From 29f9b22b50146c7ba50591798cfcda4e0f2b28c5 Mon Sep 17 00:00:00 2001
From: Luca Guerra <luca@guerra.sh>
Date: Tue, 20 Feb 2024 11:14:03 +0000
Subject: [PATCH] new(tf): add EKS permissions for GitHub Actions

Signed-off-by: Luca Guerra <luca@guerra.sh>
---
 config/clusters/eks.tf           |  1 +
 config/clusters/eks_variables.tf | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/config/clusters/eks.tf b/config/clusters/eks.tf
index 160249c1fd0..036a78a7b6a 100644
--- a/config/clusters/eks.tf
+++ b/config/clusters/eks.tf
@@ -7,6 +7,7 @@ module "eks" {
   subnets                   = module.vpc.private_subnets
   write_kubeconfig          = true
   map_users                 = var.eks_users
+  map_roles                 = var.eks_roles
   enable_irsa               = true
   cluster_enabled_log_types = ["audit"]
 
diff --git a/config/clusters/eks_variables.tf b/config/clusters/eks_variables.tf
index 05dfc4de3ab..25f991901f2 100644
--- a/config/clusters/eks_variables.tf
+++ b/config/clusters/eks_variables.tf
@@ -150,3 +150,19 @@ variable "eks_users" {
     }
   ]
 }
+variable "eks_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type = list(object({
+    rolearn = string
+    username = string
+    groups = list(string)
+  }))
+
+  default = [
+    {
+      rolearn  = "arn:aws:iam::292999226676:role/github_actions-test-infra-cluster"
+      username = "githubactions-test-infra-cluster"
+      groups   = ["system:masters"]
+    },
+  ]
+}