecode(templatefile("config/cluster/${k}", local.accounts_params))
   }
 }

spectro-profile.tf

@@ -37,7 +37,6 @@ locals {
     v.name => try(v.profiles.addons, [])
   }
 
-  packs = flatten([for v in var.profiles : [for vv in v.packs : vv]])
   cluster_profile_pack_manifests = { for v in flatten([
     for v in var.profiles : [
       for p in v.packs : {
@@ -47,6 +46,24 @@ locals {
     ]
     ]) : v.name => v.value
   }
+
+  packs         = flatten([for v in var.profiles : [for vv in v.packs : vv if can(vv.version)]])
+  pack_names    = [for v in local.packs : v.name]
+  pack_versions = [for v in local.packs : v.version]
+
+  count     = length(local.pack_names)
+  pack_uids = [for index, v in local.packs : data.spectrocloud_pack.data_packs[index].id]
+  pack_mapping = zipmap(
+    [for i, v in local.packs : join("", [v.name, "-", v.version])],
+    [for v in local.pack_uids : v]
+  )
+}
+
+data "spectrocloud_pack" "data_packs" {
+  count = length(local.pack_names)
+
+  name    = local.pack_names[count.index]
+  version = local.pack_versions[count.index]
 }
 
 data "spectrocloud_cluster_profile" "this" {
@@ -68,6 +85,7 @@ resource "spectrocloud_cluster_profile" "profile_resource" {
       name   = pack.value.name
       type   = try(pack.value.type, "spectro")
       tag    = try(pack.value.version, "")
+      uid    = lookup(local.pack_mapping, join("", [pack.value.name, "-", try(pack.value.version, "")]), "uid")
       values = try(pack.value.values, "")
 
       dynamic "manifest" {

spectro-registry.tf

@@ -0,0 +1,13 @@
+resource "spectrocloud_registry_oci" "oci_registry" {
+  for_each = var.registries
+
+  name       = each.value.name
+  type       = each.value.type
+  endpoint   = each.value.endpoint
+  is_private = true
+  credentials {
+    credential_type = each.value.credential_type
+    arn             = each.value.arn
+    external_id     = each.value.external_id
+  }
+}

variables.tf

@@ -22,6 +22,11 @@ variable "teams" {
   default = {}
 }
 
+variable "registries" {
+  type    = map(any)
+  default = {}
+}
+
 variable "clusters" {
   default = {}
 }