feat: first implementation of the EBS CSI driver (#2)

* feat(chart): add latest version of the chart

* feat(terraform): add draft version of the module

* feat: add code to conditionally create an IAM assumable role

* docs(terraform-docs): generate docs and write to README.adoc

* fix: fix condition for the creation of the iam role

* fix: hardcode the namespace kube-system

* docs(terraform-docs): generate docs and write to README.adoc

* chore: remove TODO

* fix: use empty string instead of null as default

* docs(terraform-docs): generate docs and write to README.adoc

* fix: force the use of a flag to avoid resource creation error

* docs(terraform-docs): generate docs and write to README.adoc

* fix: fix typo

* docs(terraform-docs): generate docs and write to README.adoc

* feat: use name prefix instead of full name

* feat: update chart to latest version

* docs: add documentation

* docs(terraform-docs): generate docs and write to README.adoc

* docs: rewording and formatting of variables' descriptions

* docs(terraform-docs): generate docs and write to README.adoc

* fix: change to looser versions constraints as per best practices

See documentation [here](https://developer.hashicorp.com/terraform/language/providers/requirements#version-constraints).

* docs(terraform-docs): generate docs and write to README.adoc

---------

Co-authored-by: lentidas <lentidas@users.noreply.github.com>
Release-As: v1.0.0

README.adoc

@@ -1,3 +1,352 @@
 = devops-stack-module-ebs-csi-driver
+// Document attributes to replace along the document
+:chart-version: 2.17.1
+:original-repo-url: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/96b23f359d859cedc6c88d06a9b61e830f45b3db
 
