Change credential prerequisites to mandatory input variables

cloudera-labs · Jul 21, 2023 · 6334c79 · 6334c79
1 parent ccd370d
commit 6334c79
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 17 deletions.
diff --git a/modules/terraform-cdp-aws-pre-reqs/data.tf b/modules/terraform-cdp-aws-pre-reqs/data.tf
@@ -70,6 +70,3 @@ data "http" "datalake_backup_policy_doc" {
 data "http" "datalake_restore_policy_doc" {
   url = "https://raw.githubusercontent.com/hortonworks/cloudbreak/master/cloud-aws-cloudformation/src/main/resources/definitions/aws-datalake-restore-policy.json"
 }
-
-# Lookup the CDP control plane account and external ids
-data "cdp_environments_aws_credential_prerequisites" "cdp_prereqs" {}
diff --git a/modules/terraform-cdp-aws-pre-reqs/defaults.tf b/modules/terraform-cdp-aws-pre-reqs/defaults.tf
@@ -172,10 +172,6 @@ locals {
   # ------- Roles -------
   xaccount_role_name = coalesce(var.xaccount_role_name, "${var.env_prefix}-xaccount-role")
 
-  xaccount_account_id = coalesce(var.xaccount_account_id, var.lookup_cdp_account_ids ? data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.account_id : null)
-
-  xaccount_external_id = coalesce(var.xaccount_external_id, var.lookup_cdp_account_ids ? data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.external_id : null)
-
   idbroker_role_name = coalesce(var.idbroker_role_name, "${var.env_prefix}-idbroker-role")
 
   log_role_name = coalesce(var.log_role_name, "${var.env_prefix}-logs-role")

diff --git a/modules/terraform-cdp-aws-pre-reqs/main.tf b/modules/terraform-cdp-aws-pre-reqs/main.tf
@@ -282,14 +282,14 @@ data "aws_iam_policy_document" "cdp_xaccount_role_policy_doc" {
 
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::${local.xaccount_account_id}:root"]
+      identifiers = ["arn:aws:iam::${var.xaccount_account_id}:root"]
     }
 
     condition {
       test     = "StringEquals"
       variable = "sts:ExternalId"
 
-      values = [local.xaccount_external_id]
+      values = [var.xaccount_external_id]
     }
   }
 }

diff --git a/modules/terraform-cdp-aws-pre-reqs/variables.tf b/modules/terraform-cdp-aws-pre-reqs/variables.tf
@@ -79,14 +79,6 @@ variable "deployment_template" {
   }
 }
 
-variable "lookup_cdp_account_ids" {
-  type = bool
-
-  description = "Auto lookup CDP Account and External ID using CDP CLI commands. If false then the xaccount_account_id and xaccount_external_id input variables need to be specified"
-
-  default = true
-}
-
 # variable "enable_raz" {
 #   type = bool