feat(sync): sync universal-addon changes (#4)

Signed-off-by: Balsir <[email protected]> Co-authored-by: Balsir <[email protected]>
lablabs · Dec 6, 2024 · 817a0ba · 817a0ba
1 parent 065094a
commit 817a0ba
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 30 deletions.
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/addon-oidc.tf b/addon-oidc.tf
@@ -1,10 +1,12 @@
+# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module.
 module "addon-oidc" {
   for_each = local.addon_oidc
 
-  source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-oidc?ref=v0.0.7"
+  source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-oidc?ref=v0.0.9"
 
   enabled = var.enabled
 
+  oidc_provider_create  = var.oidc_provider_create != null ? var.oidc_provider_create : try(each.value.oidc_provider_create, true)
   oidc_role_create      = var.oidc_role_create != null ? var.oidc_role_create : try(each.value.oidc_role_create, true)
   oidc_role_name_prefix = var.oidc_role_name_prefix != null ? var.oidc_role_name_prefix : try(each.value.oidc_role_name_prefix, "${each.key}-oidc")
   oidc_role_name        = var.oidc_role_name != null ? var.oidc_role_name : try(each.value.oidc_role_name, local.addon_helm_chart_name)
@@ -20,7 +22,7 @@ module "addon-oidc" {
   oidc_openid_thumbprints                    = var.oidc_openid_thumbprints != null ? var.oidc_openid_thumbprints : try(each.value.oidc_openid_thumbprints, [])
   oidc_assume_role_policy_condition_variable = var.oidc_assume_role_policy_condition_variable != null ? var.oidc_assume_role_policy_condition_variable : try(each.value.oidc_assume_role_policy_condition_variable, "")
   oidc_assume_role_policy_condition_values   = var.oidc_assume_role_policy_condition_values != null ? var.oidc_assume_role_policy_condition_values : try(each.value.oidc_assume_role_policy_condition_values, [])
-  oidc_assume_role_policy_condition_test     = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "")
+  oidc_assume_role_policy_condition_test     = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "StringLike")
   oidc_custom_provider_arn                   = var.oidc_custom_provider_arn != null ? var.oidc_custom_provider_arn : try(each.value.oidc_custom_provider_arn, "")
 
   oidc_tags = var.oidc_tags != null ? var.oidc_tags : try(each.value.oidc_tags, tomap({}))

diff --git a/variables-addon-oidc.tf b/variables-addon-oidc.tf
@@ -1,22 +1,29 @@
 # IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module.
 
 # ================ oidc variables (optional) ================
+
+variable "oidc_provider_create" {
+  type        = bool
+  default     = null
+  description = "Whether to create OIDC provider. Defaults to `true`. Set to false if you want to disable default OIDC provider when oidc_custom_provider_arn is set."
+}
+
 variable "oidc_role_create" {
   type        = bool
   default     = null
-  description = "Whether to create oidc role and annotate Service Account. Defaults to `true`."
+  description = "Whether to create OIDC role and annotate Service Account. Defaults to `true`."
 }
 
 variable "oidc_role_name_prefix" {
   type        = string
   default     = null
-  description = "oidc role name prefix. Defaults to addon oidc component name with `oidc` suffix."
+  description = "OIDC role name prefix. Defaults to addon OIDC component name with `oidc` suffix."
 }
 
 variable "oidc_role_name" {
   type        = string
   default     = null
-  description = "oidc role name. The value is prefixed by `var.oidc_role_name_prefix`. Defaults to addon Helm chart name."
+  description = "OIDC role name. The value is prefixed by `var.oidc_role_name_prefix`. Defaults to addon Helm chart name."
 }
 
 variable "oidc_policy_enabled" {
@@ -28,49 +35,37 @@ variable "oidc_policy_enabled" {
 variable "oidc_policy" {
   type        = string
   default     = null
-  description = "Policy to be attached to the oidc role. Applied only if `oidc_policy_enabled` is `true`."
+  description = "Policy to be attached to the OIDC role. Applied only if `oidc_policy_enabled` is `true`."
 }
 
 variable "oidc_assume_role_enabled" {
   type        = bool
   default     = null
-  description = "Whether oidc is allowed to assume role defined by `oidc_assume_role_arn`. Mutually exclusive with `oidc_policy_enabled`. Defaults to `false`."
+  description = "Whether OIDC is allowed to assume role defined by `oidc_assume_role_arn`. Mutually exclusive with `oidc_policy_enabled`. Defaults to `false`."
 }
 
 variable "oidc_assume_role_arns" {
   type        = list(string)
   default     = null
-  description = "List of ARNs assumable by the oidc role. Applied only if `oidc_assume_role_enabled` is `true`."
+  description = "List of ARNs assumable by the OIDC role. Applied only if `oidc_assume_role_enabled` is `true`. Defaults to `[]`."
 }
 
 variable "oidc_permissions_boundary" {
   type        = string
   default     = null
-  description = "ARN of the policy that is used to set the permissions boundary for the oidc role. Defaults to `\"\"`."
+  description = "ARN of the policy that is used to set the permissions boundary for the OIDC role. Defaults to `\"\"`."
 }
 
 variable "oidc_additional_policies" {
   type        = map(string)
   default     = null
-  description = "Map of the additional policies to be attached to oidc role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`."
-}
-
-variable "oidc_openid_provider_url" {
-  type        = string
-  default     = null
-  description = "oidc provider url. Defaults to `\"\"`."
+  description = "Map of the additional policies to be attached to OIDC role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`."
 }
 
-variable "oidc_openid_client_ids" {
-  type        = list(string)
+variable "oidc_tags" {
+  type        = map(string)
   default     = null
-  description = "List of client IDs that are allowed to authenticate. Defaults to `[]`."
-}
-
-variable "oidc_openid_thumbprints" {
-  type        = list(string)
-  default     = null
-  description = "List of thumbprints of the OIDC provider's server certificate. Defaults to `[]`."
+  description = "OIDC resources tags. Defaults to `{}`."
 }
 
 variable "oidc_assume_role_policy_condition_test" {
@@ -91,14 +86,26 @@ variable "oidc_assume_role_policy_condition_variable" {
   description = "Specifies the variable to use for the assume role trust policy. Defaults to `\"\"`."
 }
 
-variable "oidc_custom_provider_arn" {
+variable "oidc_openid_client_ids" {
+  type        = list(string)
+  default     = null
+  description = "List of OpenID Connect client IDs that are allowed to assume the OIDC provider. Defaults to `[]`."
+}
+
+variable "oidc_openid_provider_url" {
   type        = string
   default     = null
-  description = "Specifies a custom OIDC provider ARN. If provided, the module will not create a default OIDC provider. Defaults to `\"\"`."
+  description = "OIDC provider URL. Defaults to `\"\"`."
 }
 
-variable "oidc_tags" {
-  type        = map(string)
+variable "oidc_openid_thumbprints" {
+  type        = list(string)
+  default     = null
+  description = "List of thumbprints of the OIDC provider's server certificate. Defaults to `[]`."
+}
+
+variable "oidc_custom_provider_arn" {
+  type        = string
   default     = null
-  description = "oidc resources tags. Defaults to `{}`."
+  description = "Specifies a custom OIDC provider ARN. If specified, overrides provider created by this module. If set, it is recommended to disable default OIDC provider creation by setting var.oidc_provider_create to false. Defaults to `\"\"`."
 }