Merge pull request #23 from zama-ai/ghislain/chore/rework-tf-modules

maxnovawind · web-flow · commit b0b4c95893c8 · 2025-08-27T05:20:54.000+02:00
chore: update docs and fmt all tf files
diff --git a/examples/mpc-network-consumer/main.tf b/examples/mpc-network-consumer/main.tf
@@ -23,8 +23,8 @@ module "vpc_endpoint_consumer" {
   route_table_ids     = []
 
   # Naming and tagging
-  name_prefix     = var.name_prefix
-  tags     = var.common_tags
+  name_prefix = var.name_prefix
+  tags        = var.common_tags
 
   # Timeouts
   endpoint_create_timeout = var.endpoint_create_timeout
diff --git a/examples/mpc-network-consumer/providers.tf b/examples/mpc-network-consumer/providers.tf
@@ -20,20 +20,20 @@ terraform {
 
 # Configure providers
 provider "aws" {
-  region = var.aws_region
+  region  = var.aws_region
   profile = var.aws_profile
 }
 
 data "aws_eks_cluster" "this_provider" {
-  count = var.use_eks_cluster_authentication ? 1 : 0
+  count  = var.use_eks_cluster_authentication ? 1 : 0
   region = var.aws_region
-  name = var.cluster_name
+  name   = var.cluster_name
 }
 
 provider "kubernetes" {
-  config_path    = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
-  config_context = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
-  host           = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
+  config_path            = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
+  config_context         = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
+  host                   = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
   cluster_ca_certificate = var.use_eks_cluster_authentication ? base64decode(data.aws_eks_cluster.this_provider[0].certificate_authority[0].data) : null
 
   exec {
diff --git a/examples/mpc-network-provider/providers.tf b/examples/mpc-network-provider/providers.tf
@@ -20,20 +20,20 @@ terraform {
 
 # Configure providers
 provider "aws" {
-  region = var.aws_region
+  region  = var.aws_region
   profile = var.aws_profile
 }
 
 data "aws_eks_cluster" "this_provider" {
-  count = var.use_eks_cluster_authentication ? 1 : 0
+  count  = var.use_eks_cluster_authentication ? 1 : 0
   region = var.aws_region
-  name = var.cluster_name
+  name   = var.cluster_name
 }
 
 provider "kubernetes" {
-  config_path    = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
-  config_context = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
-  host           = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
+  config_path            = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
+  config_context         = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
+  host                   = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
   cluster_ca_certificate = var.use_eks_cluster_authentication ? base64decode(data.aws_eks_cluster.this_provider[0].certificate_authority[0].data) : null
 
   exec {
diff --git a/examples/mpc-party/main.tf b/examples/mpc-party/main.tf
@@ -11,8 +11,8 @@ module "mpc_party" {
   enable_region_validation = var.enable_region_validation
 
   # Party configuration
-  party_name                = var.party_name
-  bucket_prefix             = var.bucket_prefix
+  party_name    = var.party_name
+  bucket_prefix = var.bucket_prefix
 
   # EKS Cluster configuration
   cluster_name = var.cluster_name
diff --git a/examples/mpc-party/providers.tf b/examples/mpc-party/providers.tf
@@ -19,20 +19,20 @@ terraform {
 
 # Configure providers
 provider "aws" {
-  region = var.aws_region
+  region  = var.aws_region
   profile = var.aws_profile
 }
 
 data "aws_eks_cluster" "this_provider" {
-  count = var.use_eks_cluster_authentication ? 1 : 0
+  count  = var.use_eks_cluster_authentication ? 1 : 0
   region = var.aws_region
-  name = var.cluster_name
+  name   = var.cluster_name
 }
 
 provider "kubernetes" {
-  config_path    = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
-  config_context = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
-  host           = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
+  config_path            = var.use_eks_cluster_authentication ? null : var.kubeconfig_path
+  config_context         = var.use_eks_cluster_authentication ? null : var.kubeconfig_context
+  host                   = var.use_eks_cluster_authentication ? data.aws_eks_cluster.this_provider[0].endpoint : null
   cluster_ca_certificate = var.use_eks_cluster_authentication ? base64decode(data.aws_eks_cluster.this_provider[0].certificate_authority[0].data) : null
 
   exec {
diff --git a/examples/terragrunt-infra/kms-dev-v1/mpc-network-provider/terraform.tfvars b/examples/terragrunt-infra/kms-dev-v1/mpc-network-provider/terraform.tfvars
@@ -4,7 +4,7 @@ network_environment = "testnet"
 # AWS Configuration
 enable_region_validation = false
 
