.terraform.lock.hcl

@@ -1,23 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/datadog/datadog" {
-  version     = "3.2.0"
-  constraints = "3.2.0"
-  hashes = [
-    "h1:nfbkvIrUHhsI0cx7IfYDdwdn+C7nBaDvqp3lsZ2BcQw=",
-    "zh:0973526974954263941cc4bc4a4bbd5a56726c09ebd118a513b0106d2164863d",
-    "zh:0e89a0254f65951da832f73822592c46758e168a1ea3f7fa7eb6c79fe1e13a5d",
-    "zh:35145207a6b585e51775079eb6c114d7d555c4f8a928361915374cb28b2cbe46",
-    "zh:3fdf4e1d184fbad0aed31e851cd8465d9be9e7481fcfcd1b5c0da7a1eb582048",
-    "zh:42dfbf4ecd8779346fa4764ce9db99b993fe3c8aefb6eea32d293f9a0bc5cab0",
-    "zh:4e172436bdcbfb2e41fa43a58bc89a1d1e47178e7011d99ff87885c65ef3966c",
-    "zh:72d77a750399ec7ff51c38894d54e54c178f16aab726b36caf0094501124f918",
-    "zh:72e112c8d008418f40677533e855a8b79061892fb42b8296ea69e8246d6205f9",
-    "zh:753d154fb6fb32f064469d3a2e2c657b7d8d19c674189480dae2d2f3b93d524b",
-    "zh:b8dfdcc4402856c043a08e4befe39b042203d616ffb370b54c64a7b3def6ca55",
-    "zh:be523a10cb95220cb52375ac71e03d8f0f48b0d8f3534075aa22d37b5d335d86",
-    "zh:eb9f11a30d9303b422eea27b5d11a716a290c81b8c09e5457292fb378386f66c",
-    "zh:fce91b84c90ce97b7acc6e4ec2cb6f9f4518ae070e00d7ca8973edd585d0ea14",
-  ]
-}

README.md

@@ -1,179 +1,47 @@
-# Terraform Datadog Users Module
+[![CircleCI](https://circleci.com/gh/devops-workflow/terraform-datadog-users.svg?style=svg)](https://circleci.com/gh/devops-workflow/terraform-datadog-users)
 
-## Overview
+terraform-datadog-users
+=======================
 
-This Terraform module manages individual Datadog user accounts with role-based access control, supporting both standard users and administrators.
+Terraform module for managing Datadog users
-
-## Features
-
-- **Role-Based Access**: Standard users vs. administrators
-- **Conditional Creation**: Admin flag determines user type
-- **Data Source Lookups**: Fetches role IDs from Datadog
-- **Reusable Module**: Easy user provisioning via module calls
-
-## Resources Created
-
-- `datadog_user` (add_datadog_user): Standard user with sl-techops-role
-- `datadog_user` (add_datadog_admin_user): Admin user with Datadog Admin Role
-
-## Data Sources
-
-The module queries Datadog for available roles:
-- Standard Role
-- Datadog Admin Role
-- sl-techops-role (custom role)
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| terraform | >= 0.12 |
-| datadog | >= 3.2.0 |
-
-## Usage
-
-### Create Standard User
 
 ```hcl
-module "standard_user" {
+module "datadog-users" {
-  source = "./terraform-datadog-users"
+  source  = "devops-workflow/users/datadog"
+  version = "1.0.0"
 
-  admin           = false
+  users = [
-  name            = "John Doe"
+    {
-  email           = "john.doe@example.com"
+      name   = "user1"
-  handle          = "john.doe@example.com"
+      handle = "user1@example.com"
-  roles           = "normal"
+    },
-  datadog_api_key = var.datadog_api_key
+    {
-  datadog_app_key = var.datadog_app_key
+      name     = "admin1"
+      handle   = "admin1@example.com"
+      admin    = "true"
+      disabled = "false"
+    },
+    {
+      name     = "dis1"
+      handle   = "dis1@example.com"
+      email    = "disy1@example.com"
+      disabled = "true"
+      role     = "ro"
+    },
+  ]
 }
 ```
 
-### Create Admin User
+User data structure is a list of maps.
 
-```hcl
+#### User field mappings
-module "admin_user" {
-  source = "./terraform-datadog-users"
 
