commit ba60cd9029f4473c4e33500a83c1dee1a1c11a84 Author: Patrick de Ruiter Date: Thu Aug 12 12:22:23 2021 +0200 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..7a7708e --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +[![CircleCI](https://circleci.com/gh/devops-workflow/terraform-datadog-users.svg?style=svg)](https://circleci.com/gh/devops-workflow/terraform-datadog-users) + +terraform-datadog-users +======================= + +Terraform module for managing Datadog users + +```hcl +module "datadog-users" { + source = "devops-workflow/users/datadog" + version = "1.0.0" + + users = [ + { + name = "user1" + handle = "user1@example.com" + }, + { + name = "admin1" + handle = "admin1@example.com" + admin = "true" + disabled = "false" + }, + { + name = "dis1" + handle = "dis1@example.com" + email = "disy1@example.com" + disabled = "true" + role = "ro" + }, + ] +} +``` + +User data structure is a list of maps. + +#### User field mappings + +| User Field | Default | Datadog Provider Field | Description | +|:-----------|:---------:|:-----------------------|:------------| +| admin | `false` | is_admin | Make user an admin? | +| disabled | `false` | disabled | Disable user | +| email | `handle` | email | User email. Needed when user's email changed after account creation. Will default to `handle` if not provided | +| handle | __REQUIRED__ | handle | email handle of user | +| name | __REQUIRED__ | name | User name | +| role | `st` | role | User role. Options are `st` standard, `adm` admin, `ro` read-only | +# terraform-datadog-users diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..b8c30c3 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,4 @@ + +# Example and manual test cases + +Each directory contains a configuration that serves as a manual test case and an example diff --git a/examples/disable/README.md b/examples/disable/README.md new file mode 100644 index 0000000..8e844d1 --- /dev/null +++ b/examples/disable/README.md @@ -0,0 +1 @@ +# Example: Module disabled diff --git a/examples/disable/main.tf b/examples/disable/main.tf new file mode 100644 index 0000000..c800050 --- /dev/null +++ b/examples/disable/main.tf @@ -0,0 +1,5 @@ +module "disabled" { + source = "../../" + enabled = false + users = [] +} diff --git a/examples/disable/outputs.tf b/examples/disable/outputs.tf new file mode 100644 index 0000000..501e0e5 --- /dev/null +++ b/examples/disable/outputs.tf @@ -0,0 +1,30 @@ +output "disabled" { + description = "List of user disabled status" + value = "${module.disabled.disabled}" +} + +output "ids" { + description = "List of user IDs" + value = "${module.disabled.ids}" +} + +output "verified" { + description = "List of user verified status" + value = "${module.disabled.verified}" +} + +output "emails" { + value = "${module.disabled.emails}" +} + +output "handles" { + value = "${module.disabled.handles}" +} + +output "names" { + value = "${module.disabled.names}" +} + +output "users" { + value = "${module.disabled.users}" +} diff --git a/examples/users/README.md b/examples/users/README.md new file mode 100644 index 0000000..0dec97b --- /dev/null +++ b/examples/users/README.md @@ -0,0 +1 @@ +# Example: users diff --git a/examples/users/main.tf b/examples/users/main.tf new file mode 100644 index 0000000..63272bb --- /dev/null +++ b/examples/users/main.tf @@ -0,0 +1,23 @@ +module "users" { + source = "../../" + + users = [ + { + name = "user1" + handle = "user1@example.com" + }, + { + name = "admin1" + handle = "admin1@example.com" + admin = "true" + disabled = "false" + }, + { + name = "dis1" + handle = "dis1@example.com" + email = "disy1@example.com" + disabled = "false" + role = "ro" + }, + ] +} diff --git a/examples/users/outputs.tf b/examples/users/outputs.tf new file mode 100644 index 0000000..53a7c3c --- /dev/null +++ b/examples/users/outputs.tf @@ -0,0 +1,30 @@ +output "disabled" { + description = "List of user disabled status" + value = "${module.users.disabled}" +} + +output "ids" { + description = "List of user IDs" + value = "${module.users.ids}" +} + +output "verified" { + description = "List of user verified status" + value = "${module.users.verified}" +} + +output "emails" { + value = "${module.users.emails}" +} + +output "handles" { + value = "${module.users.handles}" +} + +output "names" { + value = "${module.users.names}" +} + +output "users" { + value = "${module.users.users}" +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..deaed2f --- /dev/null +++ b/main.tf @@ -0,0 +1,30 @@ +# terraform-datadog-users + +# https://www.terraform.io/docs/providers/datadog/r/user.html + +module "enabled" { + #source = "devops-workflow/boolean/local" + source = "git::git@github.com:webuildyourcloud/terraform-local-boolean.git" + version = "0.1.1" + value = var.enabled +} + +data "null_data_source" "this" { + count = "module.enabled.value ? length(var.users) : 0" + + inputs { + handle = lookup(var.users[count.index], "handle") + email = lookup(var.users[count.index], "email", lookup(var.users[count.index], "handle")) + name = lookup(var.users[count.index], "name") + } +} + +resource "datadog_user" "this" { + count = "module.enabled.value ? length(var.users) : 0" + disabled = lookup(var.users[count.index], "disabled", false) + email = lookup(var.users[count.index], "email", lookup(var.users[count.index], "handle")) + handle = lookup(var.users[count.index], "handle") + is_admin = lookup(var.users[count.index], "is_admin", false) + name = lookup(var.users[count.index], "name") + role = lookup(var.users[count.index], "role", "st") +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..c28f94d --- /dev/null +++ b/outputs.tf @@ -0,0 +1,33 @@ +output "disabled" { + description = "List of user disabled status" + value = compact(concat(datadog_user.this.*.disabled, list(""))) +} + +output "ids" { + description = "List of user IDs" + value = compact(concat(datadog_user.this.*.id, list(""))) +} + +output "verified" { + description = "List of user verified status" + value = compact(concat(datadog_user.this.*.verified, list(""))) +} + +output "emails" { + description = "List of user emails" + value = compact(concat(data.null_data_source.this.*.outputs.email, list(""))) +} + +output "handles" { + description = "List of user handles" + value = compact(concat(data.null_data_source.this.*.outputs.handle, list(""))) +} + +output "names" { + description = "List of user names" + value = compact(concat(data.null_data_source.this.*.outputs.name, list(""))) +} + +output "users" { + value = "var.users" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..eacf91c --- /dev/null +++ b/variables.tf @@ -0,0 +1,43 @@ +variable "enabled" { + description = "Set to false to prevent the module from creating anything" + default = true +} + +variable "users" { + description = "List of Datadog user maps to manage" + type = list(string) +} + +variable "datadog_api_key" { + description = "The datadog API key" + type = string +} + +variable "datadog_app_key" { + description = "The datadog APP key" + type = string +} + +#variable "api_url" { +# description = "Which API to Connect to, we are using the EU one for GDPR compliance" +# type = string +# default = "https://api.datadoghq.eu" +#} +# +#variable "http_client_retry_enabled" { +# description = "Enables Request retries on HTTP status codes 429 and 5xx" +# type = bool +# default = true +#} +# +#variable "http_client_retry_timeout" { +# description = "Sets the number of HTTP request retry timeout period" +# type = string +# default = "" +#} +# +#variable "validate" { +# description = "Validates the provided APP and API keys during provider initialization" +# type = bool +# default = true +#} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..6b6318d --- /dev/null +++ b/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13" +}