From bcec04cfe137dced03077195d80e6baa2412f5e1 Mon Sep 17 00:00:00 2001 From: Brett Delle Grazie Date: Wed, 5 Jul 2023 10:20:54 +0200 Subject: [PATCH] fix: Avoid invalid-index when controllers disabled When emrcontainers or step function capabilties were disabled, Terraform would try to assign the associated policy. The policy doesn't exist because that component is disabled. As a test, an all controllers disabled module has been added to the example. fixes: #43 --- examples/complete/main.tf | 19 +++++++++++++++++++ main.tf | 4 ++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 3559807..0b07edd 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -145,6 +145,25 @@ module "eks_ack_addons" { tags = local.tags } +module "eks_ack_addons_disabled" { + source = "../../" + + # This tests all controllers in disabled mode. + + # Cluster Info + cluster_name = module.eks.cluster_name + cluster_endpoint = module.eks.cluster_endpoint + oidc_provider_arn = module.eks.oidc_provider_arn + + # ECR Credentials + ecrpublic_username = data.aws_ecrpublic_authorization_token.token.user_name + ecrpublic_token = data.aws_ecrpublic_authorization_token.token.password + + # Controllers to enable (default is disabled) + + tags = local.tags +} + ################################################################################ # Supporting Resources ################################################################################ diff --git a/main.tf b/main.tf index a928388..96c123d 100644 --- a/main.tf +++ b/main.tf @@ -589,7 +589,7 @@ module "emrcontainers" { role_permissions_boundary_arn = lookup(var.emrcontainers, "role_permissions_boundary_arn", null) role_description = try(var.emrcontainers.role_description, "IRSA for emrcontainers controller for ACK") role_policies = lookup(var.emrcontainers, "role_policies", { - AmazonEmrContainers = aws_iam_policy.emrcontainers[0].arn + AmazonEmrContainers = var.enable_emrcontainers ? aws_iam_policy.emrcontainers[0].arn : null }) create_policy = try(var.emrcontainers.create_policy, false) @@ -770,7 +770,7 @@ module "sfn" { role_description = try(var.sfn.role_description, "IRSA for sfn controller for ACK") role_policies = lookup(var.sfn, "role_policies", { AWSStepFunctionsFullAccess = "${local.iam_role_policy_prefix}/AWSStepFunctionsFullAccess" - AWSStepFunctionsIamPassRole = aws_iam_policy.sfnpasspolicy[0].arn + AWSStepFunctionsIamPassRole = var.enable_emrcontainers ? aws_iam_policy.sfnpasspolicy[0].arn : null }) create_policy = try(var.sfn.create_policy, false)