From 1b87d99de89b472551875dd4a3000590530a67a5 Mon Sep 17 00:00:00 2001
From: Brandon McNama <bmcnama@pagerduty.com>
Date: Tue, 26 May 2020 23:52:39 -0400
Subject: [PATCH 1/2] fix: Work around path bug in aws-iam-authenticator

`aws-iam-authenticator` has an open issue where it will not recognize
IAM roles that include paths. This change causes the path supplied to
`var.iam_path` to be stripped when generating the `aws-auth` ConfigMap
in order to work around this.

https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153
---
 aws_auth.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/aws_auth.tf b/aws_auth.tf
index db6dea4708..842a69096b 100644
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -46,7 +46,8 @@ locals {
       module.node_groups.aws_auth_roles,
     ) :
     {
-      rolearn  = role["worker_role_arn"]
+      # Strip the leading slash off so that Terraform doesn't think it's a regex
+      rolearn  = replace(role["worker_role_arn"], replace(var.iam_path, "/^//", ""), "")
       username = "system:node:{{EC2PrivateDNSName}}"
       groups = tolist(concat(
         [

From 2592afdbff91f83badf4baded134855776889101 Mon Sep 17 00:00:00 2001
From: Brandon McNama <bmcnama@pagerduty.com>
Date: Tue, 26 May 2020 23:58:29 -0400
Subject: [PATCH 2/2] Add comment with more context

---
 aws_auth.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws_auth.tf b/aws_auth.tf
index 842a69096b..b583c069a9 100644
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -46,6 +46,7 @@ locals {
       module.node_groups.aws_auth_roles,
     ) :
     {
+      # Work around https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153
       # Strip the leading slash off so that Terraform doesn't think it's a regex
       rolearn  = replace(role["worker_role_arn"], replace(var.iam_path, "/^//", ""), "")
       username = "system:node:{{EC2PrivateDNSName}}"