chore: Update client_id_list argument for OIDC provider (#1561)

2026-01-16 16:47:20 +01:00 · 2021-09-02 12:39:39 +03:00
parent 979d62d9b8
commit 19ce95d7b6
2 changed files with 4 additions and 3 deletions
--- a/irsa.tf
+++ b/irsa.tf
@@ -9,7 +9,7 @@

 resource "aws_iam_openid_connect_provider" "oidc_provider" {
  count           = var.enable_irsa && var.create_eks ? 1 : 0
-  client_id_list  = local.sts_principal
+  client_id_list  = local.client_id_list
  thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
  url             = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]

--- a/local.tf
+++ b/local.tf
@@ -43,8 +43,9 @@ locals {
    var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${tonumber(var.cluster_version) >= 1.14 ? var.cluster_version : 1.14}-*"
  )

-  ec2_principal = "ec2.${data.aws_partition.current.dns_suffix}"
-  sts_principal = compact(concat(["sts.${data.aws_partition.current.dns_suffix}"], var.openid_connect_audiences))
+  ec2_principal  = "ec2.${data.aws_partition.current.dns_suffix}"
+  sts_principal  = "sts.${data.aws_partition.current.dns_suffix}"
+  client_id_list = distinct(compact(concat([local.sts_principal], var.openid_connect_audiences)))

  policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
  workers_group_defaults_defaults = {