From 817a0bad847756db22209f089589d43f9c73e112 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:59:48 +0100 Subject: [PATCH] feat(sync): sync universal-addon changes (#4) Signed-off-by: Balsir Co-authored-by: Balsir --- .terraform.lock.hcl | 4 +++ addon-oidc.tf | 6 ++-- variables-addon-oidc.tf | 63 +++++++++++++++++++++++------------------ 3 files changed, 43 insertions(+), 30 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index e70ba62..a1b3c67 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/cloudposse/utils" { version = "1.19.2" constraints = ">= 0.17.0" hashes = [ + "h1:0Ch7BTulKB1jXOm0AV7d5f1bdMKEyZc1BA+PZ6cXkAY=", "h1:gqYR81ADrA9HeWCMnEOg/x9RIMce6dwOXOC/DxjsYto=", "h1:yy3kB4scsoyM81yyyUMPxuJXeFvexBL5KMrCKrjrUkE=", "h1:zeLrxuXDYEA5+hArYpigYKZJiIB57WQ3nn7VGTc0QDc=", @@ -31,6 +32,7 @@ provider "registry.terraform.io/hashicorp/aws" { hashes = [ "h1:0lkSSlK45Qil9fO1kFy8RXVC/k6qfC4LDZIaCKnWcUc=", "h1:Gwe5HXZYD/3M5j6LwKhp8amb1SraCR9p+G96d381RVc=", + "h1:Wjmg0WFQxZ7J7OeZ/SY+NW4JRe/jKJEut5tVb51z++4=", "h1:Yxsj34z606m8wssYDHyleuBlQ9i+94MHwRs38thQPZU=", "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", @@ -57,6 +59,7 @@ provider "registry.terraform.io/hashicorp/helm" { "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", + "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", @@ -79,6 +82,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=", "h1:GzU0FzYAT/+IgAhnSBcFH3bT+4I5N6oSga6iZgNJAus=", "h1:TrlG/sofnDv8kAbzKOD5pIPeUiI5VQY61NuWH+cItDw=", + "h1:WuU4rl7szPJr9Nfu5OoQGF84k8yQf+gmS9zU2eZuxcc=", "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f", "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c", "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef", diff --git a/addon-oidc.tf b/addon-oidc.tf index 56d7b9c..ef5a6db 100644 --- a/addon-oidc.tf +++ b/addon-oidc.tf @@ -1,10 +1,12 @@ +# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. module "addon-oidc" { for_each = local.addon_oidc - source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-oidc?ref=v0.0.7" + source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-oidc?ref=v0.0.9" enabled = var.enabled + oidc_provider_create = var.oidc_provider_create != null ? var.oidc_provider_create : try(each.value.oidc_provider_create, true) oidc_role_create = var.oidc_role_create != null ? var.oidc_role_create : try(each.value.oidc_role_create, true) oidc_role_name_prefix = var.oidc_role_name_prefix != null ? var.oidc_role_name_prefix : try(each.value.oidc_role_name_prefix, "${each.key}-oidc") oidc_role_name = var.oidc_role_name != null ? var.oidc_role_name : try(each.value.oidc_role_name, local.addon_helm_chart_name) @@ -20,7 +22,7 @@ module "addon-oidc" { oidc_openid_thumbprints = var.oidc_openid_thumbprints != null ? var.oidc_openid_thumbprints : try(each.value.oidc_openid_thumbprints, []) oidc_assume_role_policy_condition_variable = var.oidc_assume_role_policy_condition_variable != null ? var.oidc_assume_role_policy_condition_variable : try(each.value.oidc_assume_role_policy_condition_variable, "") oidc_assume_role_policy_condition_values = var.oidc_assume_role_policy_condition_values != null ? var.oidc_assume_role_policy_condition_values : try(each.value.oidc_assume_role_policy_condition_values, []) - oidc_assume_role_policy_condition_test = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "") + oidc_assume_role_policy_condition_test = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "StringLike") oidc_custom_provider_arn = var.oidc_custom_provider_arn != null ? var.oidc_custom_provider_arn : try(each.value.oidc_custom_provider_arn, "") oidc_tags = var.oidc_tags != null ? var.oidc_tags : try(each.value.oidc_tags, tomap({})) diff --git a/variables-addon-oidc.tf b/variables-addon-oidc.tf index 79495cd..db4e0a0 100644 --- a/variables-addon-oidc.tf +++ b/variables-addon-oidc.tf @@ -1,22 +1,29 @@ # IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. # ================ oidc variables (optional) ================ + +variable "oidc_provider_create" { + type = bool + default = null + description = "Whether to create OIDC provider. Defaults to `true`. Set to false if you want to disable default OIDC provider when oidc_custom_provider_arn is set." +} + variable "oidc_role_create" { type = bool default = null - description = "Whether to create oidc role and annotate