@@ -23,6 +23,7 @@ import (
23
23
"strings"
24
24
25
25
"github.com/aws/aws-sdk-go/service/eks"
26
+ "github.com/aws/aws-sdk-go/service/iam"
26
27
"github.com/pkg/errors"
27
28
corev1 "k8s.io/api/core/v1"
28
29
apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -32,6 +33,7 @@ import (
32
33
33
34
"sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/converters"
34
35
iamv1 "sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1"
36
+ tagConverter "sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/converters"
35
37
"sigs.k8s.io/cluster-api/controllers/remote"
36
38
)
37
39
@@ -74,6 +76,14 @@ func (s *Service) reconcileOIDCProvider(cluster *eks.Cluster) error {
74
76
if err := s .scope .PatchObject (); err != nil {
75
77
return errors .Wrap (err , "failed to update control plane with OIDC provider ARN" )
76
78
}
79
+ // tagging the OIDC provider with the same tags of cluster
80
+ inputForTags := iam.TagOpenIDConnectProviderInput {
81
+ OpenIDConnectProviderArn : & s .scope .ControlPlane .Status .OIDCProvider .ARN ,
82
+ Tags : tagConverter .MapToIAMTags (tagConverter .MapPtrToMap (cluster .Tags )),
83
+ }
84
+ if _ , err := s .IAMClient .TagOpenIDConnectProvider (& inputForTags ); err != nil {
85
+ return errors .Wrap (err , "failed to tag OIDC provider" )
86
+ }
77
87
78
88
if err := s .reconcileTrustPolicy (); err != nil {
79
89
return errors .Wrap (err , "failed to reconcile trust policy in workload cluster" )
0 commit comments