EKS can't get OIDC issuer

[shazi7804]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

cdktf & Language Versions

{
  "language": "typescript",
  "app": "npm run --silent compile && node main.js",
  "terraformProviders": [
    "aws@~> 2.0",
    "azurerm@~> 2.0.0"
  ]
}

• cdktf version

cdktf --version
0.3.0

Affected Resource(s)

EksCluster

Debug Output

Expected Behavior

Get EKS oidc url

Actual Behavior

Want to get oidc issuer from EKS

new IamOpenidConnectProvider(this, 'EksOidc', {
    clientIdList: ["sts.amazonaws.com"],
    thumbprintList: [],
    url: eks.identity('0').oidc('0').issuer
})

But EksClusterIdentity class not include issuer function.

    /cdktf-samples/lib/aws/kubernetes.js:141
                url: eks.identity('0').oidc('0').issuer
                                       ^

    TypeError: eks.identity(...).oidc is not a function
        at new AwsEksGroups (/cdktf-samples/lib/aws/kubernetes.js:141:36)
        at new AwsEks (/cdktf-samples/main.js:81:9)
        at Object.<anonymous> (/cdktf-samples/main.js:121:1)
        at Module._compile (internal/modules/cjs/loader.js:1063:30)
        at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
        at Module.load (internal/modules/cjs/loader.js:928:32)
        at Function.Module._load (internal/modules/cjs/loader.js:769:14)
        at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
        at internal/main/run_main_module.js:17:47

In fact, EksClusterIdentityOidc included issuer but not any resource use it.

Steps to Reproduce

cdktf deploy

Workaround

new EksClusterIdentityOidc class with EKS resource

new IamOpenidConnectProvider(this, 'EksOidc', {
    clientIdList: ["sts.amazonaws.com"],
    thumbprintList: [],
    url: new EksClusterIdentityOidc(eks, 'identity[0]', 'oidc[0]').issuer
})

References

none

[jsteinich]

Pretty similar to #25.
Currently it's possible to get at the oidc cluster identity, but the return is just a terraform reference string as support for complex types at that level aren't yet fully supported.

That is a clever workaround which may be helpful when working on fixing this. Thanks.

[skorfmann]

@jsteinich would you say it's a duplicate of #25?

[jsteinich]

@jsteinich would you say it's a duplicate of #25?

It's not identical, but I've been considering #25 to represent any situation where the code is generated with a fallback to any.
There are there cases in the generation whether that happens:

1. Complex computed optional types as described in Complex Computed Optional Types #25
2. Unknown complex types (in this case list<object<list>>)
3. Maps of complex types

[DanielMSchmidt]

@ansgarm Is this issue solved by your list work?

[ansgarm]

Seems like it: https://github.com/hashicorp/cdktf-provider-aws/blob/2fba6ba713a7ebd4818685b4ece5c6bdfb1de418/src/eks/eks-cluster.ts#L164
Using url: eks.identity.get(0).oidc.get(0).issuer should work now.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.