From 6334c7944e021bf8e3f3e3eccdfa99625fdb6efd Mon Sep 17 00:00:00 2001
From: Balazs Gaspar <balazs@cloudera.com>
Date: Fri, 21 Jul 2023 13:36:53 +0200
Subject: [PATCH] Change credential prerequisites to mandatory input variables

---
 modules/terraform-cdp-aws-pre-reqs/data.tf      | 3 ---
 modules/terraform-cdp-aws-pre-reqs/defaults.tf  | 4 ----
 modules/terraform-cdp-aws-pre-reqs/main.tf      | 4 ++--
 modules/terraform-cdp-aws-pre-reqs/variables.tf | 8 --------
 4 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/modules/terraform-cdp-aws-pre-reqs/data.tf b/modules/terraform-cdp-aws-pre-reqs/data.tf
index 0af1230..5378414 100644
--- a/modules/terraform-cdp-aws-pre-reqs/data.tf
+++ b/modules/terraform-cdp-aws-pre-reqs/data.tf
@@ -70,6 +70,3 @@ data "http" "datalake_backup_policy_doc" {
 data "http" "datalake_restore_policy_doc" {
   url = "https://raw.githubusercontent.com/hortonworks/cloudbreak/master/cloud-aws-cloudformation/src/main/resources/definitions/aws-datalake-restore-policy.json"
 }
-
-# Lookup the CDP control plane account and external ids
-data "cdp_environments_aws_credential_prerequisites" "cdp_prereqs" {}
diff --git a/modules/terraform-cdp-aws-pre-reqs/defaults.tf b/modules/terraform-cdp-aws-pre-reqs/defaults.tf
index 362561e..00707d8 100644
--- a/modules/terraform-cdp-aws-pre-reqs/defaults.tf
+++ b/modules/terraform-cdp-aws-pre-reqs/defaults.tf
@@ -172,10 +172,6 @@ locals {
   # ------- Roles -------
   xaccount_role_name = coalesce(var.xaccount_role_name, "${var.env_prefix}-xaccount-role")
 
-  xaccount_account_id = coalesce(var.xaccount_account_id, var.lookup_cdp_account_ids ? data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.account_id : null)
-
-  xaccount_external_id = coalesce(var.xaccount_external_id, var.lookup_cdp_account_ids ? data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.external_id : null)
-
   idbroker_role_name = coalesce(var.idbroker_role_name, "${var.env_prefix}-idbroker-role")
 
   log_role_name = coalesce(var.log_role_name, "${var.env_prefix}-logs-role")
diff --git a/modules/terraform-cdp-aws-pre-reqs/main.tf b/modules/terraform-cdp-aws-pre-reqs/main.tf
index 2c75f4f..65266fe 100644
--- a/modules/terraform-cdp-aws-pre-reqs/main.tf
+++ b/modules/terraform-cdp-aws-pre-reqs/main.tf
@@ -282,14 +282,14 @@ data "aws_iam_policy_document" "cdp_xaccount_role_policy_doc" {
 
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::${local.xaccount_account_id}:root"]
+      identifiers = ["arn:aws:iam::${var.xaccount_account_id}:root"]
     }
 
     condition {
       test     = "StringEquals"
       variable = "sts:ExternalId"
 
-      values = [local.xaccount_external_id]
+      values = [var.xaccount_external_id]
     }
   }
 }
diff --git a/modules/terraform-cdp-aws-pre-reqs/variables.tf b/modules/terraform-cdp-aws-pre-reqs/variables.tf
index 0d67cb1..83f3ad4 100644
--- a/modules/terraform-cdp-aws-pre-reqs/variables.tf
+++ b/modules/terraform-cdp-aws-pre-reqs/variables.tf
@@ -79,14 +79,6 @@ variable "deployment_template" {
   }
 }
 
-variable "lookup_cdp_account_ids" {
-  type = bool
-
-  description = "Auto lookup CDP Account and External ID using CDP CLI commands. If false then the xaccount_account_id and xaccount_external_id input variables need to be specified"
-
-  default = true
-}
-
 # variable "enable_raz" {
 #   type = bool