From d49a8a3bc9875fb85f712468abdc5f0407edaf3d Mon Sep 17 00:00:00 2001
From: Florian Lemaitre <flemaitre@aneo.fr>
Date: Mon, 12 Feb 2024 18:02:14 +0100
Subject: [PATCH] Optional transition to IA

---
 kubernetes/aws/eks/efs-csi.tf   |  9 +++++---
 kubernetes/aws/eks/variables.tf | 40 +++++++++++++++++++++++++++++++++
 storage/aws/efs/README.md       |  2 +-
 storage/aws/efs/main.tf         |  9 ++++++--
 storage/aws/efs/outputs.tf      |  2 ++
 storage/aws/efs/variables.tf    |  6 ++---
 6 files changed, 59 insertions(+), 9 deletions(-)

diff --git a/kubernetes/aws/eks/efs-csi.tf b/kubernetes/aws/eks/efs-csi.tf
index 8e0d16ebb..21d3067a6 100644
--- a/kubernetes/aws/eks/efs-csi.tf
+++ b/kubernetes/aws/eks/efs-csi.tf
@@ -199,9 +199,12 @@ resource "helm_release" "efs_csi" {
     name  = "sidecars.csiProvisioner.image.tag"
     value = var.efs_csi_external_provisioner_tag
   }
-  set {
-    name  = "imagePullSecrets"
-    value = var.efs_csi_image_pull_secrets
+  dynamic "set" {
+    for_each = toset(compact([var.efs_csi_image_pull_secrets]))
+    content {
+      name = "imagePullSecrets"
+      value = each.key
+    }
   }
   set {
     name  = "node.serviceAccount.create"
diff --git a/kubernetes/aws/eks/variables.tf b/kubernetes/aws/eks/variables.tf
index efcffd11b..800e010ec 100644
--- a/kubernetes/aws/eks/variables.tf
+++ b/kubernetes/aws/eks/variables.tf
@@ -239,34 +239,66 @@ variable "eks_managed_node_groups" {
 variable "efs_csi_image" {
   description = "EFS CSI image name"
   type        = string
+  validation {
+    condition = var.efs_csi_image != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_tag" {
   description = "EFS CSI image tag"
   type        = string
+  validation {
+    condition = var.efs_csi_tag != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_liveness_probe_image" {
   description = "EFS CSI liveness probe image name"
   type        = string
+  validation {
+    condition = var.efs_csi_liveness_probe_image != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_liveness_probe_tag" {
   description = "EFS CSI liveness probe image tag"
   type        = string
+  validation {
+    condition = var.efs_csi_liveness_probe_tag != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_node_driver_registrar_image" {
   description = "EFS CSI node driver registrar image name"
   type        = string
+  validation {
+    condition = var.efs_csi_node_driver_registrar_image != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_node_driver_registrar_tag" {
   description = "EFS CSI node driver registrar image tag"
   type        = string
+  validation {
+    condition = var.efs_csi_node_driver_registrar_tag != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_external_provisioner_image" {
   description = "EFS CSI external provisioner image name"
   type        = string
+  validation {
+    condition = var.efs_csi_external_provisioner_image != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_external_provisioner_tag" {
   description = "EFS CSI external provisioner image tag"
   type        = string
+  validation {
+    condition = var.efs_csi_external_provisioner_tag != null
+    error_message = "Should not be null."
+  }
 }
 
 variable "efs_csi_name" {
@@ -287,10 +319,18 @@ variable "efs_csi_image_pull_secrets" {
 variable "efs_csi_repository" {
   description = "EFS CSI helm repository"
   type        = string
+  validation {
+    condition = var.efs_csi_repository != null
+    error_message = "Should not be null."
+  }
 }
 variable "efs_csi_version" {
   description = "EFS CSI helm version"
   type        = string
+  validation {
+    condition = var.efs_csi_version != null
+    error_message = "Should not be null."
+  }
 }
 
