Add enabled var/option

* Add `enabled` var/option and generate (poorly named) cluster_id if not specified  (#3)

* Automated updates

Author: Nuru

README.md

@@ -80,12 +80,13 @@ Available targets:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin_iam_role_arn | IAM Role with admin permissions to map to `admin_k8s_username` | string | - | yes |
+| admin_iam_role_arn | IAM Role with admin permissions to map to `admin_k8s_username` | string | `` | no |
 | admin_k8s_groups | List of Kubernetes groups to be mapped to `admin_iam_role_arn` | list | `<list>` | no |
 | admin_k8s_username | Kubernetes admin username to be mapped to `admin_iam_role_arn` | string | `` | no |
-| cluster_id | A unique-per-cluster identifier to prevent replay attacks. Good choices are a random token or a domain name that will be unique to your cluster | string | - | yes |
-| kube_config_path | Path to the kube config file. Can be sourced from `KUBE_CONFIG` or `KUBECONFIG` | string | - | yes |
-| readonly_iam_role_arn | IAM Role with readonly permissions to map to `readonly_k8s_username` | string | - | yes |
+| cluster_id | A unique-per-cluster identifier to prevent replay attacks. Good choices are a random token or a domain name that will be unique to your cluster | string | `random` | no |
+| enabled | Set to true to enable the module, otherwise it will not create any resources | string | `false` | no |
+| kube_config_path | Path to the kube config file. Can be sourced from `KUBE_CONFIG` or `KUBECONFIG` | string | `` | no |
+| readonly_iam_role_arn | IAM Role with readonly permissions to map to `readonly_k8s_username` | string | `` | no |
 | readonly_k8s_groups | List of Kubernetes groups to be mapped to `readonly_iam_role_arn` | list | `<list>` | no |
 | readonly_k8s_username | Kubernetes readonly username to be mapped to `readonly_iam_role_arn` | string | `` | no |
 

docs/terraform.md

@@ -2,12 +2,13 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin_iam_role_arn | IAM Role with admin permissions to map to `admin_k8s_username` | string | - | yes |
+| admin_iam_role_arn | IAM Role with admin permissions to map to `admin_k8s_username` | string | `` | no |
 | admin_k8s_groups | List of Kubernetes groups to be mapped to `admin_iam_role_arn` | list | `<list>` | no |
 | admin_k8s_username | Kubernetes admin username to be mapped to `admin_iam_role_arn` | string | `` | no |
-| cluster_id | A unique-per-cluster identifier to prevent replay attacks. Good choices are a random token or a domain name that will be unique to your cluster | string | - | yes |
-| kube_config_path | Path to the kube config file. Can be sourced from `KUBE_CONFIG` or `KUBECONFIG` | string | - | yes |
-| readonly_iam_role_arn | IAM Role with readonly permissions to map to `readonly_k8s_username` | string | - | yes |
+| cluster_id | A unique-per-cluster identifier to prevent replay attacks. Good choices are a random token or a domain name that will be unique to your cluster | string | `random` | no |
+| enabled | Set to true to enable the module, otherwise it will not create any resources | string | `false` | no |
+| kube_config_path | Path to the kube config file. Can be sourced from `KUBE_CONFIG` or `KUBECONFIG` | string | `` | no |
+| readonly_iam_role_arn | IAM Role with readonly permissions to map to `readonly_k8s_username` | string | `` | no |
 | readonly_k8s_groups | List of Kubernetes groups to be mapped to `readonly_iam_role_arn` | list | `<list>` | no |
 | readonly_k8s_username | Kubernetes readonly username to be mapped to `readonly_iam_role_arn` | string | `` | no |
 

main.tf

@@ -1,8 +1,18 @@
+resource "random_pet" "cluster" {
+  count  = "${var.enabled == "true" ? 1 : 0}"
+  length = 4
+
+  keepers = {
+    admin_iam_role_arn    = "${var.admin_iam_role_arn}"
+    readonly_iam_role_arn = "${var.readonly_iam_role_arn}"
+  }
+}
+
 data "template_file" "config" {
   template = "${file("${path.module}/config.tpl")}"
 
   vars {
-    cluster_id            = "${var.cluster_id}"
+    cluster_id            = "${var.cluster_id == "random" ? element(concat(random_pet.cluster.*.id, list("")), 0) : var.cluster_id}"
     admin_iam_role_arn    = "${var.admin_iam_role_arn}"
     admin_k8s_username    = "${var.admin_k8s_username}"
     admin_k8s_groups      = "${jsonencode(var.admin_k8s_groups)}"
@@ -16,12 +26,14 @@ data "template_file" "config" {
 # https://www.terraform.io/docs/providers/kubernetes/index.html
 provider "kubernetes" {
   config_path      = "${var.kube_config_path}"
-  load_config_file = true
+  load_config_file = "${var.enabled == "true"}"
 }
 
 # https://github.com/kubernetes/kops/blob/master/docs/authentication.md
 # https://github.com/kubernetes-sigs/aws-iam-authenticator
 resource "kubernetes_config_map" "aws_iam_authenticator" {
+  count = "${var.enabled == "true" ? 1 : 0}"
+
   metadata {
     name      = "aws-iam-authenticator"
     namespace = "kube-system"

variables.tf

@@ -1,16 +1,25 @@
+variable "enabled" {
+  type        = "string"
+  description = "Set to true to enable the module, otherwise it will not create any resources"
+  default     = "false"
+}
+
 variable "cluster_id" {
   type        = "string"
   description = "A unique-per-cluster identifier to prevent replay attacks. Good choices are a random token or a domain name that will be unique to your cluster"
+  default     = "random"
 }
 
 variable "kube_config_path" {
   type        = "string"
   description = "Path to the kube config file. Can be sourced from `KUBE_CONFIG` or `KUBECONFIG`"
+  default     = ""
 }
 
 variable "admin_iam_role_arn" {
   type        = "string"
   description = "IAM Role with admin permissions to map to `admin_k8s_username`"
+  default     = ""
 }
 
 variable "admin_k8s_username" {
@@ -28,6 +37,7 @@ variable "admin_k8s_groups" {
 variable "readonly_iam_role_arn" {
   type        = "string"
   description = "IAM Role with readonly permissions to map to `readonly_k8s_username`"
+  default     = ""
 }
 
 variable "readonly_k8s_username" {