Merge pull request #19 from truefoundry/cap-iam-prefix-length

DeeAjayi · web-flow · commit 5706e7d0a1bb · 2024-11-20T16:22:53.000+01:00
Cap iam role prefix length
diff --git a/iam.tf b/iam.tf
@@ -193,7 +193,7 @@ resource "aws_iam_role" "truefoundry_platform_feature_iam_role" {
   count                 = var.platform_user_enabled ? 0 : 1
   name                  = var.platform_role_enable_override ? var.platform_role_override_name : null
   description           = "IAM role for TrueFoundry platform to access S3 bucket, SSM, ECR and EKS"
-  name_prefix           = var.platform_role_enable_override ? null : "${local.truefoundry_unique_name}-iam-role-"
+  name_prefix           = var.platform_role_enable_override ? null : local.iam_role_name_prefix
   force_detach_policies = true
 
   assume_role_policy = jsonencode({
diff --git a/locals.tf b/locals.tf
@@ -17,5 +17,6 @@ locals {
   ]
   truefoundry_platform_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]
 
-  oidc_provider_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")
+  oidc_provider_url    = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")
+  iam_role_name_prefix = trimsuffix(substr("${local.truefoundry_unique_name}-iam-role-", 0, 37), "-")
 }

Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,6 @@ locals {`
`17`	`17`	`]`
`18`	`18`	`truefoundry_platform_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]`
`19`	`19`
`20`		`- oidc_provider_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")`
	`20`	`+ oidc_provider_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")`
	`21`	`+ iam_role_name_prefix = trimsuffix(substr("${local.truefoundry_unique_name}-iam-role-", 0, 37), "-")`
`21`	`22`	`}`