From 99944ce27737d694d2a8110988f0e3417e8fb4d1 Mon Sep 17 00:00:00 2001 From: David Petersen Date: Mon, 16 May 2022 12:48:33 -0400 Subject: [PATCH] removing role_grants --- onboarding.tf | 18 ------------------ onboarding/data.tf | 7 +++++-- onboarding/eks_cluster/main.tf | 6 ------ onboarding/http/main.tf | 14 +------------- onboarding/mysql/main.tf | 15 --------------- onboarding/variables.tf | 2 +- onboarding/windows_server/main.tf | 4 ---- 7 files changed, 7 insertions(+), 59 deletions(-) diff --git a/onboarding.tf b/onboarding.tf index 9a6ab35..77e70fd 100644 --- a/onboarding.tf +++ b/onboarding.tf @@ -22,24 +22,6 @@ module "strongdm_onboarding" { # If set to false the default VPC will be used instead # create_vpc = true - - # List of existing users to grant resources to - # NOTE: These emails must exactly match existing users in strongDM or an error will occur - # NOTE: An error will occur if these users are already assigned to a role in strongDM - grant_to_existing_users = [ - var.SDM_ADMINS_EMAILS - ] - - # New accounts to create with access to all resources - admin_users = [ - "terraform-admin@example.com", - ] - - # New accounts to create with read-only permissions - read_only_users = [ - "terraform-user@example.com", - ] - # Tags will be added to strongDM and AWS resources. # tags = {} } diff --git a/onboarding/data.tf b/onboarding/data.tf index f5ba30a..34d49b6 100644 --- a/onboarding/data.tf +++ b/onboarding/data.tf @@ -6,9 +6,12 @@ data "aws_vpc" "default" { default = true } -data "aws_subnet_ids" "subnets" { +data "aws_subnets" "subnets" { count = var.create_vpc ? 0 : 1 - vpc_id = data.aws_vpc.default[0].id + filter { + name = "vpc-id" + values = [data.aws_vpc.default[0].id] + } } # ---------------------------------------------------------------------------- # diff --git a/onboarding/eks_cluster/main.tf b/onboarding/eks_cluster/main.tf index f429ae2..c3cdff9 100644 --- a/onboarding/eks_cluster/main.tf +++ b/onboarding/eks_cluster/main.tf @@ -121,12 +121,6 @@ resource "sdm_resource" "k8s_eks_data_eks" { } } -resource "sdm_role_grant" "admin_grant_eks" { - count = var.create_eks ? 1 : 0 - role_id = var.admins_id - resource_id = sdm_resource.k8s_eks_data_eks[0].id -} - module "configmap" { count = var.create_eks ? 1 : 0 source = "./configmap" diff --git a/onboarding/http/main.tf b/onboarding/http/main.tf index 1cd074b..95125dd 100644 --- a/onboarding/http/main.tf +++ b/onboarding/http/main.tf @@ -79,14 +79,7 @@ resource "sdm_resource" "web_page" { tags = merge({ Name = "${var.prefix}-http" }, var.default_tags, var.tags) } } -resource "sdm_role_grant" "admin_grant_web_page" { - role_id = var.admins_id - resource_id = sdm_resource.web_page.id -} -resource "sdm_role_grant" "read_only_grant_web_page" { - role_id = var.read_only_id - resource_id = sdm_resource.web_page.id -} + # ---------------------------------------------------------------------------- # # Access the EC2 instance with strongDM over SSH # ---------------------------------------------------------------------------- # @@ -101,8 +94,3 @@ resource "sdm_resource" "ssh_ec2" { tags = merge({ Name = "${var.prefix}-http" }, var.default_tags, var.tags) } } -resource "sdm_role_grant" "admin_grant_ssh_ec2" { - count = var.create_ssh ? 1 : 0 - role_id = var.admins_id - resource_id = sdm_resource.ssh_ec2[0].id -} \ No newline at end of file diff --git a/onboarding/mysql/main.tf b/onboarding/mysql/main.tf index 693ed2a..e4f39a0 100644 --- a/onboarding/mysql/main.tf +++ b/onboarding/mysql/main.tf @@ -104,11 +104,6 @@ resource "sdm_resource" "mysql_admin" { } } -resource "sdm_role_grant" "admin_grant_mysql_admin" { - role_id = var.admins_id - resource_id = sdm_resource.mysql_admin.id -} - resource "sdm_resource" "mysql_ro" { mysql { name = "${var.prefix}-mysql-read-only" @@ -122,11 +117,6 @@ resource "sdm_resource" "mysql_ro" { } } -resource "sdm_role_grant" "read_only_grant_mysql_ro" { - role_id = var.read_only_id - resource_id = sdm_resource.mysql_ro.id -} - # ---------------------------------------------------------------------------- # # Access the EC2 instance with strongDM over SSH # ---------------------------------------------------------------------------- # @@ -143,8 +133,3 @@ resource "sdm_resource" "mysql_ssh" { } } -resource "sdm_role_grant" "admin_grant_mysql_ssh" { - count = var.create_ssh ? 1 : 0 - role_id = var.admins_id - resource_id = sdm_resource.mysql_ssh[0].id -} diff --git a/onboarding/variables.tf b/onboarding/variables.tf index 072f932..ca2ff1a 100644 --- a/onboarding/variables.tf +++ b/onboarding/variables.tf @@ -72,6 +72,6 @@ variable "read_only_users" { locals { vpc_id = var.create_vpc ? module.network[0].vpc_id : data.aws_vpc.default[0].id - subnet_ids = var.create_vpc ? module.network[0].public_subnets : sort(data.aws_subnet_ids.subnets[0].ids) + subnet_ids = var.create_vpc ? module.network[0].public_subnets : sort(data.aws_subnets.subnets[0].ids) default_tags = { CreatedBy = "strongDM-Onboarding" } } diff --git a/onboarding/windows_server/main.tf b/onboarding/windows_server/main.tf index df9849c..8964531 100644 --- a/onboarding/windows_server/main.tf +++ b/onboarding/windows_server/main.tf @@ -90,7 +90,3 @@ resource "sdm_resource" "windows_server" { } } -resource "sdm_role_grant" "admin_grant_windows_server" { - role_id = var.admins_id - resource_id = sdm_resource.windows_server.id -}