add file capability

group-assignment/accounts.tf

@@ -1,9 +1,10 @@
 locals {
   settings                  = var.settings_file != null && fileexists(var.settings_file) ? yamldecode(file(var.settings_file)) : {}
+  group                     = length(local.settings) > 0 ? try(local.settings.group, null) : var.name
   org_all                   = length(local.settings) > 0 ? try(local.settings.all, false) : var.org_all
-  org_account_names         = length(local.settings) > 0 ? local.settings.account_names : var.org_account_names
-  org_account_ids           = length(local.settings) > 0 ? local.settings.account_ids : var.org_account_ids
-  organizational_unit_names = length(local.settings) > 0 ? local.settings.org_ous : var.organizational_unit_names
+  org_account_names         = length(local.settings) > 0 ? try(local.settings.account_names, []) : var.org_account_names
+  org_account_ids           = length(local.settings) > 0 ? try(local.settings.account_ids, []) : var.org_account_ids
+  organizational_unit_names = length(local.settings) > 0 ? try(local.settings.org_ous, []) : var.organizational_unit_names
 
   active_accounts_map = { for account in data.aws_organizations_organizational_unit_descendant_accounts.accounts.accounts : account.name => account if account.status == "ACTIVE" }
   active_accounts     = { for k, v in local.active_accounts_map : k => v.id }

group-assignment/users.tf

@@ -1,10 +1,11 @@
 locals {
   user_base_dn         = "ou=People,o=U.S. Census Bureau,c=US"
   ldap_user_attributes = { for k, v in data.ldap_object.users : k => { for kk, vv in v.attributes_json : kk => jsondecode(vv)[0] } }
+  users                = length(local.settings) > 0 ? try(local.settings.users, []) : var.users
 }
 
 data "ldap_object" "users" {
-  for_each = toset(var.users)
+  for_each = toset(local.users)
   provider = ldap
 
   base_dn           = local.user_base_dn