v1.0.3: add output of ldap_dn

CHANGELOG.md

@@ -10,3 +10,6 @@
 
 * v1.0.2 -- 20210402
   - add `role_description` variable
+
+* v1.0.3 -- 20210402
+  - add export of ldap_dn

README.md

@@ -109,5 +109,6 @@ No modules.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_ldap_dn"></a> [ldap\_dn](#output\_ldap\_dn) | Created LDAP DN for role (empty if ldap is not enabled) |
 | <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn) | Created role ARN |
 | <a name="output_role_name"></a> [role\_name](#output\_role\_name) | Created role name |

main.tf

@@ -78,6 +78,7 @@ locals {
 
   ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
   enable_ldap          = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && var.saml_provider_arn != "" && local.ldap_provider_exists
+  ldap_dn              = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
 
   base_tags = {
     "boc:tf_module_version" = local._module_version
@@ -135,7 +136,7 @@ resource "null_resource" "role_ldif" {
 resource "ldap_object" "role" {
   count    = local.ldap_exists && local.enable_ldap ? 1 : 0
   provider = ldap
-  dn       = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
+  dn       = local.ldap_dn
   object_classes = [
     "top",
     "bocGroup",

outputs.tf

@@ -8,3 +8,8 @@ output "role_name" {
   description = "Created role name"
   value       = aws_iam_role.role.name
 }
+
+output "ldap_dn" {
+  description = "Created LDAP DN for role (empty if ldap is not enabled)"
+  value       = local.enable_ldap ? local.ldap_dn : ""
+}

version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.0.2"
+  _module_version = "1.0.3"
 }