Skip to content

Commit

Permalink
change ldap provider
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed May 9, 2022
1 parent 31c7ad8 commit e30a884
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 40 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,3 +158,11 @@
* 1.15.3 -- 2022-04-27
- terraform-state
- add r-inf-terraform assumable role for TF operations

## Version 2.x

* 2.0.0 -- 2022-05-09
- tag: tf-upgrade
- ldap-ou-create
- change to use trevx/ldap provider

2 changes: 1 addition & 1 deletion common/version.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
locals {
_module_version = "1.15.3"
_module_version = "2.0.0"
}
23 changes: 13 additions & 10 deletions ldap-ou-create/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,22 +20,25 @@ module "ou" {
# optional
# account_id = "123456789012"
ldap_host = "ldap.e.tco.census.gov"
ldap_port = 389
ldap_url = "ldaps://ldap.e.tco.census.gov"
}
```

## Requirements

No requirements.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | > 3.66.0 |
| <a name="requirement_external"></a> [external](#requirement\_external) | > 1.0 |
| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | > 0.5.4 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
| <a name="provider_external"></a> [external](#provider\_external) | n/a |
| <a name="provider_ldap"></a> [ldap](#provider\_ldap) | n/a |
| <a name="provider_aws"></a> [aws](#provider\_aws) | > 3.66.0 |
| <a name="provider_ldap"></a> [ldap](#provider\_ldap) | > 0.5.4 |
| <a name="provider_null"></a> [null](#provider\_null) | n/a |
| <a name="provider_template"></a> [template](#provider\_template) | n/a |

Expand All @@ -47,13 +50,12 @@ No modules.

| Name | Type |
|------|------|
| [ldap_object.ou](https://registry.terraform.io/providers/hashicorp/ldap/latest/docs/resources/object) | resource |
| [ldap_object.ou](https://registry.terraform.io/providers/trevex/ldap/latest/docs/resources/object) | resource |
| [null_resource.ou_ldif](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.ec2_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [external_external.ldap_provider_bin](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
| [template_file.ou](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |

## Inputs
Expand All @@ -64,9 +66,10 @@ No modules.
| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
| <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (role, policy) | `map(map(string))` | <pre>{<br> "policy": {},<br> "role": {}<br>}</pre> | no |
| <a name="input_enable_ldap_creation"></a> [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no |
| <a name="input_ldap_host"></a> [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no |
| <a name="input_ldap_password"></a> [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no |
| <a name="input_ldap_port"></a> [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no |
| <a name="input_ldap_skip_verify"></a> [ldap\_skip\_verify](#input\_ldap\_skip\_verify) | LDAP skip verify of TLS certificates | `bool` | `false` | no |
| <a name="input_ldap_url"></a> [ldap\_url](#input\_ldap\_url) | LDAP URL in form ldap(s)://hostname:port | `string` | `"ldaps://ldap.e.tco.census.gov"` | no |
| <a name="input_ldap_use_starttls"></a> [ldap\_use\_starttls](#input\_ldap\_use\_starttls) | LDAP use StartTLS (needed only if port is 389, perhaps) | `bool` | `false` | no |
| <a name="input_ldap_user"></a> [ldap\_user](#input\_ldap\_user) | LDAP user for writing data into eDirectory or Active Directory | `string` | `""` | no |
| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
Expand Down
29 changes: 15 additions & 14 deletions ldap-ou-create/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@
*
* # optional
* # account_id = "123456789012"
* ldap_host = "ldap.e.tco.census.gov"
* ldap_port = 389
* ldap_url = "ldaps://ldap.e.tco.census.gov"
* }
* ```
*/
Expand All @@ -36,8 +35,10 @@ locals {
ldap_exists = fileexists(local.ldif_file)
bocappdata_auth = local.account_environment == "gov" ? "Cloud_AWSGovCloud_Auth" : "Cloud_AWS_Auth"

ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
enable_ldap = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && local.ldap_provider_exists
# ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
# enable_ldap = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && local.ldap_provider_exists
enable_ldap = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != ""
use_starttls = length(regexall("ldap://", var.ldap_url)) > 0 ? true : false

base_tags = {
"boc:tf_module_version" = local._module_version
Expand Down Expand Up @@ -87,13 +88,13 @@ resource "ldap_object" "ou" {
}
}

# data.external.ldap_provider_bin.result.path
# data.external.ldap_provider_bin.result.status
data "external" "ldap_provider_bin" {
program = ["bash", "${path.module}/bin/find_binary.sh"]
query = {
"program" = "terraform-provider-ldap"
}
}


## # data.external.ldap_provider_bin.result.path
## # data.external.ldap_provider_bin.result.status
## data "external" "ldap_provider_bin" {
## program = ["bash", "${path.module}/bin/find_binary.sh"]
## query = {
## "program" = "terraform-provider-ldap"
## }
## }
##
##
9 changes: 6 additions & 3 deletions ldap-ou-create/provider.ldap.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
provider "ldap" {
ldap_host = var.ldap_host
ldap_port = var.ldap_port
use_tls = true
url = var.ldap_url
use_starttls = local.use_starttls
skip_verify = var.ldap_skip_verify
# ldap_host = var.ldap_host
# ldap_port = var.ldap_port
# use_tls = true
bind_user = var.ldap_user
bind_password = var.ldap_password
}
47 changes: 35 additions & 12 deletions ldap-ou-create/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,14 @@ variable "enable_ldap_creation" {
default = false
}

variable "component_tags" {
description = "Additional tags for Components (role, policy)"
type = map(map(string))
default = { "role" = {}, "policy" = {} }
}

#---
# ldap
# ldap provider
#---
variable "ldap_user" {
description = "LDAP user for writing data into eDirectory or Active Directory"
Expand All @@ -19,20 +25,37 @@ variable "ldap_password" {
default = ""
}

variable "ldap_host" {
description = "LDAP Hostname (default is for eBOCAS)"
#---
## obsoleted in new trevx/ldap
#---
## variable "ldap_host" {
## description = "LDAP Hostname (default is for eBOCAS)"
## type = string
## default = "ldap.e.tco.census.gov"
## }
##
## variable "ldap_port" {
## description = "LDAP port (default is 389 but also using STARTTLS)"
## type = number
## default = 389
## }

# for trevx/ldap
variable "ldap_url" {
description = "LDAP URL in form ldap(s)://hostname:port"
type = string
default = "ldap.e.tco.census.gov"
default = "ldaps://ldap.e.tco.census.gov"
}

variable "ldap_port" {
description = "LDAP port (default is 389 but also using STARTTLS)"
type = number
default = 389
variable "ldap_use_starttls" {
description = "LDAP use StartTLS (needed only if port is 389, perhaps)"
type = bool
default = false
}

variable "component_tags" {
description = "Additional tags for Components (role, policy)"
type = map(map(string))
default = { "role" = {}, "policy" = {} }
variable "ldap_skip_verify" {
description = "LDAP skip verify of TLS certificates"
type = bool
default = false
}

17 changes: 17 additions & 0 deletions ldap-ou-create/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "> 3.66.0"
}
ldap = {
source = "trevex/ldap"
version = "> 0.5.4"
}
external = {
source = "hashicorp/null"
version = "> 1.0"
}
}
required_version = ">= 0.13"
}

0 comments on commit e30a884

Please sign in to comment.