From 8d5f42d76cdec4cfa4fd56c77091e491589cfad3 Mon Sep 17 00:00:00 2001
From: Ajo Augustine <ajoaugustine@gmail.com>
Date: Tue, 13 Aug 2024 23:58:43 -0500
Subject: [PATCH] Update kube-setup-s3-csi-driver.sh

Add all oidc_url's to the trust plicy
---
 gen3/bin/kube-setup-s3-csi-driver.sh | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/gen3/bin/kube-setup-s3-csi-driver.sh b/gen3/bin/kube-setup-s3-csi-driver.sh
index 23998ec64..6dac74c65 100644
--- a/gen3/bin/kube-setup-s3-csi-driver.sh
+++ b/gen3/bin/kube-setup-s3-csi-driver.sh
@@ -74,11 +74,16 @@ EOF
 
 # Create the trust policy for Mountpoint for Amazon S3 CSI driver
 create_s3_csi_trust_policy() {
-  oidc_url=$(aws eks describe-cluster --name $eks_cluster --query 'cluster.identity.oidc.issuer' --output text | sed -e 's/^https:\/\///')
-  cat <<EOF > /tmp/aws-s3-csi-driver-trust-policy-$$.json
+  oidc_providers=$(for cluster in $(aws eks list-clusters --query "clusters[]" --output text); do aws eks describe-cluster --name $cluster --query 'cluster.identity.oidc.issuer' --output text | sed -e 's/^https:\/\///'; done)
+  trust_policy_file="/tmp/aws-s3-csi-driver-trust-policy-$$.json"
+  cat <<EOF > ${trust_policy_file}
 {
     "Version": "2012-10-17",
     "Statement": [
+EOF
+
+  for oidc_url in ${oidc_providers}; do
+    cat <<EOF >> ${trust_policy_file}
         {
             "Effect": "Allow",
             "Principal": {
@@ -91,7 +96,13 @@ create_s3_csi_trust_policy() {
                     "${oidc_url}:sub": "system:serviceaccount:*:s3-csi-*"
                 }
             }
-        }
+        },
+EOF
+  done
+
+  # Remove the last comma and close the JSON
+  sed -i '$ s/,$//' ${trust_policy_file}
+  cat <<EOF >> ${trust_policy_file}
     ]
 }
 EOF