Skip to content

Commit

Permalink
feat: Apply distinct() on role arns to ensure no duplicated roles i…
Browse files Browse the repository at this point in the history 
…n aws-auth configmap (#2097)
  • Loading branch information
@chrissng
chrissng authored Jun 2, 2022
1 parent 7d3c714 commit 3feb369
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 19 deletions.
42 changes: 27 additions & 15 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,21 +356,33 @@ resource "aws_eks_identity_provider_config" "this" {
################################################################################

locals {
node_iam_role_arns_non_windows = compact(concat(
[for group in module.eks_managed_node_group : group.iam_role_arn],
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
var.aws_auth_node_iam_role_arns_non_windows,
))

node_iam_role_arns_windows = compact(concat(
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
var.aws_auth_node_iam_role_arns_windows,
))

fargate_profile_pod_execution_role_arns = compact(concat(
[for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
var.aws_auth_fargate_profile_pod_execution_role_arns,
))
node_iam_role_arns_non_windows = distinct(
compact(
concat(
[for group in module.eks_managed_node_group : group.iam_role_arn],
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
var.aws_auth_node_iam_role_arns_non_windows,
)
)
)

node_iam_role_arns_windows = distinct(
compact(
concat(
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
var.aws_auth_node_iam_role_arns_windows,
)
)
)

fargate_profile_pod_execution_role_arns = distinct(
compact(
concat(
[for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
var.aws_auth_fargate_profile_pod_execution_role_arns,
)
)
)

aws_auth_configmap_data = {
mapRoles = yamlencode(concat(
Expand Down
8 changes: 4 additions & 4 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,10 +185,10 @@ output "aws_auth_configmap_yaml" {
description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
value = templatefile("${path.module}/templates/aws_auth_cm.tpl",
{
eks_managed_role_arns = compact([for group in module.eks_managed_node_group : group.iam_role_arn])
self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"])
win32_self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"])
fargate_profile_pod_execution_role_arns = compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn])
eks_managed_role_arns = distinct(compact([for group in module.eks_managed_node_group : group.iam_role_arn]))
self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]))
win32_self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]))
fargate_profile_pod_execution_role_arns = distinct(compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]))
}
)
}

0 comments on commit 3feb369

Please sign in to comment.