Skip to content

Commit

Permalink
update docs for policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed May 12, 2021
1 parent f3d160f commit 53d2337
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
18 changes: 18 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,24 @@ Because of this quirk, this is a two-step apply. The first step creates the IAM
% terraform apply -target=module.myrole
```

# Notes
## Policies

When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
with `plan` or `apply`. The module is called with an unknown value and it fails if not. You'll need to target your
first apply with that of the policy like:

```shell
tf-apply -target=aws_iam_policy.mypolicy
```

and then you can continue with the rest of the operation. In Terraform 0.12, modules do not support `depends_on`.

## LDAP Settings
You will get a very weird error about the LDAP provider having an invalid DN format if you pass anything to `ldap_user`
variable that does not look like a DN (cn=something,...). Be sure you've got a valid username and password for
LDAP. It's less importatn if you do not have `enable_ldap_creation` set to true (not sure if it will fail though).

# Usage

Creating a SAML role with two attached policies
Expand Down
18 changes: 18 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,24 @@
* % terraform apply -target=module.myrole
* ```
*
* # Notes
* ## Policies
*
* When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
* with `plan` or `apply`. The module is called with an unknown value and it fails if not. You'll need to target your
* first apply with that of the policy like:
*
* ```shell
* tf-apply -target=aws_iam_policy.mypolicy
* ```
*
* and then you can continue with the rest of the operation. In Terraform 0.12, modules do not support `depends_on`.
*
* ## LDAP Settings
* You will get a very weird error about the LDAP provider having an invalid DN format if you pass anything to `ldap_user`
* variable that does not look like a DN (cn=something,...). Be sure you've got a valid username and password for
* LDAP. It's less importatn if you do not have `enable_ldap_creation` set to true (not sure if it will fail though).
*
* # Usage
*
* Creating a SAML role with two attached policies
Expand Down

0 comments on commit 53d2337

Please sign in to comment.