From 7a07569e016033870e6dc28f5a6e4a7ce46ed865 Mon Sep 17 00:00:00 2001
From: Sohan Yadav <31764946+sohanyadav@users.noreply.github.com>
Date: Fri, 22 Nov 2024 01:30:12 +0530
Subject: [PATCH] apply csi for all namspaces (#435)

---
 aws_csi_secrets_store.tf | 31 +++++++------------------------
 1 file changed, 7 insertions(+), 24 deletions(-)

diff --git a/aws_csi_secrets_store.tf b/aws_csi_secrets_store.tf
index 62c1194..0263e9a 100644
--- a/aws_csi_secrets_store.tf
+++ b/aws_csi_secrets_store.tf
@@ -65,32 +65,15 @@ resource "aws_iam_policy" "secrets_policy" {
 }
 
 data "aws_iam_policy_document" "trust_relationship" {
-  # Create a statement for each namespace
-  dynamic "statement" {
-    for_each = var.csi_enabled_namespaces
+  statement {
+    effect = "Allow"
 
-    content {
-      effect = "Allow"
-
-      principals {
-        type        = "Federated"
-        identifiers = [local.oidc_provider_arn]
-      }
-
-      actions = ["sts:AssumeRoleWithWebIdentity"]
-
-      condition {
-        test     = "StringEquals"
-        variable = "${replace(aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:aud"
-        values   = ["sts.amazonaws.com"]
-      }
-
-      condition {
-        test     = "StringEquals"
-        variable = "${replace(aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub"
-        values   = ["system:serviceaccount:${statement.value}:csi-secrets-service-account"]
-      }
+    principals {
+      type        = "Federated"
+      identifiers = [local.oidc_provider_arn]
     }
+
+    actions = ["sts:AssumeRoleWithWebIdentity"]
   }
 }