tf crossplane irsa

gistfile1.txt

# setup bootstrap provider
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-tf
spec:
  package: xpkg.upbound.io/upbound/provider-terraform:v0.21.0
  runtimeConfigRef:
    kind: DeploymentRuntimeConfig
    apiVersion: pkg.crossplane.io/v1
    name: tf-irsa
---
# providerconfig using creds secret
apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: irsa-provisioning
spec:
  configuration: |
    terraform {
      backend "kubernetes" {
        secret_suffix = "irsa-provisioning"
        namespace = "crossplane"
        in_cluster_config = true
      }
    }
    provider "aws" {
      region = "us-east-2"
      allowed_account_ids = ["9"]
      default_tags {
        tags = {
          "crossplane/provider" = "terraform"
          "department" = "platform engineering"
        }
      }
    }
---
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
  name: irsa-provisioning-role
spec:
  providerConfigRef:
    name: irsa-provisioning
  forProvider:
    enableTerraformCLILogging: true
    source: Inline
    module: |
      module "iam_eks_role" {
        source = "terraform-aws-modules/iam/aws//modules/iam-eks-role"
        version = "5.58.0"
        role_name = "crossplane-test"
        cluster_service_accounts = {
          sweet-snake = ["crossplane:provider-tf-*"]
        }
        assume_role_condition_test = "StringLike"
      }

gistfile2.txt

workspace="$(kubectl get workspace irsa-provisioning-role -o yaml)"
parsed="$(echo "$workspace" | yq '.status.conditions[0].message' | sed -e 's/^.*run: //')"
eval "$parsed"