refactor: rename QuickSight username variable and improve admin user configuration

georgepstaylor · georgepstaylor · commit d3f93a1bcf1d · 2025-02-28T11:45:33.000Z
diff --git a/README.md b/README.md
@@ -36,7 +36,7 @@ module "cudos_framework" {
   enable_sso                         = true
   enable_tao_dashboard               = false
   saml_metadata                      = file("${path.module}/assets/saml-metadata.xml")
-  quicksight_username               = var.quicksight_username
+  quicksight_dashboard_owner               = var.quicksight_dashboard_owner
   tags                               = var.tags
 
   providers = {
diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -6,10 +6,10 @@ No providers.
 
 ## Inputs
 
-| Name                                                                                         | Description                           | Type          | Default                                             | Required |
-| -------------------------------------------------------------------------------------------- | ------------------------------------- | ------------- | --------------------------------------------------- | :------: |
-| <a name="input_quicksight_username"></a> [quicksights_username](#input_quicksights_username) | The username to use for QuickSight    | `string`      | `"admin"`                                           |    no    |
-| <a name="input_tags"></a> [tags](#input_tags)                                                | A map of tags to add to all resources | `map(string)` | <pre>{<br/> "Environment": "Production"<br/>}</pre> |    no    |
+| Name                                                                                                | Description                           | Type          | Default                                             | Required |
+| --------------------------------------------------------------------------------------------------- | ------------------------------------- | ------------- | --------------------------------------------------- | :------: |
+| <a name="input_quicksight_dashboard_owner"></a> [quicksights_username](#input_quicksights_username) | The username to use for QuickSight    | `string`      | `"admin"`                                           |    no    |
+| <a name="input_tags"></a> [tags](#input_tags)                                                       | A map of tags to add to all resources | `map(string)` | <pre>{<br/> "Environment": "Production"<br/>}</pre> |    no    |
 
 ## Outputs
 
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -18,7 +18,7 @@ module "destination" {
   dashboards_bucket_name     = local.dashboard_bucket_name
   enable_sso                 = true
   payer_accounts             = ["1234343434"]
-  quicksight_username        = var.quicksight_username
+  quicksight_dashboard_owner = var.quicksight_dashboard_owner
   saml_metadata              = file("${path.module}/assets/saml-metadata.xml")
   tags                       = var.tags
 
diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
@@ -7,7 +7,7 @@ variable "tags" {
   }
 }
 
-variable "quicksight_username" {
+variable "quicksight_dashboard_owner" {
   description = "The username to use for QuickSight"
   type        = string
   default     = "admin"
diff --git a/modules/destination/README.md b/modules/destination/README.md
@@ -47,7 +47,7 @@
 | <a name="input_quicksight_subscription_edition"></a> [quicksight_subscription_edition](#input_quicksight_subscription_edition)                                           | The edition for the QuickSight quicksight_subscription                           | `string`                                                                                                                                                          | `"ENTERPRISE"`                       |    no    |
 | <a name="input_quicksight_subscription_email"></a> [quicksight_subscription_email](#input_quicksight_subscription_email)                                                 | The email address for the QuickSight quicksight_subscription edition             | `string`                                                                                                                                                          | `null`                               |    no    |
 | <a name="input_quicksight_users"></a> [quicksight_users](#input_quicksight_users)                                                                                        | Map of user accounts to be registered in QuickSight                              | <pre>map(object({<br/> identity_type = optional(string, "IAM")<br/> namespace = optional(string, "default")<br/> role = optional(string, "READER")<br/> }))</pre> | `{}`                                 |    no    |
-| <a name="input_quicksight_username"></a> [quicksights_username](#input_quicksights_username)                                                                             | The username for the QuickSight user                                             | `string`                                                                                                                                                          | `"admin"`                            |    no    |
+| <a name="input_quicksight_dashboard_owner"></a> [quicksights_username](#input_quicksights_username)                                                                      | The username for the QuickSight user                                             | `string`                                                                                                                                                          | `"admin"`                            |    no    |
 | <a name="input_saml_iam_role_name"></a> [saml_iam_role_name](#input_saml_iam_role_name)                                                                                  | Name of the role all authentication users are initially given                    | `string`                                                                                                                                                          | `"aws-cudos-sso"`                    |    no    |
 | <a name="input_saml_metadata"></a> [saml_metadata](#input_saml_metadata)                                                                                                 | The configuration for the SAML identity provider                                 | `string`                                                                                                                                                          | `null`                               |    no    |
 | <a name="input_saml_provider_name"></a> [saml_provider_name](#input_saml_provider_name)                                                                                  | The name of the SAML provider                                                    | `string`                                                                                                                                                          | `"aws-cudos-sso"`                    |    no    |
diff --git a/modules/destination/locals.tf b/modules/destination/locals.tf
@@ -9,7 +9,6 @@ locals {
   ## The URL for the s3 bucket containing cloudformation scripts
   bucket_url = format("https://%s.s3.%s.amazonaws.com", var.cloudformation_bucket_name, local.region)
   ## Indicates if we should provision the quicksight admin user
-  enable_admin = var.enable_quicksight_admin && var.quicksight_admin_email != null
 