Service Account. Defaults to `true`." + description = "Whether to create OIDC role and annotate Service Account. Defaults to `true`." } variable "oidc_role_name_prefix" { type = string default = null - description = "oidc role name prefix. Defaults to addon oidc component name with `oidc` suffix." + description = "OIDC role name prefix. Defaults to addon OIDC component name with `oidc` suffix." } variable "oidc_role_name" { type = string default = null - description = "oidc role name. The value is prefixed by `var.oidc_role_name_prefix`. Defaults to addon Helm chart name." + description = "OIDC role name. The value is prefixed by `var.oidc_role_name_prefix`. Defaults to addon Helm chart name." } variable "oidc_policy_enabled" { @@ -28,49 +35,37 @@ variable "oidc_policy_enabled" { variable "oidc_policy" { type = string default = null - description = "Policy to be attached to the oidc role. Applied only if `oidc_policy_enabled` is `true`." + description = "Policy to be attached to the OIDC role. Applied only if `oidc_policy_enabled` is `true`." } variable "oidc_assume_role_enabled" { type = bool default = null - description = "Whether oidc is allowed to assume role defined by `oidc_assume_role_arn`. Mutually exclusive with `oidc_policy_enabled`. Defaults to `false`." + description = "Whether OIDC is allowed to assume role defined by `oidc_assume_role_arn`. Mutually exclusive with `oidc_policy_enabled`. Defaults to `false`." } variable "oidc_assume_role_arns" { type = list(string) default = null - description = "List of ARNs assumable by the oidc role. Applied only if `oidc_assume_role_enabled` is `true`." + description = "List of ARNs assumable by the OIDC role. Applied only if `oidc_assume_role_enabled` is `true`. Defaults to `[]`." } variable "oidc_permissions_boundary" { type = string default = null - description = "ARN of the policy that is used to set the permissions boundary for the oidc role. Defaults to `\"\"`." + description = "ARN of the policy that is used to set the permissions boundary for the OIDC role. Defaults to `\"\"`." } variable "oidc_additional_policies" { type = map(string) default = null - description = "Map of the additional policies to be attached to oidc role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`." -} - -variable "oidc_openid_provider_url" { - type = string - default = null - description = "oidc provider url. Defaults to `\"\"`." + description = "Map of the additional policies to be attached to OIDC role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`." } -variable "oidc_openid_client_ids" { - type = list(string) +variable "oidc_tags" { + type = map(string) default = null - description = "List of client IDs that are allowed to authenticate. Defaults to `[]`." -} - -variable "oidc_openid_thumbprints" { - type = list(string) - default = null - description = "List of thumbprints of the OIDC provider's server certificate. Defaults to `[]`." + description = "OIDC resources tags. Defaults to `{}`." } variable "oidc_assume_role_policy_condition_test" { @@ -91,14 +86,26 @@ variable "oidc_assume_role_policy_condition_variable" { description = "Specifies the variable to use for the assume role trust policy. Defaults to `\"\"`." } -variable "oidc_custom_provider_arn" { +variable "oidc_openid_client_ids" { + type = list(string) + default = null + description = "List of OpenID Connect client IDs that are allowed to assume the OIDC provider. Defaults to `[]`." +} + +variable "oidc_openid_provider_url" { type = string default = null - description = "Specifies a custom OIDC provider ARN. If provided, the module will not create a default OIDC provider. Defaults to `\"\"`." + description = "OIDC provider URL. Defaults to `\"\"`." } -variable "oidc_tags" { - type = map(string) +variable "oidc_openid_thumbprints" { + type = list(string) + default = null + description = "List of thumbprints of the OIDC provider's server certificate. Defaults to `[]`." +} + +variable "oidc_custom_provider_arn" { + type = string default = null - description = "oidc resources tags. Defaults to `{}`." + description = "Specifies a custom OIDC provider ARN. If specified, overrides provider created by this module. If set, it is recommended to disable default OIDC provider creation by setting var.oidc_provider_create to false. Defaults to `\"\"`." }