terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Add certificates and sha1_fingerprint as exported attributes to aws_eks_cluster module

Open devopsmash opened this issue 1 year ago β€’ 2 comments

Today, in order to create aws_iam_openid_connect_provider to my EKS cluster I need to provide thumbprint_list. In order to retrieve the thumbprint_list I'll have to use the data source tls_certificate for that.

Example:

resource "aws_eks_cluster" "example" {
  # ... other configuration ...
}

data "tls_certificate" "example" {
  url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}

resource "aws_iam_openid_connect_provider" "example" {
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.example.certificates[0].sha1_fingerprint]
  url             = aws_eks_cluster.example.identity[0].oidc[0].issuer
}

From: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabling-iam-roles-for-service-accounts

There is any way to avoid from using the data source tls_certificate by adding the tls_certificate data (like certificates and sha1_fingerprint) as part of the aws_eks_cluster module attributes?

devopsmash avatar Sep 09 '22 15:09 devopsmash

what are you doing differently than what we provide here https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L201-L218

bryantbiggs avatar Sep 11 '22 13:09 bryantbiggs

Hi @bryantbiggs , I just want to avoid from using the data, and get the sha1_fingerprint attribute directly from aws_eks_cluster

data "tls_certificate" "example" {
  url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}

If this is not the scope of aws_eks_cluster I can close this issue

devopsmash avatar Sep 11 '22 14:09 devopsmash

we can absolutely support this since the data source is already used in the codebase - adding in #2249

bryantbiggs avatar Sep 29 '22 14:09 bryantbiggs

This issue has been resolved in version 18.30.0 :tada:

antonbabenko avatar Sep 29 '22 19:09 antonbabenko

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Nov 08 '22 02:11 github-actions[bot]