[New Data Source]: aws_identitystore_group_membership

Description

Because of other deficiencies in the AWS API, I need to be enumerate the members of a group so I can find another way to add users to a resource (group assignment only works in the Management Console for SageMaker). Well, this seems to be an impossible task in Terraform, as well. There is on data source to get the members of a group. It is quite curious why everything related to Identity Store isn't only a data source... there shouldn't even be any resources. I have attempted to use the awscc provider for this task as it does have the corresponding data source, but it doesn't even work.

It appears that I am going to have to resort to calling the CLI to enumerate the members and pass all of them in via variables.

Many of these issues are rooted in API issues, it really needs fixed.

Requested Resource(s) and/or Data Source(s)

aws_identitystore_group_membership

Potential Terraform Configuration

data "aws_identitystore_group" "groups" {
  for_each = var.resource_map

  identity_store_id = var.identity_store_id
  alternate_identifier {
    unique_attribute {
      attribute_path  = "DisplayName"
      attribute_value = each.value.group_name
    }
  }
}

data "aws_identitystore_group_membership" "members" {
  for_each = var.resource_map

  id = data.aws_identitystore_group.groups[each.key].id
}

locals {
  members = merge(flatten([
    for group in data.data.aws_identitystore_group_membership.members : {
      for user_id in group : "${group.id}_{user_id}" => {
        user_id = user_id
        group_id = group.id
      }
    }
  ])...)
}

data "aws_identitystore_user" "users" {
  for_each = local.members

  identity_store_id = var.identity_store_id
  user_id           = each.value.user_id
}

References

No response

Would you like to implement a fix?

None

hashicorp / terraform-provider-aws