allow selection of specified attributes

[cowlike]

I see that you can specify attributes that should be ignored, either by name or by regex pattern. This is hard to use when you only want to retrieve a couple of attributes from an entry that has, say, 100 attributes. What makes it especially difficult is the Go regex package has a lot of unsupported patterns that could simplify the process (e.g. (?!re) before text not matching re (NOT SUPPORTED)).

Is there a reason for not implementing the positive logic of passing in a list of attributes (or patterns) to return, rather than what to filter out?

[l-with]

The feature for ignoring and base64 encoding attributes was additionally implemented because terraform cannot deal with binary values for attributes. The LDAP-Query by now retrieves all attributes. It is the provider that ignores or base64 encodes the attributes.

Where does your need for excluding come from?

[cowlike]

[edited for clarity] I guess my wording wasn't very clear but I don't have a need for excluding, per se. I'm simply trying to retrieve a small subset from the total number of attributes.

Say, for example, that I'm retrieving a user entity. It might have 100 attributes but all I care about is the mail attribute. If I'm using ldapsearch, I can pass these desired attributes on the end of the command. I was trying to use your Terraform module to do the same thing. I was trying to work around this by EXcluding the other 99 attributes with a regex pattern but the Go package lacks a lot of features and the Terraform module panics if you try to use one of the unimplemented patterns.

Your module works well but I don't see any way to select only the desired attributes so I was wondering if there was a reason for not adding that or if I just missed something obvious.

[cowlike]

For a bit of background... I wrote a small utility app in F# years ago to do all these same things - including b64 encoding a list of specified attributes. Now I am just learning Terraform and became curious whether I could accomplish the same thing with your ldap module. I'm using terraform show to see the user attributes and that's all working great. The additional filtering is the only piece that isn't quite there. For real-world use, what you have is good enough but it made me wonder if there was a reason for not including some sort of filter like that - other than the exclude behavior, I mean.

[l-with]

not very elegant, but you could use ignore_attribute_patterns = [ "[^m][^a][^i][^l]" ]

[l-with]

the pattern can be constructed by

locals {
  attribute = "mail"
  ignore_pattern = join("", formatlist("[^%s]", split("", local.attribute)))
}

[cowlike]

I forgot about trying to compute that pattern in locals so thanks for that.

Maybe I'll have to learn Go well enough to add a filter to this module since it would be so much easier to simply pass a list of what you want. However, I have way too much upcoming Terraform work that I need to prepare for first! :)

You can close this if you want. I'm fine with the current state.

[l-with]

@cowlike Thank you for the suggestion!

I implemented the attribute restrict_attributes in data source ldap_entries and data source ldap_entry in version 0.5.0

[l-with]

added updating docs in version 0.5.1