From 8550ee8e64570c573f2adf50efc4b8c31cd7cb73 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 24 Apr 2024 11:43:08 -0400
Subject: [PATCH] * 1.2.1 -- 2024-04-24   - group-assignment     - variable
 create_ldap_members to add users to ldap group (if created)

---
 CHANGELOG.md                  |  6 +++++-
 common/version.tf             |  2 +-
 group-assignment/README.md    |  2 ++
 group-assignment/main.tf      | 11 +++++++++++
 group-assignment/variables.tf |  6 ++++++
 5 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a754c43..58da126 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,7 +29,11 @@
       * 1-20 => p-sso-{permissionsetname}-p{number}
 
 * 1.2.0 -- 2024-03-08
-  - add ldap creation for group-assignmen
+  - add ldap creation for group-assignment
     - variable create_ldap_group
     - variable ldap_base_ou
     - variable ldap_sso_name
+
+* 1.2.1 -- 2024-04-24
+  - group-assignment
+    - variable create_ldap_members to add users to ldap group (if created)
diff --git a/common/version.tf b/common/version.tf
index 1ee6619..54b3493 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.2.0"
+  _module_version = "1.2.1"
 }
diff --git a/group-assignment/README.md b/group-assignment/README.md
index d14b957..cc4296d 100644
--- a/group-assignment/README.md
+++ b/group-assignment/README.md
@@ -26,6 +26,7 @@ No modules.
 | [aws_ssoadmin_account_assignment.accounts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_account_assignment) | resource |
 | [ldap_object.group](https://registry.terraform.io/providers/trevex/ldap/latest/docs/resources/object) | resource |
 | [ldap_object_attributes.group](https://registry.terraform.io/providers/trevex/ldap/latest/docs/resources/object_attributes) | resource |
+| [ldap_object_attributes.users](https://registry.terraform.io/providers/trevex/ldap/latest/docs/resources/object_attributes) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_identitystore_user.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_user) | data source |
@@ -42,6 +43,7 @@ No modules.
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
 | <a name="input_create_ldap_group"></a> [create\_ldap\_group](#input\_create\_ldap\_group) | Flag to create the respective LDAP group for the SSO group with name cn={groupname},ou=SSO,... | `bool` | `false` | no |
+| <a name="input_create_ldap_members"></a> [create\_ldap\_members](#input\_create\_ldap\_members) | Flag to add the users to the respective LDAP group for the SSO group | `bool` | `false` | no |
 | <a name="input_description"></a> [description](#input\_description) | Permission set description | `string` | `null` | no |
 | <a name="input_identity_store_id"></a> [identity\_store\_id](#input\_identity\_store\_id) | AWS SSO/IDC Instance ID | `string` | n/a | yes |
 | <a name="input_instance_arn"></a> [instance\_arn](#input\_instance\_arn) | AWS SSO/IDC Instance ARN | `string` | n/a | yes |
diff --git a/group-assignment/main.tf b/group-assignment/main.tf
index ab4c9b9..089dfc1 100644
--- a/group-assignment/main.tf
+++ b/group-assignment/main.tf
@@ -105,6 +105,17 @@ resource "ldap_object_attributes" "group" {
   ]
 }
 
+# add user to group (if create groand add user to group enabled)
+resource "ldap_object_attributes" "users" {
+  provider = ldap
+  for_each = var.create_ldap_group && var.create_ldap_members ? data.ldap_object.users : {}
+
+  dn = local.ldap_dn
+  attributes = [
+    { member = each.value.dn },
+  ]
+}
+
 ## gov.census.tco:CPASS_APP=CSVD_CSVD IC lab
 ## gov.census.tco:CPASS_FullPath=Administration/AdminUI/Production Group Support/CSVD/CSVD IC lab/Users
 ## gov.census.tco:CPASS_ApprovalGroup=cn=CSVD IC lab_Approvers
diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf
index e306348..26ae530 100644
--- a/group-assignment/variables.tf
+++ b/group-assignment/variables.tf
@@ -94,6 +94,12 @@ variable "create_ldap_group" {
   default     = false
 }
 
+variable "create_ldap_members" {
+  description = "Flag to add the users to the respective LDAP group for the SSO group"
+  type        = bool
+  default     = false
+}
+
 variable "ldap_base_ou" {
   description = "LDAP Base OU used for access group and SSO groups. This assumed to exist and is created elsewhere."
   type        = string