 A https://devops-stack.io[DevOps Stack] module to deploy an Amazon EBS Container Storage Interface (CSI) driver.
+
+The EBS CSI Driver chart used by this module is shipped in this repository as well, in order to avoid any unwanted behaviors caused by unsupported versions. 
+
+[cols="1,1,1",options="autowidth,header"]
+|===
+|Current Chart Version |Original Repository |Default Values
+|*{chart-version}* |{original-repo-url}/charts/aws-ebs-csi-driver[Chart] |{original-repo-url}/charts/aws-ebs-csi-driver/values.yaml[`values.yaml`]
+|===
+
+== Usage
+
+This module can be declared by adding the following block on your Terraform configuration:
+
+[source,terraform]
+----
+module "ebs" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-ebs-csi-driver.git?ref=<RELEASE>"
+
+  cluster_name            = local.cluster_name
+  argocd_namespace        = local.argocd_namespace
+  create_role             = true
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+
+  depends_on = [
+    module.argocd_bootstrap,
+  ]
+}
+----
+
+In case you want to create an OIDC assumable IAM role on your own, you'll need to provide the ARN for that role and disable the creation of the role inside of the module as follows:
+
+[source,terraform]
+----
+module "ebs" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-ebs-csi-driver.git?ref=<RELEASE>"
+
+  cluster_name     = local.cluster_name
+  argocd_namespace = local.argocd_namespace
+  create_role      = false
+  iam_role_arn     = module.iam_assumable_role_ebs.iam_role_arn
+
+  depends_on = [
+    module.argocd_bootstrap,
+  ]
+}
+----
+
+IMPORTANT: The `create_role` variable is required. If passing `iam_role_arn` it should be set as false, otherwise you will need to specify the variable `cluster_oidc_issuer_url` and set it as true.
+
+== Technical Reference
+
+=== Dependencies
+
+==== `module.argocd_bootstrap`
+
+This module must be one of the first ones to be deployed and consequently it needs to be deployed after the module `argocd_bootstrap`.
+
+// BEGIN_TF_DOCS
+=== Requirements
+
+The following requirements are needed by this module:
+
+- [[requirement_argocd]] <<requirement_argocd,argocd>> (>= 4)
+
+- [[requirement_utils]] <<requirement_utils,utils>> (>= 1)
+
+=== Providers
+
+The following providers are used by this module:
+
+- [[provider_argocd]] <<provider_argocd,argocd>> (>= 4)
+
+- [[provider_null]] <<provider_null,null>>
+
+- [[provider_utils]] <<provider_utils,utils>> (>= 1)
+
+=== Modules
+
+The following Modules are called:
+
+==== [[module_iam_assumable_role_ebs]] <<module_iam_assumable_role_ebs,iam_assumable_role_ebs>>
+
+Source: terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
+
+Version: ~> 5.0
+
+=== Resources
+
+The following resources are used by this module:
+
+- https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/application[argocd_application.this] (resource)
+- https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/project[argocd_project.this] (resource)
+- https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.dependencies] (resource)
+- https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.this] (resource)
+- https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml[utils_deep_merge_yaml.values] (data source)
+
+=== Required Inputs
+
+The following input variables are required:
+
+==== [[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
+
+Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
+
+Type: `string`
+
+==== [[input_create_role]] <<input_create_role,create_role>>
+
+Description: Boolean to indicate that the OIDC assumable IAM role should be created. **If passing `iam_role_arn` this should be false, otherwise if you want to create the OIDC assumable IAM role provided by this module, you will need to specify the variable `cluster_oidc_issuer_url`.**
+
+Type: `bool`
+
+=== Optional Inputs
+
+The following input variables are optional (have default values):
+
+==== [[input_app_autosync]] <<input_app_autosync,app_autosync>>
+
+Description: Automated sync options for the Argo CD Application resource.
+
+Type:
+[source,hcl]
+----
+object({
+    allow_empty = optional(bool)
+    prune       = optional(bool)
+    self_heal   = optional(bool)
+  })
+----
+
+Default:
+[source,json]
+----
+{
+  "allow_empty": false,
+  "prune": true,
+  "self_heal": true
+}
+----
+
+==== [[input_cluster_name]] <<input_cluster_name,cluster_name>>
+
+Description: Name given to the cluster. Value used for naming some the resources created by the module.
+
+Type: `string`
+
+Default: `"cluster"`
+
+==== [[input_cluster_oidc_issuer_url]] <<input_cluster_oidc_issuer_url,cluster_oidc_issuer_url>>
+
+Description: Cluster OIDC issuer URL used to create the OIDC assumable IAM role. This variable is required to create a IAM role if you set `create_role` as true.
+
+Type: `string`
+
+Default: `""`
+
+==== [[input_dependency_ids]] <<input_dependency_ids,dependency_ids>>
+
+Description: IDs of the other modules on which this module depends on.
+
+Type: `map(string)`
+
+Default: `{}`
+
+==== [[input_helm_values]] <<input_helm_values,helm_values>>
+
+Description: Helm chart value overrides. They should be passed as a list of HCL structures.
+
+Type: `any`
+
+Default: `[]`
+
+==== [[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+
+Description: ARN of an OIDC assumable IAM role that has access to the EBS volumes. When specified, this is added as an annotation to the EBS CSI driver controller ServiceAccount, to allow the driver to manage EBS access points for dynamic volumes provisioning.
+
+Type: `string`
+
+Default: `null`