 # Encryption keys
diff --git a/storage/aws/efs/README.md b/storage/aws/efs/README.md
index f05156000..510a99a6b 100644
--- a/storage/aws/efs/README.md
+++ b/storage/aws/efs/README.md
@@ -39,7 +39,7 @@ No modules.
 | <a name="input_provisioned_throughput_in_mibps"></a> [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput\_mode set to provisioned | `number` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags for resource | `any` | `{}` | no |
 | <a name="input_throughput_mode"></a> [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Defaults to bursting. Valid values: bursting, elastic, and provisioned. When using provisioned, also set provisioned\_throughput\_in\_mibps | `string` | `"bursting"` | no |
-| <a name="input_transition_to_ia"></a> [transition\_to\_ia](#input\_transition\_to\_ia) | Describes the period of time that a file is not accessed, after which it transitions to IA storage | `string` | `"AFTER_7_DAYS"` | no |
+| <a name="input_transition_to_ia"></a> [transition\_to\_ia](#input\_transition\_to\_ia) | Describes the period of time that a file is not accessed, after which it transitions to IA storage | `string` | `null` | no |
 | <a name="input_vpc_cidr_block_private"></a> [vpc\_cidr\_block\_private](#input\_vpc\_cidr\_block\_private) | AWS VPC private cidr block | `set(string)` | n/a | yes |
 | <a name="input_vpc_cidr_blocks"></a> [vpc\_cidr\_blocks](#input\_vpc\_cidr\_blocks) | AWS VPC cidr block | `set(string)` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | AWS VPC id | `string` | n/a | yes |
diff --git a/storage/aws/efs/main.tf b/storage/aws/efs/main.tf
index fed9a5799..b60b14f74 100644
--- a/storage/aws/efs/main.tf
+++ b/storage/aws/efs/main.tf
@@ -19,9 +19,14 @@ resource "aws_efs_file_system" "efs" {
   performance_mode                = var.performance_mode
   throughput_mode                 = var.throughput_mode
   provisioned_throughput_in_mibps = var.provisioned_throughput_in_mibps
-  lifecycle_policy {
-    transition_to_ia = var.transition_to_ia
+
+  dynamic "lifecycle_policy" {
+    for_each = toset(compact([var.transition_to_ia]))
+    content {
+      transition_to_ia = each.key
+    }
   }
+
   tags = local.tags
 }
 
diff --git a/storage/aws/efs/outputs.tf b/storage/aws/efs/outputs.tf
index 8cd856326..f843bff56 100644
--- a/storage/aws/efs/outputs.tf
+++ b/storage/aws/efs/outputs.tf
@@ -1,9 +1,11 @@
 output "id" {
   description = "EFS id"
   value       = aws_efs_file_system.efs.id
+  depends_on  = [aws_efs_mount_target.efs, aws_efs_access_point.efs]
 }
 
 output "kms_key_id" {
   description = "KMS used to encrypt EFS"
   value       = aws_efs_file_system.efs.kms_key_id
+  depends_on  = [aws_efs_mount_target.efs, aws_efs_access_point.efs]
 }
diff --git a/storage/aws/efs/variables.tf b/storage/aws/efs/variables.tf
index a7098b020..6b632b2d1 100644
--- a/storage/aws/efs/variables.tf
+++ b/storage/aws/efs/variables.tf
@@ -68,15 +68,15 @@ variable "provisioned_throughput_in_mibps" {
 variable "transition_to_ia" {
   description = "Describes the period of time that a file is not accessed, after which it transitions to IA storage"
   type        = string
-  default     = "AFTER_7_DAYS"
+  default     = null
   validation {
-    condition = contains([
+    condition = var.transition_to_ia != null ? contains([
       "AFTER_7_DAYS",
       "AFTER_14_DAYS",
       "AFTER_30_DAYS",
       "AFTER_60_DAYS",
       "AFTER_90_DAYS"
-    ], var.transition_to_ia)
+    ], var.transition_to_ia) : true
     error_message = "Possible values for the parameter transition_to_ia are \"AFTER_7_DAYS\" | \"AFTER_14_DAYS\" | \"AFTER_30_DAYS\", \"AFTER_60_DAYS\" | \"AFTER_90_DAYS\"."
   }
 }