Support map users and roles to multiple groups (#424)

* Support map users and roles to multiple groups * Simplify code by rename `user_arn` to `userarn`, `role_arn` to `rolearn` * Next version should be 6.x because PR this is a breaking change. * Update example variables.tf * Change indent to 2 * Fix map-aws-auth.yaml maybe invalid yaml.
2026-01-19 01:57:35 +01:00 · 2019-08-19 22:15:01 +08:00
parent b8b3b5820e
commit 8580b67813
8 changed files with 42 additions and 66 deletions
--- a/examples/basic/variables.tf
+++ b/examples/basic/variables.tf
@@ -14,31 +14,39 @@ variable "map_accounts" {

 variable "map_roles" {
  description = "Additional IAM roles to add to the aws-auth configmap."
-  type        = list(map(string))
+  type = list(object({
+    rolearn  = string
+    username = string
+    groups   = list(string)
+  }))

  default = [
    {
-      role_arn = "arn:aws:iam::66666666666:role/role1"
+      rolearn  = "arn:aws:iam::66666666666:role/role1"
      username = "role1"
-      group    = "system:masters"
+      groups   = ["system:masters"]
    },
  ]
 }

 variable "map_users" {
  description = "Additional IAM users to add to the aws-auth configmap."
-  type        = list(map(string))
+  type = list(object({
+    userarn  = string
+    username = string
+    groups   = list(string)
+  }))

  default = [
    {
-      user_arn = "arn:aws:iam::66666666666:user/user1"
+      userarn  = "arn:aws:iam::66666666666:user/user1"
      username = "user1"
-      group    = "system:masters"
+      groups   = ["system:masters"]
    },
    {
-      user_arn = "arn:aws:iam::66666666666:user/user2"
+      userarn  = "arn:aws:iam::66666666666:user/user2"
      username = "user2"
-      group    = "system:masters"
+      groups   = ["system:masters"]
    },
  ]
 }