github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-17 17:22:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Apply distinct() on role arns to ensure no duplicated roles in aws-auth configmap (#2097)

Browse Source
This commit is contained in:
Chris Sng
2022-06-02 21:12:31 +09:00
committed by GitHub
parent 7d3c714c51
commit 3feb36927f
2 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
main.tf
View File

@@ -356,21 +356,33 @@ resource "aws_eks_identity_provider_config" "this" {
################################################################################ ################################################################################
locals { locals {
node_iam_role_arns_non_windows = compact(concat( node_iam_role_arns_non_windows = distinct(
[for group in module.eks_managed_node_group : group.iam_role_arn], compact(
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"], concat(
var.aws_auth_node_iam_role_arns_non_windows, [for group in module.eks_managed_node_group : group.iam_role_arn],
)) [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"],
var.aws_auth_node_iam_role_arns_non_windows,
)
)
)
node_iam_role_arns_windows = compact(concat( node_iam_role_arns_windows = distinct(
[for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"], compact(
var.aws_auth_node_iam_role_arns_windows, concat(
)) [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"],
var.aws_auth_node_iam_role_arns_windows,
)
)
)
fargate_profile_pod_execution_role_arns = compact(concat( fargate_profile_pod_execution_role_arns = distinct(
[for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn], compact(
var.aws_auth_fargate_profile_pod_execution_role_arns, concat(
)) [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn],
var.aws_auth_fargate_profile_pod_execution_role_arns,
)
)
)
aws_auth_configmap_data = { aws_auth_configmap_data = {
mapRoles = yamlencode(concat( mapRoles = yamlencode(concat(

8
outputs.tf
View File

@@ -185,10 +185,10 @@ output "aws_auth_configmap_yaml" {
description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles" description = "[DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
value = templatefile("${path.module}/templates/aws_auth_cm.tpl", value = templatefile("${path.module}/templates/aws_auth_cm.tpl",
{ {
eks_managed_role_arns = compact([for group in module.eks_managed_node_group : group.iam_role_arn]) eks_managed_role_arns = distinct(compact([for group in module.eks_managed_node_group : group.iam_role_arn]))
self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]) self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]))
win32_self_managed_role_arns = compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]) win32_self_managed_role_arns = distinct(compact([for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]))
fargate_profile_pod_execution_role_arns = compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]) fargate_profile_pod_execution_role_arns = distinct(compact([for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]))
} }
) )
} }