From 3e2d458596430f26454c2a0a3daf7b05bc0eaa5a Mon Sep 17 00:00:00 2001 From: Andre Correa Date: Mon, 13 Jan 2025 11:04:04 -0300 Subject: [PATCH] Release 0.2.7 (#35) * Release 0.2.1 * Release 0.2.2 * feat: TF < 1.3.0 restriction removed * feat: TF binary equal or greater than 1.3.0 requirement added * chore: release notes and version bump * chore: release notes, tag and SPECs updated * fix typo in dynamic groups that refered to domain groups * fix: version = "<= 5.16.0" removed * chore: release notes, version and spec updated * feat: OCI FW and ZPR IAM policies added * feat: examples updated * chore: release notes and version update * chore: release notes updated. * fix: attribute_sets = ["all"] added to oci_identity_domains_group * chore: release notes and version increment * fix: preventing username dupes to fail user lookup * fix: ignoring username dupes that can be provided as input * chore: release notes a version increment * chore: release date updated * feat: debug flag added * fix: user lookup only checks ACTIVE users * chore: release notes updated * doc: SPEC.md updated --------- Signed-off-by: Andre Correa Co-authored-by: Rory Nguyen Co-authored-by: josh_hammer --- RELEASE-NOTES.md | 6 ++++++ groups/SPEC.md | 3 ++- groups/main.tf | 13 +++++++++---- groups/outputs.tf | 5 +++++ groups/variables.tf | 1 + release.txt | 2 +- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index a2feabc..95297bc 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,3 +1,9 @@ +# January 10, 2025 Release Notes - 0.2.7 +## Updates +1. [Groups module](./groups/) + - Only ACTIVE users are looked up for group membership assignments. + + # December 09, 2024 Release Notes - 0.2.6 ## Updates 1. [Identity Domains module](./identity-domains/) diff --git a/groups/SPEC.md b/groups/SPEC.md index ccf4596..dbbb919 100644 --- a/groups/SPEC.md +++ b/groups/SPEC.md @@ -26,7 +26,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | 
object({
    default_defined_tags  = optional(map(string)),
    default_freeform_tags = optional(map(string))
    groups = map(object({
      name          = string,
      description   = string,
      members       = optional(list(string)),
      defined_tags  = optional(map(string)),
      freeform_tags = optional(map(string))
    }))
  })
| `null` | no | +| [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | 
object({
    enable_debug = optional(bool,false)
    default_defined_tags  = optional(map(string)),
    default_freeform_tags = optional(map(string))
    groups = map(object({
      name          = string,
      description   = string,
      members       = optional(list(string)),
      defined_tags  = optional(map(string)),
      freeform_tags = optional(map(string))
    }))
  })
| `null` | no | | [module\_name](#input\_module\_name) | The module name. | `string` | `"iam-groups"` | no | | [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy. | `string` | n/a | yes | @@ -34,5 +34,6 @@ No modules. | Name | Description | |------|-------------| +| [debug\_ignored\_users](#output\_debug\_ignored\_users) | (Debug) Ignored users. | | [groups](#output\_groups) | The groups. | | [memberships](#output\_memberships) | The group memberships. | diff --git a/groups/main.tf b/groups/main.tf index 04c1a08..6809b9e 100644 --- a/groups/main.tf +++ b/groups/main.tf @@ -2,7 +2,9 @@ # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. data "oci_identity_users" "these" { - compartment_id = var.tenancy_ocid + count = length(local.group_memberships) > 0 ? 1 : 0 + compartment_id = var.tenancy_ocid + state = "ACTIVE" } resource "oci_identity_group" "these" { @@ -15,13 +17,16 @@ resource "oci_identity_group" "these" { } resource "oci_identity_user_group_membership" "these" { - for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m } + for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m... if contains(keys(local.users),m.user_name)} group_id = oci_identity_group.these[split(".",each.key)[0]].id - user_id = local.users[each.value.user_name].id + user_id = local.users[each.value[0].user_name].id } locals { - users = { for u in data.oci_identity_users.these.users : u.name => u } + all_users = [ for u in try(data.oci_identity_users.these[0].users,[]) : u ] + users = { for u in local.all_users : u.name => u if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) == 1 } + + #users = { for u in try(data.oci_identity_users.these.users,[]) : u.name => u... } group_memberships = flatten([ for k, v in (var.groups_configuration != null ? var.groups_configuration.groups : {}) : [ diff --git a/groups/outputs.tf b/groups/outputs.tf index 0ee3a01..bad601f 100644 --- a/groups/outputs.tf +++ b/groups/outputs.tf @@ -9,4 +9,9 @@ output "groups" { output "memberships" { description = "The group memberships." value = oci_identity_user_group_membership.these +} + +output "debug_ignored_users" { + description = "(Debug) Ignored users." + value = try(var.groups_configuration.enable_debug,false) ? [ for u in local.all_users : {"id": u.id, "email": u.email, "name" : u.name} if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) > 1 ] : null } \ No newline at end of file diff --git a/groups/variables.tf b/groups/variables.tf index 8ca0574..db2c157 100644 --- a/groups/variables.tf +++ b/groups/variables.tf @@ -9,6 +9,7 @@ variable "tenancy_ocid" { variable "groups_configuration" { description = "The groups configuration." type = object({ + enable_debug = optional(bool,false) default_defined_tags = optional(map(string)), default_freeform_tags = optional(map(string)) groups = map(object({ diff --git a/release.txt b/release.txt index a53741c..967b33f 100644 --- a/release.txt +++ b/release.txt @@ -1 +1 @@ -0.2.6 \ No newline at end of file +0.2.7 \ No newline at end of file