Release 0.2.7 (#35)

* Release 0.2.1 * Release 0.2.2 * feat: TF < 1.3.0 restriction removed * feat: TF binary equal or greater than 1.3.0 requirement added * chore: release notes and version bump * chore: release notes, tag and SPECs updated * fix typo in dynamic groups that refered to domain groups * fix: version = "<= 5.16.0" removed * chore: release notes, version and spec updated * feat: OCI FW and ZPR IAM policies added * feat: examples updated * chore: release notes and version update * chore: release notes updated. * fix: attribute_sets = ["all"] added to oci_identity_domains_group * chore: release notes and version increment * fix: preventing username dupes to fail user lookup * fix: ignoring username dupes that can be provided as input * chore: release notes a version increment * chore: release date updated * feat: debug flag added * fix: user lookup only checks ACTIVE users * chore: release notes updated * doc: SPEC.md updated --------- Signed-off-by: Andre Correa <[email protected]> Co-authored-by: Rory Nguyen <[email protected]> Co-authored-by: josh_hammer <[email protected]>
oci-landing-zones · Jan 13, 2025 · 3e2d458 · 3e2d458
1 parent 0ed42e6
commit 3e2d458
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 6 deletions.
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,3 +1,9 @@
+# January 10, 2025 Release Notes - 0.2.7
+## Updates
+1. [Groups module](./groups/)
+    - Only ACTIVE users are looked up for group membership assignments.
+
+
 # December 09, 2024 Release Notes - 0.2.6
 ## Updates
 1. [Identity Domains module](./identity-domains/)

diff --git a/groups/SPEC.md b/groups/SPEC.md
@@ -26,13 +26,14 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_groups_configuration"></a> [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | <pre>object({<br>    default_defined_tags  = optional(map(string)),<br>    default_freeform_tags = optional(map(string))<br>    groups = map(object({<br>      name          = string,<br>      description   = string,<br>      members       = optional(list(string)),<br>      defined_tags  = optional(map(string)),<br>      freeform_tags = optional(map(string))<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_groups_configuration"></a> [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | <pre>object({<br>    enable_debug = optional(bool,false)<br>    default_defined_tags  = optional(map(string)),<br>    default_freeform_tags = optional(map(string))<br>    groups = map(object({<br>      name          = string,<br>      description   = string,<br>      members       = optional(list(string)),<br>      defined_tags  = optional(map(string)),<br>      freeform_tags = optional(map(string))<br>    }))<br>  })</pre> | `null` | no |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | The module name. | `string` | `"iam-groups"` | no |
 | <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| <a name="output_debug_ignored_users"></a> [debug\_ignored\_users](#output\_debug\_ignored\_users) | (Debug) Ignored users. |
 | <a name="output_groups"></a> [groups](#output\_groups) | The groups. |
 | <a name="output_memberships"></a> [memberships](#output\_memberships) | The group memberships. |
diff --git a/groups/main.tf b/groups/main.tf
@@ -2,7 +2,9 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 data "oci_identity_users" "these" {
-  compartment_id = var.tenancy_ocid
+  count = length(local.group_memberships) > 0 ? 1 : 0
+    compartment_id = var.tenancy_ocid
+    state = "ACTIVE"
 }
 
 resource "oci_identity_group" "these" {
@@ -15,13 +17,16 @@ resource "oci_identity_group" "these" {
 }
 
 resource "oci_identity_user_group_membership" "these" {
-  for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m }
+  for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m... if contains(keys(local.users),m.user_name)}
     group_id = oci_identity_group.these[split(".",each.key)[0]].id
-    user_id  = local.users[each.value.user_name].id
+    user_id  = local.users[each.value[0].user_name].id
 }
 
 locals {
-  users  = { for u in data.oci_identity_users.these.users : u.name => u }
+  all_users = [ for u in try(data.oci_identity_users.these[0].users,[]) : u ]
+  users  = { for u in local.all_users : u.name => u if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) == 1 }
+
+  #users  = { for u in try(data.oci_identity_users.these.users,[]) : u.name => u... }
 
   group_memberships = flatten([
     for k, v in (var.groups_configuration != null ? var.groups_configuration.groups : {}) : [

diff --git a/groups/outputs.tf b/groups/outputs.tf
@@ -9,4 +9,9 @@ output "groups" {
 output "memberships" {
   description = "The group memberships."
   value = oci_identity_user_group_membership.these
+}
+
+output "debug_ignored_users" {
+  description = "(Debug) Ignored users."
+  value = try(var.groups_configuration.enable_debug,false) ? [ for u in local.all_users : {"id": u.id, "email": u.email, "name" : u.name} if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) > 1 ] : null
 }
diff --git a/groups/variables.tf b/groups/variables.tf
@@ -9,6 +9,7 @@ variable "tenancy_ocid" {
 variable "groups_configuration" {
   description = "The groups configuration."
   type = object({
+    enable_debug = optional(bool,false)
     default_defined_tags  = optional(map(string)),
     default_freeform_tags = optional(map(string))
     groups = map(object({

diff --git a/release.txt b/release.txt
@@ -1 +1 @@
-0.2.6
+0.2.7