feat: add assume role example

Makefile

@@ -38,7 +38,7 @@ install: all
 	@cp terraform-provider-kops $(HOME)/.terraform.d/plugins/github/eddycharly/kops/${PROVIDER_VERSION}/${OS}_amd64/terraform-provider-kops
 
 .PHONY: examples
-examples: example-basic example-aws-profile example-bastion
+examples: example-basic example-aws-profile example-aws-assume-role example-bastion
 
 .PHONY: example-basic
 example-basic: install
@@ -52,6 +52,11 @@ example-aws-profile: install
 	@terraform validate ./examples/aws-profile
 	@terraform plan ./examples/aws-profile
 
+.PHONY: example-aws-assume-role
+example-aws-assume-role: install
+	@terraform init ./examples/aws-assume-role
+	@terraform validate ./examples/aws-assume-role
+
 .PHONY: example-bastion
 example-bastion: install
 	@terraform init ./examples/bastion

README.md

@@ -66,7 +66,7 @@ terraform {
   required_providers {
     kops = {
       source  = "eddycharly/kops"
-      version = "0.1.0-alpha.8"
+      version = "0.1.0-alpha.9"
     }
   }
 }
@@ -228,6 +228,7 @@ resource "kops_cluster" "cluster" {
 More examples are available in the `/examples` folder:
 - [Basic example](./examples/basic)
 - [Aws profile example](./examples/aws-profile)
+- [Aws assume role](./examples/aws-assume-role)
 - [Bastion example](./examples/bastion)
 
 ## Importing an existing cluster

examples/aws-assume-role/cluster.tf

@@ -0,0 +1,110 @@
+resource "kops_cluster" "cluster" {
+  name               = "cluster.example.com"
+  admin_ssh_key      = file("${path.module}/../dummy_ssh.pub")
+  cloud_provider     = "aws"
+  kubernetes_version = "stable"
+  dns_zone           = "example.com"
+  network_id         = "net-0"
+
+  networking {
+    calico {}
+  }
+
+  topology {
+    masters = "private"
+    nodes   = "private"
+
+    dns {
+      type = "Private"
+    }
+  }
+
+  # cluster subnets
+  subnet {
+    name        = "private-0"
+    provider_id = "subnet-0"
+    type        = "Private"
+    zone        = "zone-0"
+  }
+
+  subnet {
+    name        = "private-1"
+    provider_id = "subnet-1"
+    type        = "Private"
+    zone        = "zone-1"
+  }
+
+  subnet {
+    name        = "private-2"
+    provider_id = "subnet-2"
+    type        = "Private"
+    zone        = "zone-2"
+  }
+
+  # master instance groups
+  instance_group {
+    name         = "master-0"
+    role         = "Master"
+    min_size     = 1
+    max_size     = 1
+    machine_type = "t3.medium"
+    subnets      = ["private-0"]
+  }
+
+  instance_group {
+    name         = "master-1"
+    role         = "Master"
+    min_size     = 1
+    max_size     = 1
+    machine_type = "t3.medium"
+    subnets      = ["private-1"]
+  }
+
+  instance_group {
+    name         = "master-2"
+    role         = "Master"
+    min_size     = 1
+    max_size     = 1
+    machine_type = "t3.medium"
+    subnets      = ["private-2"]
+  }
+
+  # etcd clusters
+  etcd_cluster {
+    name = "main"
+
+    members {
+      name           = "master-0"
+      instance_group = "master-0"
+    }
+
+    members {
+      name           = "master-1"
+      instance_group = "master-1"
+    }
+
+    members {
+      name           = "master-2"
+      instance_group = "master-2"
+    }
+  }
+
+  etcd_cluster {
+    name = "events"
+
+    members {
+      name           = "master-0"
+      instance_group = "master-0"
+    }
+
+    members {
+      name           = "master-1"
+      instance_group = "master-1"
+    }
+
+    members {
+      name           = "master-2"
+      instance_group = "master-2"
+    }
+  }
+}

examples/aws-assume-role/provider.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_providers {
+    kops = {
+      source   = "github/eddycharly/kops"
+      versions = ["0.0.1"]
+    }
+  }
+}
+
+provider "kops" {
+  state_store = "s3://cluster.example.com"
+
+  aws {
+    assume_role {
+      role_arn = "arn:aws:iam::12345:role/admin"
+    }
+  }
+}