updating rootcause for iam role condition

Author: sourabh

aws/rootcause/README.md

@@ -28,11 +28,11 @@ This module is used to create the SumoLogic AWS RootCause sources. Features incl
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| aws\_iam\_role\_arn | Provide an existing AWS IAM role ARN value to attach to Sumo Logic sources. If this is kept empty, a new IAM role will be created. | `string` | `""` | no |
 | collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic RootCause Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS Root Cause module.",<br>  "fields": {}<br>}</pre> | no |
 | create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
 | create\_inventory\_source | Provide "true" if you would like to create the Sumo Logic AWS Inventory source. | `bool` | n/a | yes |
 | create\_xray\_source | Provide "true" if you would like to create the Sumo Logic AWS Xray source. | `bool` | n/a | yes |
+| iam\_details | Provide an existing AWS IAM role ARN value to attach to Sumo Logic sources. If this is kept empty, a new IAM role will be created. | <pre>object({<br>    create_iam_role = bool<br>    iam_role_arn    = string<br>  })</pre> | <pre>{<br>  "create_iam_role": true,<br>  "iam_role_arn": null<br>}</pre> | no |
 | inventory\_source\_details | Provide details for the Sumo Logic AWS Inventory source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    collector_id        = string<br>    description         = string<br>    limit_to_regions    = list(string)<br>    limit_to_namespaces = list(string)<br>    paused              = bool<br>    scan_interval       = number<br>    sumo_account_id     = number<br>    fields              = map(string)<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS RootCause module to collect AWS inventory metadata.",<br>  "fields": {},<br>  "limit_to_namespaces": [],<br>  "limit_to_regions": [],<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "source_category": "Labs/inventory",<br>  "source_name": "Inventory Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
 | sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
 | xray\_source\_details | Provide details for the Sumo Logic AWS XRAY source. If not provided, then defaults will be used. | <pre>object({<br>    source_name      = string<br>    source_category  = string<br>    collector_id     = string<br>    description      = string<br>    limit_to_regions = list(string)<br>    paused           = bool<br>    scan_interval    = number<br>    sumo_account_id  = number<br>    fields           = map(string)<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS RootCause module to collect AWS Xray metrics.",<br>  "fields": {},<br>  "limit_to_regions": [],<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "source_category": "Labs/xray",<br>  "source_name": "Xray Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |

aws/rootcause/locals.tf

@@ -7,9 +7,6 @@ locals {
   # Get the default collector name if no collector name is provided.
   collector_name = var.collector_details.collector_name == "SumoLogic RootCause Collector <Random ID>" ? "SumoLogic RootCause Collector ${random_string.aws_random.id}" : var.collector_details.collector_name
 
-  # Create IAM role condition if no IAM ROLE ARN is provided.
-  create_iam_role = var.aws_iam_role_arn != "" ? false : true
-
   # Create inventory source
   create_inventory_source = var.create_inventory_source
 

aws/rootcause/outputs.tf

@@ -4,7 +4,7 @@ output "random_string" {
 }
 
 output "aws_iam_role" {
-  value       = local.create_iam_role ? aws_iam_role.source_iam_role : {}
+  value       = var.iam_details.create_iam_role ? aws_iam_role.source_iam_role : {}
   description = "AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket."
 }
 

aws/rootcause/rootcause.tf

@@ -9,7 +9,7 @@ resource "random_string" "aws_random" {
 }
 
 resource "aws_iam_role" "source_iam_role" {
-  for_each = toset(local.create_iam_role ? ["source_iam_role"] : [])
+  for_each = toset(var.iam_details.create_iam_role ? ["source_iam_role"] : [])
 
   name = "SumoLogic-RootCause-Module-${random_string.aws_random.id}"
   path = "/"
@@ -24,7 +24,7 @@ resource "aws_iam_role" "source_iam_role" {
 }
 
 resource "aws_iam_policy" "iam_policy" {
-  for_each = toset(local.create_iam_role ? ["iam_policy"] : [])
+  for_each = toset(var.iam_details.create_iam_role ? ["iam_policy"] : [])
 
   name   = "SumoLogicCloudWatchMetricsSource-${random_string.aws_random.id}"
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
@@ -58,7 +58,7 @@ resource "sumologic_aws_inventory_source" "aws_inventory_source" {
 
   authentication {
     type     = "AWSRoleBasedAuthentication"
-    role_arn = local.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.aws_iam_role_arn
+    role_arn = var.iam_details.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.iam_details.iam_role_arn
   }
 
   path {
@@ -84,7 +84,7 @@ resource "sumologic_aws_xray_source" "aws_xray_source" {
 
   authentication {
     type     = "AWSRoleBasedAuthentication"
-    role_arn = local.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.aws_iam_role_arn
+    role_arn = var.iam_details.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.iam_details.iam_role_arn
   }
 
   path {

aws/rootcause/variables.tf

@@ -91,8 +91,14 @@ variable "sumologic_organization_id" {
   }
 }
 
-variable "aws_iam_role_arn" {
-  type        = string
+variable "iam_details" {
+  type = object({
+    create_iam_role = bool
+    iam_role_arn    = string
+  })
   description = "Provide an existing AWS IAM role ARN value to attach to Sumo Logic sources. If this is kept empty, a new IAM role will be created."
-  default     = ""
+  default = {
+    create_iam_role = true
+    iam_role_arn    = null
+  }
 }

terratest/aws/rootcause/rootcause_test.go

@@ -185,7 +185,10 @@ func TestWithExistingValues(t *testing.T) {
 			"paused":           false,
 			"scan_interval":    60000,
 		},
-		"aws_iam_role_arn": IAM_ROLE,
+		"iam_details": map[string]interface{}{
+			"create_iam_role": false,
+			"iam_role_arn":    IAM_ROLE,
+		},
 	}
 
 	options, count := SetUpTest(t, vars, aws_region)