Bugfixes

[Nuru]

what

• Ensure access entries are created before associating them with policies
• Allow extra tags specific to addons
• Make access_scope optional in access_policy_associations
• Add testing for enabled=false
• Fix typo in hyperlink

why

• Race condition can cause cluster creation to fail if Terraform attempts to create access entries and policy associations in parallel
• Some addons require specific tags for configuration
• All the elements of access_scope are optional, so access_scope itself is not required
• Standard testing requirement, ensure no resources are created and module functions without error when enabled=false
• Fix typo

references

• Supersedes and closes fixed link to test src #230
• Supersedes and closes Bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src in the go_modules group #233
• Closes Add tags to EKS addons #247
• Closes access_scope in access_policy_associations should be optional #248

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request implements documentation and configuration refinements for the Terraform EKS module. It reformats README files and YAML for clarity, corrects a test src link, and updates variable definitions by adding an optional additional_tags and making access_scope optional. In addition, explicit dependencies are introduced in auth.tf via the depends_on attribute, the eks_node_group module version has been bumped with conditional parameter assignments, and a new test verifies disabled configuration behavior. The go.mod file also sees dependency updates.

Changes

File(s)	Change Summary
README.md, README.yaml	Reformatted text for clarity; corrected test src link; updated descriptions regarding Terraform module functionality.
docs/terraform.md, variables.tf	Updated variable declarations by adding an optional additional_tags field for addons and making access_scope optional in access_policy_associations.
auth.tf	Added depends_on attributes to aws_eks_access_policy_association resources to enforce creation order with corresponding aws_eks_access_entry resources.
examples/complete/main.tf, main.tf	Upgraded eks_node_group module from v2.12.0 to v3.2.0; introduced conditional logic for subnet_ids and kubernetes_version; enhanced aws_eks_addon tags to merge additional_tags.
test/src/examples_complete_test.go, test/src/go.mod	Added a new test (TestExamplesCompleteDisabled) to validate module behavior when disabled; updated go.mod dependencies including bumping github.com/hashicorp/go-getter.

Assessment against linked issues

Objective	Addressed	Explanation
Fix test src link [#230]	✅
Bump github.com/hashicorp/go-getter dependency [#233]	✅
Enhance EKS addon tagging [#247]	✅
Make access_scope optional in access_policy_associations [#248]	✅

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e2b77e2 and 7a1cfbd.

⛔ Files ignored due to path filters (1)

• README.md is excluded by !README.md

📒 Files selected for processing (2)

• README.yaml (8 hunks)
• examples/complete/main.tf (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• README.yaml

🧰 Additional context used

📓 Path-based instructions (1)

`examples/complete/*.tf`: This is framework for testing and ...

examples/complete/*.tf: This is framework for testing and standards are very relaxed, plus certain things need to be certain ways for testing. Exclude from review unless you find misspelling or similar error in comments or serious errors in code.

• examples/complete/main.tf

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (3)

examples/complete/main.tf (3)

139-139: Module Version Update Verification
The eks_node_group module’s version is updated to "3.2.0". Please verify the module’s changelog for any breaking changes introduced in this release and confirm that all new requirements (such as non‑empty subnet_ids and explicit kubernetes_version handling) are fully accommodated.

---

141-142: Subnet IDs Conditional Assignment Check
The subnet_ids parameter now uses a conditional expression to provide a non-empty list even when the node group is disabled. Ensure that the placeholder value ["filler_string_for_enabled_is_false"] satisfies the module’s requirements without unintentionally triggering resource creation behavior.

---

150-151: Kubernetes Version Conditional Assignment Check
The kubernetes_version parameter is conditionally set to null when enabled and to [var.kubernetes_version] when disabled. Double-check that this configuration meets the version 3.2.0 module requirements and that using a list for the kubernetes_version when disabled is supported by the module.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Nuru]

/terratest

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 549ebd9 and 59853d0.

