Skip to content

Commit

Permalink
Merge pull request #19 from BorisLabs/allow-multiple-home-directory-m…
Browse files Browse the repository at this point in the history 
…appings

feat: allow-multiple-home-directory-mappings
  • Loading branch information
@JoshiiSinfield
JoshiiSinfield committed Mar 14, 2024
2 parents 6efe5cb + 0997a4e commit 900456e
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 25 deletions.
22 changes: 12 additions & 10 deletions examples/full-example/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,17 @@ resource "aws_s3_bucket" "home_bucket" {}

data aws_iam_policy_document "user_role_policy_statements" {
statement {
sid = "AllowS3Access"
actions = [
sid = "AllowS3Access"
actions = [
"s3:ListBucket",
"s3:GetBucketLocation"
]
effect = "Allow"
resources = [aws_s3_bucket.home_bucket.arn]
}
statement {
sid = "PutObjectPermission"
actions = [
sid = "PutObjectPermission"
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
Expand All @@ -34,8 +34,8 @@ data aws_iam_policy_document "user_role_policy_statements" {
]
}
statement {
sid = "KMSPerms"
actions = [
sid = "KMSPerms"
actions = [
"kms:GenerateDataKey*",
"kms:Encrypt",
"kms:Decrypt"
Expand All @@ -55,10 +55,12 @@ module "user" {
add_transfer_ssh_keys = true
use_ssm = true
transfer_ssh_key_ssm_paths = ["/test/base/path/test-user-1"]
home_directory_mappings = {
entry = "/"
target = "/${aws_s3_bucket.home_bucket.bucket}/test/homedir"
}
home_directory_mappings = [
{
entry = "/"
target = "/${aws_s3_bucket.home_bucket.bucket}/test/homedir"
}
]
home_directory_type = "LOGICAL"
iam_role_policy_statements = data.aws_iam_policy_document.user_role_policy_statements.json
}
Expand Down
29 changes: 16 additions & 13 deletions modules/transfer-user/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,28 @@
locals {
all_key_bodies = concat(
var.transfer_ssh_key_bodys,
data.aws_ssm_parameter.user_ssh_key.*.value,
var.transfer_ssh_key_bodys,
data.aws_ssm_parameter.user_ssh_key.*.value,
)
}


resource "aws_transfer_user" "this" {
count = var.create_transfer_user ? 1 : 0
role = var.create_iam_role ? element(concat(aws_iam_role.this.*.arn, [""]), 0) : var.iam_role_arn
server_id = var.transfer_server_id
user_name = var.user_name
tags = var.tags
home_directory = var.home_directory
count = var.create_transfer_user ? 1 : 0
role = var.create_iam_role ? element(concat(aws_iam_role.this.*.arn, [""]), 0) : var.iam_role_arn
server_id = var.transfer_server_id
user_name = var.user_name
tags = var.tags
home_directory = var.home_directory

dynamic "home_directory_mappings" {
for_each = lookup(var.home_directory_mappings, "entry", null) != null ? [var.home_directory_mappings] : []
for_each = var.home_directory_mappings

content {
entry = lookup(var.home_directory_mappings, "entry")
target = lookup(var.home_directory_mappings, "target")
entry = home_directory_mappings.value["entry"]
target = home_directory_mappings.value["target"]
}
}

home_directory_type = var.home_directory_type
}

Expand All @@ -34,8 +37,8 @@ resource "aws_iam_role" "this" {
count = var.create_iam_role ? 1 : 0
assume_role_policy = data.aws_iam_policy_document.trust_policy.json
name = "Transfer-user-${var.user_name}"
path = "/"
tags = var.tags
path = "/"
tags = var.tags
}

resource "aws_iam_role_policy" "inline_policy" {
Expand Down
4 changes: 2 additions & 2 deletions modules/transfer-user/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ variable "transfer_ssh_key_ssm_paths" {

variable "home_directory_mappings" {
description = "Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible"
default = {}
type = map(string)
default = []
type = list(map(string))
}

variable "home_directory_type" {
Expand Down

0 comments on commit 900456e

Please sign in to comment.