refactor: remove unnecessary configuration for alb and capacity-provider

saumitra-dev · saumitra-dev · commit ca385dc9de3d · 2024-07-23T17:28:51.000+05:30
diff --git a/modules/alb/README.md b/modules/alb/README.md
@@ -31,7 +31,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | (Optional) If true, deletion of the load balancer will be disabled via the AWS API. | `bool` | `false` | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | (Optional) If true, the LB will be internal. | `bool` | `false` | no |
-| <a name="input_listeners"></a> [listeners](#input\_listeners) | Listeners to forward ALB ingress to desired Target Groups. | <pre>map(object({<br>    default_action = list(object({<br>      type                 = string<br>      target_group         = string<br>      authenticate_cognito = optional(any, null)<br>      authenticate_oidc    = optional(any, null)<br>      fixed_response       = optional(any, null)<br>      forward              = optional(any, null)<br>      order                = optional(number)<br>      redirect             = optional(any, null)<br>    }))<br>    alpn_policy           = optional(string)<br>    certificate_arn       = optional(string)<br>    mutual_authentication = optional(any, null)<br>    port                  = optional(number)<br>    protocol              = optional(string)<br>    ssl_policy            = optional(string)<br>    tags                  = optional(map(string), {})<br>  }))</pre> | n/a | yes |
+| <a name="input_listeners"></a> [listeners](#input\_listeners) | Listeners to forward ALB ingress to desired Target Groups. | <pre>map(object({<br>    default_action = list(object({<br>      type           = string<br>      target_group   = string<br>      fixed_response = optional(any, null)<br>      forward        = optional(any, null)<br>      order          = optional(number)<br>      redirect       = optional(any, null)<br>    }))<br>    alpn_policy     = optional(string)<br>    certificate_arn = optional(string)<br>    port            = optional(number)<br>    protocol        = optional(string)<br>    ssl_policy      = optional(string)<br>    tags            = optional(map(string), {})<br>  }))</pre> | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | (Optional) Name of the LB. | `string` | `""` | no |
 | <a name="input_preserve_host_header"></a> [preserve\_host\_header](#input\_preserve\_host\_header) | (Optional) Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. | `bool` | `false` | no |
 | <a name="input_security_groups_ids"></a> [security\_groups\_ids](#input\_security\_groups\_ids) | (Optional) List of security group IDs to assign to the LB. | `list(string)` | `[]` | no |
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
@@ -64,16 +64,6 @@ resource "aws_lb_listener" "this" {
   protocol        = each.value.protocol
   ssl_policy      = each.value.ssl_policy
 
-  dynamic "mutual_authentication" {
-    for_each = try(each.value.mutual_authentication, null) != null ? [1] : []
-
-    content {
-      mode                             = each.value.mutual_authentication.mode
-      trust_store_arn                  = each.value.mutual_authentication.trust_store_arn
-      ignore_client_certificate_expiry = try(each.value.mutual_authentication.ignore_client_certificate_expiry, null)
-    }
-  }
-
   dynamic "default_action" {
     for_each = each.value.default_action
     iterator = default_action
@@ -83,39 +73,6 @@ resource "aws_lb_listener" "this" {
       target_group_arn = aws_lb_target_group.this[default_action.value.target_group].arn
       order            = default_action.value.order
 
-      dynamic "authenticate_cognito" {
-        for_each = try(default_action.value.authenticate_cognito, null) != null ? [1] : []
-
-        content {
-          user_pool_arn                       = default_action.value.authenticate_cognito.user_pool_arn
-          user_pool_client_id                 = default_action.value.authenticate_cognito.user_pool_client_id
-          user_pool_domain                    = default_action.value.authenticate_cognito.user_pool_domain
-          authentication_request_extra_params = try(default_action.value.authenticate_cognito.authentication_request_extra_params, null)
-          on_unauthenticated_request          = try(default_action.value.authenticate_cognito.on_unauthenticated_request, null)
-          scope                               = try(default_action.value.authenticate_cognito.scope, null)
-          session_cookie_name                 = try(default_action.value.authenticate_cognito.session_cookie_name, null)
-          session_timeout                     = try(default_action.value.authenticate_cognito.session_timeout, null)
-        }
-      }
-
-      dynamic "authenticate_oidc" {
-        for_each = try(default_action.value.authenticate_oidc, null) != null ? [1] : []
-
-        content {
-          authorization_endpoint              = default_action.value.authenticate_oidc.authorization_endpoint
-          client_id                           = default_action.value.authenticate_oidc.client_id
-          client_secret                       = default_action.value.authenticate_oidc.client_secret
-          issuer                              = default_action.value.authenticate_oidc.issuer
-          token_endpoint                      = default_action.value.authenticate_oidc.token_endpoint
-          user_info_endpoint                  = default_action.value.authenticate_oidc.user_info_endpoint
-          authentication_request_extra_params = try(default_action.value.authenticate_oidc.authentication_request_extra_params, null)
-          on_unauthenticated_request          = try(default_action.value.authenticate_oidc.on_unauthenticated_request, null)
-          scope                               = try(default_action.value.authenticate_oidc.scope, null)
-          session_cookie_name                 = try(default_action.value.authenticate_oidc.session_cookie_name, null)
-          session_timeout                     = try(default_action.value.authenticate_oidc.session_timeout, null)
-        }
-      }
-
       dynamic "fixed_response" {
         for_each = try(default_action.value.fixed_response, null) != null ? [1] : []
 
diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf
@@ -69,21 +69,18 @@ variable "listeners" {
   description = "Listeners to forward ALB ingress to desired Target Groups."
   type = map(object({
     default_action = list(object({
-      type                 = string
-      target_group         = string
-      authenticate_cognito = optional(any, null)
-      authenticate_oidc    = optional(any, null)
-      fixed_response       = optional(any, null)
-      forward              = optional(any, null)
-      order                = optional(number)
-      redirect             = optional(any, null)
+      type           = string
+      target_group   = string
+      fixed_response = optional(any, null)
+      forward        = optional(any, null)
+      order          = optional(number)
+      redirect       = optional(any, null)
     }))
-    alpn_policy           = optional(string)
-    certificate_arn       = optional(string)
-    mutual_authentication = optional(any, null)
-    port                  = optional(number)
-    protocol              = optional(string)
-    ssl_policy            = optional(string)
-    tags                  = optional(map(string), {})
+    alpn_policy     = optional(string)
+    certificate_arn = optional(string)
+    port            = optional(number)
+    protocol        = optional(string)
+    ssl_policy      = optional(string)
+    tags            = optional(map(string), {})
   }))
 }
diff --git a/modules/capacity-provider/README.md b/modules/capacity-provider/README.md
@@ -28,7 +28,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_capacity_providers"></a> [capacity\_providers](#input\_capacity\_providers) | Capacity Providers to associate with the ECS Cluster. | <pre>map(object({<br>    name                   = string<br>    auto_scaling_group_arn = optional(string)<br>    managed_scaling = optional(<br>      object({<br>        instance_warmup_period    = optional(number)<br>        status                    = optional(string)<br>        target_capacity           = optional(number)<br>        minimum_scaling_step_size = optional(number)<br>        maximum_scaling_step_size = optional(number)<br>      })<br>    )<br>    tags = optional(map(string), {})<br>  }))</pre> | `{}` | no |
+| <a name="input_capacity_providers"></a> [capacity\_providers](#input\_capacity\_providers) | Capacity Providers to associate with the ECS Cluster. | <pre>map(object({<br>    name                   = string<br>    auto_scaling_group_arn = optional(string)<br>    managed_scaling = optional(<br>      object({<br>        instance_warmup_period    = optional(number)<br>        status                    = optional(string)<br>        target_capacity           = optional(number)<br>        minimum_scaling_step_size = optional(number)<br>        maximum_scaling_step_size = optional(number)<br>      })<br>    )<br>    managed_termination_protection = optional(string, "ENABLED")<br>    tags                           = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_default_auto_scaling_group_arn"></a> [default\_auto\_scaling\_group\_arn](#input\_default\_auto\_scaling\_group\_arn) | ARN for this Auto Scaling Group. | `string` | n/a | yes |
 | <a name="input_default_capacity_provider_strategies"></a> [default\_capacity\_provider\_strategies](#input\_default\_capacity\_provider\_strategies) | (Optional) Set of capacity provider strategies to use by default for the cluster. | <pre>list(object({<br>    capacity_provider = string<br>    weight            = optional(number, 0)<br>    base              = optional(number, 0)<br>  }))</pre> | `[]` | no |
 | <a name="input_ecs_cluster_name"></a> [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | (Required) Name of the cluster. | `string` | n/a | yes |
diff --git a/modules/capacity-provider/main.tf b/modules/capacity-provider/main.tf
@@ -22,7 +22,7 @@ resource "aws_ecs_capacity_provider" "this" {
       }
     }
 
-    managed_termination_protection = "ENABLED"
+    managed_termination_protection = each.value.managed_termination_protection
   }
 
   tags = each.value.tags
diff --git a/modules/capacity-provider/variables.tf b/modules/capacity-provider/variables.tf
@@ -16,7 +16,8 @@ variable "capacity_providers" {
         maximum_scaling_step_size = optional(number)
       })
     )
-    tags = optional(map(string), {})
+    managed_termination_protection = optional(string, "ENABLED")
+    tags                           = optional(map(string), {})
   }))
   default = {}
 }

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ resource "aws_ecs_capacity_provider" "this" {`
`22`	`22`	`}`
`23`	`23`	`}`
`24`	`24`
`25`		`- managed_termination_protection = "ENABLED"`
	`25`	`+ managed_termination_protection = each.value.managed_termination_protection`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`tags = each.value.tags`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,8 @@ variable "capacity_providers" {`
`16`	`16`	`maximum_scaling_step_size = optional(number)`
`17`	`17`	`})`
`18`	`18`	`)`
`19`		`- tags = optional(map(string), {})`
	`19`	`+ managed_termination_protection = optional(string, "ENABLED")`
	`20`	`+ tags = optional(map(string), {})`
`20`	`21`	`}))`
`21`	`22`	`default = {}`
`22`	`23`	`}`