update role module with optional namespace variable (#35)

Author: markhv-code

CHANGELOG.md

@@ -3,3 +3,6 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.7.2]
+* Update role module with optional namespace variable

role/main.tf

@@ -22,7 +22,7 @@ resource "aws_iam_role" "api-service-role" {
           "Condition": {
             "StringEquals": {
               "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:aud": "sts.amazonaws.com",
-              "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:sub": "system:serviceaccount:${var.GroupName}:${var.GroupName}-api-service-account"
+              "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:sub": "system:serviceaccount:${var.NameSpace}:${var.GroupName}-api-service-account"
               }
           }
       }]
@@ -51,7 +51,7 @@ resource "aws_iam_role" "job-scheduler-service-role" {
         "Condition": {
             "StringEquals": {
             "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:aud": "sts.amazonaws.com",
-            "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:sub": "system:serviceaccount:${var.GroupName}:${var.GroupName}-job-scheduler-service-account"
+            "oidc.eks.us-east-1.amazonaws.com/id/${var.OIDCProviderID}:sub": "system:serviceaccount:${var.NameSpace}:${var.GroupName}-job-scheduler-service-account"
             }
         }
     }]

role/variables.tf

@@ -40,6 +40,12 @@ variable "GroupName" {
   default     = null
 }
 
+variable "NameSpace" {
+  description = "Optional for when the GroupName doesn't match the namespace"
+  type        = string
+  default     = var.GroupName
+}
+
 variable "iam_role_path" {
   type    = string
   default = "/delegatedadmin/developer/"