   ## Is the user mappings for the quicksight groups
   user_group_mappings = merge([
diff --git a/modules/destination/main.tf b/modules/destination/main.tf
@@ -104,7 +104,7 @@ resource "aws_quicksight_account_subscription" "subscription" {
 
 ## Provision a administator user in quicksight
 resource "aws_quicksight_user" "admin" {
-  count = local.enable_admin ? 1 : 0
+  count = var.create_quicksight_admin_user ? 1 : 0
 
   email         = var.quicksight_admin_email
   identity_type = "QUICKSIGHT"
@@ -264,7 +264,7 @@ module "dashboards" {
     "DeployTAODashboard"                 = var.enable_tao_dashboard ? "yes" : "no"
     "PrerequisitesQuickSight"            = var.enable_prerequisites_quicksight ? "yes" : "no"
     "PrerequisitesQuickSightPermissions" = var.enable_prerequisites_quicksight_permissions ? "yes" : "no"
-    "QuickSightUser"                     = var.quicksight_username
+    "QuickSightUser"                     = var.quicksight_dashboard_owner
   }
 
   depends_on = [
diff --git a/modules/destination/variables.tf b/modules/destination/variables.tf
@@ -81,7 +81,7 @@ variable "dashboards_bucket_name" {
 }
 
 variable "enable_quicksight_admin" {
-  description = "Enable the creation of an admin user (var.quicksight_username) in QuickSight"
+  description = "Enable the creation of an admin user (var.quicksight_dashboard_owner) in QuickSight"
   type        = bool
   default     = true
 }
@@ -93,9 +93,14 @@ variable "quicksight_admin_username" {
 }
 
 variable "quicksight_admin_email" {
-  description = "The email address for the QuickSight admin user"
+  description = "The email address for the QuickSight admin user. Required if var.create_quicksight_admin_user is true"
   type        = string
-  default     = null
+}
+
+variable "create_quicksight_admin_user" {
+  description = "Whether to create a QuickSight admin user (var.quicksight_admin_username)"
+  type        = bool
+  default     = true
 }
 
 variable "enable_sso" {
@@ -252,8 +257,8 @@ variable "quicksight_groups" {
   default = {}
 }
 
-variable "quicksight_username" {
-  description = "The username for the QuickSight user"
+variable "quicksight_dashboard_owner" {
+  description = "The username for the QuickSight user who will own the dashboards. This user needs to exist. By default, it will be the admin user which is created by the module."
   type        = string
   default     = "admin"
 }

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ variable "tags" {`
`7`	`7`	`}`
`8`	`8`	`}`
`9`	`9`
`10`		`-variable "quicksight_username" {`
	`10`	`+variable "quicksight_dashboard_owner" {`
`11`	`11`	`description = "The username to use for QuickSight"`
`12`	`12`	`type = string`
`13`	`13`	`default = "admin"`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ variable "dashboards_bucket_name" {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`variable "enable_quicksight_admin" {`
`84`		`- description = "Enable the creation of an admin user (var.quicksight_username) in QuickSight"`
	`84`	`+ description = "Enable the creation of an admin user (var.quicksight_dashboard_owner) in QuickSight"`
`85`	`85`	`type = bool`
`86`	`86`	`default = true`
`87`	`87`	`}`
`@@ -93,9 +93,14 @@ variable "quicksight_admin_username" {`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`variable "quicksight_admin_email" {`
`96`		`- description = "The email address for the QuickSight admin user"`
	`96`	`+ description = "The email address for the QuickSight admin user. Required if var.create_quicksight_admin_user is true"`
`97`	`97`	`type = string`
`98`		`- default = null`
	`98`	`+}`
	`99`	`+`
	`100`	`+variable "create_quicksight_admin_user" {`
	`101`	`+ description = "Whether to create a QuickSight admin user (var.quicksight_admin_username)"`
	`102`	`+ type = bool`
	`103`	`+ default = true`
`99`	`104`	`}`
`100`	`105`
`101`	`106`	`variable "enable_sso" {`
`@@ -252,8 +257,8 @@ variable "quicksight_groups" {`
`252`	`257`	`default = {}`
`253`	`258`	`}`
`254`	`259`
`255`		`-variable "quicksight_username" {`
`256`		`- description = "The username for the QuickSight user"`
	`260`	`+variable "quicksight_dashboard_owner" {`
	`261`	`+ description = "The username for the QuickSight user who will own the dashboards. This user needs to exist. By default, it will be the admin user which is created by the module."`
`257`	`262`	`type = string`
`258`	`263`	`default = "admin"`
`259`	`264`	`}`