Implement conditional logic for role creation (#7)

This allows the advertised variables to function. The outputs had to be modified to work with conditionals in line with the workaround in https://github.com/hashicorp/terraform/issues/17425.

Implement conditional logic for role creation (#7)
This allows the advertised variables to function. The outputs had to be modified to work with conditionals in line with the workaround in https://github.com/hashicorp/terraform/issues/17425.
711cacab · Jonathan Kinred · Anton Babenko · 76f6ee5d · 711cacab · 711cacab
Commit 711cacab authored May 02, 2018 by Jonathan Kinred Committed by Anton Babenko May 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 9 deletions

main.tf modules/iam-assumable-roles/main.tf +12 -0

outputs.tf modules/iam-assumable-roles/outputs.tf +9 -9

No files found.
--- a/modules/iam-assumable-roles/main.tf
+++ b/modules/iam-assumable-roles/main.tf
@@ -38,6 +38,8 @@ data "aws_iam_policy_document" "assume_role_with_mfa" {

 # Admin
 resource "aws_iam_role" "admin" {
+  count = "${var.create_admin_role ? 1 : 0}"
+
  name = "${var.admin_role_name}"
  path = "${var.admin_role_path}"

@@ -45,17 +47,23 @@ resource "aws_iam_role" "admin" {
 }

 resource "aws_iam_role_policy_attachment" "admin" {
+  count = "${var.create_admin_role ? 1 : 0}"
+
  role       = "${aws_iam_role.admin.name}"
  policy_arn = "${var.admin_role_policy_arn}"
 }

 # Poweruser
 resource "aws_iam_role_policy_attachment" "poweruser" {
+  count = "${var.create_poweruser_role ? 1 : 0}"
+
  role       = "${aws_iam_role.poweruser.name}"
  policy_arn = "${var.poweruser_role_policy_arn}"
 }

 resource "aws_iam_role" "poweruser" {
+  count = "${var.create_poweruser_role ? 1 : 0}"
+
  name = "${var.poweruser_role_name}"
  path = "${var.poweruser_role_path}"

@@ -64,11 +72,15 @@ resource "aws_iam_role" "poweruser" {

 # Readonly
 resource "aws_iam_role_policy_attachment" "readonly" {
+  count = "${var.create_readonly_role ? 1 : 0}"
+
  role       = "${aws_iam_role.readonly.name}"
  policy_arn = "${var.readonly_role_policy_arn}"
 }

 resource "aws_iam_role" "readonly" {
+  count = "${var.create_readonly_role ? 1 : 0}"
+
  name = "${var.readonly_role_name}"
  path = "${var.readonly_role_path}"


--- a/modules/iam-assumable-roles/outputs.tf
+++ b/modules/iam-assumable-roles/outputs.tf
 #Admin
 output "admin_iam_role_arn" {
  description = "ARN of admin IAM role"
-  value       = "${element(concat(aws_iam_role.admin.*.arn, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.admin.*.arn, list("")), 0)}"
 }

 output "admin_iam_role_name" {
  description = "Name of admin IAM role"
-  value       = "${element(concat(aws_iam_role.admin.*.name, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.admin.*.name, list("")), 0)}"
 }

 output "admin_iam_role_path" {
  description = "Path of admin IAM role"
-  value       = "${element(concat(aws_iam_role.admin.*.path, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.admin.*.path, list("")), 0)}"
 }

 output "admin_iam_role_requires_mfa" {
@@ -22,17 +22,17 @@ output "admin_iam_role_requires_mfa" {
 # Poweruser
 output "poweruser_iam_role_arn" {
  description = "ARN of poweruser IAM role"
-  value       = "${element(concat(aws_iam_role.poweruser.*.arn, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.poweruser.*.arn, list("")), 0)}"
 }

 output "poweruser_iam_role_name" {
  description = "Name of poweruser IAM role"
-  value       = "${element(concat(aws_iam_role.poweruser.*.name, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.poweruser.*.name, list("")), 0)}"
 }

 output "poweruser_iam_role_path" {
  description = "Path of poweruser IAM role"
-  value       = "${element(concat(aws_iam_role.poweruser.*.path, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.poweruser.*.path, list("")), 0)}"
 }

 output "poweruser_iam_role_requires_mfa" {
@@ -43,17 +43,17 @@ output "poweruser_iam_role_requires_mfa" {
 # Readonly
 output "readonly_iam_role_arn" {
  description = "ARN of readonly IAM role"
-  value       = "${element(concat(aws_iam_role.readonly.*.arn, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.readonly.*.arn, list("")), 0)}"
 }

 output "readonly_iam_role_name" {
  description = "Name of readonly IAM role"
-  value       = "${element(concat(aws_iam_role.readonly.*.name, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.readonly.*.name, list("")), 0)}"
 }

 output "readonly_iam_role_path" {
  description = "Path of readonly IAM role"
-  value       = "${element(concat(aws_iam_role.readonly.*.path, list()), 0)}"
+  value       = "${element(concat(aws_iam_role.readonly.*.path, list("")), 0)}"
 }

 output "readonly_iam_role_requires_mfa" {