search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
787 stars 996 forks source link

fix: Skip retrieving EKS cluster data when not creating the role #436

Closed wonko closed 9 months ago

wonko commented 11 months ago

Description

Adds an additional conditional in the existing for_each for reading the EKS cluster data and constructing part of the policy document.

(I suppose the whole policy document can be skipped if there's no role being created... but no harm done in keeping it in, didn't want to break other things.)

Motivation and Context

Fixes https://github.com/terraform-aws-modules/terraform-aws-iam/issues/324

Breaking Changes

No breaking changes afaik, only adds hardening in the need for the execution of certain resources.

How Has This Been Tested?

Tested with the following code (module is local fork, at the v5.5.1 tag).

module "cluster_autoscaler_role" {
  create_role = false
  source      = "./modules/terraform-aws-iam/modules/iam-eks-role"
  #  version     = "5.5.1" 

  role_name = "cluster-autoscaler-false"

  cluster_service_accounts = {
    "foo" = ["kube-system:cluster-autoscaler"]
  }

  #   role_policy_arns = {
  #     cluster-autoscaler = module.cluster_autoscaler_policy.arn
  #   }
}

Also toggled the create_role to true to validate that the old flow still functions.

➜ pre-commit run -a
Terraform fmt............................................................Passed
Terraform wrapper with for_each in module................................Passed
Terraform validate.......................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................Passed
github-actions[bot] commented 10 months ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

wonko commented 10 months ago

not stale ...

antonbabenko commented 9 months ago

This PR is included in version 5.33.1 :tada:

github-actions[bot] commented 8 months ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.