fix

aws-ia · Jun 6, 2024 · e62cc55 · e62cc55
1 parent a6fa6c6
commit e62cc55
Showing 1 changed file with 2 additions and 13 deletions.
diff --git a/locals.tf b/locals.tf
@@ -134,6 +134,7 @@ locals {
     for s in local.flatten_account_assignment_data : format("Type:%s__Principal:%s__Permission:%s__Account:%s", s.principal_type, s.principal_name, s.permission_set, s.account_id) => s
   }
 
+  # List of permission sets, groups, and users that defined in this module
   this_permission_sets = keys(var.permission_sets)
   this_groups = [
     for group in var.sso_groups : group.group_name
@@ -142,27 +143,15 @@ locals {
     for user in var.sso_users : user.user_name
   ]
 
-  // Permission sets created from other than this module.
+  # For reference to resources that already exist in AWS
   existing_permission_sets = distinct([
     for pset in local.principals_and_their_account_assignments : pset.permission_set if !contains(local.this_permission_sets, pset.permission_set)
   ])
-
   existing_sso_users = distinct([
-    //for user_gourp in local.users_and_their_groups : user_gourp.user_name if !contains(local.this_users, user_group.user_name)
     for k, v in local.users_and_their_groups : v.user_name if !contains(local.this_users, v.user_name)
   ])
   existing_sso_groups = distinct([
     for k, v in local.users_and_their_groups : v.group_name if !contains(local.this_groups, v.group_name)
   ])
 
-  # iterates over account_assignents, sets that to be assignment.principal_name ONLY if the assignment.principal_type
-  #is GROUP. Essentially stores all the possible 'assignments' (account assignments) that would be attached to a user group
-
-  # same thing, for sso_users but for USERs not GROUPs
-
-  # 'account_assignments_for_groups' is effectively a list of principal names where the account type is GROUP
-  account_assignments_for_groups = [for assignment in var.account_assignments : assignment.principal_name if(assignment.principal_type == "GROUP" && !contains(local.this_groups, assignment.principal_name))]
-
-  # 'account_assignments_for_users' is effectively a list of principal names where the account type is USER
-  account_assignments_for_users = [for assignment in var.account_assignments : assignment.principal_name if assignment.principal_type == "USER" && !contains(local.this_users, assignment.principal_name)]
 }