+
+==== [[input_name]] <<input_name,name>>
+
+Description: Name used to override the chart name on deployment.
+
+Type: `string`
+
+Default: `"ebs-csi-driver"`
+
+==== [[input_target_revision]] <<input_target_revision,target_revision>>
+
+Description: Override of target revision of the application chart.
+
+Type: `string`
+
+Default: `"v1.0.0-alpha.1"`
+
+=== Outputs
+
+The following outputs are exported:
+
+==== [[output_id]] <<output_id,id>>
+
+Description: ID to pass other modules in order to refer to this module as a dependency.
+// END_TF_DOCS
+
+=== Reference in table format 
+
+.Show tables
+[%collapsible]
+====
+// BEGIN_TF_TABLES
+= Requirements
+
+[cols="a,a",options="header,autowidth"]
+|===
+|Name |Version
+|[[requirement_argocd]] <<requirement_argocd,argocd>> |>= 4
+|[[requirement_utils]] <<requirement_utils,utils>> |>= 1
+|===
+
+= Providers
+
+[cols="a,a",options="header,autowidth"]
+|===
+|Name |Version
+|[[provider_argocd]] <<provider_argocd,argocd>> |>= 4
+|[[provider_null]] <<provider_null,null>> |n/a
+|[[provider_utils]] <<provider_utils,utils>> |>= 1
+|===
+
+= Modules
+
+[cols="a,a,a",options="header,autowidth"]
+|===
+|Name |Source |Version
+|[[module_iam_assumable_role_ebs]] <<module_iam_assumable_role_ebs,iam_assumable_role_ebs>> |terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc |~> 5.0
+|===
+
+= Resources
+
+[cols="a,a",options="header,autowidth"]
+|===
+|Name |Type
+|https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/application[argocd_application.this] |resource
+|https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/project[argocd_project.this] |resource
+|https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.dependencies] |resource
+|https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.this] |resource
+|https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml[utils_deep_merge_yaml.values] |data source
+|===
+
+= Inputs
+
+[cols="a,a,a,a,a",options="header,autowidth"]
+|===
+|Name |Description |Type |Default |Required
+|[[input_app_autosync]] <<input_app_autosync,app_autosync>>
+|Automated sync options for the Argo CD Application resource.
+|
+
+[source]
+----
+object({
+    allow_empty = optional(bool)
+    prune       = optional(bool)
+    self_heal   = optional(bool)
+  })
+----
+
+|
+
+[source]
+----
+{
+  "allow_empty": false,
+  "prune": true,
+  "self_heal": true
+}
+----
+
+|no
+
+|[[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
+|Namespace used by Argo CD where the Application and AppProject resources should be created.
+|`string`
+|n/a
+|yes
+
+|[[input_cluster_name]] <<input_cluster_name,cluster_name>>
+|Name given to the cluster. Value used for naming some the resources created by the module.
+|`string`
+|`"cluster"`
+|no
+
+|[[input_cluster_oidc_issuer_url]] <<input_cluster_oidc_issuer_url,cluster_oidc_issuer_url>>
+|Cluster OIDC issuer URL used to create the OIDC assumable IAM role. This variable is required to create a IAM role if you set `create_role` as true.
+|`string`
+|`""`
+|no
+
+|[[input_create_role]] <<input_create_role,create_role>>
+|Boolean to indicate that the OIDC assumable IAM role should be created. **If passing `iam_role_arn` this should be false, otherwise if you want to create the OIDC assumable IAM role provided by this module, you will need to specify the variable `cluster_oidc_issuer_url`.**
+|`bool`
+|n/a
+|yes
+
+|[[input_dependency_ids]] <<input_dependency_ids,dependency_ids>>
+|IDs of the other modules on which this module depends on.
+|`map(string)`
+|`{}`
+|no
+
+|[[input_helm_values]] <<input_helm_values,helm_values>>
+|Helm chart value overrides. They should be passed as a list of HCL structures.
+|`any`
+|`[]`
+|no
+
+|[[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+|ARN of an OIDC assumable IAM role that has access to the EBS volumes. When specified, this is added as an annotation to the EBS CSI driver controller ServiceAccount, to allow the driver to manage EBS access points for dynamic volumes provisioning.
+|`string`
+|`null`
+|no
+
+|[[input_name]] <<input_name,name>>
+|Name used to override the chart name on deployment.
+|`string`
+|`"ebs-csi-driver"`
+|no
+
+|[[input_target_revision]] <<input_target_revision,target_revision>>
+|Override of target revision of the application chart.
+|`string`
+|`"v1.0.0-alpha.1"`
+|no
+
+|===
+
+= Outputs
+
+[cols="a,a",options="header,autowidth"]
+|===
+|Name |Description
+|[[output_id]] <<output_id,id>> |ID to pass other modules in order to refer to this module as a dependency.
+|===
+// END_TF_TABLES
+====

charts/ebs-csi-driver/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: aws-ebs-csi-driver
+  repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver/
+  version: 2.17.1
+digest: sha256:0e6596b6dedc74e7bf79c77d1f04119f10ff6af5070c53d05f06920b5c468702
+generated: "2023-02-24T14:45:37.658115395+01:00"

charts/ebs-csi-driver/Chart.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: "v2"
+name: "aws-ebs-csi-driver"
+version: "0"
+dependencies:
+  - name: "aws-ebs-csi-driver"
+    version: "^2"
+    repository: "https://kubernetes-sigs.github.io/aws-ebs-csi-driver/"

charts/ebs-csi-driver/values.yaml

@@ -0,0 +1 @@
+---

locals.tf

@@ -0,0 +1,14 @@
+locals {
+  helm_values = [{
+    "aws-ebs-csi-driver" = {
+      nameOverride = var.name
+      controller = {
+        serviceAccount = {
+          annotations = {
+            "eks.amazonaws.com/role-arn" = var.iam_role_arn != null ? var.iam_role_arn : module.iam_assumable_role_ebs.iam_role_arn
+          }
+        }
+      }
+    }
+  }]
+}