updating kinesisfirehoseformetrics for IAM role conditions.

Author: sourabh

aws/kinesisfirehoseformetrics/README.md

@@ -33,7 +33,7 @@ This module is used to create the SumoLogic AWS Kinesis Firehose for Metrics sou
 | collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic Kinesis Firehose for Metrics Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS Kinesis Firehose for metrics module to collect AWS cloudwatch metrics.",<br>  "fields": {}<br>}</pre> | no |
 | create\_bucket | Provide "true" if you would like to create AWS S3 bucket to store failed logs. Provide "bucket\_details" if set to "false". | `bool` | `true` | no |
 | create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
-| source\_details | Provide details for the Sumo Logic Kinesis Firehose for Metrics source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    collector_id        = string<br>    description         = string<br>    sumo_account_id     = number<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>    iam_role_arn        = string<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS Kinesis Firehose for metrics module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "iam_role_arn": "",<br>  "limit_to_namespaces": [],<br>  "source_category": "Labs/aws/cloudwatch/metrics",<br>  "source_name": "Kinesis Firehose for Metrics Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| source\_details | Provide details for the Sumo Logic Kinesis Firehose for Metrics source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    collector_id        = string<br>    description         = string<br>    sumo_account_id     = number<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS Kinesis Firehose for metrics module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "limit_to_namespaces": [],<br>  "source_category": "Labs/aws/cloudwatch/metrics",<br>  "source_name": "Kinesis Firehose for Metrics Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
 | sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
 
 ## Outputs

aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics.tf

@@ -145,7 +145,7 @@ resource "aws_cloudwatch_metric_stream" "metric_stream" {
 }
 
 resource "aws_iam_role" "source_iam_role" {
-  for_each = toset(local.create_iam_role ? ["source_iam_role"] : [])
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
 
   name = "SumoLogic-Kinesis-firehose-Metrics-Module-${random_string.aws_random.id}"
   path = "/"
@@ -161,7 +161,7 @@ resource "aws_iam_role" "source_iam_role" {
 }
 
 resource "aws_iam_policy" "iam_policy" {
-  for_each = toset(local.create_iam_role ? ["iam_policy"] : [])
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["iam_policy"] : [])
 
   name   = "SumoLogicCloudWatchMetricsSource-${random_string.aws_random.id}"
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
@@ -192,7 +192,7 @@ resource "sumologic_kinesis_metrics_source" "source" {
 
   authentication {
     type     = "AWSRoleBasedAuthentication"
-    role_arn = local.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.source_details.iam_role_arn
+    role_arn = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.source_details.iam_details.iam_role_arn
   }
 
   path {

aws/kinesisfirehoseformetrics/locals.tf

@@ -41,7 +41,4 @@ locals {
 
   # Get the default collector name if no collector name is provided.
   collector_name = var.collector_details.collector_name == "SumoLogic Kinesis Firehose for Metrics Collector <Random ID>" ? "SumoLogic Kinesis Firehose for Metrics Collector ${random_string.aws_random.id}" : var.collector_details.collector_name
-
-  # Create IAM role condition if no IAM ROLE ARN is provided.
-  create_iam_role = var.source_details.iam_role_arn != "" ? false : true
 }

aws/kinesisfirehoseformetrics/outputs.tf

@@ -19,7 +19,7 @@ output "aws_cloudwatch_log_stream" {
 }
 
 output "source_aws_iam_role" {
-  value       = local.create_iam_role ? aws_iam_role.source_iam_role : {}
+  value       = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role : {}
   description = "AWS IAM role with permission to setup Sumo Logic permissions."
 }
 

aws/kinesisfirehoseformetrics/variables.tf

@@ -44,7 +44,10 @@ variable "source_details" {
     sumo_account_id     = number
     limit_to_namespaces = list(string)
     fields              = map(string)
-    iam_role_arn        = string
+    iam_details = object({
+      create_iam_role = bool
+      iam_role_arn    = string
+    })
   })
   description = "Provide details for the Sumo Logic Kinesis Firehose for Metrics source. If not provided, then defaults will be used."
   default = {
@@ -55,7 +58,10 @@ variable "source_details" {
     sumo_account_id     = 926226587429
     limit_to_namespaces = []
     fields              = {}
-    iam_role_arn        = ""
+    iam_details = {
+      create_iam_role = true
+      iam_role_arn    = null
+    }
   }
 }
 

terratest/aws/cloudwatchmetrics/cloudwatchmetrics_test.go

@@ -174,7 +174,7 @@ func TestUpdates(t *testing.T) {
 			"sumo_account_id": "926226587429",
 			"collector_id":    "",
 			"iam_details": map[string]interface{}{
-				"create_iam_role": false,
+				"create_iam_role": true,
 				"iam_role_arn":    nil,
 			},
 		},
@@ -212,7 +212,7 @@ func TestUpdates(t *testing.T) {
 			"sumo_account_id": "926226587429",
 			"collector_id":    "",
 			"iam_details": map[string]interface{}{
-				"create_iam_role": false,
+				"create_iam_role": true,
 				"iam_role_arn":    nil,
 			},
 		},
@@ -243,7 +243,7 @@ func TestUpdates(t *testing.T) {
 			"sumo_account_id": "926226587429",
 			"collector_id":    COLLECTOR_ID,
 			"iam_details": map[string]interface{}{
-				"create_iam_role": false,
+				"create_iam_role": true,
 				"iam_role_arn":    nil,
 			},
 		},

terratest/aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics_test.go

@@ -95,7 +95,10 @@ func TestWithExistingValues(t *testing.T) {
 			},
 			"sumo_account_id":     "926226587429",
 			"limit_to_namespaces": []string{"AWS/SNS", "AWS/SQS", "AWS/Events", "AWS/Lambda", "AWS/Logs", "AWS/S3", "AWS/Firehose"},
-			"iam_role_arn":        IAM_ROLE,
+			"iam_details": map[string]interface{}{
+				"create_iam_role": false,
+				"iam_role_arn":    IAM_ROLE,
+			},
 		},
 		"sumologic_organization_id": common.SumologicOrganizationId,
 	}
@@ -194,7 +197,10 @@ func TestUpdates(t *testing.T) {
 			},
 			"sumo_account_id":     "926226587429",
 			"limit_to_namespaces": []string{"AWS/SNS", "AWS/SQS", "AWS/Events"},
-			"iam_role_arn":        "",
+			"iam_details": map[string]interface{}{
+				"create_iam_role": true,
+				"iam_role_arn":    nil,
+			},
 		},
 		"sumologic_organization_id": common.SumologicOrganizationId,
 	}