From e6d9279da9d5396d7c4dd4c4172ddbf95bdbd674 Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Wed, 3 Jan 2024 14:31:14 +0100
Subject: [PATCH 1/3] Fix deprecated attributes in new provider versions

 * aws_vpc replace vpc with domain attribute
 * azuread_service_principal rename application_id to client_id
 * gke node_config refactor taints to be in block format
---
 aws/_modules/eks/vpc.tf                    |  2 +-
 azurerm/_modules/aks/service_principal.tf  |  2 +-
 google/_modules/gke/node_pool/main.tf      | 10 +++++++++-
 google/_modules/gke/node_pool/variables.tf | 10 +++++++---
 google/cluster/node-pool/configuration.tf  |  2 +-
 google/cluster/node-pool/main.tf           |  2 +-
 google/cluster/node-pool/variables.tf      |  2 +-
 7 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/aws/_modules/eks/vpc.tf b/aws/_modules/eks/vpc.tf
index b52c36e7..1d3dfde7 100644
--- a/aws/_modules/eks/vpc.tf
+++ b/aws/_modules/eks/vpc.tf
@@ -40,7 +40,7 @@ resource "aws_eip" "nat_gw" {
 
   tags = local.eks_metadata_tags
 
-  vpc = true
+  domain = "vpc"
 }
 
 resource "aws_nat_gateway" "current" {
diff --git a/azurerm/_modules/aks/service_principal.tf b/azurerm/_modules/aks/service_principal.tf
index 13429595..4dec3756 100644
--- a/azurerm/_modules/aks/service_principal.tf
+++ b/azurerm/_modules/aks/service_principal.tf
@@ -7,7 +7,7 @@ resource "azuread_application" "current" {
 resource "azuread_service_principal" "current" {
   count = var.disable_managed_identities == true ? 1 : 0
 
-  application_id = azuread_application.current[0].application_id
+  client_id = azuread_application.current[0].client_id
 }
 
 resource "azuread_service_principal_password" "current" {
diff --git a/google/_modules/gke/node_pool/main.tf b/google/_modules/gke/node_pool/main.tf
index ae2c6f47..33502341 100644
--- a/google/_modules/gke/node_pool/main.tf
+++ b/google/_modules/gke/node_pool/main.tf
@@ -49,7 +49,15 @@ resource "google_container_node_pool" "current" {
       }
     }
 
-    taint = var.taint
+    dynamic "taint" {
+      for_each = var.taints == null ? [] : var.taints
+
+      content {
+        key    = taint.key
+        value  = taint.value
+        effect = taint.effect
+      }
+    }
   }
 
   management {
diff --git a/google/_modules/gke/node_pool/variables.tf b/google/_modules/gke/node_pool/variables.tf
index 397ad6d0..154bee34 100644
--- a/google/_modules/gke/node_pool/variables.tf
+++ b/google/_modules/gke/node_pool/variables.tf
@@ -109,10 +109,14 @@ variable "node_workload_metadata_config" {
   type        = string
 }
 
-variable "taint" {
+variable "taints" {
+  type = set(object({
+    key    = string
+    value  = string
+    effect = string
+  }))
   description = "Taints to configure for the node pool."
-  type        = list(any)
-  default     = []
+  default     = null
 }
 
 variable "node_locations" {
diff --git a/google/cluster/node-pool/configuration.tf b/google/cluster/node-pool/configuration.tf
index 91f66c7a..c12077dc 100644
--- a/google/cluster/node-pool/configuration.tf
+++ b/google/cluster/node-pool/configuration.tf
@@ -30,7 +30,7 @@ locals {
   auto_repair  = local.cfg["auto_repair"] != null ? local.cfg["auto_repair"] : true
   auto_upgrade = local.cfg["auto_upgrade"] != null ? local.cfg["auto_upgrade"] : true
 
-  taint = local.cfg["taint"]
+  taints = local.cfg["taints"]
 
   extra_oauth_scopes = local.cfg["extra_oauth_scopes"] != null ? local.cfg["extra_oauth_scopes"] : []
 
diff --git a/google/cluster/node-pool/main.tf b/google/cluster/node-pool/main.tf
index 8d13f06d..399eb1f1 100644
--- a/google/cluster/node-pool/main.tf
+++ b/google/cluster/node-pool/main.tf
@@ -30,7 +30,7 @@ module "node_pool" {
 
   node_workload_metadata_config = local.node_workload_metadata_config
 
-  taint = local.taint
+  taints = local.taints
 
   service_account_email                 = local.service_account_email
   disable_per_node_pool_service_account = local.service_account_email == null ? false : true
diff --git a/google/cluster/node-pool/variables.tf b/google/cluster/node-pool/variables.tf
index 68ec579d..2dc62dea 100644
--- a/google/cluster/node-pool/variables.tf
+++ b/google/cluster/node-pool/variables.tf
@@ -21,7 +21,7 @@ variable "configuration" {
     auto_repair  = optional(bool)
     auto_upgrade = optional(bool)
 
-    taint = optional(set(object({
+    taints = optional(set(object({
       key    = string
       value  = string
       effect = string

From b2b9db2bb3cd81920ffe377f8724a24d3fc8a332 Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Thu, 4 Jan 2024 13:56:48 +0100
Subject: [PATCH 2/3] Update cosign installer to fix download error

---
 .github/workflows/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 54e56d67..cf1b88f4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -68,7 +68,7 @@ jobs:
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 #v3.0.2
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
 
     - name: 'Setup buildx'
       uses: docker/setup-buildx-action@v2
@@ -216,7 +216,7 @@ jobs:
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 #v3.0.2
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
 
     - name: 'Docker login'
       uses: docker/login-action@v2
@@ -256,8 +256,8 @@ jobs:
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 #v3.0.2
-    
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
+
     - id: 'auth'
       uses: 'google-github-actions/auth@v1'
       with:

From 38d20df33de4f515effb03b3b2705363c9a2c20f Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Thu, 4 Jan 2024 14:42:29 +0100
Subject: [PATCH 3/3] Fix EKS release version handle null default correctly

---
 aws/_modules/eks/node_pool/launch_template.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/_modules/eks/node_pool/launch_template.tf b/aws/_modules/eks/node_pool/launch_template.tf
index 77bd5c01..a7ac8e86 100644
--- a/aws/_modules/eks/node_pool/launch_template.tf
+++ b/aws/_modules/eks/node_pool/launch_template.tf
@@ -9,7 +9,7 @@ locals {
   is_gpu             = length(data.aws_ec2_instance_type.current.gpus) > 0
   ami_name           = local.is_gpu ? "amazon-linux-2-gpu" : local.cpu_ami_name
   ami_release_prefix = local.is_gpu ? "amazon-eks-gpu-node" : "amazon-eks-node"
-  ami_release_date   = split("-", var.ami_release_version)[1]
+  ami_release_date   = var.ami_release_version == null ? "" : split("-", var.ami_release_version)[1]
   ami_release_name   = var.ami_release_version == null ? "recommended" : "${local.ami_release_prefix}-${var.kubernetes_version}-v${local.ami_release_date}"
 }