Incorrect group regexp #27
Comments
|
Also |
|
Just to add... If I add an approval policy via the TEAM UI, and then look in the dynamodb approvers table, I can see it has successfully added the 8-8-4-4-4-12 style ID; so TEAM itself is perfectly happy with non-UUID group IDs. |
|
hmm with their being separate types allowed, I may need to remove the field validation altogether. The difficult part is that the API does not do any validation, which will be confusing for users if they input an id incorrectly. The api will accept it, but it will not function properly. I will work on getting this change in. |
|
It might help it if it is paired with some documentation. I use it like this, so I can never get an incorrect group id, as they came from a lookup. Maybe making the example like the below (or a simplified case of it) could help? data "aws_ssoadmin_instances" "current" {}
locals {
role1 = "NameOfRole1"
role2 = "NameOfRole2"
groups = ["group1", "group2", "group3"]
approvers = {
ou1 = [local.role1],
ou2 = [local.role1, local.role2],
}
instance_arn = tolist(data.aws_ssoadmin_instances.current.arns)[0]
identity_store_id = tolist(data.aws_ssoadmin_instances.current.identity_store_ids)[0]
}
data "aws_identitystore_group" "group" {
for_each = toset(local.groups)
identity_store_id = local.identity_store_id
alternate_identifier {
unique_attribute {
attribute_path = "DisplayName"
attribute_value = each.key
}
}
}
data "aws_organizations_organization" "org" {}
data "aws_organizations_organizational_unit" "ou" {
for_each = local.approvers
name = each.key
parent_id = data.aws_organizations_organization.org.roots[0].id
}
resource "awsteam_approvers_ou" "approval_policy" {
for_each = local.approvers
ou_id = data.aws_organizations_organizational_unit.ou[each.key].id
ou_name = each.key
approvers = each.value
group_ids = [for approver in each.value : data.aws_identitystore_group.group[approver].id]
} |
|
@jarrod-mg There is an api built into teams for reading aws accounts, users, and groups. I plan on implementing data sources for these in the provider. When I do, I will update the examples to use these dynamic methods. |
|
This functionality has been released in v1.0.0. For further feature requests or bug reports with this functionality, please create a new GitHub issue |
terraform-provider-awsteam/internal/provider/approvers_account.go
Line 107 in ce0f8ef
This insists that all group IDs must be UUIDs (8-4-4-4-12). However, if you are using federation, it is possible for group IDs to look different. In my case they are 8-8-4-4-4-12. I don't know if other federation systems would be different or not.
The text was updated successfully, but these errors were encountered: