Skip to content

Commit

Permalink
Fixed check
Browse files Browse the repository at this point in the history
  • Loading branch information
@tuteng
tuteng committed Dec 31, 2024
1 parent c26dca9 commit 9429ef5
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 3 deletions.
14 changes: 14 additions & 0 deletions modules/aws/volume-access/check_oidc_providers.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#/bin/bash
set -e
eval "$(jq -r '@sh "ACCOUNT_ID=\(.account_id) OIDC_PROVIDERS_STR=\(.oidc_providers_str)"')"

my_array=($OIDC_PROVIDERS_STR)
result=""
for each in "${my_array[@]}"
do
value=$(aws iam list-open-id-connect-providers --query "OpenIDConnectProviderList[?Arn == 'arn:aws:iam::${ACCOUNT_ID}:oidc-provider/$each']" --output text)
if [ -z "$value" ]; then
result="$result $each"
fi
done
jq -n --arg result "$result" '{"oidc_providers":$result}'
19 changes: 16 additions & 3 deletions modules/aws/volume-access/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,24 @@ locals {
]
}

resource "aws_iam_openid_connect_provider" "streamnative_oidc_providers" {
count = length(local.oidc_providers)
url = "https://${var.oidc_providers[count.index]}"
data "external" "check_oidc_provider" {
program = ["bash", "${path.module}/check_oidc_providers.sh"]
query = {
account_id = local.account_id
oidc_providers_str = join(" ", local.oidc_providers)
}
}

locals {
provider_not_exists = compact(split(" ", data.external.check_oidc_provider.result.oidc_providers))
}

resource "aws_iam_openid_connect_provider" "oidc_provider" {
count = length(local.provider_not_exists)
url = "https://${local.provider_not_exists[count.index]}"
client_id_list = ["sts.amazonaws.com"]
tags = local.tag_set
depends_on = [data.external.check_oidc_provider]
}

data "aws_iam_policy_document" "streamnative_management_access" {
Expand Down

0 comments on commit 9429ef5

Please sign in to comment.