From 552795dad704594f9a07eca0d8b7b815b9a68f0f Mon Sep 17 00:00:00 2001
From: Devin Young <devin.young@keends.com>
Date: Thu, 6 Jan 2022 12:36:22 -0500
Subject: [PATCH] feat: Add name prefix variables to override name prefixes for
 cluster security group and cluster iam role

---
 README.md    |  6 ++++--
 main.tf      |  4 ++--
 variables.tf | 16 ++++++++++++++--
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index b519f589337..3c0f8669312 100644
--- a/README.md
+++ b/README.md
@@ -699,8 +699,9 @@ Full contributing [guidelines are covered here](https://github.com/terraform-aws
 | <a name="input_cluster_security_group_description"></a> [cluster\_security\_group\_description](#input\_cluster\_security\_group\_description) | Description of the cluster security group created | `string` | `"EKS cluster security group"` | no |
 | <a name="input_cluster_security_group_id"></a> [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | `string` | `""` | no |
 | <a name="input_cluster_security_group_name"></a> [cluster\_security\_group\_name](#input\_cluster\_security\_group\_name) | Name to use on cluster security group created | `string` | `null` | no |
+| <a name="input_cluster_security_group_name_prefix"></a> [cluster\_security\_group\_name\_prefix](#input\_cluster\_security\_group\_name\_prefix) | Name prefix to use on cluster security group created. Overrides `cluster_security_group_name` if `cluster_security_group_use_name_prefix` is set to `true` | `string` | `null` | no |
 | <a name="input_cluster_security_group_tags"></a> [cluster\_security\_group\_tags](#input\_cluster\_security\_group\_tags) | A map of additional tags to add to the cluster security group created | `map(string)` | `{}` | no |
-| <a name="input_cluster_security_group_use_name_prefix"></a> [cluster\_security\_group\_use\_name\_prefix](#input\_cluster\_security\_group\_use\_name\_prefix) | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | `string` | `true` | no |
+| <a name="input_cluster_security_group_use_name_prefix"></a> [cluster\_security\_group\_use\_name\_prefix](#input\_cluster\_security\_group\_use\_name\_prefix) | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix. | `string` | `true` | no |
 | <a name="input_cluster_service_ipv4_cidr"></a> [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
 | <a name="input_cluster_tags"></a> [cluster\_tags](#input\_cluster\_tags) | A map of additional tags to add to the cluster | `map(string)` | `{}` | no |
 | <a name="input_cluster_timeouts"></a> [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no |
@@ -719,10 +720,11 @@ Full contributing [guidelines are covered here](https://github.com/terraform-aws
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | `string` | `null` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |
+| <a name="input_iam_role_name_prefix"></a> [iam\_role\_name\_prefix](#input\_iam\_role\_name\_prefix) | Name prefix to use on IAM role created. Overrides `iam_role_name` if `iam_role_use_name_prefix` is set to `true` | `string` | `null` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Cluster IAM role path | `string` | `null` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
 | <a name="input_iam_role_tags"></a> [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role created | `map(string)` | `{}` | no |
-| <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | `string` | `true` | no |
+| <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix. | `string` | `true` | no |
 | <a name="input_node_security_group_additional_rules"></a> [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | List of additional security group rules to add to the node security group created | `map(any)` | `{}` | no |
 | <a name="input_node_security_group_description"></a> [node\_security\_group\_description](#input\_node\_security\_group\_description) | Description of the node security group created | `string` | `"EKS node shared security group"` | no |
 | <a name="input_node_security_group_id"></a> [node\_security\_group\_id](#input\_node\_security\_group\_id) | ID of an existing security group to attach to the node groups created | `string` | `""` | no |
diff --git a/main.tf b/main.tf
index 4817f960471..8f66490a103 100644
--- a/main.tf
+++ b/main.tf
@@ -107,7 +107,7 @@ resource "aws_security_group" "cluster" {
   count = local.create_cluster_sg ? 1 : 0
 
   name        = var.cluster_security_group_use_name_prefix ? null : local.cluster_sg_name
-  name_prefix = var.cluster_security_group_use_name_prefix ? "${local.cluster_sg_name}-" : null
+  name_prefix = var.cluster_security_group_use_name_prefix ? coalesce(var.cluster_security_group_name_prefix, "${local.cluster_sg_name}-") : null
   description = var.cluster_security_group_description
   vpc_id      = var.vpc_id
 
@@ -191,7 +191,7 @@ resource "aws_iam_role" "this" {
   count = var.create && var.create_iam_role ? 1 : 0
 
   name        = var.iam_role_use_name_prefix ? null : local.iam_role_name
-  name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
+  name_prefix = var.iam_role_use_name_prefix ? coalesce(var.iam_role_name_prefix, "${local.iam_role_name}-") : null
   path        = var.iam_role_path
   description = var.iam_role_description
 
diff --git a/variables.tf b/variables.tf
index 6c69760d52c..3d668773e4a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -139,8 +139,14 @@ variable "cluster_security_group_name" {
   default     = null
 }
 
+variable "cluster_security_group_name_prefix" {
+  description = "Name prefix to use on cluster security group created. Overrides `cluster_security_group_name` if `cluster_security_group_use_name_prefix` is set to `true`"
+  type        = string
+  default     = null
+}
+
 variable "cluster_security_group_use_name_prefix" {
-  description = "Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix"
+  description = "Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix."
   type        = string
   default     = true
 }
@@ -247,8 +253,14 @@ variable "iam_role_name" {
   default     = null
 }
 
+variable "iam_role_name_prefix" {
+  description = "Name prefix to use on IAM role created. Overrides `iam_role_name` if `iam_role_use_name_prefix` is set to `true`"
+  type        = string
+  default     = null
+}
+
 variable "iam_role_use_name_prefix" {
-  description = "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
+  description = "Determines whether the IAM role name (`iam_role_name`) is used as a prefix."
   type        = string
   default     = true
 }