Merge pull request #12 from johanneswuerbach/fix-no-policies

fix: role without policies
humanitec-architecture · Feb 9, 2024 · ecdbffb · ecdbffb
2 parents df890d7 + 3019ff2
commit ecdbffb
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/humanitec-resource-defs/iam-role/service-account/main.tf b/humanitec-resource-defs/iam-role/service-account/main.tf
@@ -1,15 +1,19 @@
+locals {
+  co_provisioned = {
+    for s in var.policy_classes : "aws-policy.${s}" => {
+      match_dependents = true
+      is_dependent     = false
+    }
+  }
+}
+
 resource "humanitec_resource_definition" "main" {
   driver_type = "humanitec/terraform"
   id          = "${var.prefix}aws-workload-role"
   name        = "${var.prefix}aws-workload-role"
   type        = "aws-role"
 
-  provision = {
-    for s in var.policy_classes : "aws-policy.${s}" => {
-      match_dependents = true
-      is_dependent     = false
-    }
-  }
+  provision = length(var.policy_classes) > 0 ? local.co_provisioned : null
 
   driver_inputs = {
     secrets_string = jsonencode({