Release 0.2.7 (#35)

* Release 0.2.1

* Release 0.2.2

* feat: TF < 1.3.0 restriction removed

* feat: TF binary equal or greater than 1.3.0 requirement added

* chore: release notes and version bump

* chore: release notes, tag and SPECs updated

* fix typo in dynamic groups that refered to domain groups

* fix: version = "<= 5.16.0" removed

* chore: release notes, version and spec updated

* feat: OCI FW and ZPR IAM policies added

* feat: examples updated

* chore: release notes and version update

* chore: release notes updated.

* fix: attribute_sets = ["all"] added to oci_identity_domains_group

* chore: release notes and version increment

* fix: preventing username dupes to fail user lookup

* fix: ignoring username dupes that can be provided as input

* chore: release notes a version increment

* chore: release date updated

* feat: debug flag added

* fix: user lookup only checks ACTIVE users

* chore: release notes updated

* doc: SPEC.md updated

---------

Signed-off-by: Andre Correa <andre.correa@oracle.com>
Co-authored-by: Rory Nguyen <rory.nguyen@oracle.com>
Co-authored-by: josh_hammer <josh.hammer@oracle.com>

Author: 3 people

RELEASE-NOTES.md

@@ -1,3 +1,9 @@
+# January 10, 2025 Release Notes - 0.2.7
+## Updates
+1. [Groups module](./groups/)
+    - Only ACTIVE users are looked up for group membership assignments.
+
+
 # December 09, 2024 Release Notes - 0.2.6
 ## Updates
 1. [Identity Domains module](./identity-domains/)

groups/SPEC.md

@@ -26,13 +26,14 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_groups_configuration"></a> [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | <pre>object({<br>    default_defined_tags  = optional(map(string)),<br>    default_freeform_tags = optional(map(string))<br>    groups = map(object({<br>      name          = string,<br>      description   = string,<br>      members       = optional(list(string)),<br>      defined_tags  = optional(map(string)),<br>      freeform_tags = optional(map(string))<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_groups_configuration"></a> [groups\_configuration](#input\_groups\_configuration) | The groups configuration. | <pre>object({<br>    enable_debug = optional(bool,false)<br>    default_defined_tags  = optional(map(string)),<br>    default_freeform_tags = optional(map(string))<br>    groups = map(object({<br>      name          = string,<br>      description   = string,<br>      members       = optional(list(string)),<br>      defined_tags  = optional(map(string)),<br>      freeform_tags = optional(map(string))<br>    }))<br>  })</pre> | `null` | no |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | The module name. | `string` | `"iam-groups"` | no |
 | <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| <a name="output_debug_ignored_users"></a> [debug\_ignored\_users](#output\_debug\_ignored\_users) | (Debug) Ignored users. |
 | <a name="output_groups"></a> [groups](#output\_groups) | The groups. |
 | <a name="output_memberships"></a> [memberships](#output\_memberships) | The group memberships. |

groups/main.tf

@@ -2,7 +2,9 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 data "oci_identity_users" "these" {
-  compartment_id = var.tenancy_ocid
+  count = length(local.group_memberships) > 0 ? 1 : 0
+    compartment_id = var.tenancy_ocid
+    state = "ACTIVE"
 }
 
 resource "oci_identity_group" "these" {
@@ -15,13 +17,16 @@ resource "oci_identity_group" "these" {
 }
 
 resource "oci_identity_user_group_membership" "these" {
-  for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m }
+  for_each = { for m in local.group_memberships : "${m.group_key}.${m.user_name}" => m... if contains(keys(local.users),m.user_name)}
     group_id = oci_identity_group.these[split(".",each.key)[0]].id
-    user_id  = local.users[each.value.user_name].id
+    user_id  = local.users[each.value[0].user_name].id
 }
 
 locals {
-  users  = { for u in data.oci_identity_users.these.users : u.name => u }
+  all_users = [ for u in try(data.oci_identity_users.these[0].users,[]) : u ]
+  users  = { for u in local.all_users : u.name => u if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) == 1 }
+  
+  #users  = { for u in try(data.oci_identity_users.these.users,[]) : u.name => u... }
 
   group_memberships = flatten([
     for k, v in (var.groups_configuration != null ? var.groups_configuration.groups : {}) : [

groups/outputs.tf

@@ -9,4 +9,9 @@ output "groups" {
 output "memberships" {
   description = "The group memberships."
   value = oci_identity_user_group_membership.these
+}
+
+output "debug_ignored_users" {
+  description = "(Debug) Ignored users."
+  value = try(var.groups_configuration.enable_debug,false) ? [ for u in local.all_users : {"id": u.id, "email": u.email, "name" : u.name} if length([ for u1 in local.all_users : u1.name if u1.name == u.name]) > 1 ] : null
 }

groups/variables.tf

@@ -9,6 +9,7 @@ variable "tenancy_ocid" {
 variable "groups_configuration" {
   description = "The groups configuration."
   type = object({
+    enable_debug = optional(bool,false)
     default_defined_tags  = optional(map(string)),
     default_freeform_tags = optional(map(string))
     groups = map(object({

release.txt

@@ -1 +1 @@
-0.2.6
+0.2.7