From 832ec3444d922085972a698a694dfb197ace4ba3 Mon Sep 17 00:00:00 2001
From: Loren Gordon <lorengordon@users.noreply.github.com>
Date: Mon, 24 Feb 2025 09:35:52 -0800
Subject: [PATCH 1/2] Provides accurate type constraint for
 cluster_compute_config

---
 README.md    | 2 +-
 main.tf      | 2 +-
 variables.tf | 8 ++++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 1d5b5c07be..8fe22d0602 100644
--- a/README.md
+++ b/README.md
@@ -393,7 +393,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | <a name="input_cluster_additional_security_group_ids"></a> [cluster\_additional\_security\_group\_ids](#input\_cluster\_additional\_security\_group\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |
 | <a name="input_cluster_addons"></a> [cluster\_addons](#input\_cluster\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | `any` | `{}` | no |
 | <a name="input_cluster_addons_timeouts"></a> [cluster\_addons\_timeouts](#input\_cluster\_addons\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | `map(string)` | `{}` | no |
-| <a name="input_cluster_compute_config"></a> [cluster\_compute\_config](#input\_cluster\_compute\_config) | Configuration block for the cluster compute configuration | `any` | `{}` | no |
+| <a name="input_cluster_compute_config"></a> [cluster\_compute\_config](#input\_cluster\_compute\_config) | Configuration block for the cluster compute configuration | <pre>object({<br/>    enabled       = bool<br/>    node_pools    = optional(list(string), [])<br/>    node_role_arn = optional(string)<br/>  })</pre> | `null` | no |
 | <a name="input_cluster_enabled_log_types"></a> [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | <pre>[<br/>  "audit",<br/>  "api",<br/>  "authenticator"<br/>]</pre> | no |
 | <a name="input_cluster_encryption_config"></a> [cluster\_encryption\_config](#input\_cluster\_encryption\_config) | Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to `{}` | `any` | <pre>{<br/>  "resources": [<br/>    "secrets"<br/>  ]<br/>}</pre> | no |
 | <a name="input_cluster_encryption_policy_description"></a> [cluster\_encryption\_policy\_description](#input\_cluster\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no |
diff --git a/main.tf b/main.tf
index 18933422f5..89811b2143 100644
--- a/main.tf
+++ b/main.tf
@@ -53,7 +53,7 @@ resource "aws_eks_cluster" "this" {
   }
 
   dynamic "compute_config" {
-    for_each = length(var.cluster_compute_config) > 0 ? [var.cluster_compute_config] : []
+    for_each = var.cluster_compute_config[*]
 
     content {
       enabled       = local.auto_mode_enabled
diff --git a/variables.tf b/variables.tf
index 855c2133ec..143db090de 100644
--- a/variables.tf
+++ b/variables.tf
@@ -46,8 +46,12 @@ variable "authentication_mode" {
 
 variable "cluster_compute_config" {
   description = "Configuration block for the cluster compute configuration"
-  type        = any
-  default     = {}
+  type = object({
+    enabled       = bool
+    node_pools    = optional(list(string), [])
+    node_role_arn = optional(string)
+  })
+  default = null
 }
 
 variable "cluster_upgrade_policy" {

From acc3da119e564a607a00a58995af43c707955945 Mon Sep 17 00:00:00 2001
From: Loren Gordon <lorengordon@users.noreply.github.com>
Date: Mon, 24 Feb 2025 09:58:53 -0800
Subject: [PATCH 2/2] Relies on type constraints instead of unneeded try()
 expressions

---
 main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 89811b2143..a0fc9e9029 100644
--- a/main.tf
+++ b/main.tf
@@ -57,8 +57,8 @@ resource "aws_eks_cluster" "this" {
 
     content {
       enabled       = local.auto_mode_enabled
-      node_pools    = local.auto_mode_enabled ? try(compute_config.value.node_pools, []) : null
-      node_role_arn = local.auto_mode_enabled && length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn, null) : null
+      node_pools    = local.auto_mode_enabled ? compute_config.value.node_pools : null
+      node_role_arn = local.auto_mode_enabled && length(compute_config.value.node_pools) > 0 ? coalesce(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn) : null
     }
   }