[Enhancement]: Add eks oidc provider arn to output of data source aws_eks_cluster

[cra-schleupen]

Description

The aws-ai module for eks addons requires the oidc_provider_arn as input. It would be helpful, when the data source for eks cluster would output the arn. It already outputs the oidc issuer data.aws_eks_cluster.example.identity[0].oidc[0].issuer .

I'm open to implement this, if you point me to where to touch the code.

Affected Resource(s) and/or Data Source(s)

data source aws_eks_cluster

Potential Terraform Configuration

data "aws_eks_cluster" "this" {
  name = var.cluster_name
}

module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"
  version = "~> 1.0"

  cluster_name      = data.eks_cluster.this.id
  cluster_endpoint  = data.eks_cluster.this.endpoint
  cluster_version   = data.eks_cluster.this.version
  oidc_provider_arn = data.eks_cluster.this.identity[0].oidc[0].arn # <- new output can be used here

  [...] # truncated for brevity
}

References

https://registry.terraform.io/modules/aws-ia/eks-blueprints-addons/aws/latest

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[cra-schleupen]

While on it, it might be interesting to also output the provider url as well, which is required for the iam-assumable-role-with-oidc module.

module "irsa_vpc_cni" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
  version = "5.39.1"

  provider_url  = data.eks_cluster.this.identity[0].oidc[0].url
  [...]
}

[aristosvo]

Hi @cra-schleupen! Does data.eks_cluster.this.oidc_provider_arn not expose the required ARN?

[cra-schleupen]

@aristosvo where do you get this from? It's not in the docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster

[aristosvo]

Oops, sorry, it is in the module: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/098c6a86ca716dae74bd98974accc29f66178c43/outputs.tf#L155 😢

I digged a bit into it, but it seems like the API is not exposing anything more than the what is currently available..

[cra-schleupen]

Using the module would solve the problem, but I read using data source for a resource in the same module, where that resource is created, is not recommended, right?

I wouldn't need the aws_eks_cluster data source then, but probably the one for cluster auth.