From e41e53491754d392b201a0d4b3dc00b2696d2a2b Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 1 Jun 2022 13:33:34 -0400
Subject: [PATCH] add attributes, remove need for creating file

---
 CHANGELOG.md                          |  8 ++++++++
 main.tf                               | 12 +++++++++---
 templates/iam-role-ldif.east-west.tpl |  4 ++++
 templates/iam-role-ldif.govcloud.tpl  |  3 +++
 version.tf                            |  4 ++--
 5 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8adfa15..653a8a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -80,3 +80,11 @@ tag: 2.0.1
 * 2.2.0 -- 20220113
   - add flag create to trigger creating or not creating the module resources
   - ignore boc:tf_module_version tag in lifecycle change
+
+* 2.3.0 -- 2022-06-01
+  - branch: tf-upgrade
+  - remove need to create setup/FILE.ldif for creating ldap object
+  - add attributes
+    - ou=ACCOUNT_ID
+    - gov.census.csvd:tf_module_version
+    - gov.census.csvd:account_alias
diff --git a/main.tf b/main.tf
index 6f1cd8c..881f489 100644
--- a/main.tf
+++ b/main.tf
@@ -187,8 +187,10 @@ data "template_file" "role" {
     #    role_arn          = aws_iam_role.role.arn
     role_arn          = var.create ? aws_iam_role.role[0].arn : ""
     account_id        = local.account_id
+    account_alias     = var.account_alias
     saml_provider_arn = var.saml_provider_arn
     aws_environment   = local.account_environment
+    tf_module_version = local._module_version
   }
 }
 
@@ -215,8 +217,9 @@ resource "null_resource" "role_ldif" {
 }
 
 resource "ldap_object" "role" {
-  count = var.create && local.ldap_exists && local.enable_ldap ? 1 : 0
   #  count    = local.enable_ldap ? 1 : 0
+  #  count = var.create && local.ldap_exists && local.enable_ldap ? 1 : 0
+  count    = var.create && local.enable_ldap ? 1 : 0
   provider = ldap
   dn       = local.ldap_dn
   object_classes = [
@@ -224,14 +227,17 @@ resource "ldap_object" "role" {
     "bocGroup",
     "groupOfNames",
   ]
-  attributes = [
+  attributes = [for x in [
     { description = format("%s account=%s type=%s", var.create ? aws_iam_role.role[0].name : "", local.account_id, local.account_environment) },
     { cn = var.create ? aws_iam_role.role[0].name : "" },
+    { ou = local.account_id },
     { bocApplicationData = format("gov.census.tco:CPASS_FullPath=Cloud/%s/%s", local.account_environment, local.account_id) },
     { bocApplicationData = "gov.census.tco:CPASS_APP=CloudServices" },
     { bocApplicationData = local.bocappdata_fullauth },
     { bocApplicationData = local.bocappdata_approval },
-  ]
+    var.account_alias != "" && var.account_alias != null ? { bocApplicationData = format("gov.census.csvd:account_alias=%v", var.account_alias) } : null,
+    { bocApplicationData = format("gov.census.csvd:tf_module_version=%v", local._module_version) },
+  ] : x if x != null]
   lifecycle {
     ignore_changes = [object_classes, attributes]
   }
diff --git a/templates/iam-role-ldif.east-west.tpl b/templates/iam-role-ldif.east-west.tpl
index 2ad5198..9c30847 100644
--- a/templates/iam-role-ldif.east-west.tpl
+++ b/templates/iam-role-ldif.east-west.tpl
@@ -4,11 +4,15 @@
 dn: cn=${role_name},ou=${account_id},ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US
 description: ${role_name} ( ${account_id} )
 cn: ${role_name}
+ou: ${account_id}
 bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${account_id}
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 #bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
+bocApplicationData = gov.census.csvd:account_alias=${account_alias}
+bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
+
diff --git a/templates/iam-role-ldif.govcloud.tpl b/templates/iam-role-ldif.govcloud.tpl
index 389b639..5a094f5 100644
--- a/templates/iam-role-ldif.govcloud.tpl
+++ b/templates/iam-role-ldif.govcloud.tpl
@@ -4,11 +4,14 @@
 dn: cn=${role_name},ou=${account_id},ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US
 description: ${role_name} ( ${account_id} )
 cn: ${role_name}
+ou: ${account_id}
 bocApplicationData: gov.census.tco:CPASS_FullPath=Cloud/${aws_environment}/${account_id}
 bocApplicationData: gov.census.tco:CPASS_APP=CloudServices
 #bocApplicationData: gov.census.tco:Cloud_AWS_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:Cloud_AWSGovCloud_Auth=${role_arn},${saml_provider_arn}
 bocApplicationData: gov.census.tco:CPASS_ApprovalGroup=cn=CloudServices_Approvers,ou=CloudServices,ou=Administration,ou=eCustomers,o=U.S. Census Bureau,c=US
+bocApplicationData = gov.census.csvd:account_alias=${account_alias}
+bocApplicationData = gov.census.csvd:tf_module_version=${tf_module_version}
 objectClass: groupOfNames
 objectClass: bocGroup
 objectClass: Top
diff --git a/version.tf b/version.tf
index d36f45e..c9541a3 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
-  _module_version = "1.4.0"
-  #  _module_version = "2.2.0"
+  #  _module_version = "1.4.0"
+  _module_version = "2.3.0"
 }