Merge pull request #1 from htc-demo-41/operator

feat: use operator

README.md

@@ -176,10 +176,10 @@ Both portal solutions require a GitHub connection, which in turn needs:
   export GITHUB_ORG_ID="my-github-org-id"
   ```
 
-* [Node.js](https://nodejs.org) installed locally.
-* Install the GitHub App for Backstage into your GitHub organization using `node create-gh-app/index.js`. Follow the instructions.
-  * “All repositories” ~> Install
-  * “Okay, […] was installed on the […] account.” ~> You can close the window and server.
+* Install the GitHub App for Backstage into your GitHub organization
+  * Run `docker run --rm -it -e GITHUB_ORG_ID -v $(pwd):/pwd -p 127.0.0.1:3000:3000 ghcr.io/humanitec-architecture/create-gh-app` ([image source](https://github.com/humanitec-architecture/create-gh-app/)) and follow the instructions:
+    * “All repositories” ~> Install
+    * “Okay, […] was installed on the […] account.” ~> You can close the window and server.
 
 #### Portal Usage
 
@@ -226,8 +226,16 @@ Once you are finished with the reference architecture, you can remove all provis
 | github | ~> 5.38 |
 | helm | ~> 2.13 |
 | humanitec | ~> 1.0 |
+| kubectl | ~> 2.0 |
 | kubernetes | ~> 2.30 |
 | random | ~> 3.5 |
+| tls | ~> 4.0 |
+
+### Providers
+
+| Name | Version |
+|------|---------|
+| humanitec | ~> 1.0 |
 
 ### Modules
 
@@ -239,6 +247,13 @@ Once you are finished with the reference architecture, you can remove all provis
 | portal\_backstage | ./modules/portal-backstage | n/a |
 | portal\_rhdh | ./modules/portal-rhdh | n/a |
 
+### Resources
+
+| Name | Type |
+|------|------|
+| [humanitec_service_user_token.deployer](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/service_user_token) | resource |
+| [humanitec_user.deployer](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/user) | resource |
+
 ### Inputs
 
 | Name | Description | Type | Default | Required |
@@ -251,8 +266,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | kubectx | The context to use from your kubeconfig to connect Terraform providers to the cluster | `string` | n/a | yes |
 | environment | Environment | `string` | `"development"` | no |
 | github\_org\_id | GitHub org id (required for Backstage and RHDH) | `string` | `null` | no |
-| humanitec\_ci\_service\_user\_token | Humanitec CI Service User Token (required for Backstage and RHDH) | `string` | `null` | no |
-| humanitec\_org\_id | Humanitec Organization ID (required for Backstage and RHDH) | `string` | `null` | no |
+| humanitec\_org\_id | Humanitec Organization ID | `string` | `null` | no |
 | with\_backstage | Deploy Backstage | `bool` | `false` | no |
 | with\_rhdh | Deploy Red Hat Developer Hub | `bool` | `false` | no |
 <!-- END_TF_DOCS -->

main.tf

@@ -3,10 +3,31 @@
 module "base" {
   source = "./modules/base"
 
-  apiserver   = var.apiserver
-  environment = var.environment
-  basedomain  = var.basedomain
-  aws_region  = var.aws_region
+  apiserver      = var.apiserver
+  environment    = var.environment
+  basedomain     = var.basedomain
+  aws_region     = var.aws_region
+  aws_account_id = var.aws_account_id
+
+  humanitec_org_id = var.humanitec_org_id
+}
+
+# User used for scaffolding and deploying apps
+
+resource "humanitec_user" "deployer" {
+  count = var.with_backstage || var.with_rhdh ? 1 : 0
+
+  name = "deployer"
+  role = "administrator"
+  type = "service"
+}
+
+resource "humanitec_service_user_token" "deployer" {
+  count = var.with_backstage || var.with_rhdh ? 1 : 0
+
+  id          = "deployer"
+  user_id     = humanitec_user.deployer[0].id
+  description = "Used by scaffolding and deploying"
 }
 
 module "github" {
@@ -15,7 +36,7 @@ module "github" {
   source = "./modules/github"
 
   humanitec_org_id                = var.humanitec_org_id
-  humanitec_ci_service_user_token = var.humanitec_ci_service_user_token
+  humanitec_ci_service_user_token = humanitec_service_user_token.deployer[0].token
   aws_region                      = var.aws_region
   github_org_id                   = var.github_org_id
 
@@ -43,9 +64,9 @@ module "portal_backstage" {
 
   source = "./modules/portal-backstage"
 
-  aws_region                      = var.aws_region
   humanitec_org_id                = var.humanitec_org_id
-  humanitec_ci_service_user_token = var.humanitec_ci_service_user_token
+  humanitec_ci_service_user_token = humanitec_service_user_token.deployer[0].token
+  humanitec_secret_store_id       = module.base.humanitec_secret_store_id
 
   github_org_id            = var.github_org_id
   github_app_client_id     = module.github_app[0].client_id
@@ -65,7 +86,7 @@ module "portal_rhdh" {
   source = "./modules/portal-rhdh"
 
   humanitec_org_id                = var.humanitec_org_id
-  humanitec_ci_service_user_token = var.humanitec_ci_service_user_token
+  humanitec_ci_service_user_token = humanitec_service_user_token.deployer[0].token
   basedomain                      = var.basedomain
 
   github_org_id            = var.github_org_id

modules/base/README.md

@@ -11,53 +11,89 @@ This module connects an existing Red Hat OpenShift cluster with Humanitec.
 |------|---------|
 | terraform | >= 1.3.0 |
