fix: Correct addon timeout lookup/override logic to support global and addon specific settings (#3492)

bryantbiggs · web-flow · commit b236208d5ce9 · 2025-08-24T13:16:17.000-05:00
diff --git a/README.md b/README.md
@@ -384,8 +384,8 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_entries"></a> [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | <pre>map(object({<br/>    # Access entry<br/>    kubernetes_groups = optional(list(string))<br/>    principal_arn     = string<br/>    type              = optional(string, "STANDARD")<br/>    user_name         = optional(string)<br/>    tags              = optional(map(string), {})<br/>    # Access policy association<br/>    policy_associations = optional(map(object({<br/>      policy_arn = string<br/>      access_scope = object({<br/>        namespaces = optional(list(string))<br/>        type       = string<br/>      })<br/>    })), {})<br/>  }))</pre> | `{}` | no |
 | <a name="input_additional_security_group_ids"></a> [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |
-| <a name="input_addons"></a> [addons](#input\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | <pre>map(object({<br/>    name                 = optional(string) # will fall back to map key<br/>    before_compute       = optional(bool, false)<br/>    most_recent          = optional(bool, true)<br/>    addon_version        = optional(string)<br/>    configuration_values = optional(string)<br/>    pod_identity_association = optional(list(object({<br/>      role_arn        = string<br/>      service_account = string<br/>    })))<br/>    preserve                    = optional(bool, true)<br/>    resolve_conflicts_on_create = optional(string, "NONE")<br/>    resolve_conflicts_on_update = optional(string, "OVERWRITE")<br/>    service_account_role_arn    = optional(string)<br/>    timeouts = optional(object({<br/>      create = optional(string)<br/>      update = optional(string)<br/>      delete = optional(string)<br/>    }))<br/>    tags = optional(map(string), {})<br/>  }))</pre> | `null` | no |
-| <a name="input_addons_timeouts"></a> [addons\_timeouts](#input\_addons\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | <pre>object({<br/>    create = optional(string)<br/>    update = optional(string)<br/>    delete = optional(string)<br/>  })</pre> | `null` | no |
+| <a name="input_addons"></a> [addons](#input\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | <pre>map(object({<br/>    name                 = optional(string) # will fall back to map key<br/>    before_compute       = optional(bool, false)<br/>    most_recent          = optional(bool, true)<br/>    addon_version        = optional(string)<br/>    configuration_values = optional(string)<br/>    pod_identity_association = optional(list(object({<br/>      role_arn        = string<br/>      service_account = string<br/>    })))<br/>    preserve                    = optional(bool, true)<br/>    resolve_conflicts_on_create = optional(string, "NONE")<br/>    resolve_conflicts_on_update = optional(string, "OVERWRITE")<br/>    service_account_role_arn    = optional(string)<br/>    timeouts = optional(object({<br/>      create = optional(string)<br/>      update = optional(string)<br/>      delete = optional(string)<br/>    }), {})<br/>    tags = optional(map(string), {})<br/>  }))</pre> | `null` | no |
+| <a name="input_addons_timeouts"></a> [addons\_timeouts](#input\_addons\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | <pre>object({<br/>    create = optional(string)<br/>    update = optional(string)<br/>    delete = optional(string)<br/>  })</pre> | `{}` | no |
 | <a name="input_attach_encryption_policy"></a> [attach\_encryption\_policy](#input\_attach\_encryption\_policy) | Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | `bool` | `true` | no |
 | <a name="input_authentication_mode"></a> [authentication\_mode](#input\_authentication\_mode) | The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP` | `string` | `"API_AND_CONFIG_MAP"` | no |
 | <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
diff --git a/main.tf b/main.tf
@@ -785,9 +785,9 @@ resource "aws_eks_addon" "this" {
   service_account_role_arn    = each.value.service_account_role_arn
 
   timeouts {
-    create = try(coalesce(each.value.timeouts.create, var.addons_timeouts.create), null)
-    update = try(coalesce(each.value.timeouts.update, var.addons_timeouts.update), null)
-    delete = try(coalesce(each.value.timeouts.delete, var.addons_timeouts.delete), null)
+    create = each.value.timeouts.create != null ? each.value.timeouts.create : var.addons_timeouts.create
+    update = each.value.timeouts.update != null ? each.value.timeouts.update : var.addons_timeouts.update
+    delete = each.value.timeouts.delete != null ? each.value.timeouts.delete : var.addons_timeouts.delete
   }
 
   tags = merge(
@@ -830,9 +830,9 @@ resource "aws_eks_addon" "before_compute" {
   service_account_role_arn    = each.value.service_account_role_arn
 
   timeouts {
-    create = try(coalesce(each.value.timeouts.create, var.addons_timeouts.create), null)
-    update = try(coalesce(each.value.timeouts.update, var.addons_timeouts.update), null)
-    delete = try(coalesce(each.value.timeouts.delete, var.addons_timeouts.delete), null)
+    create = each.value.timeouts.create != null ? each.value.timeouts.create : var.addons_timeouts.create
+    update = each.value.timeouts.update != null ? each.value.timeouts.update : var.addons_timeouts.update
+    delete = each.value.timeouts.delete != null ? each.value.timeouts.delete : var.addons_timeouts.delete
   }
 
   tags = merge(
diff --git a/variables.tf b/variables.tf
@@ -635,7 +635,7 @@ variable "addons" {
       create = optional(string)
       update = optional(string)
       delete = optional(string)
-    }))
+    }), {})
     tags = optional(map(string), {})
   }))
   default = null
@@ -648,7 +648,7 @@ variable "addons_timeouts" {
     update = optional(string)
     delete = optional(string)
   })
-  default = null
+  default = {}
 }
 
 ################################################################################
