Get karpenter policy from cloudformation

get-karpenter-policy.sh

#!/usr/bin/env bash

# Gets the karpenter policy from the cloudformation file and replaces the cloudformation
# parameters and env vars with the variable names we use in our pulumi project.
# It also sorts the policies by sid and sorts the contents of Action and Resource arrays.

set -euo pipefail

if (( $# != 1 )); then
    echo "Usage: $0 <karpenter-version>"
    echo "Example: $0 v1.0.11"
    exit 1
fi

KARPENTER_VERSION=$1

versionTag=$([[ ${KARPENTER_VERSION} == v* ]] && echo "${KARPENTER_VERSION}" || echo "v${KARPENTER_VERSION}")
curl -fsSL https://raw.githubusercontent.com/aws/karpenter-provider-aws/${versionTag}/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml \
    | yq .Resources.KarpenterControllerPolicy.Properties.PolicyDocument \
    | jq '
          .Statement |= sort_by(.Sid) |
          .Statement |= map(
            if .Action then .Action |= (if type == "array" then sort else . end) else . end |
            if .Resource then .Resource |= (if type == "array" then sort else . end) else . end
          )
        ' \
    | jq --sort-keys . \
    | perl -wlpe '
        BEGIN {
            %map = (
                "AWS::AccountId" => "cfg.accountId",
                "AWS::Partition" => "cfg.partition",
                "AWS::Region" => "cfg.region",
                "ClusterName" => "cfg.clusterName",
                "KarpenterInterruptionQueue.Arn" => "interruptionQueueArn",
                "KarpenterNodeRole.Arn" => "nodeRoleArn",
            );
            $pattern = join("|", map { quotemeta($_) } keys %map);
        }

        my @unknown = /\$\{([^}]+)\}/g;
        @unknown = grep { !exists $map{$_} } @unknown;
        die "Unknown keys: " . join(", ", @unknown) if @unknown;

        s/\$\{($pattern)\}/\$\{$map{$1}\}/g;
        '