-namespace    = "kms-decentralized"
+namespace        = "kms-decentralized"
 create_namespace = false
 
 # Party Configuration
@@ -13,8 +13,8 @@ party_id = "4"
 # VPC Endpoint Services Configuration
 # Indicate all aws accounts and regions from which the partner services will be consumed
 # By default, the terraform module will add the current region to the supported regions list
-allowed_principals = ["arn:aws:iam::715841358639:root"]
-supported_regions  = ["eu-west-1"]
+allowed_principals  = ["arn:aws:iam::715841358639:root"]
+supported_regions   = ["eu-west-1"]
 acceptance_required = false
 
 # Tagging
diff --git a/examples/terragrunt-infra/kms-dev-v1/mpc-party/terraform.tfvars b/examples/terragrunt-infra/kms-dev-v1/mpc-party/terraform.tfvars
@@ -4,17 +4,17 @@ network_environment = "testnet"
 enable_region_validation = false
 
 # MPC Party Configuration
-party_name  = "mpc-party-4"
+party_name = "mpc-party-4"
 
 # S3 Bucket Configuration
 bucket_prefix   = "zama-kms-decentralized-threshold-4"
 config_map_name = "mpc-party-4"
 
 # Kubernetes Configuration
-cluster_name         = "zws-dev"
+cluster_name             = "zws-dev"
 k8s_namespace            = "kms-decentralized"
 k8s_service_account_name = "mpc-party-4"
-create_namespace     = false
+create_namespace         = false
 
 # IRSA Configuration (recommended for production)
 create_irsa = true
diff --git a/examples/terragrunt-infra/zws-dev/mpc-network-consumer/terraform.tfvars b/examples/terragrunt-infra/zws-dev/mpc-network-consumer/terraform.tfvars
@@ -8,7 +8,7 @@ network_environment = "testnet"
 cluster_name = "zws-dev"
 
 # Partner Services Namespace
-namespace = "kms-decentralized"
+namespace        = "kms-decentralized"
 create_namespace = false
 
 
diff --git a/examples/terragrunt-infra/zws-dev/mpc-party/terraform.tfvars b/examples/terragrunt-infra/zws-dev/mpc-party/terraform.tfvars
@@ -4,17 +4,17 @@ network_environment = "testnet"
 enable_region_validation = false
 
 # MPC Party Configuration
-party_name  = "mpc-party-2"
+party_name = "mpc-party-2"
 
 # S3 Bucket Configuration
 bucket_prefix   = "zama-kms-decentralized-threshold-2"
 config_map_name = "mpc-party-2"
 
 # Kubernetes Configuration
-cluster_name         = "zws-dev"
+cluster_name             = "zws-dev"
 k8s_namespace            = "kms-decentralized"
 k8s_service_account_name = "mpc-party-2"
-create_namespace     = false
+create_namespace         = false
 
 # IRSA Configuration (recommended for production)
 create_irsa = true
diff --git a/modules/mpc-party/README.md b/modules/mpc-party/README.md
@@ -288,16 +288,17 @@ The module can optionally create:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.1 |
 
