Merge pull request #232 from sassoftware/staging

7.2.1 - September 8, 2023
sassoftware · Sep 8, 2023 · 2aed084 · 2aed084
2 parents 9c486bf + 828212d
commit 2aed084
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 13 deletions.
diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -291,9 +291,11 @@ When `storage_type=ha` and `storage_type_backend=ontap`, an [AWS FSx for NetApp
 | :--- | :--- | :--- | :--- | :--- |
 | aws_fsx_ontap_deployment_type | The FSx file system availability zone deployment type. | string | SINGLE_AZ_1 | Supported values are `MULTI_AZ_1` and `SINGLE_AZ_1`. |
 | aws_fsx_ontap_file_system_storage_capacity | The storage capacity of the ONTAP file system in GiB. | number | 1024 | Valid values range from  1024 to 196608. |
-| aws_fsx_ontap_file_system_throughput_capacity | The throughput capacity of the ONTAP file system in MBps. | number | 512 | Valid values are 128, 256, 512, 1024, 2048 and 4096. |
+| aws_fsx_ontap_file_system_throughput_capacity | The throughput capacity of the ONTAP file system in MBps. | number | 256 | Valid values are 128, 256, 512, 1024, 2048 and 4096. |
 | aws_fsx_ontap_fsxadmin_password | The ONTAP administrative password for the fsxadmin user. | string | "v3RyS3cretPa$sw0rd" | |
 
+**Note:** The base [IAM Policy](../files/policies/devops-iac-eks-policy.json) document has been updated for the 7.2.0 release to support FSx for NetApp ONTAP. You will need to add the iam:AttachUserPolicy and iam:DetachUserPolicy permissions to your user's existing base policy document to use FSx for NetApp ONTAP features added in the 7.2.0 release.
+
 ### AWS Elastic Block Store (EBS)
 
 [AWS Elastic Block Store](https://aws.amazon.com/ebs/) is a block-level storage service provided by AWS for use with EC2 instances. EBS provides persistent storage for EC2 instances, allowing data to persist even after an EC2 instance is stopped or terminated. EBS volumes can be used as the root device for an EC2 instance, or as additional storage volumes. They can be attached and detached from instances as needed and can also be encrypted for increased security.

diff --git a/main.tf b/main.tf
@@ -190,9 +190,9 @@ module "ebs" {
 
 module "ontap" {
   source = "./modules/aws_fsx_ontap"
+  count  = var.storage_type_backend == "ontap" ? 1 : 0
 
   prefix        = var.prefix
-  cluster_name  = local.cluster_name
   tags          = local.tags
   iam_user_name = local.aws_caller_identity_user_name
 }

diff --git a/modules/aws_fsx_ontap/main.tf b/modules/aws_fsx_ontap/main.tf
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # Permissions based off the IAM Policies required to manage fsx_ontap resources in this project
-data "aws_iam_policy_document" "worker_fsx_ontap" {
+data "aws_iam_policy_document" "fsx_ontap" {
   statement {
     sid       = "fsxFileSystemOwn"
     effect    = "Allow"
@@ -66,10 +66,10 @@ data "aws_iam_policy_document" "worker_fsx_ontap" {
   }
 }
 
-resource "aws_iam_policy" "worker_fsx_ontap" {
+resource "aws_iam_policy" "fsx_ontap" {
   name_prefix = "${var.prefix}-fsx-ontap"
-  description = "EKS worker node fsx_ontap policy for cluster ${var.cluster_name}"
-  policy      = data.aws_iam_policy_document.worker_fsx_ontap.json
+  description = "FSx policy for user ${data.aws_iam_user.terraform.user_name}"
+  policy      = data.aws_iam_policy_document.fsx_ontap.json
   tags        = var.tags
 }
 
@@ -79,5 +79,5 @@ data "aws_iam_user" "terraform" {
 
 resource "aws_iam_user_policy_attachment" "attachment" {
   user       = data.aws_iam_user.terraform.user_name
-  policy_arn = aws_iam_policy.worker_fsx_ontap.arn
+  policy_arn = aws_iam_policy.fsx_ontap.arn
 }
diff --git a/modules/aws_fsx_ontap/variables.tf b/modules/aws_fsx_ontap/variables.tf
@@ -7,12 +7,6 @@ variable "prefix" {
   default     = ""
 }
 
-variable "cluster_name" {
-  description = "Name of EKS cluster"
-  type        = string
-  default     = ""
-}
-
 variable "tags" {
   description = "Tags used for fsx_ontap"
   type        = map(any)