 | aws | ~> 5.17 |
+| helm | ~> 2.13 |
 | humanitec | ~> 1.0 |
+| kubectl | ~> 2.0 |
 | kubernetes | ~> 2.30 |
+| random | ~> 3.5 |
+| tls | ~> 4.0 |
 
 ### Providers
 
 | Name | Version |
 |------|---------|
 | aws | ~> 5.17 |
+| helm | ~> 2.13 |
 | humanitec | ~> 1.0 |
+| kubectl | ~> 2.0 |
 | kubernetes | ~> 2.30 |
+| tls | ~> 4.0 |
 
 ### Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| default\_mysql | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic | n/a |
-| default\_postgres | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic | n/a |
+| default\_mysql | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-07//humanitec-resource-defs/mysql/basic |
+| default\_postgres | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-07//humanitec-resource-defs/postgres/basic |
 
 ### Resources
 
 | Name | Type |
 |------|------|
-| [aws_iam_access_key.humanitec_svc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
-| [aws_iam_user.humanitec_svc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
-| [aws_iam_user_policy_attachment.humanitec_svc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
-| [humanitec_registry.ref-arc-ecr](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/registry) | resource |
+| [aws_iam_access_key.humanitec_ecr_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
+| [aws_iam_access_key.humanitec_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
+| [aws_iam_policy.humanitec_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_user.humanitec_ecr_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
+| [aws_iam_user.humanitec_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
+| [aws_iam_user_policy_attachment.humanitec_ecr_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
+| [aws_iam_user_policy_attachment.humanitec_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
+| [aws_secretsmanager_secret.ecr_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.ecr_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [helm_release.humanitec_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [humanitec_key.operator_public_key](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/key) | resource |
+| [humanitec_resource_definition.default_config_regcred](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
+| [humanitec_resource_definition.default_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
 | [humanitec_resource_definition.k8s_cluster_driver](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
 | [humanitec_resource_definition.k8s_namespace](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
+| [humanitec_resource_definition.rhos_dns](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
 | [humanitec_resource_definition.rhos_ingress](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
+| [humanitec_resource_definition_criteria.default_config_regcred](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.default_mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.default_postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
+| [humanitec_resource_definition_criteria.default_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.k8s_cluster_driver](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.k8s_namespace](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
+| [humanitec_resource_definition_criteria.rhos_dns](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.rhos_ingress](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
+| [humanitec_secretstore.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/secretstore) | resource |
+| [kubectl_manifest.humanitec_operator_secret_store](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_cluster_role_binding_v1.humanitec_cluster_admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |
+| [kubernetes_namespace.humanitec_operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace_v1.humanitec_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [kubernetes_secret.humanitec_operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_secret.humanitec_operator_awssm_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret_v1.humanitec_service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
 | [kubernetes_service_account_v1.humanitec](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
+| [tls_private_key.operator_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.humanitec_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | apiserver | The API server URL of your OpenShift cluster | `string` | n/a | yes |
+| aws\_account\_id | AWS Account (ID) | `string` | n/a | yes |
 | aws\_region | AWS region | `string` | n/a | yes |
 | basedomain | Base domain | `string` | n/a | yes |
+| humanitec\_org\_id | Humanitec Organization ID | `string` | n/a | yes |
 | cluster\_res\_def\_name | Cluster Resource Definition Name | `string` | `"ref-arch"` | no |
 | environment | Environment | `string` | `"development"` | no |
+| humanitec\_secret\_store\_id | Humanitec Secret Store ID | `string` | `"ref-arch"` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| humanitec\_secret\_store\_id | Humanitec secret store id |
 <!-- END_TF_DOCS -->