github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-04-01 06:53:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Support map users and roles to multiple groups (#424)

Browse Source 
* Support map users and roles to multiple groups

* Simplify code by rename `user_arn` to `userarn`, `role_arn` to `rolearn`

* Next version should be 6.x because PR this is a breaking change.

* Update example variables.tf

* Change indent to 2

* Fix map-aws-auth.yaml maybe invalid yaml.
This commit is contained in:
刘相轩
2019-08-19 22:15:01 +08:00
committed by Max Williams
parent b8b3b5820e
commit 8580b67813
8 changed files with 42 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -7,7 +7,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
## Next release ## Next release
## [[v5.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.1.0...HEAD)] - 2019-08-??] ## [[v6.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.1.0...HEAD)] - 2019-08-??]
### Added ### Added
@@ -19,6 +19,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
### Changed ### Changed
- Support map users and roles to multiple groups (by @nauxliu)
- Fixed errors sometimes happening during destroy due to usage of coalesce() in local.tf (by @petrikero) - Fixed errors sometimes happening during destroy due to usage of coalesce() in local.tf (by @petrikero)
- Write your awesome change here (by @you) - Write your awesome change here (by @you)

44
aws_auth.tf
View File

@@ -95,46 +95,8 @@ data "template_file" "config_map_aws_auth" {
), ),
), ),
) )
map_users = join("", data.template_file.map_users.*.rendered) map_users = yamlencode(var.map_users),
map_roles = join("", data.template_file.map_roles.*.rendered) map_roles = yamlencode(var.map_roles),
map_accounts = join("", data.template_file.map_accounts.*.rendered) map_accounts = yamlencode(var.map_accounts)
} }
} }
data "template_file" "map_users" {
count = length(var.map_users)
template = file(
"${path.module}/templates/config-map-aws-auth-map_users.yaml.tpl",
)
vars = {
user_arn = var.map_users[count.index]["user_arn"]
username = var.map_users[count.index]["username"]
group = var.map_users[count.index]["group"]
}
}
data "template_file" "map_roles" {
count = length(var.map_roles)
template = file(
"${path.module}/templates/config-map-aws-auth-map_roles.yaml.tpl",
)
vars = {
role_arn = var.map_roles[count.index]["role_arn"]
username = var.map_roles[count.index]["username"]
group = var.map_roles[count.index]["group"]
}
}
data "template_file" "map_accounts" {
count = length(var.map_accounts)
template = file(
"${path.module}/templates/config-map-aws-auth-map_accounts.yaml.tpl",
)
vars = {
account_number = var.map_accounts[count.index]
}
}

24
examples/basic/variables.tf
View File

@@ -14,31 +14,39 @@ variable "map_accounts" {
variable "map_roles" { variable "map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap." description = "Additional IAM roles to add to the aws-auth configmap."
type = list(map(string)) type = list(object({
rolearn = string
username = string
groups = list(string)
}))
default = [ default = [
{ {
role_arn = "arn:aws:iam::66666666666:role/role1" rolearn = "arn:aws:iam::66666666666:role/role1"
username = "role1" username = "role1"
group = "system:masters" groups = ["system:masters"]
}, },
] ]
} }
variable "map_users" { variable "map_users" {
description = "Additional IAM users to add to the aws-auth configmap." description = "Additional IAM users to add to the aws-auth configmap."
type = list(map(string)) type = list(object({
userarn = string
username = string
groups = list(string)
}))
default = [ default = [
{ {
user_arn = "arn:aws:iam::66666666666:user/user1" userarn = "arn:aws:iam::66666666666:user/user1"
username = "user1" username = "user1"
group = "system:masters" groups = ["system:masters"]
}, },
{ {
user_arn = "arn:aws:iam::66666666666:user/user2" userarn = "arn:aws:iam::66666666666:user/user2"
username = "user2" username = "user2"
group = "system:masters" groups = ["system:masters"]
}, },
] ]
} }

1
templates/config-map-aws-auth-map_accounts.yaml.tpl
View File

@@ -1 +0,0 @@
- "${account_number}"

4
templates/config-map-aws-auth-map_roles.yaml.tpl
View File

@@ -1,4 +0,0 @@
- rolearn: ${role_arn}
username: ${username}
groups:
- ${group}

4
templates/config-map-aws-auth-map_users.yaml.tpl
View File

@@ -1,4 +0,0 @@
- userarn: ${user_arn}
username: ${username}
groups:
- ${group}

12
templates/config-map-aws-auth.yaml.tpl
View File

@@ -6,8 +6,14 @@ metadata:
data: data:
mapRoles: | mapRoles: |
${worker_role_arn} ${worker_role_arn}
${map_roles} %{if chomp(map_roles) != "[]" }
${indent(4, map_roles)}
%{ endif }
%{if chomp(map_users) != "[]" }
mapUsers: | mapUsers: |
${map_users} ${indent(4, map_users)}
%{ endif }
%{if chomp(map_accounts) != "[]" }
mapAccounts: | mapAccounts: |
${map_accounts} ${indent(4, map_accounts)}
%{ endif }

16
variables.tf
View File

@@ -62,14 +62,22 @@ variable "map_accounts" {
variable "map_roles" { variable "map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format." description = "Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
type = list(map(string)) type = list(object({
default = [] rolearn = string
username = string
groups = list(string)
}))
default = []
} }
variable "map_users" { variable "map_users" {
description = "Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format." description = "Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
type = list(map(string)) type = list(object({
default = [] userarn = string
username = string
groups = list(string)
}))
default = []
} }
variable "subnets" { variable "subnets" {