From 7a682b8374d727faaf7dd7856422d238ee7e70fd Mon Sep 17 00:00:00 2001 From: William <3422794+FriedCircuits@users.noreply.github.com> Date: Thu, 10 Mar 2022 06:22:35 +0000 Subject: [PATCH] Jumpcloud user and group management module --- README.md | 3 ++ modules/jumpcloud/users-groups/README.md | 28 +++++++++++++++ modules/jumpcloud/users-groups/main.tf | 39 +++++++++++++++++++++ modules/jumpcloud/users-groups/outputs.tf | 7 ++++ modules/jumpcloud/users-groups/variables.tf | 19 ++++++++++ modules/jumpcloud/users-groups/versions.tf | 10 ++++++ 6 files changed, 106 insertions(+) create mode 100644 modules/jumpcloud/users-groups/README.md create mode 100644 modules/jumpcloud/users-groups/main.tf create mode 100644 modules/jumpcloud/users-groups/outputs.tf create mode 100644 modules/jumpcloud/users-groups/variables.tf create mode 100644 modules/jumpcloud/users-groups/versions.tf diff --git a/README.md b/README.md index f53a039..2dfdbc2 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,6 @@ Hodgepodge of Terraform modules. * K8s-At-Home - Deploy a chart from the k8s-at-home helm repo * Traefik Ingress - Creats Ingress CRDs for host based routing * Helm Chart - Deploy any helm chart + +* JumpCloud + * Users and Groups - Manage users and group membership diff --git a/modules/jumpcloud/users-groups/README.md b/modules/jumpcloud/users-groups/README.md new file mode 100644 index 0000000..5e29d02 --- /dev/null +++ b/modules/jumpcloud/users-groups/README.md @@ -0,0 +1,28 @@ +# JumpCloud User and Group Management Module + +Using the JumpCloud provider this module will create users and groups, and assign them appropriately. + + +## Users and Groups Variable Format + +```hcl +groups = ["group1", "group2"] + +users = { + user1 = { + email = "user1@example.com" + lastname = "smith" + firstname = "john" + groups = ["group1","group2"] + mfa = true + }, + user2 = { + email = "user2@example.com" + lastname = "smith" + firstname = "jane" + groups = ["group1"] + mfa = false + } + } +} +``` diff --git a/modules/jumpcloud/users-groups/main.tf b/modules/jumpcloud/users-groups/main.tf new file mode 100644 index 0000000..c618c68 --- /dev/null +++ b/modules/jumpcloud/users-groups/main.tf @@ -0,0 +1,39 @@ +provider "jumpcloud" { + org_id = var.jumpcloud_org_id + api_key = var.jumpcloud_api +} + +resource "jumpcloud_user" "users" { + for_each = var.users + + username = each.key + email = each.value["email"] + firstname = title(each.value["firstname"]) + lastname = title(each.value["lastname"]) + enable_mfa = each.value["mfa"] +} + +resource "jumpcloud_user_group" "groups" { + for_each = toset(var.groups) + name = each.value +} + +locals { + group_matrix = [ for user in keys(var.users) : + setproduct([jumpcloud_user.users[user].id], [for group in var.users[user].groups : jumpcloud_user_group.groups[group].id] ) + ] + group_flat = flatten([ + for sets in local.group_matrix : [ + for set in sets : { + user = set[0] + group = set[1] + } + ] + ]) +} + +resource "jumpcloud_user_group_membership" "members" { + for_each = { for index, set in local.group_flat: index => set } + user_id = each.value.user + group_id = each.value.group +} diff --git a/modules/jumpcloud/users-groups/outputs.tf b/modules/jumpcloud/users-groups/outputs.tf new file mode 100644 index 0000000..17825a0 --- /dev/null +++ b/modules/jumpcloud/users-groups/outputs.tf @@ -0,0 +1,7 @@ +output "groups" { + value =[for value in jumpcloud_user_group.groups : {(value.name)=value.id}] +} + +output "users" { + value = [for value in jumpcloud_user.users : {(value.username)=value.id}] +} diff --git a/modules/jumpcloud/users-groups/variables.tf b/modules/jumpcloud/users-groups/variables.tf new file mode 100644 index 0000000..3ee441f --- /dev/null +++ b/modules/jumpcloud/users-groups/variables.tf @@ -0,0 +1,19 @@ +variable "jumpcloud_org_id" { + description = "JumpCloud Orginzation ID found in the console." + type = string +} + +variable "jumpcloud_api" { + description = "JumpCloud API key found in the console." + type = string +} + +variable "groups" { + description = "Map of groups to create." + type = any +} + +variable "users" { + description = "Map of users and their groups to create." + type = any +} diff --git a/modules/jumpcloud/users-groups/versions.tf b/modules/jumpcloud/users-groups/versions.tf new file mode 100644 index 0000000..5f0d6a3 --- /dev/null +++ b/modules/jumpcloud/users-groups/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + jumpcloud = { + source = "sagewave/jumpcloud" + version = "~> 0.2" + } + } +}