From 27ebd6f58bf785b126cc8a64db1d1bc9583b49ba Mon Sep 17 00:00:00 2001
From: Jim Enright <jenright@cloudera.com>
Date: Tue, 27 Aug 2024 09:29:21 +0100
Subject: [PATCH] Pin to release 0.8.0 of modules (#40)

Signed-off-by: Jim Enright <jenright@cloudera.com>
---
 aws/main.tf   | 25 ++++++++++++++++++++-----
 azure/main.tf |  4 ++--
 gcp/main.tf   |  4 ++--
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/aws/main.tf b/aws/main.tf
index 88ab525..24d2bf2 100644
--- a/aws/main.tf
+++ b/aws/main.tf
@@ -47,7 +47,7 @@ provider "aws" {
 }
 
 module "cdp_aws_prereqs" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-aws-pre-reqs?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-aws-pre-reqs?ref=v0.8.0"
 
   env_prefix = var.env_prefix
   aws_region = var.aws_region
@@ -56,8 +56,23 @@ module "cdp_aws_prereqs" {
   ingress_extra_cidrs_and_ports = local.ingress_extra_cidrs_and_ports
 
   # Using CDP TF Provider cred pre-reqs data source for values of xaccount account_id and external_id
-  xaccount_account_id  = data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.account_id
-  xaccount_external_id = data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.external_id
+  xaccount_account_id         = data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.account_id
+  xaccount_external_id        = data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.external_id
+  xaccount_account_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policy)
+
+  # Policy documents from CDP TF Provider cred pre-reqs
+  idbroker_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Idbroker_Assumer"])
+
+  data_bucket_access_policy_doc   = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Bucket_Access"])
+  log_bucket_access_policy_doc    = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Bucket_Access"])
+  backup_bucket_access_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Bucket_Access"])
+
+  datalake_admin_s3_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Datalake_Admin"])
+  datalake_backup_policy_doc   = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Datalake_Backup"])
+  datalake_restore_policy_doc  = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Datalake_Restore"])
+
+  log_data_access_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Log_Policy"])
+  ranger_audit_s3_policy_doc = base64decode(data.cdp_environments_aws_credential_prerequisites.cdp_prereqs.policies["Ranger_Audit"])
 
   # Inputs for BYO-VPC
   create_vpc             = var.create_vpc
@@ -75,7 +90,7 @@ module "cdp_aws_prereqs" {
 }
 
 module "cdp_deploy" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.8.0"
 
   env_prefix          = var.env_prefix
   infra_type          = "aws"
@@ -117,7 +132,7 @@ module "cdp_deploy" {
   ]
 }
 
-# Use the CDP Terraform Provider to find the xaccount account and external ids 
+# Use the CDP Terraform Provider to find the xaccount account, external ids and policy contents
 data "cdp_environments_aws_credential_prerequisites" "cdp_prereqs" {}
 
 
diff --git a/azure/main.tf b/azure/main.tf
index d4813cf..d085f43 100644
--- a/azure/main.tf
+++ b/azure/main.tf
@@ -55,7 +55,7 @@ provider "azuread" {
 }
 
 module "cdp_azure_prereqs" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-azure-pre-reqs?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-azure-pre-reqs?ref=v0.8.0"
 
   env_prefix   = var.env_prefix
   azure_region = var.azure_region
@@ -76,7 +76,7 @@ module "cdp_azure_prereqs" {
 }
 
 module "cdp_deploy" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.8.0"
 
   env_prefix          = var.env_prefix
   infra_type          = "azure"
diff --git a/gcp/main.tf b/gcp/main.tf
index e858da3..05a1029 100755
--- a/gcp/main.tf
+++ b/gcp/main.tf
@@ -45,7 +45,7 @@ provider "google" {
 
 
 module "cdp_gcp_prereqs" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-gcp-pre-reqs?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-gcp-pre-reqs?ref=v0.8.0"
 
   env_prefix = var.env_prefix
   gcp_region = var.gcp_region
@@ -62,7 +62,7 @@ module "cdp_gcp_prereqs" {
 }
 
 module "cdp_deploy" {
-  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.7.4"
+  source = "git::https://github.com/cloudera-labs/terraform-cdp-modules.git//modules/terraform-cdp-deploy?ref=v0.8.0"
 
   env_prefix          = var.env_prefix
   infra_type          = "gcp"