From 15a58ef6980c22e0b868be09c64b3078e3a4aa44 Mon Sep 17 00:00:00 2001
From: Billy Howard <billy@osg.me>
Date: Tue, 10 Nov 2020 17:49:11 +0000
Subject: [PATCH 1/3] dont add auth map if no role arn exists. speficially when
 no fargate profiles are specified this causes an error.

---
 aws_auth.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws_auth.tf b/aws_auth.tf
index 91b0a23add..811e63ee05 100644
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -59,6 +59,7 @@ locals {
         role["platform"] == "fargate" ? ["system:node-proxier"] : [],
       ))
     }
+    if role["worker_role_arn"] != ""
   ]
 }
 

From 806ed09062992e6700254ebd1008e7eeb7694d1e Mon Sep 17 00:00:00 2001
From: Billy Howard <billy@osg.me>
Date: Thu, 12 Nov 2020 08:15:46 +0000
Subject: [PATCH 2/3] refactor how we fix authmap with empty arn for fargate.

---
 aws_auth.tf                |  1 -
 modules/fargate/outputs.tf | 10 ++++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/aws_auth.tf b/aws_auth.tf
index 811e63ee05..91b0a23add 100644
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -59,7 +59,6 @@ locals {
         role["platform"] == "fargate" ? ["system:node-proxier"] : [],
       ))
     }
-    if role["worker_role_arn"] != ""
   ]
 }
 
diff --git a/modules/fargate/outputs.tf b/modules/fargate/outputs.tf
index b4a16319df..6192794817 100644
--- a/modules/fargate/outputs.tf
+++ b/modules/fargate/outputs.tf
@@ -20,8 +20,10 @@ output "iam_role_arn" {
 
 output "aws_auth_roles" {
   description = "Roles for use in aws-auth ConfigMap"
-  value = [{
-    worker_role_arn = local.pod_execution_role_arn
-    platform        = "fargate"
-  }]
+  value = [
+    for i in range(1) : {
+      worker_role_arn = local.pod_execution_role_arn
+      platform        = "fargate"
+    } if length(var.fargate_profiles) > 0
+  ]
 }

From 0b0d56d4608ea5e27f9193400eb5979ffd5a06ce Mon Sep 17 00:00:00 2001
From: Billy Howard <billy@osg.me>
Date: Thu, 12 Nov 2020 08:25:07 +0000
Subject: [PATCH 3/3] refactor how we fix authmap with empty arn for fargate.

---
 modules/fargate/outputs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/fargate/outputs.tf b/modules/fargate/outputs.tf
index 6192794817..126ba6e385 100644
--- a/modules/fargate/outputs.tf
+++ b/modules/fargate/outputs.tf
@@ -24,6 +24,6 @@ output "aws_auth_roles" {
     for i in range(1) : {
       worker_role_arn = local.pod_execution_role_arn
       platform        = "fargate"
-    } if length(var.fargate_profiles) > 0
+    } if local.create_eks
   ]
 }