From d41bb10a15021d3e7ebe7977e863e50991abb3d5 Mon Sep 17 00:00:00 2001
From: Miguel Harmant <miguel.harmant@dominodatalab.com>
Date: Thu, 13 Oct 2022 12:25:15 -0400
Subject: [PATCH 1/3] PLAT-5749, optional vpc flow logging

---
 main.tf                         | 2 +-
 submodules/network/README.md    | 4 ++--
 submodules/network/main.tf      | 3 ++-
 submodules/network/variables.tf | 4 +++-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index 4d25630d..bc542af0 100644
--- a/main.tf
+++ b/main.tf
@@ -105,7 +105,7 @@ module "network" {
   availability_zones  = random_shuffle.azs.result
   public_subnets      = local.public_cidr_blocks
   private_subnets     = local.private_cidr_blocks
-  flow_log_bucket_arn = module.storage.s3_buckets["monitoring"].arn
+  flow_log_bucket_arn = { arn = module.storage.s3_buckets["monitoring"].arn }
 }
 
 locals {
diff --git a/submodules/network/README.md b/submodules/network/README.md
index 45117346..f27ea52f 100644
--- a/submodules/network/README.md
+++ b/submodules/network/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.32.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.22.0 |
 
 ## Modules
 
@@ -44,7 +44,7 @@ No modules.
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zone names where the subnets will be created | `list(string)` | n/a | yes |
 | <a name="input_cidr"></a> [cidr](#input\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | `""` | no |
-| <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `string` | n/a | yes |
+| <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `object({ arn = string })` | `null` | no |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | list of cidrs for the private subnets | `list(string)` | n/a | yes |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | list of cidrs for the public subnets | `list(string)` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
diff --git a/submodules/network/main.tf b/submodules/network/main.tf
index 17328a2c..c4646258 100644
--- a/submodules/network/main.tf
+++ b/submodules/network/main.tf
@@ -72,7 +72,8 @@ resource "aws_default_network_acl" "default" {
 }
 
 resource "aws_flow_log" "this" {
-  log_destination          = var.flow_log_bucket_arn
+  count                    = var.flow_log_bucket_arn != null ? 1 : 0
+  log_destination          = var.flow_log_bucket_arn["arn"]
   vpc_id                   = local.vpc_id
   max_aggregation_interval = 600
   log_destination_type     = "s3"
diff --git a/submodules/network/variables.tf b/submodules/network/variables.tf
index e4043059..50bafe2f 100644
--- a/submodules/network/variables.tf
+++ b/submodules/network/variables.tf
@@ -48,7 +48,9 @@ variable "cidr" {
   }
 }
 
+## This is an object in order to be used as a conditional in count, due to https://github.com/hashicorp/terraform/issues/26755
 variable "flow_log_bucket_arn" {
-  type        = string
+  type        = object({ arn = string })
   description = "Bucket for vpc flow logging"
+  default     = null
 }

From 54528b8fd9bf51487289e3776eaf4c3433cd7891 Mon Sep 17 00:00:00 2001
From: Miguel Harmant <miguel.harmant@dominodatalab.com>
Date: Thu, 27 Oct 2022 10:13:52 -0400
Subject: [PATCH 2/3] PLAT-5749 Added toggle for subnet k8s tagging

---
 submodules/network/README.md    |  1 +
 submodules/network/subnets.tf   | 22 ++++++++++++++++------
 submodules/network/variables.tf |  6 ++++++
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/submodules/network/README.md b/submodules/network/README.md
index f27ea52f..cef9cbe5 100644
--- a/submodules/network/README.md
+++ b/submodules/network/README.md
@@ -41,6 +41,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_add_cluster_tag_to_subnet"></a> [add\_cluster\_tag\_to\_subnet](#input\_add\_cluster\_tag\_to\_subnet) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zone names where the subnets will be created | `list(string)` | n/a | yes |
 | <a name="input_cidr"></a> [cidr](#input\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | `""` | no |
diff --git a/submodules/network/subnets.tf b/submodules/network/subnets.tf
index c2c1f92e..ee5a099d 100644
--- a/submodules/network/subnets.tf
+++ b/submodules/network/subnets.tf
@@ -25,10 +25,15 @@ resource "aws_subnet" "public" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = {
+  tags = var.add_cluster_tag_to_subnet ? {
     "Name"                                   = each.value.name
-    "kubernetes.io/role/elb"                 = "1",
-    "kubernetes.io/cluster/${var.deploy_id}" = "shared",
+    "kubernetes.io/role/elb"                 = "1"
+    "kubernetes.io/cluster/${var.deploy_id}" = "shared"
+    } : {
+    "Name" = each.value.name
+  }
+  lifecycle {
+    ignore_changes = [tags]
   }
 }
 
@@ -38,9 +43,14 @@ resource "aws_subnet" "private" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = {
+  tags = var.add_cluster_tag_to_subnet ? {
     "Name"                                   = each.value.name
-    "kubernetes.io/role/internal-elb"        = "1",
-    "kubernetes.io/cluster/${var.deploy_id}" = "shared",
+    "kubernetes.io/role/internal-elb"        = "1"
+    "kubernetes.io/cluster/${var.deploy_id}" = "shared"
+    } : {
+    "Name" = each.value.name
+  }
+  lifecycle {
+    ignore_changes = [tags]
   }
 }
diff --git a/submodules/network/variables.tf b/submodules/network/variables.tf
index 50bafe2f..accf6c66 100644
--- a/submodules/network/variables.tf
+++ b/submodules/network/variables.tf
@@ -54,3 +54,9 @@ variable "flow_log_bucket_arn" {
   description = "Bucket for vpc flow logging"
   default     = null
 }
+
+variable "add_cluster_tag_to_subnet" {
+  type        = bool
+  description = "Toggle k8s cluster tag on subnet"
+  default     = true
+}

From 70948a10ef6a2ae1262f7a750347e4e8e2770dc7 Mon Sep 17 00:00:00 2001
From: Miguel Harmant <miguel.harmant@dominodatalab.com>
Date: Thu, 27 Oct 2022 15:33:34 -0400
Subject: [PATCH 3/3] PLAT-5749 external-dns, update chart, renaming flag

---
 submodules/network/README.md    | 2 +-
 submodules/network/subnets.tf   | 4 ++--
 submodules/network/variables.tf | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/submodules/network/README.md b/submodules/network/README.md
index cef9cbe5..44867d98 100644
--- a/submodules/network/README.md
+++ b/submodules/network/README.md
@@ -41,7 +41,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_add_cluster_tag_to_subnet"></a> [add\_cluster\_tag\_to\_subnet](#input\_add\_cluster\_tag\_to\_subnet) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
+| <a name="input_add_eks_elb_tags"></a> [add\_eks\_elb\_tags](#input\_add\_eks\_elb\_tags) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zone names where the subnets will be created | `list(string)` | n/a | yes |
 | <a name="input_cidr"></a> [cidr](#input\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | `""` | no |
diff --git a/submodules/network/subnets.tf b/submodules/network/subnets.tf
index ee5a099d..5835dbe6 100644
--- a/submodules/network/subnets.tf
+++ b/submodules/network/subnets.tf
@@ -25,7 +25,7 @@ resource "aws_subnet" "public" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = var.add_cluster_tag_to_subnet ? {
+  tags = var.add_eks_elb_tags ? {
     "Name"                                   = each.value.name
     "kubernetes.io/role/elb"                 = "1"
     "kubernetes.io/cluster/${var.deploy_id}" = "shared"
@@ -43,7 +43,7 @@ resource "aws_subnet" "private" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = var.add_cluster_tag_to_subnet ? {
+  tags = var.add_eks_elb_tags ? {
     "Name"                                   = each.value.name
     "kubernetes.io/role/internal-elb"        = "1"
     "kubernetes.io/cluster/${var.deploy_id}" = "shared"
diff --git a/submodules/network/variables.tf b/submodules/network/variables.tf
index accf6c66..eef48c64 100644
--- a/submodules/network/variables.tf
+++ b/submodules/network/variables.tf
@@ -55,7 +55,7 @@ variable "flow_log_bucket_arn" {
   default     = null
 }
 
-variable "add_cluster_tag_to_subnet" {
+variable "add_eks_elb_tags" {
   type        = bool
   description = "Toggle k8s cluster tag on subnet"
   default     = true