From b183b972539fa9d39dc55c453d68a234fdb683b1 Mon Sep 17 00:00:00 2001
From: Daniel Piddock <33028589+dpiddockcmp@users.noreply.github.com>
Date: Wed, 6 May 2020 10:54:14 +0200
Subject: [PATCH] improvement: Remove dependency on external template provider
 (#854)

* Remove template_file for generating kubeconfig

Push logic from terraform down to the template. Makes the formatting
slightly easier to follow

* Remove template_file for generating userdata

Updates to the eks_cluster now do not trigger recreation of launch
configurations

* Remove template_file for LT userdata

* Remove template dependency
---
 README.md                  |   2 -
 data.tf                    | 212 ++++++++++++++++---------------------
 kubectl.tf                 |   2 +-
 outputs.tf                 |   6 +-
 templates/kubeconfig.tpl   |  16 ++-
 versions.tf                |   1 -
 workers.tf                 |   2 +-
 workers_launch_template.tf |   2 +-
 8 files changed, 108 insertions(+), 135 deletions(-)

diff --git a/README.md b/README.md
index 3d0743d..c4b751a 100644
--- a/README.md
+++ b/README.md
@@ -134,7 +134,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | local | >= 1.2 |
 | null | >= 2.1 |
 | random | >= 2.1 |
-| template | >= 2.1 |
 
 ## Providers
 
@@ -145,7 +144,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | local | >= 1.2 |
 | null | >= 2.1 |
 | random | >= 2.1 |
-| template | >= 2.1 |
 
 ## Inputs
 
diff --git a/data.tf b/data.tf
index bb5effd..e0dcc5e 100644
--- a/data.tf
+++ b/data.tf
@@ -66,138 +66,104 @@ data "aws_iam_policy_document" "cluster_assume_role_policy" {
   }
 }
 
-data "template_file" "kubeconfig" {
-  count    = var.create_eks ? 1 : 0
-  template = file("${path.module}/templates/kubeconfig.tpl")
+locals {
+  kubeconfig = var.create_eks ? templatefile("${path.module}/templates/kubeconfig.tpl", {
+    kubeconfig_name                   = local.kubeconfig_name
+    endpoint                          = aws_eks_cluster.this[0].endpoint
+    cluster_auth_base64               = aws_eks_cluster.this[0].certificate_authority[0].data
+    aws_authenticator_command         = var.kubeconfig_aws_authenticator_command
+    aws_authenticator_command_args    = length(var.kubeconfig_aws_authenticator_command_args) > 0 ? var.kubeconfig_aws_authenticator_command_args : ["token", "-i", aws_eks_cluster.this[0].name]
+    aws_authenticator_additional_args = var.kubeconfig_aws_authenticator_additional_args
+    aws_authenticator_env_variables   = var.kubeconfig_aws_authenticator_env_variables
+  }) : ""
 
-  vars = {
-    kubeconfig_name           = local.kubeconfig_name
-    endpoint                  = aws_eks_cluster.this[0].endpoint
-    cluster_auth_base64       = aws_eks_cluster.this[0].certificate_authority[0].data
-    aws_authenticator_command = var.kubeconfig_aws_authenticator_command
-    aws_authenticator_command_args = length(var.kubeconfig_aws_authenticator_command_args) > 0 ? "        - ${join(
-      "\n        - ",
-      var.kubeconfig_aws_authenticator_command_args,
-      )}" : "        - ${join(
-      "\n        - ",
-      formatlist("\"%s\"", ["token", "-i", aws_eks_cluster.this[0].name]),
-    )}"
-    aws_authenticator_additional_args = length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join(
-      "\n        - ",
-      var.kubeconfig_aws_authenticator_additional_args,
-    )}" : ""
-    aws_authenticator_env_variables = length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join(
-      "\n",
-      data.template_file.aws_authenticator_env_variables.*.rendered,
-    )}" : ""
-  }
-}
-
-data "template_file" "aws_authenticator_env_variables" {
-  count = length(var.kubeconfig_aws_authenticator_env_variables)
-
-  template = <<EOF
-        - name: $${key}
-          value: $${value}
-EOF
-
-
-  vars = {
-    value = values(var.kubeconfig_aws_authenticator_env_variables)[count.index]
-    key   = keys(var.kubeconfig_aws_authenticator_env_variables)[count.index]
-  }
-}
-
-data "template_file" "userdata" {
-  count = var.create_eks ? local.worker_group_count : 0
-  template = lookup(
-    var.worker_groups[count.index],
-    "userdata_template_file",
-    file(
-      lookup(var.worker_groups[count.index], "platform", local.workers_group_defaults["platform"]) == "windows"
+  userdata = [for worker in var.worker_groups : templatefile(
+    lookup(
+      worker,
+      "userdata_template_file",
+      lookup(worker, "platform", local.workers_group_defaults["platform"]) == "windows"
       ? "${path.module}/templates/userdata_windows.tpl"
       : "${path.module}/templates/userdata.sh.tpl"
+    ),
+    merge(
+      {
+        platform            = lookup(worker, "platform", local.workers_group_defaults["platform"])
+        cluster_name        = aws_eks_cluster.this[0].name
+        endpoint            = aws_eks_cluster.this[0].endpoint
+        cluster_auth_base64 = aws_eks_cluster.this[0].certificate_authority[0].data
+        pre_userdata = lookup(
+          worker,
+          "pre_userdata",
+          local.workers_group_defaults["pre_userdata"],
+        )
+        additional_userdata = lookup(
+          worker,
+          "additional_userdata",
+          local.workers_group_defaults["additional_userdata"],
+        )
+        bootstrap_extra_args = lookup(
+          worker,
+          "bootstrap_extra_args",
+          local.workers_group_defaults["bootstrap_extra_args"],
+        )
+        kubelet_extra_args = lookup(
+          worker,
+          "kubelet_extra_args",
+          local.workers_group_defaults["kubelet_extra_args"],
+        )
+      },
+      lookup(
+        worker,
+        "userdata_template_extra_args",
+        local.workers_group_defaults["userdata_template_extra_args"]
+      )
     )
-  )
+    ) if var.create_eks
+  ]
 
