Add oidcProvider

pulumi · Oct 10, 2024 · 070931a · 070931a
1 parent 3c1cfbe
commit 070931a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 36 deletions.
diff --git a/examples/cluster-cs/MyStack.cs b/examples/cluster-cs/MyStack.cs
@@ -53,35 +53,35 @@ public MyStack()
             }"
         });
 
-var cluster3 = new Eks.Cluster($"{projectName}-3", new Eks.ClusterArgs
-{
-    VpcId = vpc.VpcId,
-    PublicSubnetIds = vpc.PublicSubnetIds,
-    NodeGroupOptions = new Eks.Inputs.ClusterNodeGroupOptionsArgs
-    {
-        DesiredCapacity = 1,
-        MinSize = 1,
-        MaxSize = 1,
-        InstanceType = "t3.small",
-    },
-    AuthenticationMode = Eks.AuthenticationMode.ApiAndConfigMap,
-    AccessEntries = new Dictionary<string, Eks.Inputs.AccessEntryArgs>
+        var cluster3 = new Eks.Cluster($"{projectName}-3", new Eks.ClusterArgs
         {
-                { $"{projectName}-role", new Eks.Inputs.AccessEntryArgs {
-                PrincipalArn = iamRole.Arn,
-                AccessPolicies = new Dictionary<string, Input<Eks.Inputs.AccessPolicyAssociationArgs>> {
-                    { "accessPolicy1", new Eks.Inputs.AccessPolicyAssociationArgs {
-                        AccessScope = new Aws.Eks.Inputs.AccessPolicyAssociationAccessScopeArgs {
-                            Namespaces = new[] { "default", "application" },
-                            Type = "namespace"
-                        },
-                        PolicyArn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy",
-                    }
-                }
+            VpcId = vpc.VpcId,
+            PublicSubnetIds = vpc.PublicSubnetIds,
+            NodeGroupOptions = new Eks.Inputs.ClusterNodeGroupOptionsArgs
+            {
+                DesiredCapacity = 1,
+                MinSize = 1,
+                MaxSize = 1,
+                InstanceType = "t3.small",
             },
-            }}
-        }
-});
+            AuthenticationMode = Eks.AuthenticationMode.ApiAndConfigMap,
+            AccessEntries = new Dictionary<string, Eks.Inputs.AccessEntryArgs>
+                {
+                     { $"{projectName}-role", new Eks.Inputs.AccessEntryArgs {
+                        PrincipalArn = iamRole.Arn,
+                        AccessPolicies = new Dictionary<string, Input<Eks.Inputs.AccessPolicyAssociationArgs>> {
+                            { "accessPolicy1", new Eks.Inputs.AccessPolicyAssociationArgs {
+                                AccessScope = new Aws.Eks.Inputs.AccessPolicyAssociationAccessScopeArgs {
+                                    Namespaces = new[] { "default", "application" },
+                                    Type = "namespace"
+                                },
+                                PolicyArn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy",
+                            }
+                        }
+                    },
+                    }}
+                }
+        });
 
         // Export the clusters' kubeconfig.
         Kubeconfig1 = cluster1.Kubeconfig;

diff --git a/examples/oidc-iam-sa/index.ts b/examples/oidc-iam-sa/index.ts
@@ -19,13 +19,8 @@ export const kubeconfig = cluster.kubeconfig;
 if (!cluster?.core?.oidcProvider) {
     throw new Error("Invalid cluster OIDC provider URL");
 }
-
-cluster.provider
-
-const test: eks.types.output.CoreData
-
-const clusterOidcProvider = cluster.core.oidcProvider;
-export const clusterOidcProviderUrl = clusterOidcProvider!.url;
+export const clusterOidcProviderUrl: pulumi.Output<string> = cluster.oidcProvider!.url;
+export const clusterOidcProviderArn: pulumi.Output<string>  = cluster.oidcProvider!.arn;
 
 // Setup Pulumi Kubernetes provider.
 const provider = new k8s.Provider("eks-k8s", {
@@ -39,8 +34,7 @@ export const appsNamespaceName = appsNamespace.metadata.name;
 // Create the new IAM policy for the Service Account using the
 // AssumeRoleWebWebIdentity action.
 const saName = "s3";
-const oidcProviderArn = clusterOidcProvider.apply(o => o!.arn);
-const saAssumeRolePolicy = pulumi.all([clusterOidcProviderUrl, clusterOidcProvider!.arn, appsNamespaceName]).apply(([url, arn, namespace]) => aws.iam.getPolicyDocument({
+const saAssumeRolePolicy = pulumi.all([clusterOidcProviderUrl, clusterOidcProviderArn, appsNamespaceName]).apply(([url, arn, namespace]) => aws.iam.getPolicyDocument({
     statements: [{
         actions: ["sts:AssumeRoleWithWebIdentity"],
         conditions: [{

diff --git a/nodejs/eks/cluster.ts b/nodejs/eks/cluster.ts
@@ -1998,6 +1998,7 @@ export interface ClusterResult {
     kubernetesProvider: k8s.Provider;
     clusterIamRole: pulumi.Output<aws.iam.Role>;
     clusterIamRoleName: pulumi.Output<string>;
+    oidcProvider: aws.iam.OpenIdConnectProvider | undefined;
     // todo flo: add the new optional properties
 }
 
@@ -2100,6 +2101,7 @@ export function createCluster(
         kubernetesProvider: core.provider,
         clusterIamRole: core.clusterIamRole,
         clusterIamRoleName: core.clusterIamRole.name,
+        oidcProvider: core.oidcProvider,
     };
 }
 
@@ -2131,6 +2133,7 @@ export class ClusterInternal extends pulumi.ComponentResource {
     public readonly clusterIamRole!: pulumi.Output<aws.iam.Role>;
     public readonly clusterIamRoleName!: pulumi.Output<string>;
     public readonly defaultNodeGroupAsg!: aws.autoscaling.Group | undefined;
+    public readonly oidcProvider!: aws.iam.OpenIdConnectProvider | undefined;
 
     constructor(name: string, args?: ClusterOptions, opts?: pulumi.ComponentResourceOptions) {
         const type = "eks:index:Cluster";
@@ -2152,6 +2155,7 @@ export class ClusterInternal extends pulumi.ComponentResource {
                 clusterIamRole: undefined,
                 clusterIamRoleName: undefined,
                 defaultNodeGroupAsg: undefined,
+                oidcProvider: undefined
 
                 // todo flo: add the new optional properties here and in the registerOutputs below
             };
@@ -2183,6 +2187,7 @@ export class ClusterInternal extends pulumi.ComponentResource {
         this.clusterIamRole = cluster.clusterIamRole;
         this.clusterIamRoleName = cluster.clusterIamRoleName;
         this.defaultNodeGroupAsg = cluster.defaultNodeGroupAsg;
+        this.oidcProvider = cluster.oidcProvider;
 
         this.registerOutputs({
             clusterSecurityGroup: this.clusterSecurityGroup,
@@ -2200,6 +2205,7 @@ export class ClusterInternal extends pulumi.ComponentResource {
             clusterIamRole: this.clusterIamRole,
             clusterIamRoleName: this.clusterIamRoleName,
             defaultNodeGroupAsg: this.defaultNodeGroupAsg,
+            oidcProvider: this.oidcProvider,
         });
     }