 ## Modules
 
@@ -330,6 +331,7 @@ The module can optionally create:
 | [kubernetes_namespace.mpc_party_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_service.externalname](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
 | [kubernetes_service_account.mpc_party_service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [random_id.mpc_party_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_ec2_instance_type.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_instance_type) | data source |
 | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
@@ -342,8 +344,9 @@ The module can optionally create:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_config_data"></a> [additional\_config\_data](#input\_additional\_config\_data) | Additional key-value pairs to add to the ConfigMap | `map(string)` | `{}` | no |
+| <a name="input_bucket_prefix"></a> [bucket\_prefix](#input\_bucket\_prefix) | The prefix for the S3 bucket names | `string` | `"mpc-vault"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster for IRSA configuration | `string` | n/a | yes |
-| <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | Common tags to apply to all AWS resources | `map(string)` | <pre>{<br/>  "module": "mpc-party",<br/>  "terraform": "true"<br/>}</pre> | no |
+| <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | Deprecated common tags to apply to all AWS resources | `map(string)` | <pre>{<br/>  "module": "mpc-party",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_config_map_name"></a> [config\_map\_name](#input\_config\_map\_name) | Name of the ConfigMap (defaults to 'mpc-party-config-{party\_name}' if not provided) | `string` | `null` | no |
 | <a name="input_create_config_map"></a> [create\_config\_map](#input\_create\_config\_map) | Whether to create a ConfigMap with S3 bucket environment variables | `bool` | `true` | no |
 | <a name="input_create_irsa"></a> [create\_irsa](#input\_create\_irsa) | Whether to create IRSA (IAM Roles for Service Accounts) role for secure AWS access | `bool` | `true` | no |
@@ -428,10 +431,8 @@ The module can optionally create:
 | <a name="input_rds_vpc_id"></a> [rds\_vpc\_id](#input\_rds\_vpc\_id) | VPC ID hosting the RDS instance. | `string` | `null` | no |
 | <a name="input_service_account_annotations"></a> [service\_account\_annotations](#input\_service\_account\_annotations) | Additional annotations to apply to the service account (excluding IRSA annotations which are handled automatically) | `map(string)` | `{}` | no |
 | <a name="input_service_account_labels"></a> [service\_account\_labels](#input\_service\_account\_labels) | Additional labels to apply to the service account | `map(string)` | `{}` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource | `map(string)` | <pre>{<br/>  "module": "mpc-party",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_testnet_supported_regions"></a> [testnet\_supported\_regions](#input\_testnet\_supported\_regions) | AWS regions supported by the MPC party for testnet | `list(string)` | <pre>[<br/>  "eu-west-1"<br/>]</pre> | no |
-| <a name="input_vault_private_bucket_name"></a> [vault\_private\_bucket\_name](#input\_vault\_private\_bucket\_name) | The name of the S3 bucket for private MPC party storage | `string` | n/a | yes |
-| <a name="input_vault_public_bucket_name"></a> [vault\_public\_bucket\_name](#input\_vault\_public\_bucket\_name) | The name of the S3 bucket for public MPC party storage | `string` | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/mpc-party/main.tf b/modules/mpc-party/main.tf
@@ -48,8 +48,8 @@ locals {
   node_group_nitro_enclaves_enabled    = var.kms_enabled_nitro_enclaves && var.nodegroup_enable_nitro_enclaves
   node_group_nitro_enclaves_cpu_count  = var.nitro_enclaves_override_cpu_count != null ? var.nitro_enclaves_override_cpu_count : floor(data.aws_ec2_instance_type.this[0].default_vcpus * 0.75)
   node_group_nitro_enclaves_memory_mib = var.nitro_enclaves_override_memory_mib != null ? var.nitro_enclaves_override_memory_mib : floor(data.aws_ec2_instance_type.this[0].memory_size * 0.75)
-  private_bucket_name = "${var.bucket_prefix}-private-${random_id.mpc_party_suffix.hex}"
-  public_bucket_name = "${var.bucket_prefix}-public-${random_id.mpc_party_suffix.hex}"
+  private_bucket_name                  = "${var.bucket_prefix}-private-${random_id.mpc_party_suffix.hex}"
+  public_bucket_name                   = "${var.bucket_prefix}-public-${random_id.mpc_party_suffix.hex}"
 }
 
