try and fix group membership (#10)

* test adding groups and memberships * fix syntax * add back in data block * fix syntax * add group changes * remove duplicate resource group * test chatgpt code * try and fix group assocation * bad * add in daily commit * update readme * try and fix group membership * make users belong to one group * change variable type in users object * remove string brackets * try and fix group membership * undo type change * try and fix userid error
zachrundle · Aug 25, 2024 · 58e791a · 58e791a
1 parent b876b00
commit 58e791a
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ A module that will configure an EKS cluster and the required IAM role and permis
 ### Spot Fleet
 A module to configure spot fleets and acceptable spot server types that can be used with the EKS module. A future enhancement will be to also leverage Karpenter to help with autoscaling.
 
+
 ### VPC
 A module that will configure the VPC and subnets (based on the amount of AZs in that region). Also has an option to configure a NAT gateway.
 
diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf
@@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" {
 resource "aws_identitystore_group_membership" "this" {
   for_each =  var.users
   identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0]
-  group_id          = aws_identitystore_group.this[each.value.group].id
-  member_id         = aws_identitystore_user.this[each.key].id
+  group_id          = aws_identitystore_group.this[each.value.groups].id
+  member_id         = aws_identitystore_user.this[each.key].user_id
 }
diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf
@@ -3,7 +3,8 @@ variable "users" {
   type = map(object({
     first_name = string
     last_name  = string
-    groups     = set(string) # Set of group names the user belongs to
+    # TODO: add support in case a user needs to belong to multiple groups
+    groups     = string
   }))
 }
 

diff --git a/users.tf b/users.tf
@@ -1,17 +1,17 @@
 module "users" {
   source = "./modules/iam_identity_users"
-  groups = ["administrators", "developers", "qa", "networking"]
+  groups = ["administrators", "developers", "networking"]
 
   users = {
     "Zach Rundle" = {
       first_name = "Zach"
       last_name  = "Rundle"
-      groups     = ["administrators"]
+      groups     = "administrators"
     },
     "Maverick Dog" = {
       first_name = "Maverick"
       last_name  = "Dog"
-      groups     = ["developers", "qa"]
+      groups     = "developers"
     },
   }
 }