add settings

terraform-modules · Feb 8, 2024 · df81dff · df81dff
1 parent 41e30b0
commit df81dff
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 6 deletions.
diff --git a/common/variables.settings.tf b/common/variables.settings.tf
@@ -0,0 +1,5 @@
+variable "settings_file" {
+  description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code."
+  type        = string
+  default     = null
+}
diff --git a/group-assignment/sample.yml b/group-assignment/sample.yml
@@ -4,6 +4,7 @@ permissionset_name: string
 all: true
 account_names: []
 account_ids: []
+auto_policy_count: null
 org_ous: []
 user_mapping: {}
 users: []
diff --git a/group-assignment/variables.settings.tf b/group-assignment/variables.settings.tf
@@ -0,0 +1 @@
+../common//variables.settings.tf
diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf
@@ -74,12 +74,6 @@ variable "organizational_unit_hierarchy" {
   default     = {}
 }
 
-variable "settings_file" {
-  description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code."
-  type        = string
-  default     = null
-}
-
 ##   "Enterprise-GOV:Workloads:SystemAcceptance" = {
 ##     "fullname" = "Enterprise-GOV:Workloads:SystemAcceptance"
 ##     "levels" = tolist([

diff --git a/permissionset/README.md b/permissionset/README.md
@@ -44,6 +44,7 @@ No modules.
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_relay_state"></a> [relay\_state](#input\_relay\_state) | Relay State to pass along to permissionset | `string` | `null` | no |
 | <a name="input_session_duration"></a> [session\_duration](#input\_session\_duration) | Permission set duration (default 8H) | `string` | `"PT8H"` | no |
+| <a name="input_settings_file"></a> [settings\_file](#input\_settings\_file) | File name and path to YAML with users(list), account\_ids(list), org\_ous(list), and all(bool). See sample.yml in code. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 
 ## Outputs

diff --git a/permissionset/settings.tf b/permissionset/settings.tf
@@ -0,0 +1,6 @@
+locals {
+  settings           = var.settings_file != null && fileexists(var.settings_file) ? yamldecode(file(var.settings_file)) : null
+  name               = coalesce(var.name, try(local.settings.group, null))
+  description        = coalesce(var.description, try(local.settings.description, null), local.name)
+  auto_policy_acount = try(local.settings.auto_policy_count, var.auto_policy_count)
+}
diff --git a/permissionset/variables.settings.tf b/permissionset/variables.settings.tf
@@ -0,0 +1 @@
+../common//variables.settings.tf