From d338d77796d3d18127fd17571f0664a91cc3bdcf Mon Sep 17 00:00:00 2001
From: Don Badrak <donald.e.badrak.ii@census.gov>
Date: Thu, 15 Aug 2019 10:01:50 -0400
Subject: [PATCH] v2.0.1: add contact, reference

---
 CHANGES.md   |  1 +
 main.tf      | 31 ++++++++++++++++++++++++++++---
 variables.tf | 15 +++++++++++++--
 3 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 51950e6..95224a4 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,5 @@
 * v1.0.0	tag initial release
 
 * v2.0.0	terraform 0.12 support
+* v2.0.1	add contact, reference
 
diff --git a/main.tf b/main.tf
index d4db49b..a7e05d9 100644
--- a/main.tf
+++ b/main.tf
@@ -3,6 +3,7 @@
 * 
 * for terraform 0.11 v1.x use tf-0.11
 * for terraform 0.12 v2.x use tf-0.12 (until rolled into head) or specific version v2.x.y
+*   master
 *
 * ```code
 * module "scanner" {
@@ -11,6 +12,8 @@
 * 
 *   group = "g-audit-group"
 *   users = [ "s-ois-scan" ]
+*   contact = "badra001"
+*   reference = "INC1234"
 *   email_addresses = [ "ois.compliance.scanning.group@census.gov" ]
 *   create_access_keys = true
 *   pgp_key = file(filename.b64)
@@ -21,6 +24,27 @@
 locals {
   #  security-audit-policies = [ data.aws_iam_policy.aws-managed-security-audit.arn, aws_iam_policy.audit.arn ]
   enable_access_keys = var.create_access_keys ? length(var.users) : 0
+  contact = lower(var.contact)
+  email_address = join(",",[for e in var.email_address: lower(e)])
+  tags_contact = {
+    exists = {
+      "boc:id:username" = local.contact
+    }
+    not_exists = { }
+  }
+  tags_contact = map("boc:id:username",local.contact)
+  tags_email = map("boc:id:mail",local.email_address)
+  tags_reference = {
+    exists = {
+      "boc:id:reference" = var.reference
+    }
+    not_exists = { }
+  }
+  tags = merge(
+    local.tags_contact[var.contact != "" ? "exists" : "not_exists"]
+    local.tags_email,
+    local.tags_reference[var.reference != "" ? "exists" : "not_exists"]
+  )
 }
 
 #---
@@ -39,9 +63,10 @@ data "aws_arn" "current" {
 resource "aws_iam_user" "audit" {
   count = length(var.users)
   name  = var.users[count.index]
-  tags = {
-    "EmailAddress" = var.email_addresses[count.index]
-  }
+  tags = local.tags
+#  tags = {
+#    "EmailAddress" = var.email_addresses[count.index]
+#  }
 }
 
 #---
diff --git a/variables.tf b/variables.tf
index 6287e48..882493c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -7,14 +7,14 @@ variable "users" {
   description = "Security Audit IAM user name(s)"
 
   type    = list(string)
-  default = ["s-inf-security-audit"]
+  default = [ "s-inf-security-audit" ]
 }
 
 variable "email_addresses" {
   description = "Security Audit IAM Email Contact List(s)"
 
   type    = list(string)
-  default = ["ois.compliance.scanning.group@census.gov"]
+  default = [ "ois.compliance.scanning.group@census.gov" ]
 }
 
 variable "policy" {
@@ -34,3 +34,14 @@ variable "pgp_key" {
   #  default     = ""
 }
 
+variable "contact" {
+  description = "Census username contact"
+  type = string
+  default = ""
+}
+
+variable "reference" {
+  description = "Remedy ticket reference number for the user"
+  type = string
+  default = ""
+}