From 3feb36927f92fb72ab0cfc25a3ab67465872f4bf Mon Sep 17 00:00:00 2001 From: Chris Sng Date: Thu, 2 Jun 2022 21:12:31 +0900 Subject: [PATCH] feat: Apply `distinct()` on role arns to ensure no duplicated roles in aws-auth configmap (#2097) --- main.tf | 42 +++++++++++++++++++++++++++--------------- outputs.tf | 8 ++++---- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/main.tf b/main.tf index da4edb61b7..9dad2cceee 100644 --- a/main.tf +++ b/main.tf @@ -356,21 +356,33 @@ resource "aws_eks_identity_provider_config" "this" { ################################################################################ locals { - node_iam_role_arns_non_windows = compact(concat( - [for group in module.eks_managed_node_group : group.iam_role_arn], - [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"], - var.aws_auth_node_iam_role_arns_non_windows, - )) - - node_iam_role_arns_windows = compact(concat( - [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"], - var.aws_auth_node_iam_role_arns_windows, - )) - - fargate_profile_pod_execution_role_arns = compact(concat( - [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn], - var.aws_auth_fargate_profile_pod_execution_role_arns, - )) + node_iam_role_arns_non_windows = distinct( + compact( + concat( + [for group in module.eks_managed_node_group : group.iam_role_arn], + [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"], + var.aws_auth_node_iam_role_arns_non_windows, + ) + ) + ) + + node_iam_role_arns_windows = distinct( + compact( + concat( + [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"], + var.aws_auth_node_iam_role_arns_windows, + ) + ) + ) + + fargate_profile_pod_execution_role_arns = distinct( + compact( + concat( + [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn], + var.aws_auth_fargate_profile_pod_execution_role_arns, + ) + ) + ) aws_auth_configmap_data = { mapRoles = yamlencode(concat( diff --git a/outputs.tf b/outputs.tf index 7a06218d03..1245e43777 100644 --- a/outputs.tf +++ b/outputs.tf @@ -185,10 +185,10 @@ output "aws_auth_configmap_yaml" { description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles" value = templatefile("${path.module}/templates/aws_auth_cm.tpl", { - eks_managed_role_arns = compact([for group in module.eks_managed_node_group : group.iam_role_arn]) - self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]) - win32_self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]) - fargate_profile_pod_execution_role_arns = compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]) + eks_managed_role_arns = distinct(compact([for group in module.eks_managed_node_group : group.iam_role_arn])) + self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"])) + win32_self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"])) + fargate_profile_pod_execution_role_arns = distinct(compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn])) } ) }