Skip to content

Commit

Permalink
add attributes, remove need for creating file
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Jun 1, 2022
1 parent f771a1e commit e41e534
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 5 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,11 @@ tag: 2.0.1
* 2.2.0 -- 20220113
- add flag create to trigger creating or not creating the module resources
- ignore boc:tf_module_version tag in lifecycle change

* 2.3.0 -- 2022-06-01
- branch: tf-upgrade
- remove need to create setup/FILE.ldif for creating ldap object
- add attributes
- ou=ACCOUNT_ID
- gov.census.csvd:tf_module_version
- gov.census.csvd:account_alias
12 changes: 9 additions & 3 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,8 +187,10 @@ data "template_file" "role" {
# role_arn = aws_iam_role.role.arn
role_arn = var.create ? aws_iam_role.role[0].arn : ""
account_id = local.account_id
account_alias = var.account_alias
saml_provider_arn = var.saml_provider_arn
aws_environment = local.account_environment
tf_module_version = local._module_version
}
}

Expand All @@ -215,23 +217,27 @@ resource "null_resource" "role_ldif" {
}

resource "ldap_object" "role" {
count = var.create && local.ldap_exists && local.enable_ldap ? 1 : 0
# count = local.enable_ldap ? 1 : 0
# count = var.create && local.ldap_exists && local.enable_ldap ? 1 : 0
count = var.create && local.enable_ldap ? 1 : 0
provider = ldap
dn = local.ldap_dn
object_classes = [
"top",
"bocGroup",
"groupOfNames",
]
attributes = [
attributes = [for x in [
{ description = format("%s account=%s type=%s", var.create ? aws_iam_role.role[0].name : "", local.account_id, local.account_environment) },
{ cn = var.create ? aws_iam_role.role[0].name : "" },
{ ou = local.account_id },
{ bocApplicationData = format("gov.census.tco:CPASS_FullPath=Cloud/%s/%s", local.account_environment, local.account_id) },
{ bocApplicationData = "gov.census.tco:CPASS_APP=CloudServices" },
{ bocApplicationData = local.bocappdata_fullauth },
{ bocApplicationData = local.bocappdata_approval },
]
var.account_alias != "" && var.account_alias != null ? { bocApplicationData = format("gov.census.csvd:account_alias=%v", var.account_alias) } : null,
{ bocApplicationData = format("gov.census.csvd:tf_module_version=%v", local._module_version) },
] : x if x != null]
lifecycle {
ignore_changes = [object_classes, attributes]
}
Expand Down
4 changes: 4 additions & 0 deletions templates/iam-role-ldif.east-west.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,15 @@
dn: cn=${role_name},ou=${account_id},ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US
description: ${role_name} ( ${account_id} )
cn: ${role_name}
ou: ${account_id}
bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${account_id}
bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
#bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
bocApplicationData = gov.census.csvd:account_alias=${account_alias}
bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
objectClass: groupOfNames
objectClass: bocGroup
objectClass: Top

3 changes: 3 additions & 0 deletions templates/iam-role-ldif.govcloud.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@
dn: cn=${role_name},ou=${account_id},ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US
description: ${role_name} ( ${account_id} )
cn: ${role_name}
ou: ${account_id}
bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${account_id}
bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
#bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
bocApplicationData = gov.census.csvd:account_alias=${account_alias}
bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
objectClass: groupOfNames
objectClass: bocGroup
objectClass: Top
4 changes: 2 additions & 2 deletions version.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
locals {
_module_version = "1.4.0"
# _module_version = "2.2.0"
# _module_version = "1.4.0"
_module_version = "2.3.0"
}

0 comments on commit e41e534

Please sign in to comment.