From 3b1333a9883cf5ae8a430d6361ec5025824a0620 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Thu, 16 Dec 2021 09:59:35 -0500
Subject: [PATCH] v2.0.1: new version, add max_session_duration

---
 CHANGELOG.md |  5 +++++
 README.md    |  2 ++
 main.tf      |  5 +++--
 variables.tf | 58 ++++------------------------------------------------
 version.tf   |  2 +-
 5 files changed, 15 insertions(+), 57 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a08d892..543e342 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,3 +26,8 @@
 * v1.3.0-compat-tf-0.13 -- 20211122
   - tag compat-tf-0.13
   - add provider support for tf 0.13+
+
+* 2.0.1 -- 20211216
+  - add max_session_duration variable
+  - split ldap variables into variables.ldap.tf
+  - add defaults.tf
diff --git a/README.md b/README.md
index 95b42f9..c0b1cd1 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ module "myrole1" {
   ldap_password              = "password1234$$"
 
   # optional
+  max_session_duration       = 14400 # 4h
   ldap_host                  = "ldap.e.tco.census.gov"
   ldap_port                  = 389
 }
@@ -152,6 +153,7 @@ No modules.
 | <a name="input_ldap_password"></a> [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no |
 | <a name="input_ldap_port"></a> [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no |
 | <a name="input_ldap_user"></a> [ldap\_user](#input\_ldap\_user) | LDAP user for writing data into eDirectory or Active Directory | `string` | `""` | no |
+| <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | n/a | `number` | `3600` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (role, policy). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_role_description"></a> [role\_description](#input\_role\_description) | Role/application description | `string` | `""` | no |
 | <a name="input_role_name"></a> [role\_name](#input\_role\_name) | Role/application name without prefix | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 2de798d..d8ea5f2 100644
--- a/main.tf
+++ b/main.tf
@@ -57,6 +57,7 @@
 *   ldap_password              = "password1234$$"
 * 
 *   # optional
+*   max_session_duration       = 14400 # 4h
 *   ldap_host                  = "ldap.e.tco.census.gov"
 *   ldap_port                  = 389
 * }
@@ -135,8 +136,8 @@ locals {
 resource "aws_iam_role" "role" {
   name                  = local.role_name
   description           = local.role_description
-  force_detach_policies = false
-  max_session_duration  = 3600
+  force_detach_policies = lookup(local._defaults["force_detatch_policies"], false)
+  max_session_duration  = var.max_session_duration
   #  assume_role_policy    = data.terraform_remote_state.common.outputs.inf_saml_assume_policy_document
   assume_role_policy = var.assume_policy_document
 
diff --git a/variables.tf b/variables.tf
index 8cfe127..fcc3376 100644
--- a/variables.tf
+++ b/variables.tf
@@ -51,31 +51,10 @@ variable "instance_profile_path" {
   default     = "/"
 }
 
-#---
-# ldap 
-#---
-variable "ldap_user" {
-  description = "LDAP user for writing data into eDirectory or Active Directory"
-  type        = string
-  default     = ""
-}
-
-variable "ldap_password" {
-  description = "LDAP password for ldap_user for writing data into eDirectory or Active Directory"
-  type        = string
-  default     = ""
-}
-
-variable "ldap_host" {
-  description = "LDAP Hostname (default is for eBOCAS)"
-  type        = string
-  default     = "ldap.e.tco.census.gov"
-}
-
-variable "ldap_port" {
-  description = "LDAP port (default is 389 but also using STARTTLS)"
-  type        = number
-  default     = 389
+variable "max_session_duration" {
+  descriptio = "Override the maximum session duration from the default (3600)"
+  type       = number
+  default    = 3600
 }
 
 variable "component_tags" {
@@ -83,32 +62,3 @@ variable "component_tags" {
   type        = map(map(string))
   default     = { "role" = {}, "policy" = {} }
 }
-
-
-## #---
-## # instance role
-## #---
-## variable "ec2_role_name" {
-##   description = "EC2 instace Role/application name without prefix"
-##   type        = string
-##   default     = ""
-## }
-## 
-## variable "enable_instance_role" {
-##   description = "Flag to enable the creation of a partner EC2 instance role with specific policies and optionally a different name"
-##   type        = bool
-##   default     = false
-## }
-## 
-## variable "ec2_assume_policy_document" {
-##   description = "JSON policy document for EC2 instance role (default is sts:AssumeRole for ec2 service)"
-##   type        = string
-##   default     = ""
-## }
-## 
-## variable "ec2_attached_policies" {
-##   description = "List of IAM Policy ARNs to attach to this EC2 instance role"
-##   type        = list(string)
-##   default     = []
-## }
-## 
diff --git a/version.tf b/version.tf
index 08f3f68..100daf2 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.3.0"
+  _module_version = "2.0.1"
 }