 # Create Kubernetes namespace (optional)
@@ -254,7 +254,7 @@ resource "aws_kms_key" "mpc_party" {
   customer_master_key_spec = var.kms_customer_master_key_spec
   enable_key_rotation      = false
   deletion_window_in_days  = var.kms_deletion_window_in_days
-  tags = var.tags
+  tags                     = var.tags
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
diff --git a/modules/mpc-party/variables.tf b/modules/mpc-party/variables.tf
@@ -138,7 +138,7 @@ variable "common_tags" {
 variable "tags" {
   type        = map(string)
   description = "A map of tags to assign to the resource"
-  default     = {
+  default = {
     "terraform" = "true"
     "module"    = "mpc-party"
   }
diff --git a/modules/vpc-endpoint-consumer/README.md b/modules/vpc-endpoint-consumer/README.md
@@ -6,14 +6,14 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23 |
 
 ## Modules
@@ -37,9 +37,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_tags"></a> [additional\_tags](#input\_additional\_tags) | Additional tags to apply to VPC interface endpoint resources | `map(string)` | `{}` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster to lookup VPC, subnet, and security group details (Mode 1). If provided, vpc\_id, subnet\_ids, and security\_group\_ids will be ignored. | `string` | `null` | no |
-| <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | Common tags to apply to all resources | `map(string)` | `{}` | no |
 | <a name="input_create_custom_dns_records"></a> [create\_custom\_dns\_records](#input\_create\_custom\_dns\_records) | Whether to create custom DNS records for the VPC interface endpoints | `bool` | `false` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Whether to create the namespace if it doesn't exist | `bool` | `false` | no |
 | <a name="input_default_mpc_ports"></a> [default\_mpc\_ports](#input\_default\_mpc\_ports) | Default port configurations for MPC services. These can be overridden per service in party\_services configuration. | <pre>object({<br/>    grpc = object({<br/>      name        = string<br/>      port        = number<br/>      target_port = number<br/>      protocol    = string<br/>    })<br/>    peer = object({<br/>      name        = string<br/>      port        = number<br/>      target_port = number<br/>      protocol    = string<br/>    })<br/>    metrics = object({<br/>      name        = string<br/>      port        = number<br/>      target_port = number<br/>      protocol    = string<br/>    })<br/>  })</pre> | <pre>{<br/>  "grpc": {<br/>    "name": "grpc",<br/>    "port": 50100,<br/>    "protocol": "TCP",<br/>    "target_port": 50100<br/>  },<br/>  "metrics": {<br/>    "name": "metrics",<br/>    "port": 9646,<br/>    "protocol": "TCP",<br/>    "target_port": 9646<br/>  },<br/>  "peer": {<br/>    "name": "peer",<br/>    "port": 50001,<br/>    "protocol": "TCP",<br/>    "target_port": 50001<br/>  }<br/>}</pre> | no |
@@ -58,6 +56,7 @@ No modules.
 | <a name="input_route_table_ids"></a> [route\_table\_ids](#input\_route\_table\_ids) | List of route table IDs to associate with the VPC interface endpoints | `list(string)` | `[]` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | List of security group IDs to associate with the VPC interface endpoints (Mode 2). Required if cluster\_name is not provided. | `list(string)` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs where the VPC interface endpoints will be created (Mode 2). Required if cluster\_name is not provided. | `list(string)` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to VPC interface endpoint resources | `map(string)` | `{}` | no |
 | <a name="input_testnet_supported_regions"></a> [testnet\_supported\_regions](#input\_testnet\_supported\_regions) | AWS regions supported by the VPC endpoint consumer for testnet | `list(string)` | <pre>[<br/>  "eu-west-1"<br/>]</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID where the VPC interface endpoints will be created (Mode 2). Required if cluster\_name is not provided. | `string` | `null` | no |
 
diff --git a/modules/vpc-endpoint-consumer/variables.tf b/modules/vpc-endpoint-consumer/variables.tf
@@ -19,7 +19,7 @@ variable "mainnet_supported_regions" {
   description = "AWS regions supported by the VPC endpoint consumer for mainnet"
   type        = list(string)
   # TODO: Update the list of supported regions
-  default     = ["eu-west-1"]
+  default = ["eu-west-1"]
 }
 
 variable "enable_region_validation" {
diff --git a/modules/vpc-endpoint-provider/README.md b/modules/vpc-endpoint-provider/README.md
@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 | <a name="provider_external"></a> [external](#provider\_external) | n/a |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
 
