fix: update Kubernetes namespace defaults to 'kms-decentralized'

examples/mpc-network-consumer/main.tf

@@ -4,10 +4,6 @@
 module "vpc_endpoint_consumer" {
   source = "git::https://github.com/zama-ai/terraform-mpc-modules.git//modules/vpc-endpoint-consumer?ref=v0.1.7"
 
-  # Network environment configuration
-  network_environment      = var.network_environment
-  enable_region_validation = var.enable_region_validation
-
   # Partner services configuration
   party_services = var.party_services
 
@@ -18,7 +14,6 @@ module "vpc_endpoint_consumer" {
   security_group_ids = var.security_group_ids
 
   # VPC Interface Endpoint configuration
-  endpoint_policy     = null
   private_dns_enabled = var.private_dns_enabled
   route_table_ids     = []
 

examples/mpc-network-consumer/terraform.tfvars.example

@@ -1,9 +1,5 @@
 # AWS Configuration
-aws_region         = "eu-west-1"
-enable_region_validation = false
-
-# Network Environment Configuration
-network_environment = "testnet"
+aws_region = "eu-west-1"
 
 # Cluster Configuration
 cluster_name = "zws-dev"

examples/mpc-network-consumer/variables.tf

@@ -1,15 +1,3 @@
-# Network Environment Configuration
-variable "network_environment" {
-  description = "MPC network environment that determines region constraints"
-  type        = string
-  default     = "testnet"
-
-  validation {
-    condition     = contains(["testnet", "mainnet"], var.network_environment)
-    error_message = "Network environment must be either 'testnet' or 'mainnet'."
-  }
-}
-
 variable "aws_region" {
   description = "AWS region where resources will be created"
   type        = string
@@ -22,12 +10,6 @@ variable "aws_profile" {
   default     = "token-zws-dev"
 }
 
-variable "enable_region_validation" {
-  type        = bool
-  description = "Whether to enable region validation"
-  default     = true
-}
-
 # MPC Cluster Configuration
 variable "cluster_name" {
   description = "Name of the MPC cluster"
@@ -38,7 +20,7 @@ variable "cluster_name" {
 variable "namespace" {
   description = "Kubernetes namespace for partner services"
   type        = string
-  default     = "mpc-partners"
+  default     = "kms-decentralized"
 }
 
 

examples/mpc-party/main.tf

@@ -7,8 +7,7 @@ module "mpc_party" {
   source = "git::https://github.com/zama-ai/terraform-mpc-modules.git//modules/mpc-party?ref=v0.1.7"
 
   # Network environment configuration
-  network_environment      = var.network_environment
-  enable_region_validation = var.enable_region_validation
+  network_environment = var.network_environment
 
   # Party configuration
   party_id      = var.party_id
@@ -77,33 +76,24 @@ module "mpc_party" {
   nitro_enclaves_override_memory_mib = var.nitro_enclaves_override_memory_mib
 
   # RDS Configuration
-  enable_rds                                = var.enable_rds
-  rds_db_name                               = var.rds_db_name
-  rds_create_monitoring_role                = var.rds_create_monitoring_role
-  rds_manage_master_user_password           = var.rds_manage_master_user_password
-  rds_username                              = var.rds_username
-  rds_engine                                = var.rds_engine
-  rds_engine_version                        = var.rds_engine_version
-  rds_instance_class                        = var.rds_instance_class
-  rds_allocated_storage                     = var.rds_allocated_storage
-  rds_max_allocated_storage                 = var.rds_max_allocated_storage
-  rds_multi_az                              = var.rds_multi_az
-  rds_backup_retention_period               = var.rds_backup_retention_period
-  rds_maintenance_window                    = var.rds_maintenance_window
-  rds_monitoring_interval                   = var.rds_monitoring_interval
-  rds_monitoring_role_arn                   = var.rds_monitoring_role_arn
-  rds_performance_insights_enabled          = var.rds_performance_insights_enabled
-  rds_performance_insights_kms_key_id       = var.rds_performance_insights_kms_key_id
-  rds_performance_insights_retention_period = var.rds_performance_insights_retention_period
-  rds_blue_green_update_enabled             = var.rds_blue_green_update_enabled
-  rds_parameters                            = var.rds_parameters
-  rds_snapshot_identifier                   = var.rds_snapshot_identifier
-  rds_final_snapshot_enabled                = var.rds_final_snapshot_enabled
-  rds_k8s_secret_name                       = var.rds_k8s_secret_name
-  rds_k8s_secret_namespace                  = var.rds_k8s_secret_namespace
-  rds_allowed_cidr_blocks                   = var.rds_allowed_cidr_blocks
-  rds_vpc_id                                = var.rds_vpc_id
-  rds_deletion_protection                   = var.rds_deletion_protection
+  enable_rds                  = var.enable_rds
+  rds_db_name                 = var.rds_db_name
+  rds_create_monitoring_role  = var.rds_create_monitoring_role
+  rds_username                = var.rds_username
+  rds_engine                  = var.rds_engine
+  rds_engine_version          = var.rds_engine_version
+  rds_instance_class          = var.rds_instance_class
+  rds_allocated_storage       = var.rds_allocated_storage
+  rds_max_allocated_storage   = var.rds_max_allocated_storage
+  rds_multi_az                = var.rds_multi_az
+  rds_backup_retention_period = var.rds_backup_retention_period
+  rds_maintenance_window      = var.rds_maintenance_window
+  rds_monitoring_interval     = var.rds_monitoring_interval
+  rds_monitoring_role_arn     = var.rds_monitoring_role_arn
+  rds_parameters              = var.rds_parameters
+  rds_allowed_cidr_blocks     = var.rds_allowed_cidr_blocks
+  rds_vpc_id                  = var.rds_vpc_id
+  rds_deletion_protection     = var.rds_deletion_protection
 
