From 8fb7952b0f9ab21793ed054fc45373169f03c7bd Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 19 Apr 2024 17:38:41 -0700 Subject: [PATCH] Reword why user-sa is special cased in role name --- terraform/aws/irsa.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform/aws/irsa.tf b/terraform/aws/irsa.tf index f37a0a12af..8befb0e8ef 100644 --- a/terraform/aws/irsa.tf +++ b/terraform/aws/irsa.tf @@ -16,8 +16,10 @@ locals { hub_role = flatten([ for hub, hub_value in var.hub_cloud_permissions : [ for role, role_value in hub_value : { - // id is conservatively adjusted to not change any previous resource - // name set to the hub's name when only "user-sa" roles were around + // Most hubs only use `user-sa`, so we use just the hub name for the IAM + // role for user-sa. `user-sa` was also the only service account supported + // for a long time, so this special casing reduces the amount of work + // we needed to do to introduce other service accounts. id = role == "user-sa" ? hub : "${hub}-${role}" hub = hub role = role