update documentation

terraform-modules · Oct 11, 2023 · b1105ea · b1105ea
1 parent d2b124d
commit b1105ea
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -94,3 +94,5 @@ tag: 2.0.1
 
 * 2.3.2 -- 2023-10-06
   - change default from ldap.e.tco to ldap2.e.tco
+  - update documentation 2023-10-11
+
diff --git a/README.md b/README.md
@@ -21,6 +21,15 @@ Because of this quirk, this is a two-step apply.  The first step creates the IAM
 ```
 
 # Notes
+On 2023-10-11, TCO changed the LDAP servers to (1) require authentication, and (2) update the TLS certificate.  Because
+of #1, the provider calls to the LDAP provider must provide credentials.  This module requires you to pass a proper
+ldap profile that includes credentials, even if you are not going to create an LDAP role.
+
+The server replacements are as folows:
+* ldap.e.tco.census.gov => ldap2.e.tco.census.gov
+* ldap.tco.census.gov => nldap2.tco.census.gov
+* nldap.tco.census.gov => nldap2.tco.census.gov
+
 ## Policies
 
 When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
@@ -44,6 +53,9 @@ Creating a SAML role with two attached policies
 ```hcl
 module "myrole1" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap.ebocas
+  }
 
   role_name                  = "my-role1"
   role_description           = "Role to do some super cool stuff"
@@ -66,6 +78,9 @@ Creating a non-SAML role
 ```hcl
 module "myrole2" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap
+  }
 
   role_name                  = "my-role2"
   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
@@ -86,6 +101,9 @@ data "aws_iam_document_policy" "my-policy-1" {
 
 module "myrole3" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap
+  }
 
   role_name                  = "my-role3"
   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]

diff --git a/main.tf b/main.tf
@@ -22,6 +22,15 @@
 * ```
 *
 * # Notes
+* On 2023-10-11, TCO changed the LDAP servers to (1) require authentication, and (2) update the TLS certificate.  Because
+* of #1, the provider calls to the LDAP provider must provide credentials.  This module requires you to pass a proper
+* ldap profile that includes credentials, even if you are not going to create an LDAP role.
+*
+* The server replacements are as folows:
+* * ldap.e.tco.census.gov => ldap2.e.tco.census.gov
+* * ldap.tco.census.gov => nldap2.tco.census.gov
+* * nldap.tco.census.gov => nldap2.tco.census.gov
+*
 * ## Policies
 *
 * When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
@@ -45,6 +54,9 @@
 * ```hcl
 * module "myrole1" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap.ebocas
+*   }
 * 
 *   role_name                  = "my-role1"
 *   role_description           = "Role to do some super cool stuff"
@@ -67,6 +79,9 @@
 * ```hcl
 * module "myrole2" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap
+*   }
 * 
 *   role_name                  = "my-role2"
 *   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
@@ -87,6 +102,9 @@
 * 
 * module "myrole3" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap
+*   }
 * 
 *   role_name                  = "my-role3"
 *   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]