feat: removed support for IAM account settings. Input variables access_groups and iam_account_settings have been removed from root level module. They can also no longer be set in the override json. Use the [terraform-ibm-iam-account-settings](https://github.com/terraform-ibm-modules/terraform-ibm-iam-account-settings) module for setting up IAM account settings. (#671)

Author: Aashiq-J

README.md

@@ -868,12 +868,6 @@ module "cluster_pattern" {
 | [ibm_container_vpc_cluster.cluster](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/container_vpc_cluster) | resource |
 | [ibm_container_vpc_worker_pool.pool](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/container_vpc_worker_pool) | resource |
 | [ibm_cos_bucket.buckets](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cos_bucket) | resource |
-| [ibm_iam_access_group.groups](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group) | resource |
-| [ibm_iam_access_group_dynamic_rule.dynamic_rules](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_dynamic_rule) | resource |
-| [ibm_iam_access_group_members.group_members](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_members) | resource |
-| [ibm_iam_access_group_policy.account_management_policies](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_policy) | resource |
-| [ibm_iam_access_group_policy.policies](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_policy) | resource |
-| [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_account_settings) | resource |
 | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
 | [ibm_is_placement_group.placement_group](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_placement_group) | resource |
 | [ibm_is_security_group.security_group](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_security_group) | resource |
@@ -905,7 +899,6 @@ module "cluster_pattern" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_access_groups"></a> [access\_groups](#input\_access\_groups) | A list of access groups to create | <pre>list(<br>    object({<br>      name        = string # Name of the group<br>      description = string # Description of group<br>      policies = list(<br>        object({<br>          name  = string       # Name of the policy<br>          roles = list(string) # list of roles for the policy<br>          resources = object({<br>            resource_group       = optional(string) # Name of the resource group the policy will apply to<br>            resource_type        = optional(string) # Name of the resource type for the policy ex. "resource-group"<br>            resource             = optional(string) # The resource of the policy definition<br>            service              = optional(string) # Name of the service type for the policy ex. "cloud-object-storage"<br>            resource_instance_id = optional(string) # ID of a service instance to give permissions<br>          })<br>        })<br>      )<br>      dynamic_policies = optional(<br>        list(<br>          object({<br>            name              = string # Dynamic group name<br>            identity_provider = string # URI for identity provider<br>            expiration        = number # How many hours authenticated users can work before refresh<br>            conditions = object({<br>              claim    = string # key value to evaluate the condition against.<br>              operator = string # The operation to perform on the claim. Supported values are EQUALS, EQUALS_IGNORE_CASE, IN, NOT_EQUALS_IGNORE_CASE, NOT_EQUALS, and CONTAINS.<br>              value    = string # Value to be compared agains<br>            })<br>          })<br>        )<br>      )<br>      account_management_policies = optional(list(string))<br>      invite_users                = optional(list(string)) # Users to invite to the access group<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_add_kms_block_storage_s2s"></a> [add\_kms\_block\_storage\_s2s](#input\_add\_kms\_block\_storage\_s2s) | Whether to create a service-to-service authorization between block storage and the key management service. | `bool` | `true` | no |
 | <a name="input_appid"></a> [appid](#input\_appid) | The App ID instance to be used for the teleport vsi deployments | <pre>object({<br>    name           = optional(string)<br>    resource_group = optional(string)<br>    use_data       = optional(bool)<br>    keys           = optional(list(string))<br>    use_appid      = bool<br>  })</pre> | <pre>{<br>  "use_appid": false<br>}</pre> | no |
 | <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br>    resource_group        = string<br>    receive_global_events = bool<br>    collector_bucket_name = string<br>    add_route             = bool<br>  })</pre> | n/a | yes |
@@ -914,7 +907,6 @@ module "cluster_pattern" {
 | <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
 | <a name="input_f5_template_data"></a> [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | <pre>object({<br>    tmos_admin_password     = optional(string)<br>    license_type            = optional(string)<br>    byol_license_basekey    = optional(string)<br>    license_host            = optional(string)<br>    license_username        = optional(string)<br>    license_password        = optional(string)<br>    license_pool            = optional(string)<br>    license_sku_keyword_1   = optional(string)<br>    license_sku_keyword_2   = optional(string)<br>    license_unit_of_measure = optional(string)<br>    do_declaration_url      = optional(string)<br>    as3_declaration_url     = optional(string)<br>    ts_declaration_url      = optional(string)<br>    phone_home_url          = optional(string)<br>    template_source         = optional(string)<br>    template_version        = optional(string)<br>    app_id                  = optional(string)<br>    tgactive_url            = optional(string)<br>    tgstandby_url           = optional(string)<br>    tgrefresh_url           = optional(string)<br>  })</pre> | <pre>{<br>  "license_type": "none"<br>}</pre> | no |
 | <a name="input_f5_vsi"></a> [f5\_vsi](#input\_f5\_vsi) | A list describing F5 VSI workloads to create | <pre>list(<br>    object({<br>      name                   = string<br>      vpc_name               = string<br>      primary_subnet_name    = string<br>      secondary_subnet_names = list(string)<br>      secondary_subnet_security_group_names = list(<br>        object({<br>          group_name     = string<br>          interface_name = string<br>        })<br>      )<br>      ssh_keys                        = list(string)<br>      f5_image_name                   = string<br>      machine_type                    = string<br>      resource_group                  = optional(string)<br>      enable_management_floating_ip   = optional(bool)<br>      enable_external_floating_ip     = optional(bool)<br>      security_groups                 = optional(list(string))<br>      boot_volume_encryption_key_name = optional(string)<br>      hostname                        = string<br>      domain                          = string<br>      access_tags                     = optional(list(string), [])<br>      security_group = optional(<br>        object({<br>          name = string<br>          rules = list(<br>            object({<br>              name      = string<br>              direction = string<br>              source    = string<br>              tcp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              udp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              icmp = optional(<br>                object({<br>                  type = number<br>                  code = number<br>                })<br>              )<br>            })<br>          )<br>        })<br>      )<br>      block_storage_volumes = optional(list(<br>        object({<br>          name           = string<br>          profile        = string<br>          capacity       = optional(number)<br>          iops           = optional(number)<br>          encryption_key = optional(string)<br>        })<br>      ))<br>      load_balancers = optional(list(<br>        object({<br>          name                    = string<br>          type                    = string<br>          listener_port           = number<br>          listener_protocol       = string<br>          connection_limit        = number<br>          algorithm               = string<br>          protocol                = string<br>          health_delay            = number<br>          health_retries          = number<br>          health_timeout          = number<br>          health_type             = string<br>          pool_member_port        = string<br>          idle_connection_timeout = optional(number)<br>          security_group = optional(<br>            object({<br>              name = string<br>              rules = list(<br>                object({<br>                  name      = string<br>                  direction = string<br>                  source    = string<br>                  tcp = optional(<br>                    object({<br>                      port_max = number<br>                      port_min = number<br>                    })<br>                  )<br>                  udp = optional(<br>                    object({<br>                      port_max = number<br>                      port_min = number<br>                    })<br>                  )<br>                  icmp = optional(<br>                    object({<br>                      type = number<br>                      code = number<br>                    })<br>                  )<br>                })<br>              )<br>            })<br>          )<br>        })<br>      ))<br>    })<br>  )</pre> | `[]` | no |
-| <a name="input_iam_account_settings"></a> [iam\_account\_settings](#input\_iam\_account\_settings) | IAM Account Settings. | <pre>object({<br>    enable                          = bool<br>    mfa                             = optional(string)<br>    allowed_ip_addresses            = optional(string)<br>    include_history                 = optional(bool)<br>    if_match                        = optional(string)<br>    max_sessions_per_identity       = optional(string)<br>    restrict_create_service_id      = optional(string)<br>    restrict_create_platform_apikey = optional(string)<br>    session_expiration_in_seconds   = optional(string)<br>    session_invalidation_in_seconds = optional(string)<br>  })</pre> | <pre>{<br>  "enable": false<br>}</pre> | no |
 | <a name="input_key_management"></a> [key\_management](#input\_key\_management) | Key Protect instance variables | <pre>object({<br>    name           = optional(string)<br>    resource_group = optional(string)<br>    use_data       = optional(bool)<br>    use_hs_crypto  = optional(bool)<br>    access_tags    = optional(list(string), [])<br>    keys = optional(<br>      list(<br>        object({<br>          name             = string<br>          root_key         = optional(bool)<br>          payload          = optional(string)<br>          key_ring         = optional(string) # Any key_ring added will be created<br>          force_delete     = optional(bool)<br>          existing_key_crn = optional(string) # CRN of an existing key in the same or different account.<br>          endpoint         = optional(string) # can be public or private<br>          iv_value         = optional(string) # (Optional, Forces new resource, String) Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.<br>          encrypted_nonce  = optional(string) # The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the ibmcloud kp import-token get command. Then, encrypt the value by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.<br>          policies = optional(<br>            object({<br>              rotation = optional(<br>                object({<br>                  interval_month = number<br>                })<br>              )<br>              dual_auth_delete = optional(<br>                object({<br>                  enabled = bool<br>                })<br>              )<br>            })<br>          )<br>        })<br>      )<br>    )<br>  })</pre> | n/a | yes |
 | <a name="input_network_cidr"></a> [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | n/a | yes |

