feat: Apply distinct() on role arns to ensure no duplicated roles in aws-auth configmap (#2097)

2026-01-17 00:57:28 +01:00 · 2022-06-02 21:12:31 +09:00
parent 7d3c714c51
commit 3feb36927f
2 changed files with 29 additions and 17 deletions
--- a/main.tf
+++ b/main.tf
@@ -356,21 +356,33 @@ resource "aws_eks_identity_provider_config" "this" {
 ################################################################################

 locals {
-  node_iam_role_arns_non_windows = compact(concat(
-    [for group in module.eks_managed_node_group : group.iam_role_arn],
-    [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
-    var.aws_auth_node_iam_role_arns_non_windows,
-  ))
+  node_iam_role_arns_non_windows = distinct(
+    compact(
+      concat(
+        [for group in module.eks_managed_node_group : group.iam_role_arn],
+        [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
+        var.aws_auth_node_iam_role_arns_non_windows,
+      )
+    )
+  )

-  node_iam_role_arns_windows = compact(concat(
-    [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
-    var.aws_auth_node_iam_role_arns_windows,
-  ))
+  node_iam_role_arns_windows = distinct(
+    compact(
+      concat(
+        [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
+        var.aws_auth_node_iam_role_arns_windows,
+      )
+    )
+  )

-  fargate_profile_pod_execution_role_arns = compact(concat(
-    [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
-    var.aws_auth_fargate_profile_pod_execution_role_arns,
-  ))
+  fargate_profile_pod_execution_role_arns = distinct(
+    compact(
+      concat(
+        [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
+        var.aws_auth_fargate_profile_pod_execution_role_arns,
+      )
+    )
+  )

  aws_auth_configmap_data = {
    mapRoles = yamlencode(concat(
--- a/outputs.tf
+++ b/outputs.tf
@@ -185,10 +185,10 @@ output "aws_auth_configmap_yaml" {
  description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
  value = templatefile("${path.module}/templates/aws_auth_cm.tpl",
    {
-      eks_managed_role_arns                   = compact([for group in module.eks_managed_node_group : group.iam_role_arn])
-      self_managed_role_arns                  = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"])
-      win32_self_managed_role_arns            = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"])
-      fargate_profile_pod_execution_role_arns = compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn])
+      eks_managed_role_arns                   = distinct(compact([for group in module.eks_managed_node_group : group.iam_role_arn]))
+      self_managed_role_arns                  = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]))
+      win32_self_managed_role_arns            = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]))
+      fargate_profile_pod_execution_role_arns = distinct(compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]))
    }
  )
 }