⛔ Files ignored due to path filters (1)

• test/src/go.sum is excluded by !**/*.sum

📒 Files selected for processing (9)

• README.md (5 hunks)
• README.yaml (8 hunks)
• auth.tf (2 hunks)
• docs/terraform.md (1 hunks)
• examples/complete/main.tf (1 hunks)
• main.tf (1 hunks)
• test/src/examples_complete_test.go (2 hunks)
• test/src/go.mod (3 hunks)
• variables.tf (3 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[uncategorized] ~32-~32: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ...br/> This Terraform module provisions a fully-configured AWS EKS ...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

[style] ~316-~316: ‘Prior to’ might be wordy. Consider a shorter alternative.
Context: .../docs/migration-v1-v2.md). > [!NOTE] > Prior to v4 of this module, AWS did not provide ...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (15)

test/src/examples_complete_test.go (1)

180-214: LGTM! Well-structured test for disabled configuration.

The test function effectively validates that no resources are created when enabled=false. The implementation includes:

• Parallel test execution for efficiency
• Proper test folder setup
• Clear assertion of expected behavior

auth.tf (1)

83-88: LGTM! Proper dependency management to prevent race conditions.

The depends_on blocks ensure that access entries are created before their policy associations, preventing potential race conditions during cluster creation.

Also applies to: 138-143

test/src/go.mod (1)

25-25: LGTM! Dependencies updated and added as needed.

The changes appropriately update and add indirect dependencies required for the module's functionality.

Also applies to: 27-27, 31-31, 37-37, 49-49, 52-52, 58-58, 69-69, 73-73, 75-75, 80-80, 82-82, 85-85

examples/complete/main.tf (3)

139-139: Version bump to eks-node-group 3.2.0.

The module version has been updated to the latest version.

---

141-142: LGTM! Workaround for subnet_ids requirement.

The conditional logic ensures compatibility with the module's requirement for non-empty subnet_ids list, even when disabled.

---

150-152: LGTM! Explicit kubernetes_version for disabled state.

The conditional logic properly handles the kubernetes_version requirement when the module is disabled.

main.tf (1)

178-178: Enhanced Tagging in aws_eks_addon Resource
The updated line uses merge(module.label.tags, each.value.additional_tags) to combine the standard tags with any extra addon‐specific tags. This change fulfills the PR objective of allowing extra tags and is implemented correctly.

variables.tf (2)

178-179: New Field: additional_tags for Addon Objects
The addition of the "additional_tags" attribute (with a default of an empty map) into the addon object is well implemented. It provides users the flexibility to supply extra key‐value pairs that will be merged with existing tags. This aligns perfectly with the PR objectives and documentation updates.

---

299-302: Refined Access Scope Declaration
The "access_scope" attribute in the access_policy_associations variable is now optional (with a default empty object), which enhances flexibility when configuring access policies for IAM principals. This update meets the requirement to make the parameter optional while preserving backward compatibility.

README.yaml (2)

60-62: Updated Module Description Enhancing Clarity
The revised description now clearly states that the module provisions a "fully-configured" AWS EKS cluster and highlights its smooth integration with [Karpenter] and [EKS addons]. This update improves the overall clarity and conveys the module’s enhanced capabilities.

---

79-79: Correct Automated Test Directory Reference
The updated automated tests path correctly reflects the current structure by using [test/src] instead of the outdated [test/scc] reference.

docs/terraform.md (1)

1-52: Accurate Documentation of Input Variable Updates
The documentation in this file now reflects the updated input definitions for both access_policy_associations (with the optional access_scope) and addons (with the additional_tags field). The descriptions are clear and aligned with the changes implemented in variables.tf.

README.md (3)

30-35: Enhanced Module Overview
The revised module overview provides a more detailed and informative description of the EKS cluster provisioning, highlighting integration with Karpenter and EKS addons. This update makes it easier for users to understand the module’s functionality.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~32-~32: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ...br/> This Terraform module provisions a fully-configured AWS EKS ...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

🪛 markdownlint-cli2 (0.17.2)

31-31: Inline HTML
Element: br

(MD033, no-inline-html)

---

31-31: Inline HTML
Element: br

(MD033, no-inline-html)

---

69-70: Updated Automated Test Directory Reference
The reference to the automated testing path has been corrected to "test/src", which now matches the actual repository structure and avoids confusion.

---

120-130: Consistency Check Across Documentation
Ensure that updates regarding additional_tags and optional access_scope are consistently reflected between README.md and README.yaml, as well as the underlying variables documentation.

[Nuru]

/terratest

[aknysh]

a few nitpicks

[Nuru]

/terratest

[github-actions]

These changes were released in v4.6.0.