From e200a8e61bc91cac95e455dd1e1e2726f48515b2 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 18 Oct 2021 12:24:29 -0400
Subject: [PATCH] add new bocApplicationData CPASS_ApprovalGroup attribute

---
 CHANGELOG.md                          | 3 +++
 main.tf                               | 2 ++
 templates/iam-role-ldif.east-west.tpl | 1 +
 templates/iam-role-ldif.govcloud.tpl  | 1 +
 version.tf                            | 2 +-
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ab1a8e..9af80b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,3 +19,6 @@
 
 * v1.2.0 -- 20210621
   - add enable_instance_profile
+
+* v1.3.0 -- 20211018
+  - add new bocApplicationData CPASS_ApprovalGroup attribute
diff --git a/main.tf b/main.tf
index 787dacd..eaa4ffe 100644
--- a/main.tf
+++ b/main.tf
@@ -120,6 +120,7 @@ locals {
   ldap_exists         = fileexists("${path.root}/setup/${aws_iam_role.role.name}.ldif")
   bocappdata_auth     = local.account_environment == "gov" ? "Cloud_AWSGovCloud_Auth" : "Cloud_AWS_Auth"
   bocappdata_fullauth = format("gov.census.tco:%v=%v,%v", local.bocappdata_auth, aws_iam_role.role.arn, var.saml_provider_arn)
+  bocappdata_approval = format("gov.census.tco:%v=%v", "CPASS_ApprovalGroup", "cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US")
 
   ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
   enable_ldap          = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && var.saml_provider_arn != "" && local.ldap_provider_exists
@@ -209,6 +210,7 @@ resource "ldap_object" "role" {
     { bocApplicationData = format("gov.census.tco:CPASS_FullPath=Cloud/%s/%s", local.account_environment, local.account_id) },
     { bocApplicationData = "gov.census.tco:CPASS_APP=CloudServices" },
     { bocApplicationData = local.bocappdata_fullauth },
+    { bocApplicationData = local.bocappdata_approval },
   ]
   lifecycle {
     ignore_changes = [object_classes, attributes]
diff --git a/templates/iam-role-ldif.east-west.tpl b/templates/iam-role-ldif.east-west.tpl
index 539c61d..2ad5198 100644
--- a/templates/iam-role-ldif.east-west.tpl
+++ b/templates/iam-role-ldif.east-west.tpl
@@ -8,6 +8,7 @@ bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${acc
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 #bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
+bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
diff --git a/templates/iam-role-ldif.govcloud.tpl b/templates/iam-role-ldif.govcloud.tpl
index b091124..389b639 100644
--- a/templates/iam-role-ldif.govcloud.tpl
+++ b/templates/iam-role-ldif.govcloud.tpl
@@ -8,6 +8,7 @@ bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${acc
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 #bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
+bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
diff --git a/version.tf b/version.tf
index 1ee6619..08f3f68 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.2.0"
+  _module_version = "1.3.0"
 }