chore(azure)!: simplify metrics_storage object structure

camptocamp · Apr 2, 2023 · 9c999d2 · 9c999d2
1 parent 36eba4a
commit 9c999d2
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 19 deletions.
diff --git a/aks/extra-variables.tf b/aks/extra-variables.tf
@@ -3,20 +3,12 @@ variable "metrics_storage" {
   type = object({
     container       = string
     storage_account = string
-    use_managed_identity = object({
-      enabled      = bool
-      node_rg_name = optional(string, null)
-    })
+    managed_identity_node_rg_name = optional(string, null)
     storage_account_key = optional(string, null)
   })
 
   validation {
-    condition     = var.metrics_storage.use_managed_identity.enabled == (var.metrics_storage.storage_account_key == null)
-    error_message = "Setting storage_account_key and using a managed identity are mutually exclusive."
-  }
-
-  validation {
-    condition     = var.metrics_storage.use_managed_identity.enabled == (var.metrics_storage.use_managed_identity.node_rg_name != null)
-    error_message = "use_managed_identity.node_rg_name must only be set when using a managed identity."
+    condition     = (var.metrics_storage.managed_identity_node_rg_name == null) != (var.metrics_storage.storage_account_key == null)
+    error_message = "You must set one (and only one) of these attributes: managed_identity_node_rg_name, storage_account_key."
   }
 }
diff --git a/aks/locals.tf b/aks/locals.tf
@@ -1,7 +1,9 @@
 locals {
+  use_managed_identity = var.metrics_storage.managed_identity_node_rg_name != null
+
   helm_values = [{
     # TODO check possible single merge call
-    thanos = merge(var.metrics_storage.use_managed_identity.enabled ? {
+    thanos = merge(local.use_managed_identity ? {
       commonLabels = {
         aadpodidbinding = "thanos"
       }
@@ -11,12 +13,12 @@ locals {
         config = merge({
           container       = var.metrics_storage.container
           storage_account = var.metrics_storage.storage_account
-          }, var.metrics_storage.use_managed_identity.enabled ? null : {
+          }, local.use_managed_identity ? null : {
           storage_account_key = var.metrics_storage.storage_account_key
         })
       }
     })
-    }, var.metrics_storage.use_managed_identity.enabled ? {
+    }, local.use_managed_identity ? {
     azureIdentity = {
       resourceID = azurerm_user_assigned_identity.thanos[0].id
       clientID   = azurerm_user_assigned_identity.thanos[0].client_id

diff --git a/aks/main.tf b/aks/main.tf
@@ -1,26 +1,26 @@
 data "azurerm_resource_group" "node" {
-  count = var.metrics_storage.use_managed_identity.enabled ? 1 : 0
+  count = local.use_managed_identity ? 1 : 0
 
-  name = var.metrics_storage.use_managed_identity.node_rg_name
+  name = var.metrics_storage.managed_identity_node_rg_name
 }
 
 data "azurerm_storage_container" "container" {
-  count = var.metrics_storage.use_managed_identity.enabled ? 1 : 0
+  count = local.use_managed_identity ? 1 : 0
 
   name                 = var.metrics_storage.container
   storage_account_name = var.metrics_storage.storage_account
 }
 
 resource "azurerm_user_assigned_identity" "thanos" {
-  count = var.metrics_storage.use_managed_identity.enabled ? 1 : 0
+  count = local.use_managed_identity ? 1 : 0
 
   resource_group_name = data.azurerm_resource_group.node[0].name
   location            = data.azurerm_resource_group.node[0].location
   name                = "thanos"
 }
 
 resource "azurerm_role_assignment" "contributor" {
-  count = var.metrics_storage.use_managed_identity.enabled ? 1 : 0
+  count = local.use_managed_identity ? 1 : 0
 
   scope                = data.azurerm_storage_container.container[0].resource_manager_id
   role_definition_name = "Storage Blob Data Contributor"