From df81dff9e2048647298e1a02ae95fa8b56bdf02a Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 8 Feb 2024 13:38:43 -0500 Subject: [PATCH] add settings --- common/variables.settings.tf | 5 +++++ group-assignment/sample.yml | 1 + group-assignment/variables.settings.tf | 1 + group-assignment/variables.tf | 6 ------ permissionset/README.md | 1 + permissionset/settings.tf | 6 ++++++ permissionset/variables.settings.tf | 1 + 7 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 common/variables.settings.tf create mode 120000 group-assignment/variables.settings.tf create mode 100644 permissionset/settings.tf create mode 120000 permissionset/variables.settings.tf diff --git a/common/variables.settings.tf b/common/variables.settings.tf new file mode 100644 index 0000000..67be5e1 --- /dev/null +++ b/common/variables.settings.tf @@ -0,0 +1,5 @@ +variable "settings_file" { + description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code." + type = string + default = null +} diff --git a/group-assignment/sample.yml b/group-assignment/sample.yml index e8019df..8765789 100644 --- a/group-assignment/sample.yml +++ b/group-assignment/sample.yml @@ -4,6 +4,7 @@ permissionset_name: string all: true account_names: [] account_ids: [] +auto_policy_count: null org_ous: [] user_mapping: {} users: [] diff --git a/group-assignment/variables.settings.tf b/group-assignment/variables.settings.tf new file mode 120000 index 0000000..7c8ca98 --- /dev/null +++ b/group-assignment/variables.settings.tf @@ -0,0 +1 @@ +../common//variables.settings.tf \ No newline at end of file diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf index 735685e..6f50219 100644 --- a/group-assignment/variables.tf +++ b/group-assignment/variables.tf @@ -74,12 +74,6 @@ variable "organizational_unit_hierarchy" { default = {} } -variable "settings_file" { - description = "File name and path to YAML with users(list), account_ids(list), org_ous(list), and all(bool). See sample.yml in code." - type = string - default = null -} - ## "Enterprise-GOV:Workloads:SystemAcceptance" = { ## "fullname" = "Enterprise-GOV:Workloads:SystemAcceptance" ## "levels" = tolist([ diff --git a/permissionset/README.md b/permissionset/README.md index 26e2e9d..a119f96 100644 --- a/permissionset/README.md +++ b/permissionset/README.md @@ -44,6 +44,7 @@ No modules. | [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | | [relay\_state](#input\_relay\_state) | Relay State to pass along to permissionset | `string` | `null` | no | | [session\_duration](#input\_session\_duration) | Permission set duration (default 8H) | `string` | `"PT8H"` | no | +| [settings\_file](#input\_settings\_file) | File name and path to YAML with users(list), account\_ids(list), org\_ous(list), and all(bool). See sample.yml in code. | `string` | `null` | no | | [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | ## Outputs diff --git a/permissionset/settings.tf b/permissionset/settings.tf new file mode 100644 index 0000000..244b57d --- /dev/null +++ b/permissionset/settings.tf @@ -0,0 +1,6 @@ +locals { + settings = var.settings_file != null && fileexists(var.settings_file) ? yamldecode(file(var.settings_file)) : null + name = coalesce(var.name, try(local.settings.group, null)) + description = coalesce(var.description, try(local.settings.description, null), local.name) + auto_policy_acount = try(local.settings.auto_policy_count, var.auto_policy_count) +} diff --git a/permissionset/variables.settings.tf b/permissionset/variables.settings.tf new file mode 120000 index 0000000..7c8ca98 --- /dev/null +++ b/permissionset/variables.settings.tf @@ -0,0 +1 @@ +../common//variables.settings.tf \ No newline at end of file