Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Don’t add empty Roles ARN in aws-auth configmap, specifically when no Fargate profiles are specified #1096

Merged
merged 3 commits into from
Nov 12, 2020

Conversation

huddy
Copy link
Contributor

@huddy huddy commented Nov 10, 2020

PR o'clock

Description

The new fargate code seems to have caused a bug in authmap.

Currently even when no fargate profiles are specified the fargate module output is used to create an authmap entry with an empty ARN.

The plan shows:

                - "groups":
              +   - "system:bootstrappers"
              +   - "system:nodes"
              +   - "system:node-proxier"
              +   "rolearn": ""
              +   "username": "system:node:{{SessionName}}"
              + - "groups":

Apply errors:

Error: Failed to update Config Map: Unauthorized
  on .terraform/modules/eks_cluster/aws_auth.tf line 65, in resource "kubernetes_config_map" "aws_auth":
  65: resource "kubernetes_config_map" "aws_auth" {

This seems to be because "rolearn" is empty.

Checklist

…profiles are specified this causes an error.
@huddy huddy marked this pull request as ready for review November 10, 2020 17:58
@barryib barryib self-assigned this Nov 11, 2020
aws_auth.tf Outdated Show resolved Hide resolved
@barryib barryib added this to the v13.2.1 milestone Nov 11, 2020
@barryib barryib changed the title fix: dont add auth map if no role arn exists. speficially when no fargate profiles specified. fix: Don’t add empty Roles ARN in aws-auth configmap, specifically when no Fargate profiles are specified Nov 12, 2020
@barryib barryib merged commit 4310197 into terraform-aws-modules:master Nov 12, 2020
@barryib
Copy link
Member

barryib commented Nov 12, 2020

Thanks @huddy for your fix. Nice catch.

@barryib
Copy link
Member

barryib commented Nov 12, 2020

v13.2.1 is now released

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants