updating CloudWatchMetrics module to add condition for IAM role create.

Author: sourabh

aws/cloudwatchmetrics/README.md

@@ -30,7 +30,7 @@ This module is used to create the SumoLogic AWS CloudWatch metrics source. Featu
 |------|-------------|------|---------|:--------:|
 | collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic CloudWatch Metrics Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS Cloudwatch metrics module to collect AWS cloudwatch metrics.",<br>  "fields": {}<br>}</pre> | no |
 | create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
-| source\_details | Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    collector_id        = string<br>    description         = string<br>    limit_to_regions    = list(string)<br>    limit_to_namespaces = list(string)<br>    paused              = bool<br>    scan_interval       = number<br>    sumo_account_id     = number<br>    fields              = map(string)<br>    iam_role_arn        = string<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS CloudWatch Metrics module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "iam_role_arn": "",<br>  "limit_to_namespaces": [],<br>  "limit_to_regions": [],<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "source_category": "Labs/aws/cloudwatch/metrics",<br>  "source_name": "CloudWatch Metrics Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| source\_details | Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    collector_id        = string<br>    description         = string<br>    limit_to_regions    = list(string)<br>    limit_to_namespaces = list(string)<br>    paused              = bool<br>    scan_interval       = number<br>    sumo_account_id     = number<br>    fields              = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS CloudWatch Metrics module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "limit_to_namespaces": [],<br>  "limit_to_regions": [],<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "source_category": "Labs/aws/cloudwatch/metrics",<br>  "source_name": "CloudWatch Metrics Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
 | sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
 
 ## Outputs

aws/cloudwatchmetrics/cloudwatchmetrics.tf

@@ -9,7 +9,7 @@ resource "random_string" "aws_random" {
 }
 
 resource "aws_iam_role" "source_iam_role" {
-  for_each = toset(local.create_iam_role ? ["source_iam_role"] : [])
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
 
   name = "SumoLogic-CloudWatch-Metrics-Module-${random_string.aws_random.id}"
   path = "/"
@@ -24,7 +24,7 @@ resource "aws_iam_role" "source_iam_role" {
 }
 
 resource "aws_iam_policy" "iam_policy" {
-  for_each = toset(local.create_iam_role ? ["iam_policy"] : [])
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["iam_policy"] : [])
 
   name   = "SumoLogicCloudWatchMetricsSource-${random_string.aws_random.id}"
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
@@ -57,7 +57,7 @@ resource "sumologic_cloudwatch_source" "cloudwatch_metrics_sources" {
 
   authentication {
     type     = "AWSRoleBasedAuthentication"
-    role_arn = local.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.source_details.iam_role_arn
+    role_arn = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.source_details.iam_details.iam_role_arn
   }
 
   path {

aws/cloudwatchmetrics/locals.tf

@@ -3,6 +3,4 @@ locals {
   # Get the default collector name if no collector name is provided.
   collector_name = var.collector_details.collector_name == "SumoLogic CloudWatch Metrics Collector <Random ID>" ? "SumoLogic CloudWatch Metrics Collector ${random_string.aws_random.id}" : var.collector_details.collector_name
 
-  # Create IAM role condition if no IAM ROLE ARN is provided.
-  create_iam_role = var.source_details.iam_role_arn != "" ? false : true
 }

aws/cloudwatchmetrics/outputs.tf

@@ -4,7 +4,7 @@ output "random_string" {
 }
 
 output "aws_iam_role" {
-  value       = local.create_iam_role ? aws_iam_role.source_iam_role : {}
+  value       = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role : {}
   description = "AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket."
 }
 

aws/cloudwatchmetrics/variables.tf

@@ -29,7 +29,10 @@ variable "source_details" {
     scan_interval       = number
     sumo_account_id     = number
     fields              = map(string)
-    iam_role_arn        = string
+    iam_details = object({
+      create_iam_role = bool
+      iam_role_arn    = string
+    })
   })
   description = "Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used."
   default = {
@@ -43,7 +46,10 @@ variable "source_details" {
     paused              = false
     sumo_account_id     = 926226587429
     fields              = {}
-    iam_role_arn        = ""
+    iam_details = {
+      create_iam_role = true
+      iam_role_arn    = null
+    }
   }
 }
 

terratest/aws/cloudwatchmetrics/cloudwatchmetrics_test.go

@@ -55,7 +55,10 @@ func TestWithDefaultValues(t *testing.T) {
 			},
 			"sumo_account_id": "926226587429",
 			"collector_id":    "",
-			"iam_role_arn":    "",
+			"iam_details": map[string]interface{}{
+				"create_iam_role": true,
+				"iam_role_arn":    nil,
+			},
 		},
 	}
 
@@ -115,7 +118,10 @@ func TestWithExistingValues(t *testing.T) {
 			},
 			"sumo_account_id": "926226587429",
 			"collector_id":    COLLECTOR_ID,
-			"iam_role_arn":    IAM_ROLE,
+			"iam_details": map[string]interface{}{
+				"create_iam_role": false,
+				"iam_role_arn":    IAM_ROLE,
+			},
 		},
 	}
 
@@ -167,7 +173,10 @@ func TestUpdates(t *testing.T) {
 			},
 			"sumo_account_id": "926226587429",
 			"collector_id":    "",
-			"iam_role_arn":    "",
+			"iam_details": map[string]interface{}{
+				"create_iam_role": false,
+				"iam_role_arn":    nil,
+			},
 		},
 	}
 
@@ -202,7 +211,10 @@ func TestUpdates(t *testing.T) {
 			},
 			"sumo_account_id": "926226587429",
 			"collector_id":    "",
-			"iam_role_arn":    "",
+			"iam_details": map[string]interface{}{
+				"create_iam_role": false,
+				"iam_role_arn":    nil,
+			},
 		},
 	}
 
@@ -230,7 +242,10 @@ func TestUpdates(t *testing.T) {
 			},
 			"sumo_account_id": "926226587429",
 			"collector_id":    COLLECTOR_ID,
-			"iam_role_arn":    "",
+			"iam_details": map[string]interface{}{
+				"create_iam_role": false,
+				"iam_role_arn":    nil,
+			},
 		},
 	}