Merge pull request #196 from lorengordon/patch/depends-on-users

plus3it · Nov 17, 2023 · 2c4ae96 · 2c4ae96
2 parents 6d5e4e4 + 1f8a526
commit 2c4ae96
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 8 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 13.2.0
+current_version = 13.2.1
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [13.2.1](https://github.com/plus3it/terraform-aws-tardigrade-iam-principals/releases/tag/13.2.1)
+
+**Released**: 2023.11.17
+
+**Summary**:
+
+*   Uses attribute reference for user group membership to eliminate `depends_on`
+    usage in `groups` module
+
 ### [13.2.0](https://github.com/plus3it/terraform-aws-tardigrade-iam-principals/releases/tag/13.2.0)
 
 **Released**: 2023.11.16

diff --git a/main.tf b/main.tf
@@ -1,5 +1,5 @@
 locals {
-  depends_on_users = [for object in module.users : object.user.arn]
+  depends_on_users = [for object in module.users : object.user.name]
 }
 
 module "policy_documents" {

diff --git a/modules/group/main.tf b/modules/group/main.tf
@@ -23,12 +23,11 @@ resource "aws_iam_group_policy" "this" {
 
 # manage group memberships
 resource "aws_iam_user_group_membership" "this" {
-  for_each = toset(var.user_names)
+  for_each = { for user_name in var.user_names : user_name => try(
+    var.depends_on_users[index(var.depends_on_users, user_name)],
+    user_name
+  ) }
 
   groups = [aws_iam_group.this.id]
-  user   = each.key
-
-  depends_on = [
-    var.depends_on_users
-  ]
+  user   = each.value
 }