Skip to content

Commit

Permalink
add data file
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Sep 8, 2023
1 parent febf2f2 commit 58d7d9d
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 5 deletions.
1 change: 1 addition & 0 deletions group-assignment/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ No modules.
| <a name="input_organizational_unit_names"></a> [organizational\_unit\_names](#input\_organizational\_unit\_names) | List of AWS Organizational Unit names to assocate with this group | `list(string)` | `[]` | no |
| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
| <a name="input_permissionset_arn"></a> [permissionset\_arn](#input\_permissionset\_arn) | AWS SSO/IDC Permission set ARN | `string` | n/a | yes |
| <a name="input_settings_file"></a> [settings\_file](#input\_settings\_file) | File name and path to YAML with users(list), account\_ids(list), org\_ous(list), and all(bool). See sample.yml in code. | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
| <a name="input_users"></a> [users](#input\_users) | List of Census usernames to assign to the group | `list(string)` | `[]` | no |

Expand Down
16 changes: 11 additions & 5 deletions group-assignment/accounts.tf
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,25 @@
locals {
settings = var.settings_file != null && fileexists(var.settings_file) ? yamldecode(file(var.settings_file)) : {}
org_all = length(local.settings) > 0 ? try(local.settings.all, false) : var.org_all
org_account_names = length(local.settings) > 0 ? local.settings.account_names : var.org_account_names
org_account_ids = length(local.settings) > 0 ? local.settings.account_ids : var.org_account_ids
organizational_unit_names = length(local.settings) > 0 ? local.settings.org_ous : var.organizational_unit_names

active_accounts_map = { for account in data.aws_organizations_organizational_unit_descendant_accounts.accounts.accounts : account.name => account if account.status == "ACTIVE" }
active_accounts = { for k, v in local.active_accounts_map : k => v.id }

_id_1 = ! var.org_all && length(var.org_account_names) > 0 ? [for k in var.org_account_names : lookup(local.active_accounts, k, null)] : []
_id_2 = ! var.org_all && length(var.org_account_ids) > 0 ? [for k in var.org_account_ids : k if contains(values(local.active_accounts), k)] : []
_id_1 = ! local.org_all && length(local.account_names) > 0 ? [for k in local.account_names : lookup(local.active_accounts, k, null)] : []
_id_2 = ! local.org_all && length(local.org_account_ids) > 0 ? [for k in local.org_account_ids : k if contains(values(local.active_accounts), k)] : []

organizational_unit_hierarchy = length(var.organizational_unit_hierarchy) > 0 ? { for k, v in var.organizational_unit_hierarchy : k => v.self_id } : {}

_ou_1 = ! var.org_all && length(var.organizational_unit_names) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k, v in var.organizational_unit_names : lookup(local.organizational_unit_hierarchy, k, null)] : []
_ou_2 = ! var.org_all && length(var.organizational_unit_ids) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k in var.organizational_unit_ids : k if contains(values(local.organizational_unit_hierarchy, k))] : []
_ou_1 = ! local.org_all && length(local.organizational_unit_names) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k, v in local.organizational_unit_names : lookup(local.organizational_unit_hierarchy, k, null)] : []
_ou_2 = ! local.org_all && length(var.organizational_unit_ids) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k in var.organizational_unit_ids : k if contains(values(local.organizational_unit_hierarchy, k))] : []

organizational_units = distinct(compact(concat(local._ou_1, local._ou_2)))

_id_3 = flatten([for k, v in data.aws_organizations_organizational_unit_descendant_accounts.ou : [for account in v.accounts : account.id if account.status == "ACTIVE"]])
_id_4 = var.org_all ? values(local.active_accounts) : []
_id_4 = local.org_all ? values(local.active_accounts) : []

account_ids = distinct(compact(concat(local._id_1, local._id_2, local._id_3, local._id_4)))
}
Expand Down
5 changes: 5 additions & 0 deletions group-assignment/sample.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
all: true
account_names: []
account_ids: []
org_ous: []
users: []
6 changes: 6 additions & 0 deletions group-assignment/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ variable "organizational_unit_hierarchy" {
default = {}
}

variable "settings_file" {
description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code."
type = string
default = null
}

## "Enterprise-GOV:Workloads:SystemAcceptance" = {
## "fullname" = "Enterprise-GOV:Workloads:SystemAcceptance"
## "levels" = tolist([
Expand Down

0 comments on commit 58d7d9d

Please sign in to comment.