Feat: Update branch by pulling from master and dynamic value section. (…

…#18) * [issue/389]updated the main.tf * fix: fix identity poll passing with full list issue * test: update admin user config to fix x-check static value * feat: add dynamic email message * feat: use shared github action for readme creation on master --------- Co-authored-by: Anmol Nagpal <anmol@clouddrove.com>
clouddrove · Feb 13, 2024 · 9b05397 · 9b05397
1 parent 2fbc9ff
commit 9b05397
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 57 deletions.
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -3,51 +3,12 @@ on:
   push:
     branches:
       - master
+    paths-ignore:
+      - 'README.md'
 
 jobs:
   readme-create:
-    name: 'readme-create'
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
-
-      - name: 'Set up Python 3.7'
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.x'
-
-      - name: 'create readme'
-        uses: 'clouddrove/github-actions@9.0.3'
-        with:
-          actions_subcommand: 'readme'
-          github_token: '${{ secrets.GITHUB }}'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: 'pre-commit check errors'
-        uses: pre-commit/action@v3.0.0
-        continue-on-error: true
-
-      - name: 'pre-commit fix erros'
-        uses: pre-commit/action@v3.0.0
-        continue-on-error: true
-
-      - name: 'push readme'
-        uses: 'clouddrove/github-actions@9.0.3'
-        continue-on-error: true
-        with:
-          actions_subcommand: 'push'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
-        with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+    uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@1.2.1
+    secrets:
+      TOKEN: ${{ secrets.GITHUB }}
+      SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}
diff --git a/main.tf b/main.tf
@@ -10,6 +10,7 @@ module "labels" {
   source  = "clouddrove/labels/aws"
   version = "1.3.0"
 
+  enabled     = var.enabled
   name        = var.name
   environment = var.environment
   managedby   = var.managedby
@@ -44,7 +45,7 @@ data "aws_iam_policy_document" "authenticated_assume" {
       variable = "cognito-identity.amazonaws.com:aud"
 
       values = [
-        aws_cognito_identity_pool.identity_pool[*].id[0],
+        aws_cognito_identity_pool.identity_pool[0].id,
       ]
     }
     condition {
@@ -93,7 +94,7 @@ data "aws_iam_policy_document" "unauthenticated_assume" {
       variable = "cognito-identity.amazonaws.com:aud"
 
       values = [
-        aws_cognito_identity_pool.identity_pool[*].id[0],
+        aws_cognito_identity_pool.identity_pool[0].id,
       ]
     }
     condition {
@@ -117,7 +118,7 @@ data "aws_iam_policy_document" "unauthenticated" {
 
 resource "aws_cognito_identity_pool_roles_attachment" "identity_pool" {
   count            = var.enabled ? 1 : 0
-  identity_pool_id = aws_cognito_identity_pool.identity_pool[*].id[0]
+  identity_pool_id = aws_cognito_identity_pool.identity_pool[0].id
   roles = {
     "authenticated"   = module.auth-role.arn
     "unauthenticated" = module.unauth-role.arn
@@ -154,7 +155,7 @@ resource "aws_cognito_user_pool" "user_pool" {
   admin_create_user_config {
     allow_admin_create_user_only = true
     invite_message_template {
-      email_message = <<EOF
+      email_message = var.email_message != "" ? var.email_message : <<EOF
         Hi,
         <p>
         A new account for <strong>${var.name}</strong> has been created for you.
@@ -291,7 +292,7 @@ resource "aws_cognito_user_pool_client" "client" {
   prevent_user_existence_errors        = lookup(element(local.clients, count.index), "prevent_user_existence_errors", null)
   write_attributes                     = lookup(element(local.clients, count.index), "write_attributes", null)
   enable_token_revocation              = lookup(element(local.clients, count.index), "enable_token_revocation", null)
-  user_pool_id                         = aws_cognito_user_pool.user_pool[*].id[0]
+  user_pool_id                         = aws_cognito_user_pool.user_pool[0].id
 
   # token_validity_units
   dynamic "token_validity_units" {
@@ -361,7 +362,7 @@ resource "aws_cognito_user_pool_domain" "domain" {
   count           = !var.enabled || var.domain == null || var.domain == "" ? 0 : 1
   domain          = var.domain
   certificate_arn = var.domain_certificate_arn
-  user_pool_id    = aws_cognito_user_pool.user_pool[*].id[0]
+  user_pool_id    = aws_cognito_user_pool.user_pool[0].id
 }
 
 resource "aws_cognito_identity_pool" "identity_pool" {
@@ -380,7 +381,7 @@ resource "aws_cognito_user_group" "main" {
   description  = lookup(element(local.groups, count.index), "description")
   precedence   = lookup(element(local.groups, count.index), "precedence")
   role_arn     = lookup(element(local.groups, count.index), "role_arn")
-  user_pool_id = aws_cognito_user_pool.user_pool[*].id[0]
+  user_pool_id = aws_cognito_user_pool.user_pool[0].id
 }
 
 locals {
@@ -412,7 +413,7 @@ locals {
 resource "aws_cognito_user" "users" {
   for_each = var.users
 
-  user_pool_id             = aws_cognito_user_pool.user_pool[*].id[0]
+  user_pool_id             = aws_cognito_user_pool.user_pool[0].id
   username                 = each.value.email
   desired_delivery_mediums = var.desired_delivery_mediums
 
@@ -447,5 +448,5 @@ resource "aws_cognito_resource_server" "resource_servers" {
     }
   }
 
-  user_pool_id = aws_cognito_user_pool.user_pool[*].id[0]
+  user_pool_id = aws_cognito_user_pool.user_pool[0].id
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,15 +1,15 @@
 output "user_pool_id" {
-  value       = aws_cognito_user_pool.user_pool[*].id[0]
+  value       = try(aws_cognito_user_pool.user_pool[0].id, null)
   description = "(Required) User pool the client belongs to."
 }
 
 output "name" {
-  value       = aws_cognito_user_pool.user_pool[*].name[0]
+  value       = try(aws_cognito_user_pool.user_pool[0].name, null)
   description = "(Required) Name of the application client."
 }
 
 output "app_client_id" {
-  value       = aws_cognito_user_pool_client.client[*].id[0]
+  value       = try(aws_cognito_user_pool_client.client[0].id, null)
   description = "ID of the user pool client."
 }
 

diff --git a/variables.tf b/variables.tf
@@ -87,6 +87,11 @@ variable "case_sensitive" {
   description = "Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs."
 }
 
+variable "email_message" {
+  type    = string
+  default = ""
+}
+
 ################################################
 ## Admin Create USer
 ################################################