-  vars = merge({
-    platform            = lookup(var.worker_groups[count.index], "platform", local.workers_group_defaults["platform"])
-    cluster_name        = aws_eks_cluster.this[0].name
-    endpoint            = aws_eks_cluster.this[0].endpoint
-    cluster_auth_base64 = aws_eks_cluster.this[0].certificate_authority[0].data
-    pre_userdata = lookup(
-      var.worker_groups[count.index],
-      "pre_userdata",
-      local.workers_group_defaults["pre_userdata"],
-    )
-    additional_userdata = lookup(
-      var.worker_groups[count.index],
-      "additional_userdata",
-      local.workers_group_defaults["additional_userdata"],
-    )
-    bootstrap_extra_args = lookup(
-      var.worker_groups[count.index],
-      "bootstrap_extra_args",
-      local.workers_group_defaults["bootstrap_extra_args"],
-    )
-    kubelet_extra_args = lookup(
-      var.worker_groups[count.index],
-      "kubelet_extra_args",
-      local.workers_group_defaults["kubelet_extra_args"],
-    )
-    },
+  launch_template_userdata = [for worker in var.worker_groups_launch_template : templatefile(
     lookup(
-      var.worker_groups[count.index],
-      "userdata_template_extra_args",
-      local.workers_group_defaults["userdata_template_extra_args"]
-    )
-  )
-}
-
-data "template_file" "launch_template_userdata" {
-  count = var.create_eks ? local.worker_group_launch_template_count : 0
-  template = lookup(
-    var.worker_groups_launch_template[count.index],
-    "userdata_template_file",
-    file(
-      lookup(var.worker_groups_launch_template[count.index], "platform", local.workers_group_defaults["platform"]) == "windows"
+      worker,
+      "userdata_template_file",
+      lookup(worker, "platform", local.workers_group_defaults["platform"]) == "windows"
       ? "${path.module}/templates/userdata_windows.tpl"
       : "${path.module}/templates/userdata.sh.tpl"
+    ),
+    merge(
+      {
+        platform            = lookup(worker, "platform", local.workers_group_defaults["platform"])
+        cluster_name        = aws_eks_cluster.this[0].name
+        endpoint            = aws_eks_cluster.this[0].endpoint
+        cluster_auth_base64 = aws_eks_cluster.this[0].certificate_authority[0].data
+        pre_userdata = lookup(
+          worker,
+          "pre_userdata",
+          local.workers_group_defaults["pre_userdata"],
+        )
+        additional_userdata = lookup(
+          worker,
+          "additional_userdata",
+          local.workers_group_defaults["additional_userdata"],
+        )
+        bootstrap_extra_args = lookup(
+          worker,
+          "bootstrap_extra_args",
+          local.workers_group_defaults["bootstrap_extra_args"],
+        )
+        kubelet_extra_args = lookup(
+          worker,
+          "kubelet_extra_args",
+          local.workers_group_defaults["kubelet_extra_args"],
+        )
+      },
+      lookup(
+        worker,
+        "userdata_template_extra_args",
+        local.workers_group_defaults["userdata_template_extra_args"]
+      )
     )
-  )
-
-  vars = merge({
-    platform            = lookup(var.worker_groups_launch_template[count.index], "platform", local.workers_group_defaults["platform"])
-    cluster_name        = aws_eks_cluster.this[0].name
-    endpoint            = aws_eks_cluster.this[0].endpoint
-    cluster_auth_base64 = aws_eks_cluster.this[0].certificate_authority[0].data
-    pre_userdata = lookup(
-      var.worker_groups_launch_template[count.index],
-      "pre_userdata",
-      local.workers_group_defaults["pre_userdata"],
-    )
-    additional_userdata = lookup(
-      var.worker_groups_launch_template[count.index],
-      "additional_userdata",
-      local.workers_group_defaults["additional_userdata"],
-    )
-    bootstrap_extra_args = lookup(
-      var.worker_groups_launch_template[count.index],
-      "bootstrap_extra_args",
-      local.workers_group_defaults["bootstrap_extra_args"],
-    )
-    kubelet_extra_args = lookup(
-      var.worker_groups_launch_template[count.index],
-      "kubelet_extra_args",
-      local.workers_group_defaults["kubelet_extra_args"],
-    )
-    },
-    lookup(
-      var.worker_groups_launch_template[count.index],
-      "userdata_template_extra_args",
-      local.workers_group_defaults["userdata_template_extra_args"]
-    )
-  )
+    ) if var.create_eks
+  ]
 }
 
