wip: configurable terraform aws version

Author: rafatio

controllers/controlplane/kopscontrolplane_controller.go

@@ -95,6 +95,7 @@ type KopsControlPlaneReconciler struct {
 	Recorder                         record.EventRecorder
 	TfExecPath                       string
 	DryRun                           bool
+	AWSProviderVersion               string
 	GetKopsClientSetFactory          func(configBase string) (simple.Clientset, error)
 	BuildCloudFactory                func(*kopsapi.Cluster) (fi.Cloud, error)
 	PopulateClusterSpecFactory       func(ctx context.Context, kopsCluster *kopsapi.Cluster, kopsClientset simple.Clientset, cloud fi.Cloud) (*kopsapi.Cluster, error)
@@ -748,7 +749,12 @@ func (r *KopsControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		}
 
 		// This is needed because this is normally created, but when deleting we don't create the kops resources files
-		err = utils.CreateTerraformFilesFromTemplate("templates/provider.tf.tpl", "provider.tf", terraformOutputDir, nil)
+		providerData := struct {
+			Version string
+		}{
+			Version: r.AWSProviderVersion,
+		}
+		err = utils.CreateTerraformFilesFromTemplate("templates/provider.tf.tpl", "provider.tf", terraformOutputDir, providerData)
 		if err != nil {
 			return resultError, err
 		}
@@ -939,6 +945,14 @@ func (r *KopsControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return resultError, err
 	}
 
+	// Modify existing Terraform files to add AWS provider version constraint if specified
+	if r.AWSProviderVersion != "" {
+		err = utils.ModifyTerraformProviderVersion(terraformOutputDir, r.AWSProviderVersion)
+		if err != nil {
+			return resultError, err
+		}
+	}
+
 	// Only Apply resources if DryRun isn't set from command line
 	if r.DryRun {
 		reconciler.log.Info(fmt.Sprintf("planning Terraform for %s", kopsControlPlane.ObjectMeta.GetName()))

main.go

@@ -71,13 +71,15 @@ func main() {
 	var probeAddr string
 	var controllerClass string
 	var dryRun bool
+	var awsProviderVersion string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.StringVar(&controllerClass, "controller-class", "", "The name of the controller class to associate with the controller.")
 	flag.BoolVar(&dryRun, "dry-run", false, "Enable dry-run mode to plan without making actual changes.")
+	flag.StringVar(&awsProviderVersion, "aws-provider-version", "", "The version of the AWS provider to use in Terraform templates.")
 
 	opts := zap.Options{
 		Development: true,
@@ -162,6 +164,7 @@ func main() {
 		Recorder:                         recorder,
 		TfExecPath:                       tfExecPath,
 		DryRun:                           dryRun,
+		AWSProviderVersion:               awsProviderVersion,
 		GetKopsClientSetFactory:          utils.GetKopsClientset,
 		BuildCloudFactory:                utils.BuildCloud,
 		PopulateClusterSpecFactory:       controlplane.PopulateClusterSpec,

pkg/utils/terraform_utils.go

@@ -61,18 +61,49 @@ func CreateAdditionalTerraformFiles(tfFiles ...Template) error {
 	return nil
 }
 
+// ModifyTerraformProviderVersion modifies the existing Terraform files to add AWS provider version constraint
+func ModifyTerraformProviderVersion(terraformOutputDir, awsProviderVersion string) error {
+	kubernetesFile := terraformOutputDir + "/kubernetes.tf"
+
+	editor, err := hcledit.ReadFile(kubernetesFile)
+	if err != nil {
+		return fmt.Errorf("failed to read kubernetes.tf: %w", err)
+	}
+
+	cleanVersion := strings.Trim(awsProviderVersion, `"`)
+
+	err = editor.Update("terraform.required_providers.aws.version", fmt.Sprintf(`"%s"`, cleanVersion))
+	if err != nil {
+		return fmt.Errorf("failed to update AWS provider version: %w", err)
+	}
+
+	err = editor.OverWriteFile()
+	if err != nil {
+		return fmt.Errorf("failed to write modified kubernetes.tf: %w", err)
+	}
+
+	return nil
+}
+
 func initTerraform(ctx context.Context, workingDir, terraformExecPath string, credentials aws.Credentials) (*tfexec.Terraform, error) {
 	tf, err := tfexec.NewTerraform(workingDir, terraformExecPath)
 	if err != nil {
 		return nil, err
 	}
 
+	pluginCacheDir := fmt.Sprintf("%s/plugin-cache", filepath.Dir(terraformExecPath))
+
+	err = os.MkdirAll(pluginCacheDir, 0755)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create plugin cache directory: %w", err)
+	}
+
 	env := map[string]string{
 		"AWS_ACCESS_KEY_ID":     credentials.AccessKeyID,
 		"AWS_SECRET_ACCESS_KEY": credentials.SecretAccessKey,
 		"SPOTINST_TOKEN":        os.Getenv("SPOTINST_TOKEN"),
 		"SPOTINST_ACCOUNT":      os.Getenv("SPOTINST_ACCOUNT"),
-		"TF_PLUGIN_CACHE_DIR":   fmt.Sprintf("%s/plugin-cache", filepath.Dir(terraformExecPath)),
+		"TF_PLUGIN_CACHE_DIR":   pluginCacheDir,
 	}
 
 	// this overrides all ENVVARs that are passed to Terraform