From e8c244de17487348c053a19953ea16800ed7a1ed Mon Sep 17 00:00:00 2001
From: gohmc <46994372+gohmc@users.noreply.github.com>
Date: Mon, 1 May 2023 21:50:45 +0800
Subject: [PATCH] fix: Ensure `karpenter` and `velero` resources are not
 created when they are not enabled (#149)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml |  2 +-
 main.tf                 | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e7873ee3..109ebee7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.3
+    rev: v1.78.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
diff --git a/main.tf b/main.tf
index 47d1a57f..910c5109 100644
--- a/main.tf
+++ b/main.tf
@@ -2257,7 +2257,8 @@ locals {
 }
 
 data "aws_iam_role" "karpenter" {
-  name = var.karpenter_instance_profile.iam_role_name
+  count = var.enable_karpenter ? 1 : 0
+  name  = var.karpenter_instance_profile.iam_role_name
 }
 
 data "aws_iam_policy_document" "karpenter" {
@@ -2294,7 +2295,7 @@ data "aws_iam_policy_document" "karpenter" {
 
   statement {
     actions   = ["iam:PassRole"]
-    resources = [data.aws_iam_role.karpenter.arn]
+    resources = [data.aws_iam_role.karpenter[0].arn]
   }
 
   statement {
@@ -2744,9 +2745,9 @@ module "secrets_store_csi_driver_provider_aws" {
 locals {
   velero_name                    = "velero"
   velero_service_account         = try(var.velero.service_account_name, "${local.velero_name}-server")
-  velero_backup_s3_bucket        = split(":", var.velero.s3_backup_location)
-  velero_backup_s3_bucket_arn    = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location)
-  velero_backup_s3_bucket_name   = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5])
+  velero_backup_s3_bucket        = try(split(":", var.velero.s3_backup_location), [])
+  velero_backup_s3_bucket_arn    = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location, "")
+  velero_backup_s3_bucket_name   = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5], "")
   velero_backup_s3_bucket_prefix = try(split("/", var.velero.s3_backup_location)[1], "")
 }