From 80f8bfc494e6bbd9fc2c0a17e7dc37f21765c953 Mon Sep 17 00:00:00 2001
From: Steven Davidovitz <steved@users.noreply.github.com>
Date: Wed, 19 Apr 2023 17:33:40 -0700
Subject: [PATCH] fix support for EKS master roles passed in variables (#78)

---
 submodules/eks/README.md |  1 +
 submodules/eks/main.tf   | 24 ++++++++++++++++++++----
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/submodules/eks/README.md b/submodules/eks/README.md
index b2dc47b9..1ef08915 100644
--- a/submodules/eks/README.md
+++ b/submodules/eks/README.md
@@ -59,6 +59,7 @@
 | [aws_iam_policy_document.kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.snapshot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_role.master_roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_ssm_parameter.eks_ami_release_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.eks_gpu_ami_release_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
diff --git a/submodules/eks/main.tf b/submodules/eks/main.tf
index 0c190067..d315e6d1 100644
--- a/submodules/eks/main.tf
+++ b/submodules/eks/main.tf
@@ -1,6 +1,11 @@
 data "aws_partition" "current" {}
 data "aws_caller_identity" "aws_account" {}
 
+data "aws_iam_role" "master_roles" {
+  for_each = toset(var.eks.master_role_names)
+  name     = each.key
+}
+
 locals {
   kubeconfig_path   = try(abspath(pathexpand(var.eks.kubeconfig.path)), "${path.cwd}/kubeconfig")
   kubeconfig        = merge(var.eks.kubeconfig, { path = local.kubeconfig_path })
@@ -157,10 +162,21 @@ locals {
       arn               = aws_eks_cluster.this.arn
       security_group_id = aws_security_group.eks_cluster.id
       endpoint          = aws_eks_cluster.this.endpoint
-      roles = [{
-        arn  = aws_iam_role.eks_cluster.arn
-        name = aws_iam_role.eks_cluster.name
-      }]
+      roles = concat(
+        [
+          for role in data.aws_iam_role.master_roles :
+          {
+            arn  = role.arn,
+            name = role.id
+          }
+        ],
+        [
+          {
+            arn  = aws_iam_role.eks_cluster.arn
+            name = aws_iam_role.eks_cluster.name
+          }
+        ]
+      )
       custom_roles = var.eks.custom_role_maps
     }
     nodes = {