feat: add variable for controller role arn annotation (#5)

* feat: add variable for controller role arn annotation * docs(terraform-docs): generate docs and write to README.adoc --------- Co-authored-by: ckaenzig <ckaenzig@users.noreply.github.com> Release-As: v1.0.0-alpha.2
camptocamp · Feb 23, 2023 · 8f29881 · 8f29881
1 parent 8f0629c
commit 8f29881
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 5 deletions.
diff --git a/README.adoc b/README.adoc
@@ -35,7 +35,7 @@ Type: `string`
 
 ==== [[input_efs_file_system_id]] <<input_efs_file_system_id,efs_file_system_id>>
 
-Description: n/a
+Description: EFS Filesystem ID to use by the CSI driver to create volumes
 
 Type: `string`
 
@@ -59,6 +59,14 @@ Type: `any`
 
 Default: `{}`
 
+==== [[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+
+Description: ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning.
+
+Type: `string`
+
+Default: `""`
+
 ==== [[input_name]] <<input_name,name>>
 
 Description: n/a
@@ -81,7 +89,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v1.0.0"`
+Default: `"v1.0.0-alpha.1"`
 
 === Outputs
 
@@ -127,7 +135,7 @@ No outputs.
 |no
 
 |[[input_efs_file_system_id]] <<input_efs_file_system_id,efs_file_system_id>>
-|n/a
+|EFS Filesystem ID to use by the CSI driver to create volumes
 |`string`
 |n/a
 |yes
@@ -138,6 +146,12 @@ No outputs.
 |`{}`
 |no
 
+|[[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+|ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning.
+|`string`
+|`""`
+|no
+
 |[[input_name]] <<input_name,name>>
 |n/a
 |`string`
@@ -153,7 +167,7 @@ No outputs.
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v1.0.0"`
+|`"v1.0.0-alpha.1"`
 |no
 
 |===

diff --git a/local.tf b/local.tf
@@ -10,6 +10,11 @@ locals {
           directoryPerms   = "700"
         }
       }]
+      controller = {
+        serviceAccount = {
+          annotations = var.iam_role_arn != "" ? { "eks.amazonaws.com/role-arn" = var.iam_role_arn } : {}
+        }
+      }
     }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -32,5 +32,12 @@ variable "argocd_namespace" {
 }
 
 variable "efs_file_system_id" {
-  type = string
+  type        = string
+  description = "EFS Filesystem ID to use by the CSI driver to create volumes"
+}
+
+variable "iam_role_arn" {
+  type        = string
+  default     = ""
+  description = "ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning."
 }