   # Tagging
   common_tags = merge(var.additional_tags, {

examples/mpc-party/terraform.tfvars.example

@@ -2,8 +2,7 @@
 network_environment = "testnet"
 
 # AWS Configuration
-aws_region               = "eu-west-1"
-enable_region_validation = false
+aws_region = "eu-west-1"
 
 # MPC Party Configuration
 party_id = 1
@@ -37,10 +36,8 @@ additional_tags = {
 
 # RDS Configuration
 enable_rds              = true
-rds_prefix              = "zama" # Use your organization prefix here
 rds_db_name             = "kmsconnector"
 rds_username            = "kmsconnector"
-rds_enable_master_password_rotation = true # To change to 'false' on second apply only (there is a bug when initializing the value to 'false')
 rds_deletion_protection = false # Allow deletion of RDS instance
 
 # Node Group Configuration

examples/mpc-party/variables.tf

@@ -22,12 +22,6 @@ variable "aws_profile" {
   default     = "token-zws-dev"
 }
 
-variable "enable_region_validation" {
-  type        = bool
-  description = "Whether to enable region validation"
-  default     = true
-}
-
 # MPC Party Configuration
 variable "party_id" {
   description = "Party ID for the MPC service"
@@ -82,7 +76,7 @@ variable "cluster_name" {
 variable "namespace" {
   description = "Kubernetes namespace for MPC party resources"
   type        = string
-  default     = "mpc-party"
+  default     = "kms-decentralized"
 }
 
 variable "service_account_name" {
@@ -286,12 +280,6 @@ variable "rds_username" {
   default     = "kmsconnector"
 }
 
-variable "rds_manage_master_user_password" {
-  description = "Whether to manage the master user password"
-  type        = bool
-  default     = false
-}
-
 variable "rds_engine" {
   description = "Engine for the RDS database"
   type        = string
@@ -358,30 +346,6 @@ variable "rds_monitoring_role_arn" {
   default     = null
 }
 
-variable "rds_performance_insights_enabled" {
-  description = "Whether to enable performance insights for the RDS database"
-  type        = bool
-  default     = false
-}
-
-variable "rds_performance_insights_kms_key_id" {
-  description = "KMS key ID for performance insights"
-  type        = string
-  default     = null
-}
-
-variable "rds_performance_insights_retention_period" {
-  description = "Retention period for performance insights"
-  type        = number
-  default     = 7
-}
-
-variable "rds_blue_green_update_enabled" {
-  description = "Whether to enable blue-green update for the RDS database"
-  type        = bool
-  default     = false
-}
-
 variable "use_eks_cluster_authentication" {
   description = "Whether to use EKS cluster authentication"
   type        = bool
@@ -394,30 +358,6 @@ variable "rds_parameters" {
   default     = []
 }
 
-variable "rds_snapshot_identifier" {
-  description = "Snapshot identifier for the RDS database"
-  type        = string
-  default     = null
-}
-
-variable "rds_final_snapshot_enabled" {
-  description = "Whether to enable final snapshot for the RDS database"
-  type        = bool
-  default     = false
-}
-
-variable "rds_k8s_secret_name" {
-  description = "Name of the Kubernetes secret for the RDS database"
-  type        = string
-  default     = "rds-credentials"
-}
-
-variable "rds_k8s_secret_namespace" {
-  description = "Namespace of the Kubernetes secret for the RDS database"
-  type        = string
-  default     = "mpc-party"
-}
-
 variable "rds_allowed_cidr_blocks" {
   description = "Allowed CIDR blocks for the RDS database"
   type        = list(string)

modules/mpc-party/README.md

@@ -352,7 +352,7 @@ The module can optionally create:
 | <a name="input_create_nodegroup"></a> [create\_nodegroup](#input\_create\_nodegroup) | Whether to create an EKS managed node group | `bool` | `false` | no |
 | <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | Whether to create the Kubernetes service account (should be false when using IRSA as IRSA creates it) | `bool` | `true` | no |
 | <a name="input_enable_rds"></a> [enable\_rds](#input\_enable\_rds) | Whether to create the RDS instance | `bool` | `true` | no |
-| <a name="input_k8s_namespace"></a> [k8s\_namespace](#input\_k8s\_namespace) | The Kubernetes namespace for MPC party resources | `string` | n/a | yes |
+| <a name="input_k8s_namespace"></a> [k8s\_namespace](#input\_k8s\_namespace) | The Kubernetes namespace for MPC party resources | `string` | `"kms-decentralized"` | no |
 | <a name="input_k8s_service_account_name"></a> [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The name of the Kubernetes service account for MPC party | `string` | n/a | yes |
 | <a name="input_kms_backup_external_role_arn"></a> [kms\_backup\_external\_role\_arn](#input\_kms\_backup\_external\_role\_arn) | ARN of the backup vault for the KMS key | `string` | `null` | no |
 | <a name="input_kms_backup_vault_customer_master_key_spec"></a> [kms\_backup\_vault\_customer\_master\_key\_spec](#input\_kms\_backup\_vault\_customer\_master\_key\_spec) | Key spec for the backup vault | `string` | `"ASYMMETRIC_DEFAULT"` | no |

modules/mpc-party/variables.tf

@@ -44,6 +44,7 @@ variable "cluster_name" {
 variable "k8s_namespace" {
   type        = string
   description = "The Kubernetes namespace for MPC party resources"
+  default     = "kms-decentralized"
 }
 
 variable "create_namespace" {

modules/vpc-endpoint-consumer/README.md

@@ -44,7 +44,7 @@ No modules.
 | <a name="input_endpoint_create_timeout"></a> [endpoint\_create\_timeout](#input\_endpoint\_create\_timeout) | Timeout for creating VPC interface endpoints | `string` | `"10m"` | no |
 | <a name="input_endpoint_delete_timeout"></a> [endpoint\_delete\_timeout](#input\_endpoint\_delete\_timeout) | Timeout for deleting VPC interface endpoints | `string` | `"10m"` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix for naming VPC interface endpoint resources | `string` | `"mpc-partner"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace where partner services will be created | `string` | `"mpc-partners"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace where partner services will be created | `string` | `"kms-decentralized"` | no |
 | <a name="input_party_services"></a> [party\_services](#input\_party\_services) | List of partner MPC services to connect to via VPC interface endpoints | <pre>list(object({<br/>    name                      = string<br/>    region                    = string<br/>    party_id                  = string<br/>    account_id                = optional(string, null)<br/>    partner_name              = optional(string, null)<br/>    vpc_endpoint_service_name = string<br/>    ports = optional(list(object({<br/>      name        = string<br/>      port        = number<br/>      target_port = number<br/>      protocol    = string<br/>    })), null)<br/>    availability_zones  = optional(list(string), null)<br/>    create_kube_service = optional(bool, true)<br/>    kube_service_config = optional(object({<br/>      additional_annotations = optional(map(string), {})<br/>      labels                 = optional(map(string), {})<br/>      session_affinity       = optional(string, "None")<br/>    }), {})<br/>  }))</pre> | n/a | yes |
 | <a name="input_private_dns_enabled"></a> [private\_dns\_enabled](#input\_private\_dns\_enabled) | Whether to enable private DNS for the VPC interface endpoints | `bool` | `false` | no |
 | <a name="input_private_zone_id"></a> [private\_zone\_id](#input\_private\_zone\_id) | Route53 private hosted zone ID for custom DNS records | `string` | `""` | no |

modules/vpc-endpoint-consumer/variables.tf

@@ -102,7 +102,7 @@ variable "endpoint_delete_timeout" {
 variable "namespace" {
   description = "Kubernetes namespace where partner services will be created"
   type        = string
-  default     = "mpc-partners"
+  default     = "kms-decentralized"
 }
 
 variable "create_namespace" {

modules/vpc-endpoint-provider/README.md

@@ -46,7 +46,7 @@ No modules.
 | <a name="input_enable_region_validation"></a> [enable\_region\_validation](#input\_enable\_region\_validation) | Whether to enable region validation | `bool` | `true` | no |
 | <a name="input_kubernetes_nlb_extra_labels"></a> [kubernetes\_nlb\_extra\_labels](#input\_kubernetes\_nlb\_extra\_labels) | Extra labels to add to the Kubernetes NLB | `map(string)` | `{}` | no |
 | <a name="input_mainnet_supported_regions"></a> [mainnet\_supported\_regions](#input\_mainnet\_supported\_regions) | AWS regions supported by the VPC endpoint service for mainnet | `list(string)` | <pre>[<br/>  "eu-west-1"<br/>]</pre> | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace where MPC services will be deployed | `string` | `"mpc-cluster"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace where MPC services will be deployed | `string` | `"kms-decentralized"` | no |
 | <a name="input_network_environment"></a> [network\_environment](#input\_network\_environment) | MPC network environment that determines region constraints | `string` | `"testnet"` | no |
 | <a name="input_partner_name"></a> [partner\_name](#input\_partner\_name) | Partner name for the MPC service | `string` | n/a | yes |
 | <a name="input_party_id"></a> [party\_id](#input\_party\_id) | Party ID for the MPC service | `string` | n/a | yes |

modules/vpc-endpoint-provider/variables.tf

@@ -54,7 +54,7 @@ variable "tags" {
 variable "namespace" {
   description = "Kubernetes namespace where MPC services will be deployed"
   type        = string
-  default     = "mpc-cluster"
+  default     = "kms-decentralized"
 }
 
 variable "create_namespace" {