 data "aws_iam_role" "custom_cluster_iam_role" {
diff --git a/kubectl.tf b/kubectl.tf
index 56aba1f..1e66070 100644
--- a/kubectl.tf
+++ b/kubectl.tf
@@ -1,5 +1,5 @@
 resource "local_file" "kubeconfig" {
   count    = var.write_kubeconfig && var.create_eks ? 1 : 0
-  content  = data.template_file.kubeconfig[0].rendered
+  content  = local.kubeconfig
   filename = substr(var.config_output_path, -1, 1) == "/" ? "${var.config_output_path}kubeconfig_${var.cluster_name}" : var.config_output_path
 }
diff --git a/outputs.tf b/outputs.tf
index 9a6e403..8ec702f 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -60,7 +60,7 @@ output "cloudwatch_log_group_name" {
 
 output "kubeconfig" {
   description = "kubectl config file contents for this EKS cluster."
-  value       = concat(data.template_file.kubeconfig[*].rendered, [""])[0]
+  value       = local.kubeconfig
 }
 
 output "kubeconfig_filename" {
@@ -92,8 +92,8 @@ output "workers_asg_names" {
 output "workers_user_data" {
   description = "User data of worker groups"
   value = concat(
-    data.template_file.userdata.*.rendered,
-    data.template_file.launch_template_userdata.*.rendered,
+    local.userdata,
+    local.launch_template_userdata,
   )
 }
 
diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl
index 1696391..ad1beec 100644
--- a/templates/kubeconfig.tpl
+++ b/templates/kubeconfig.tpl
@@ -23,6 +23,16 @@ users:
       apiVersion: client.authentication.k8s.io/v1alpha1
       command: ${aws_authenticator_command}
       args:
-${aws_authenticator_command_args}
-${aws_authenticator_additional_args}
-${aws_authenticator_env_variables}
+%{~ for i in aws_authenticator_command_args }
+        - "${i}"
+%{~ endfor ~}
+%{ for i in aws_authenticator_additional_args }
+        - ${i}
+%{~ endfor ~}
+%{ if length(aws_authenticator_env_variables) > 0 }
+      env:
+  %{~ for k, v in aws_authenticator_env_variables ~}
+        - name: ${k}
+          value: ${v}
+  %{~ endfor ~}
+%{ endif ~}
diff --git a/versions.tf b/versions.tf
index fd052bb..e5c8ce6 100644
--- a/versions.tf
+++ b/versions.tf
@@ -5,7 +5,6 @@ terraform {
     aws        = ">= 2.52.0"
     local      = ">= 1.2"
     null       = ">= 2.1"
-    template   = ">= 2.1"
     random     = ">= 2.1"
     kubernetes = ">= 1.11.1"
   }
diff --git a/workers.tf b/workers.tf
index 2eed088..a1908b7 100644
--- a/workers.tf
+++ b/workers.tf
@@ -170,7 +170,7 @@ resource "aws_launch_configuration" "workers" {
     "key_name",
     local.workers_group_defaults["key_name"],
   )
-  user_data_base64 = base64encode(data.template_file.userdata.*.rendered[count.index])
+  user_data_base64 = base64encode(local.userdata[count.index])
   ebs_optimized = lookup(
     var.worker_groups[count.index],
     "ebs_optimized",
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
index 947bd19..ebc997e 100644
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -262,7 +262,7 @@ resource "aws_launch_template" "workers_launch_template" {
     local.workers_group_defaults["key_name"],
   )
   user_data = base64encode(
-    data.template_file.launch_template_userdata.*.rendered[count.index],
+    local.launch_template_userdata[count.index],
   )
 
   ebs_optimized = lookup(