add new bocApplicationData CPASS_ApprovalGroup attribute

terraform-modules · Oct 18, 2021 · e200a8e · e200a8e
1 parent 52aa633
commit e200a8e
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,3 +19,6 @@
 
 * v1.2.0 -- 20210621
   - add enable_instance_profile
+
+* v1.3.0 -- 20211018
+  - add new bocApplicationData CPASS_ApprovalGroup attribute
diff --git a/main.tf b/main.tf
@@ -120,6 +120,7 @@ locals {
   ldap_exists         = fileexists("${path.root}/setup/${aws_iam_role.role.name}.ldif")
   bocappdata_auth     = local.account_environment == "gov" ? "Cloud_AWSGovCloud_Auth" : "Cloud_AWS_Auth"
   bocappdata_fullauth = format("gov.census.tco:%v=%v,%v", local.bocappdata_auth, aws_iam_role.role.arn, var.saml_provider_arn)
+  bocappdata_approval = format("gov.census.tco:%v=%v", "CPASS_ApprovalGroup", "cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US")
 
   ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
   enable_ldap          = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && var.saml_provider_arn != "" && local.ldap_provider_exists
@@ -209,6 +210,7 @@ resource "ldap_object" "role" {
     { bocApplicationData = format("gov.census.tco:CPASS_FullPath=Cloud/%s/%s", local.account_environment, local.account_id) },
     { bocApplicationData = "gov.census.tco:CPASS_APP=CloudServices" },
     { bocApplicationData = local.bocappdata_fullauth },
+    { bocApplicationData = local.bocappdata_approval },
   ]
   lifecycle {
     ignore_changes = [object_classes, attributes]

diff --git a/templates/iam-role-ldif.east-west.tpl b/templates/iam-role-ldif.east-west.tpl
@@ -8,6 +8,7 @@ bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${acc
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 #bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
+bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
diff --git a/templates/iam-role-ldif.govcloud.tpl b/templates/iam-role-ldif.govcloud.tpl
@@ -8,6 +8,7 @@ bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${acc
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 #bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
+bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
diff --git a/version.tf b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.2.0"
+  _module_version = "1.3.0"
 }