From 0222b7d833a0a1cf13f263ffcded4ae5a95abbaa Mon Sep 17 00:00:00 2001 From: Nick Fisher Date: Tue, 12 Jul 2022 12:59:33 -0400 Subject: [PATCH] Allowing override for irsa role name --- modules/irsa/README.md | 2 +- modules/irsa/main.tf | 4 ++-- modules/irsa/variables.tf | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/irsa/README.md b/modules/irsa/README.md index 75fa1cf3e2..e494c3ee97 100644 --- a/modules/irsa/README.md +++ b/modules/irsa/README.md @@ -49,7 +49,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
    irsa_iam_role_path             = optional(string)
    irsa_iam_permissions_boundary  = optional(string)
  })
| n/a | yes | +| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
    irsa_iam_role_name             = optional(string)
    irsa_iam_role_path             = optional(string)
    irsa_iam_permissions_boundary  = optional(string)
  })
| n/a | yes | | [create\_kubernetes\_namespace](#input\_create\_kubernetes\_namespace) | Should the module create the namespace | `bool` | `true` | no | | [create\_kubernetes\_service\_account](#input\_create\_kubernetes\_service\_account) | Should the module create the Service Account | `bool` | `true` | no | | [irsa\_iam\_policies](#input\_irsa\_iam\_policies) | IAM Policies for IRSA IAM role | `list(string)` | `[]` | no | diff --git a/modules/irsa/main.tf b/modules/irsa/main.tf index 458232da5b..e4fc1d6615 100644 --- a/modules/irsa/main.tf +++ b/modules/irsa/main.tf @@ -20,7 +20,7 @@ resource "kubernetes_service_account_v1" "irsa" { resource "aws_iam_role" "irsa" { count = var.irsa_iam_policies != null ? 1 : 0 - name = format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa") + name = var.addon_context.irsa_iam_role_name != null ? var.addon_context.irsa_iam_role_name : format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa") description = "AWS IAM Role for the Kubernetes service account ${var.kubernetes_service_account}." assume_role_policy = jsonencode({ "Version" : "2012-10-17", @@ -46,7 +46,7 @@ resource "aws_iam_role" "irsa" { tags = merge( { - "Name" = format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa"), + "Name" = var.addon_context.irsa_iam_role_name != null ? var.addon_context.irsa_iam_role_name : format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa"), }, var.addon_context.tags ) diff --git a/modules/irsa/variables.tf b/modules/irsa/variables.tf index 1ea9b1120c..1d7a8d2520 100644 --- a/modules/irsa/variables.tf +++ b/modules/irsa/variables.tf @@ -38,6 +38,7 @@ variable "addon_context" { eks_oidc_issuer_url = string eks_oidc_provider_arn = string tags = map(string) + irsa_iam_role_name = optional(string) irsa_iam_role_path = optional(string) irsa_iam_permissions_boundary = optional(string) })