fix

main.tf

@@ -109,6 +109,7 @@ locals {
   account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
   region              = data.aws_region.current.name
   account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  account_alias       = var.account_alias != "" && var.account_alias != null ? var.account_alias : "none"
 
   #  _ec2_role_name   = var.ec2_role_name != "" ? var.ec2_role_name : var.role_name
   role_name        = format("%v%v", lookup(local._prefixes, "role", ""), var.role_name)
@@ -187,9 +188,10 @@ data "template_file" "role" {
     #    role_arn          = aws_iam_role.role.arn
     role_arn          = var.create ? aws_iam_role.role[0].arn : ""
     account_id        = local.account_id
-    account_alias     = var.account_alias
+    account_alias     = local.account_alias
     saml_provider_arn = var.saml_provider_arn
     aws_environment   = local.account_environment
+    tf_module_name    = "aws-iam-role"
     tf_module_version = local._module_version
   }
 }
@@ -227,17 +229,18 @@ resource "ldap_object" "role" {
     "bocGroup",
     "groupOfNames",
   ]
-  attributes = [for x in [
+  attributes = [
     { description = format("%s account=%s type=%s", var.create ? aws_iam_role.role[0].name : "", local.account_id, local.account_environment) },
     { cn = var.create ? aws_iam_role.role[0].name : "" },
     { ou = local.account_id },
     { bocApplicationData = format("gov.census.tco:CPASS_FullPath=Cloud/%s/%s", local.account_environment, local.account_id) },
     { bocApplicationData = "gov.census.tco:CPASS_APP=CloudServices" },
     { bocApplicationData = local.bocappdata_fullauth },
     { bocApplicationData = local.bocappdata_approval },
-    var.account_alias != "" && var.account_alias != null ? { bocApplicationData = format("gov.census.csvd:account_alias=%v", var.account_alias) } : null,
+    { bocApplicationData = format("gov.census.csvd:account_alias=%v", local.account_alias) },
+    { bocApplicationData = format("gov.census.csvd:tf_module_name=%v", "aws-iam-role") },
     { bocApplicationData = format("gov.census.csvd:tf_module_version=%v", local._module_version) },
-  ] : x if x != null]
+  ]
   lifecycle {
     ignore_changes = [object_classes, attributes]
   }

templates/iam-role-ldif.east-west.tpl

@@ -10,8 +10,9 @@ bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 #bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
-bocApplicationData = gov.census.csvd:account_alias=${account_alias}
-bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
+bocApplicationData: gov.census.csvd:account_alias=${account_alias}
+bocApplicationData: gov.census.csvd:tf_module_name=${tf_module_name}
+bocApplicationData: gov.census.csvd:tf_module_version=${tf_module_version}
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top

templates/iam-role-ldif.govcloud.tpl

@@ -10,8 +10,9 @@ bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 #bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
-bocApplicationData = gov.census.csvd:account_alias=${account_alias}
-bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
+bocApplicationData: gov.census.csvd:account_alias=${account_alias}
+bocApplicationData: gov.census.csvd:tf_module_name=${tf_module_name}
+bocApplicationData: gov.census.csvd:tf_module_version=${tf_module_version}
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top