From c0744418d7120a4930d51309d5324c4ec40d85b3 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 2 Apr 2021 15:51:18 -0400
Subject: [PATCH] add ldap_dn output

---
 CHANGELOG.md | 3 +++
 README.md    | 1 +
 main.tf      | 3 ++-
 outputs.tf   | 5 +++++
 version.tf   | 2 +-
 5 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17a8dfa..65bdbc9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,3 +10,6 @@
 
 * v1.0.2 -- 20210402
   - add `role_description` variable
+
+* v1.0.3 -- 20210402
+  - add export of ldap_dn
diff --git a/README.md b/README.md
index 6e540ca..75bc53c 100644
--- a/README.md
+++ b/README.md
@@ -109,5 +109,6 @@ No modules.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_ldap_dn"></a> [ldap\_dn](#output\_ldap\_dn) | Created LDAP DN for role (empty if ldap is not enabled) |
 | <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn) | Created role ARN |
 | <a name="output_role_name"></a> [role\_name](#output\_role\_name) | Created role name |
diff --git a/main.tf b/main.tf
index f650705..bcee0e6 100644
--- a/main.tf
+++ b/main.tf
@@ -78,6 +78,7 @@ locals {
 
   ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
   enable_ldap          = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && var.saml_provider_arn != "" && local.ldap_provider_exists
+  ldap_dn              = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
 
   base_tags = {
     "boc:tf_module_version" = local._module_version
@@ -135,7 +136,7 @@ resource "null_resource" "role_ldif" {
 resource "ldap_object" "role" {
   count    = local.ldap_exists && local.enable_ldap ? 1 : 0
   provider = ldap
-  dn       = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
+  dn       = local.ldap_dn
   object_classes = [
     "top",
     "bocGroup",
diff --git a/outputs.tf b/outputs.tf
index 9f9435c..84a527a 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -8,3 +8,8 @@ output "role_name" {
   description = "Created role name"
   value       = aws_iam_role.role.name
 }
+
+output "ldap_dn" {
+  description = "Created LDAP DN for role (empty if ldap is not enabled)"
+  value       = local.enable_ldap ? local.ldap_dn : ""
+}
diff --git a/version.tf b/version.tf
index 02c6357..1dfb710 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.0.2"
+  _module_version = "1.0.3"
 }