From 2f1cc22cf12a8898df115c3b19e1cbefb8272e2d Mon Sep 17 00:00:00 2001
From: Oleg Avdeev <oleg@outerbounds.co>
Date: Tue, 15 Mar 2022 18:46:29 -0700
Subject: [PATCH] make UI optional (#8)

---
 README.md                   | 64 +++++++++++++++++++++++++++++++++++--
 examples/minimal_example.tf | 61 +++++++++++++++++++++++++++++++++++
 main.tf                     |  1 +
 outputs.tf                  |  2 +-
 variables.tf                |  3 +-
 5 files changed, 127 insertions(+), 4 deletions(-)
 create mode 100644 examples/minimal_example.tf

diff --git a/README.md b/README.md
index 61c9f93..e4fbca4 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,67 @@ This module consists of submodules that can be used separately as well:
 
 You can either use this high-level module, or submodules individually. See each module's corresponding `README.md` for more details.
 
-You can find a complete example that uses this module but also includes setting up VPC and other non-Metaflow-specific parts of infra [in this repo](https://github.com/outerbounds/metaflow-tools/tree/master/aws/terraform).
+Here's a minimal end-to-end example of using this module with VPC:
+```terraform
+# Random suffix for this deployment
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+  upper = false
+}
+
+locals {
+  resource_prefix = "metaflow"
+  resource_suffix = random_string.suffix.result
+}
+
+data "aws_availability_zones" "available" {
+}
+
+# VPC infra using https://github.com/terraform-aws-modules/terraform-aws-vpc
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  version = "3.13.0"
+
+  name = "${local.resource_prefix}-${local.resource_suffix}"
+  cidr = "10.10.0.0/16"
+
+  azs             = data.aws_availability_zones.available.names
+  private_subnets = ["10.10.8.0/21", "10.10.16.0/21", "10.10.24.0/21"]
+  public_subnets  = ["10.10.128.0/21", "10.10.136.0/21", "10.10.144.0/21"]
+
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+}
+
+
+module "metaflow" {
+  source = "outerbounds/metaflow/aws"
+  version = "0.3.0"
+
+  resource_prefix = local.resource_prefix
+  resource_suffix = local.resource_suffix
+
+  enable_step_functions = false
+  subnet1_id            = module.vpc.public_subnets[0]
+  subnet2_id            = module.vpc.public_subnets[1]
+  vpc_cidr_block        = module.vpc.vpc_cidr_block
+  vpc_id                = module.vpc.vpc_id
+
+  tags = {
+      "managedBy" = "terraform"
+  }
+}
+
+# The module will generate a Metaflow config in JSON format, write it to a file
+resource "local_file" "metaflow_config" {
+  content  = module.metaflow.metaflow_profile_json
+  filename = "./metaflow_profile.json"
+}
+```
+
+You can find a more complete example that uses this module but also includes setting up sagemaker notebooks and other non-Metaflow-specific parts of infra [in this repo](https://github.com/outerbounds/metaflow-tools/tree/master/aws/terraform).
 
 <!-- BEGIN_TF_DOCS -->
 ## Modules
@@ -52,7 +112,7 @@ You can find a complete example that uses this module but also includes setting
 | <a name="input_subnet1_id"></a> [subnet1\_id](#input\_subnet1\_id) | First subnet used for availability zone redundancy | `string` | n/a | yes |
 | <a name="input_subnet2_id"></a> [subnet2\_id](#input\_subnet2\_id) | Second subnet used for availability zone redundancy | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | aws tags | `map(string)` | n/a | yes |
-| <a name="input_ui_certificate_arn"></a> [ui\_certificate\_arn](#input\_ui\_certificate\_arn) | SSL certificate for UI | `string` | n/a | yes |
+| <a name="input_ui_certificate_arn"></a> [ui\_certificate\_arn](#input\_ui\_certificate\_arn) | SSL certificate for UI. If set to empty string, UI is disabled. | `string` | `""` | no |
 | <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | The VPC CIDR block that we'll access list on our Metadata Service API to allow all internal communications | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The id of the single VPC we stood up for all Metaflow resources to exist in. | `string` | n/a | yes |
 
diff --git a/examples/minimal_example.tf b/examples/minimal_example.tf
new file mode 100644
index 0000000..d73859c
--- /dev/null
+++ b/examples/minimal_example.tf
@@ -0,0 +1,61 @@
+###############################################################################
+# An example using this module to set up a minimal deployment Metaflow
+# with AWS Batch support, without the UI.
+###############################################################################
+
+# Random suffix for this deployment
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+  upper = false
+}
+
+locals {
+  resource_prefix = "metaflow"
+  resource_suffix = random_string.suffix.result
+}
+
+data "aws_availability_zones" "available" {
+}
+
+# VPC infra using https://github.com/terraform-aws-modules/terraform-aws-vpc
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  version = "3.13.0"
+
+  name = "${local.resource_prefix}-${local.resource_suffix}"
+  cidr = "10.10.0.0/16"
+
+  azs             = data.aws_availability_zones.available.names
+  private_subnets = ["10.10.8.0/21", "10.10.16.0/21", "10.10.24.0/21"]
+  public_subnets  = ["10.10.128.0/21", "10.10.136.0/21", "10.10.144.0/21"]
+
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+}
+
+
+module "metaflow" {
+  source = "outerbounds/metaflow/aws"
+  version = "0.3.0"
+
+  resource_prefix = local.resource_prefix
+  resource_suffix = local.resource_suffix
+
+  enable_step_functions = false
+  subnet1_id            = module.vpc.public_subnets[0]
+  subnet2_id            = module.vpc.public_subnets[1]
+  vpc_cidr_block        = module.vpc.vpc_cidr_block
+  vpc_id                = module.vpc.vpc_id
+
+  tags = {
+      "managedBy" = "terraform"
+  }
+}
+
+# The module will generate a Metaflow config in JSON format, write it to a file
+resource "local_file" "metaflow_config" {
+  content  = module.metaflow.metaflow_profile_json
+  filename = "./metaflow_profile.json"
+}
diff --git a/main.tf b/main.tf
index fce99a3..3726cf9 100644
--- a/main.tf
+++ b/main.tf
@@ -40,6 +40,7 @@ module "metaflow-metadata-service" {
 
 module "metaflow-ui" {
   source = "./modules/ui"
+  count = var.ui_certificate_arn == "" ? 0 : 1
 
   resource_prefix = local.resource_prefix
   resource_suffix = local.resource_suffix
diff --git a/outputs.tf b/outputs.tf
index 1454ef2..b5caf40 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -115,6 +115,6 @@ output "migration_function_arn" {
 }
 
 output "ui_alb_dns_name" {
-  value = module.metaflow-ui.alb_dns_name
+  value = (length(module.metaflow-ui) > 0) ? module.metaflow-ui[0].alb_dns_name : ""
   description = "UI ALB DNS name"
 }
diff --git a/variables.tf b/variables.tf
index dfbbd89..5c01bdb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -102,7 +102,8 @@ variable "vpc_id" {
 
 variable "ui_certificate_arn" {
   type        = string
-  description = "SSL certificate for UI"
+  default     = ""
+  description = "SSL certificate for UI. If set to empty string, UI is disabled. "
 }
 
 variable "extra_ui_backend_env_vars" {