fix: Use count instead of for_each in iam-eks-role (#193)

[petur]

Description

This is the same method as is used in iam-assumable-role-with-oidc. Since the argument to count is a list, not a set, the number of elements doesn't depend on the values, and terraform can decide how many elements are needed before creating the policies.

Motivation and Context

This fixes #193

This issue is a blocker for using this module in automation.

Breaking Changes

This changes the address of the aws_iam_role_policy_attachment resource, since it's index by a number instead of a string.
This will cause the resource to be recreated when applying the module after changes.

There are no changes to the outputs of the module, and the created resources should be identical.

How Has This Been Tested?

• I have tested and validated these changes using one or more of the provided examples/* projects

This was also tested in our automated tests, which create a role and a policy to attach to a service account, like so:

resource "aws_iam_policy" "foo" {
  name   = "${var.cluster_name}-foo"
  policy = data.aws_iam_policy_document.foo.json
}

module "foo_role" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-eks-role"
  version = "4.13.1"

  role_description = "IRSA role for foo"
  role_name_prefix = "foo-"
  role_policy_arns = [aws_iam_policy.foo.arn]

  cluster_service_accounts = {
    (var.cluster_name) = ["${var.namespace}:${local.service_account_name}"]
  }
}

The change has no effects on the code that uses the module - except that it works when applying in an empty workspace.

[lorengordon]

Please see my comment on the issue for a better option...

[adminomargallo]

hey peeps, whats the status of this? i would really like to see this merged

[bryantbiggs]

I don't think we will be going back to count, but instead going with the great suggestion by @lorengordon - however, we have to batch these changes in the next breaking change for the module (we have some other issues around provider version and such and we'll probably update and align those to be more current)

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[antonbabenko]

This issue has been resolved in version 5.0.0 🎉

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.