From 58d7d9d4d008febd8f3228f5c02e2beeff6b36c5 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 8 Sep 2023 16:11:58 -0400
Subject: [PATCH] add data file

---
 group-assignment/README.md    |  1 +
 group-assignment/accounts.tf  | 16 +++++++++++-----
 group-assignment/sample.yml   |  5 +++++
 group-assignment/variables.tf |  6 ++++++
 4 files changed, 23 insertions(+), 5 deletions(-)
 create mode 100644 group-assignment/sample.yml

diff --git a/group-assignment/README.md b/group-assignment/README.md
index 85c992a..dbd6379 100644
--- a/group-assignment/README.md
+++ b/group-assignment/README.md
@@ -49,6 +49,7 @@ No modules.
 | <a name="input_organizational_unit_names"></a> [organizational\_unit\_names](#input\_organizational\_unit\_names) | List of AWS Organizational Unit names to assocate with this group | `list(string)` | `[]` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_permissionset_arn"></a> [permissionset\_arn](#input\_permissionset\_arn) | AWS SSO/IDC Permission set ARN | `string` | n/a | yes |
+| <a name="input_settings_file"></a> [settings\_file](#input\_settings\_file) | File name and path to YAML with users(list), account\_ids(list), org\_ous(list), and all(bool). See sample.yml in code. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_users"></a> [users](#input\_users) | List of Census usernames to assign to the group | `list(string)` | `[]` | no |
 
diff --git a/group-assignment/accounts.tf b/group-assignment/accounts.tf
index e99e187..0f7ae32 100644
--- a/group-assignment/accounts.tf
+++ b/group-assignment/accounts.tf
@@ -1,19 +1,25 @@
 locals {
+  settings                  = var.settings_file != null && fileexists(var.settings_file) ? yamldecode(file(var.settings_file)) : {}
+  org_all                   = length(local.settings) > 0 ? try(local.settings.all, false) : var.org_all
+  org_account_names         = length(local.settings) > 0 ? local.settings.account_names : var.org_account_names
+  org_account_ids           = length(local.settings) > 0 ? local.settings.account_ids : var.org_account_ids
+  organizational_unit_names = length(local.settings) > 0 ? local.settings.org_ous : var.organizational_unit_names
+
   active_accounts_map = { for account in data.aws_organizations_organizational_unit_descendant_accounts.accounts.accounts : account.name => account if account.status == "ACTIVE" }
   active_accounts     = { for k, v in local.active_accounts_map : k => v.id }
 
-  _id_1 = ! var.org_all && length(var.org_account_names) > 0 ? [for k in var.org_account_names : lookup(local.active_accounts, k, null)] : []
-  _id_2 = ! var.org_all && length(var.org_account_ids) > 0 ? [for k in var.org_account_ids : k if contains(values(local.active_accounts), k)] : []
+  _id_1 = ! local.org_all && length(local.account_names) > 0 ? [for k in local.account_names : lookup(local.active_accounts, k, null)] : []
+  _id_2 = ! local.org_all && length(local.org_account_ids) > 0 ? [for k in local.org_account_ids : k if contains(values(local.active_accounts), k)] : []
 
   organizational_unit_hierarchy = length(var.organizational_unit_hierarchy) > 0 ? { for k, v in var.organizational_unit_hierarchy : k => v.self_id } : {}
 
-  _ou_1 = ! var.org_all && length(var.organizational_unit_names) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k, v in var.organizational_unit_names : lookup(local.organizational_unit_hierarchy, k, null)] : []
-  _ou_2 = ! var.org_all && length(var.organizational_unit_ids) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k in var.organizational_unit_ids : k if contains(values(local.organizational_unit_hierarchy, k))] : []
+  _ou_1 = ! local.org_all && length(local.organizational_unit_names) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k, v in local.organizational_unit_names : lookup(local.organizational_unit_hierarchy, k, null)] : []
+  _ou_2 = ! local.org_all && length(var.organizational_unit_ids) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k in var.organizational_unit_ids : k if contains(values(local.organizational_unit_hierarchy, k))] : []
 
   organizational_units = distinct(compact(concat(local._ou_1, local._ou_2)))
 
   _id_3 = flatten([for k, v in data.aws_organizations_organizational_unit_descendant_accounts.ou : [for account in v.accounts : account.id if account.status == "ACTIVE"]])
-  _id_4 = var.org_all ? values(local.active_accounts) : []
+  _id_4 = local.org_all ? values(local.active_accounts) : []
 
   account_ids = distinct(compact(concat(local._id_1, local._id_2, local._id_3, local._id_4)))
 }
diff --git a/group-assignment/sample.yml b/group-assignment/sample.yml
new file mode 100644
index 0000000..3b8b152
--- /dev/null
+++ b/group-assignment/sample.yml
@@ -0,0 +1,5 @@
+all: true
+account_names: []
+account_ids: []
+org_ous: []
+users: []
diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf
index 0608747..81cb8f5 100644
--- a/group-assignment/variables.tf
+++ b/group-assignment/variables.tf
@@ -61,6 +61,12 @@ variable "organizational_unit_hierarchy" {
   default     = {}
 }
 
+variable "settings_file" {
+  description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code."
+  type        = string
+  default     = null
+}
+
 ##   "Enterprise-GOV:Workloads:SystemAcceptance" = {
 ##     "fullname" = "Enterprise-GOV:Workloads:SystemAcceptance"
 ##     "levels" = tolist([