From 1b6a750a1787e7f1685a61f12973aaec6cc41b04 Mon Sep 17 00:00:00 2001 From: Brandon Kneeld Date: Thu, 24 Jul 2025 14:10:34 -0400 Subject: [PATCH 1/5] Update variables.tf Fixes inability to provide default {} encryption_config --- variables.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index d8ade28a4c..81211a8eb5 100644 --- a/variables.tf +++ b/variables.tf @@ -165,9 +165,11 @@ variable "encryption_config" { description = "Configuration block with encryption configuration for the cluster" type = object({ provider_key_arn = optional(string) - resources = optional(list(string), ["secrets"]) + resources = optional(list(string)) }) - default = {} + default = { + resources = ["secrets"] + } } variable "attach_encryption_policy" { From 036a4bd20c56a125b028bd8d55272e0dbc2f161f Mon Sep 17 00:00:00 2001 From: "Brandon N. Kneeld" Date: Thu, 24 Jul 2025 14:41:13 -0400 Subject: [PATCH 2/5] Readme update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8d3d79ad74..31bafd3405 100644 --- a/README.md +++ b/README.md @@ -411,7 +411,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no | | [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no | | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | -| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string), ["secrets"])
  })
| `{}` | no | +| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| `{
resources = ["secrets"]
}` | no | | [encryption\_policy\_description](#input\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no | | [encryption\_policy\_name](#input\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no | | [encryption\_policy\_path](#input\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no | From 92e40ebe289236ce83bf1000faff90e46e85fdd2 Mon Sep 17 00:00:00 2001 From: "Brandon N. Kneeld" Date: Thu, 24 Jul 2025 14:44:52 -0400 Subject: [PATCH 3/5] fix syntax --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 31bafd3405..3258296f8d 100644 --- a/README.md +++ b/README.md @@ -411,7 +411,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no | | [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no | | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | -| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| `{
resources = ["secrets"]
}` | no | +| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| 
`{
    resources        = ["secrets"]
}`
| no | | [encryption\_policy\_description](#input\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no | | [encryption\_policy\_name](#input\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no | | [encryption\_policy\_path](#input\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no | From 8449948bc6e5abcb129f16349fd25a91e1ec2d80 Mon Sep 17 00:00:00 2001 From: "Brandon N. Kneeld" Date: Thu, 24 Jul 2025 14:46:55 -0400 Subject: [PATCH 4/5] syntax --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3258296f8d..8f5adf1899 100644 --- a/README.md +++ b/README.md @@ -411,7 +411,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no | | [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no | | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | -| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| 
`{
    resources        = ["secrets"]
}`
| no | +| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| 
{
    resources        = ["secrets"]
}
| no | | [encryption\_policy\_description](#input\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no | | [encryption\_policy\_name](#input\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no | | [encryption\_policy\_path](#input\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no | From 12ed83df410a8d752f898bf6bc221362518fae73 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 24 Jul 2025 13:55:14 -0500 Subject: [PATCH 5/5] fix: Run pre-commit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8f5adf1899..7ebc0f4555 100644 --- a/README.md +++ b/README.md @@ -411,7 +411,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no | | [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no | | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | -| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| 
{
    resources        = ["secrets"]
}
| no | +| [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
| 
{
  "resources": [
    "secrets"
  ]
}
| no | | [encryption\_policy\_description](#input\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no | | [encryption\_policy\_name](#input\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no | | [encryption\_policy\_path](#input\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no |