-  admin           = true
+| User Field |  Default  | Datadog Provider Field | Description |
-  name            = "Jane Admin"
+|:-----------|:---------:|:-----------------------|:------------|
-  email           = "jane.admin@example.com"
+| admin      | `false`   | is_admin  | Make user an admin? |
-  handle          = "jane.admin@example.com"
+| disabled   | `false`   | disabled  | Disable user |
-  roles           = "admin"
+| email      | `handle`  | email     | User email. Needed when user's email changed after account creation. Will default to `handle` if not provided |
-  datadog_api_key = var.datadog_api_key
+| handle     | __REQUIRED__ | handle | email handle of user |
-  datadog_app_key = var.datadog_app_key
+| name       | __REQUIRED__ | name   | User name |
-}
+| role       | `st`      | role      | User role. Options are `st` standard, `adm` admin, `ro` read-only |
-```
+# terraform-datadog-users
-
-## Inputs
-
-| Name | Description | Type | Required | Default |
-|------|-------------|------|----------|---------|
-| `admin` | Is user an admin? | `bool` | no | `false` |
-| `name` | Full name of user | `string` | no | `""` |
-| `email` | Email address | `string` | no | `""` |
-| `handle` | Handle/username | `string` | no | `""` |
-| `roles` | Role assignment | `string` | no | `"normal"` |
-| `datadog_api_key` | Datadog API key | `string` | yes | - |
-| `datadog_app_key` | Datadog APP key | `string` | yes | - |
-
-## Outputs
-
-Currently, all outputs are commented out. No outputs are exported.
-
-## Role Types
-
-### Standard User (admin = false)
-
-- **Role**: sl-techops-role
-- **Permissions**: Limited read/write access
-- **Use Case**: Regular team members, developers, operators
-
-### Admin User (admin = true)
-
-- **Role**: Datadog Admin Role
-- **Permissions**: Full access to all Datadog features
-- **Use Case**: Platform administrators, team leads
-
-## Conditional Resource Creation
-
-The module uses conditional `count` to create only one user type:
-- If `admin = false`: Creates standard user
-- If `admin = true`: Creates admin user
-
-This ensures clean resource management and prevents duplicate user creation.
-
-## Data Source Usage
-
-The module uses data sources to lookup role IDs:
-```hcl
-data "datadog_role" "standard_role" {
-  filter = "Datadog Standard Role"
-}
-
-data "datadog_role" "admin_role" {
-  filter = "Datadog Admin Role"
-}
-
-data "datadog_role" "techops_role" {
-  filter = "sl-techops-role"
-}
-```
-
-## Best Practices
-
-1. **Email as Handle**: Use email address as handle for consistency
-2. **Role Selection**: Choose appropriate role based on user responsibilities
-3. **Module Calls**: Use module calls for each user (see terraform-datadog-users-sanoma)
-4. **Centralized Management**: Keep all user definitions in one place
-
-## Example: Multiple Users
-
-```hcl
-module "user_1" {
-  source = "./terraform-datadog-users"
-  admin  = false
-  name   = "Alice Developer"
-  email  = "alice@example.com"
-  handle = "alice@example.com"
-}
-
-module "user_2" {
-  source = "./terraform-datadog-users"
-  admin  = true
-  name   = "Bob Admin"
-  email  = "bob@example.com"
-  handle = "bob@example.com"
-}
-```
-
-## Notes
-
-- The handle field typically should match the email address
-- Custom roles (like sl-techops-role) must exist in Datadog before use
-- Role data sources fetch IDs dynamically at plan/apply time
-- Outputs are currently disabled (commented out in outputs.tf)
-- Module supports only two role tiers: standard and admin
-
-## Limitations
-
-- Fixed role assignments (standard vs admin only)
-- No support for custom role assignment beyond sl-techops-role
-- No team or group assignments
-- Outputs are not available (commented out)
-
-## Future Enhancements
-
-Potential improvements:
-- Support for multiple custom roles
-- Team assignments
-- Group memberships
-- User permissions customization
-- Output user IDs and metadata
-
-## License
-
-Internal use only - Sanoma/WeBuildYourCloud
-
-## Authors
-
-Created and maintained by the Platform Engineering team.

main.tf

@@ -3,7 +3,7 @@ locals {
   #handle = var.handle
   name   = var.name
   roles  = var.roles
-  admin  = var.admin
+  #admin  = var.admin
 }
 
 data "datadog_role" "standard_role" {
@@ -11,37 +11,37 @@ data "datadog_role" "standard_role" {
 }
 
 data "datadog_role" "admin_role" {
-  count  = var.admin ? 1 : 0
   filter = "Datadog Admin Role"
 }
 
-#data "datadog_role" "readonly_role" {
+data "datadog_role" "readonly_role" {
-#  count  = var.admin ? 0 : 1
+  filter = "Datadog Read Only Role"
-#  filter = "Datadog Read Only Role"
+}
-#}
 
 data "datadog_role" "sl-techops-role" {
-  count  = var.admin ? 0 : 1
   filter = "sl-techops-role"
 }
+resource "datadog_user" "add_datadog_user" {
+  email  = local.email
+  #handle = local.handle
+  name   = local.name
+  #admin  = local.admin
+  roles  = [data.datadog_role.sl-techops-role.id]
+}
 
-#resource "datadog_user" "add_datadog_user" {
+#resource "datadog_user" "add_datadog_admin_user" {
 #  email  = local.email
+#  #handle = local.handle
 #  name   = local.name
-#  roles  = [data.datadog_role.sl-techops-role.id]
+#  #admin  = local.admin
+#  roles  = [data.datadog_role.admin_role.id]
 #}
 
-resource "datadog_user" "add_datadog_user" {
-  count  = var.admin ? 0 : 1
-  email  = local.email
-  name   = local.name
-  roles  = [data.datadog_role.sl-techops-role[0].id]
-}
-
-resource "datadog_user" "add_datadog_admin_user" {
-  count  = var.admin ? 1 : 0
-  email  = local.email
-  name   = local.name
-  roles  = [data.datadog_role.admin_role[0].id]
-}
 
+#resource "datadog_user" "add_datadog_standard_user" {
+#  email  = local.email
+#  #handle = local.handle
+#  name   = local.name
+#  #admin  = local.admin
+#  roles  = [data.datadog_role.standard_role.id]
+#}