From f88812fc57b8465486dfebfc778ec3e70dea2dbd Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 18 Mar 2024 10:41:37 -0400
Subject: [PATCH] prep role for future sso changes

---
 examples/full-cluster-tf-upgrade/1.29/role.tf | 27 +++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/examples/full-cluster-tf-upgrade/1.29/role.tf b/examples/full-cluster-tf-upgrade/1.29/role.tf
index df9de09..ffced71 100644
--- a/examples/full-cluster-tf-upgrade/1.29/role.tf
+++ b/examples/full-cluster-tf-upgrade/1.29/role.tf
@@ -153,12 +153,23 @@ data "aws_iam_policy_document" "allow_sts" {
       ]
     }
   }
+  ##   statement {
+  ##     sid     = "AllowSTSAssumeFromSSO"
+  ##     effect  = "Allow"
+  ##     actions = ["sts:AssumeRole"]
+  ##     principals {
+  ##       type = "AWS"
+  ##       identifiers = [
+  ##         format(local.iam_arn, "root"),
+  ##       ]
+  ##     }
+  ##     condition {
+  ##       test = "ArnLike"
+  ##       variable = "aws:PrincipalArn"
+  ##       values = [
+  ##         format(local.iam_arn, "role/aws-reserved/sso.amazonaws.com/*/AWSReservedSSO_csvd-sa-sc-developer_*"),
+  ##         format(local.iam_arn, "role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_csvd-sa-sc-developer_*"),
+  ##       ]
+  ##     }
+  ##   }
 }
-
-# data "aws_iam_policy_document" "cluster-admin_combined"
-#   source_policy_documents = [
-#     data.aws_iam_policy_document.allow_sts.json
-#     data.aws_iam_policy_document.saml_assume.json,
-#   ]
-# }
-#