dynamic_values.tf

@@ -23,7 +23,6 @@ module "dynamic_values" {
   vpn_gateways              = var.vpn_gateways
   security_groups           = var.security_groups
   bastion_vsi               = var.teleport_vsi
-  access_groups             = var.access_groups
   appid                     = var.appid
   appid_resource            = ibm_resource_instance.appid
   appid_data                = data.ibm_resource_instance.appid

dynamic_values/iam.tf

@@ -122,37 +122,6 @@ output "vpn_gateway_map" {
 ##############################################################################
 
 
-##############################################################################
-# IAM Outputs
-##############################################################################
-
-output "access_groups_object" {
-  description = "Convert access group list to map"
-  value       = module.access_group_object.value
-}
-
-output "access_policies" {
-  description = "Map of access policies"
-  value       = module.access_policies.value
-}
-
-output "dynamic_rules" {
-  description = "Map of dynamic rules"
-  value       = module.dynamic_rules.value
-}
-
-output "account_management_map" {
-  description = "Map of account management policies by group"
-  value       = module.account_management_map.value
-}
-
-output "access_groups_with_invites" {
-  description = "map of access groups with invite users"
-  value       = module.account_management_map.value
-}
-
-##############################################################################
-
 ##############################################################################
 # Bastion VSI Outputs
 ##############################################################################

dynamic_values/outputs.tf

@@ -130,16 +130,6 @@ variable "vpn_gateways" {
 
 ##############################################################################
 
-##############################################################################
-# Access Groups
-##############################################################################
-
-variable "access_groups" {
-  description = "Direct reference to access_groups"
-}
-
-##############################################################################
-
 ##############################################################################
 # Bastion VSI Variables
 ##############################################################################