Merge pull request #37 from opzkit/type_for_permissions

Type for permissions

examples/additional_nodes/provider.tf

@@ -6,7 +6,7 @@ provider "aws" {
   skip_requesting_account_id  = true
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   region                      = "eu-west-1"
   access_key                  = "mock_access_key"
   secret_key                  = "mock_secret_key"

examples/basic/provider.tf

@@ -6,7 +6,7 @@ provider "aws" {
   skip_requesting_account_id  = true
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   region                      = "eu-west-1"
   access_key                  = "mock_access_key"
   secret_key                  = "mock_secret_key"

examples/policies/provider.tf

@@ -6,7 +6,7 @@ provider "aws" {
   skip_requesting_account_id  = true
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   region                      = "eu-west-1"
   access_key                  = "mock_access_key"
   secret_key                  = "mock_secret_key"

providers.tf

@@ -9,4 +9,5 @@ terraform {
       version = "~>1.23.5"
     }
   }
+  experiments = [module_variable_optional_attrs]
 }

vars.tf

@@ -155,7 +155,14 @@ variable "aws_oidc_provider" {
 }
 
 variable "service_account_external_permissions" {
-  type        = any
+  type = list(object({
+    name      = string
+    namespace = string
+    aws = object({
+      inline_policy = optional(string)
+      policy_ar_ns  = optional(list(string))
+    })
+  }))
   default     = []
   description = "External permissions for Service Accounts (IRSA), https://kops.sigs.k8s.io/cluster_spec/#service-account-issuer-discovery-and-aws-iam-roles-for-service-accounts-irsa"
 }