From 200f68aa22c648b6d443ca1a019c52b5b0396d43 Mon Sep 17 00:00:00 2001
From: Mossaab Stiri <mstiri@users.noreply.github.com>
Date: Sun, 4 Jun 2023 15:22:37 +0200
Subject: [PATCH 1/4] :wrench: Fix local role_name_condition to avoid null
 result

---
 modules/iam-role-for-service-accounts-eks/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/iam-role-for-service-accounts-eks/main.tf b/modules/iam-role-for-service-accounts-eks/main.tf
index b24a8fff..6095f390 100644
--- a/modules/iam-role-for-service-accounts-eks/main.tf
+++ b/modules/iam-role-for-service-accounts-eks/main.tf
@@ -7,7 +7,7 @@ locals {
   partition           = data.aws_partition.current.partition
   dns_suffix          = data.aws_partition.current.dns_suffix
   region              = data.aws_region.current.name
-  role_name_condition = try(coalesce(var.role_name, "${var.role_name_prefix}*"), null)
+  role_name_condition = var.role_name != null ? var.role_name : "${var.role_name_prefix}*"
 }
 
 data "aws_iam_policy_document" "this" {

From 7e7ad04cbcded5f31ef018bff3bedab81571a7d7 Mon Sep 17 00:00:00 2001
From: Mossaab Stiri <mstiri@users.noreply.github.com>
Date: Sun, 4 Jun 2023 15:45:41 +0200
Subject: [PATCH 2/4] :wrench: Add an example to showcase the fixed issue

---
 .../iam-role-for-service-accounts-eks/main.tf  | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/examples/iam-role-for-service-accounts-eks/main.tf b/examples/iam-role-for-service-accounts-eks/main.tf
index a8eb1eca..6d47e8c2 100644
--- a/examples/iam-role-for-service-accounts-eks/main.tf
+++ b/examples/iam-role-for-service-accounts-eks/main.tf
@@ -85,6 +85,24 @@ module "cert_manager_irsa_role" {
   tags = local.tags
 }
 
+module "cert_manager_irsa_role_self_assume" {
+  source = "../../modules/iam-role-for-service-accounts-eks"
+
+  role_name                     = "cert-manager"
+  attach_cert_manager_policy    = true
+  cert_manager_hosted_zone_arns = ["arn:aws:route53:::hostedzone/IClearlyMadeThisUp"]
+  allow_self_assume_role        = true
+
+  oidc_providers = {
+    ex = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:cert-manager"]
+    }
+  }
+
+  tags = local.tags
+}
+
 module "cluster_autoscaler_irsa_role" {
   source = "../../modules/iam-role-for-service-accounts-eks"
 

From 03c47668903f51c5074ac201415978fecdf9e625 Mon Sep 17 00:00:00 2001
From: Mossaab Stiri <mstiri@users.noreply.github.com>
Date: Sun, 4 Jun 2023 16:11:24 +0200
Subject: [PATCH 3/4] :pencil: Terraform docs

---
 examples/iam-role-for-service-accounts-eks/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/iam-role-for-service-accounts-eks/README.md b/examples/iam-role-for-service-accounts-eks/README.md
index 25fcda06..55eeb652 100644
--- a/examples/iam-role-for-service-accounts-eks/README.md
+++ b/examples/iam-role-for-service-accounts-eks/README.md
@@ -37,6 +37,7 @@ Run `terraform destroy` when you don't need these resources.
 | <a name="module_appmesh_envoy_proxy_irsa_role"></a> [appmesh\_envoy\_proxy\_irsa\_role](#module\_appmesh\_envoy\_proxy\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_aws_gateway_controller_irsa_role"></a> [aws\_gateway\_controller\_irsa\_role](#module\_aws\_gateway\_controller\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_cert_manager_irsa_role"></a> [cert\_manager\_irsa\_role](#module\_cert\_manager\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
+| <a name="module_cert_manager_irsa_role_self_assume"></a> [cert\_manager\_irsa\_role\_self\_assume](#module\_cert\_manager\_irsa\_role\_self\_assume) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_cluster_autoscaler_irsa_role"></a> [cluster\_autoscaler\_irsa\_role](#module\_cluster\_autoscaler\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |

From 66f2637051a41c0b0d0cfeb1b82804f5d5dafb4f Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Thu, 29 Jun 2023 10:22:43 -0400
Subject: [PATCH 4/4] chore: Update example

---
 .../README.md                                 |  1 -
 .../iam-role-for-service-accounts-eks/main.tf | 21 ++-----------------
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/examples/iam-role-for-service-accounts-eks/README.md b/examples/iam-role-for-service-accounts-eks/README.md
index 55eeb652..25fcda06 100644
--- a/examples/iam-role-for-service-accounts-eks/README.md
+++ b/examples/iam-role-for-service-accounts-eks/README.md
@@ -37,7 +37,6 @@ Run `terraform destroy` when you don't need these resources.
 | <a name="module_appmesh_envoy_proxy_irsa_role"></a> [appmesh\_envoy\_proxy\_irsa\_role](#module\_appmesh\_envoy\_proxy\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_aws_gateway_controller_irsa_role"></a> [aws\_gateway\_controller\_irsa\_role](#module\_aws\_gateway\_controller\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_cert_manager_irsa_role"></a> [cert\_manager\_irsa\_role](#module\_cert\_manager\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
-| <a name="module_cert_manager_irsa_role_self_assume"></a> [cert\_manager\_irsa\_role\_self\_assume](#module\_cert\_manager\_irsa\_role\_self\_assume) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_cluster_autoscaler_irsa_role"></a> [cluster\_autoscaler\_irsa\_role](#module\_cluster\_autoscaler\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | ../../modules/iam-role-for-service-accounts-eks | n/a |
diff --git a/examples/iam-role-for-service-accounts-eks/main.tf b/examples/iam-role-for-service-accounts-eks/main.tf
index 6d47e8c2..b7583241 100644
--- a/examples/iam-role-for-service-accounts-eks/main.tf
+++ b/examples/iam-role-for-service-accounts-eks/main.tf
@@ -31,7 +31,8 @@ module "disabled" {
 module "irsa_role" {
   source = "../../modules/iam-role-for-service-accounts-eks"
 
-  role_name = local.name
+  role_name              = local.name
+  allow_self_assume_role = true
 
   oidc_providers = {
     one = {
@@ -85,24 +86,6 @@ module "cert_manager_irsa_role" {
   tags = local.tags
 }
 
-module "cert_manager_irsa_role_self_assume" {
-  source = "../../modules/iam-role-for-service-accounts-eks"
-
-  role_name                     = "cert-manager"
-  attach_cert_manager_policy    = true
-  cert_manager_hosted_zone_arns = ["arn:aws:route53:::hostedzone/IClearlyMadeThisUp"]
-  allow_self_assume_role        = true
-
-  oidc_providers = {
-    ex = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:cert-manager"]
-    }
-  }
-
-  tags = local.tags
-}
-
 module "cluster_autoscaler_irsa_role" {
   source = "../../modules/iam-role-for-service-accounts-eks"