feat(DMVP-4760): githooks fix

modules/user/README.md

@@ -31,10 +31,9 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | <a name="input_api"></a> [api](#input\_api) | Whether to create IAM access key | `bool` | `true` | no |
 | <a name="input_console"></a> [console](#input\_console) | Whether to create IAM user login profile | `bool` | `true` | no |
-| <a name="input_create_policy"></a> [create\_policy](#input\_create\_policy) | Whether create a policy or not. | `bool` | `false` | no |
 | <a name="input_create_user"></a> [create\_user](#input\_create\_user) | Whether to create the IAM user | `bool` | `true` | no |
 | <a name="input_pgp_key"></a> [pgp\_key](#input\_pgp\_key) | Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key. `pgp_key` is required when `create_iam_user_login_profile` is set to `true` | `string` | `""` | no |
-| <a name="input_policy"></a> [policy](#input\_policy) | AWS role assigne policy | <pre>list(object({<br/>    effect     = optional(string, "Allow")<br/>    actions    = list(string)<br/>    resources  = list(string)<br/>    principals = optional(any, [])<br/>    conditions = optional(any, [])<br/>  }))</pre> | n/a | yes |
+| <a name="input_policy"></a> [policy](#input\_policy) | AWS role assigne policy | <pre>list(object({<br/>    effect    = optional(string, "Allow")<br/>    actions   = list(string)<br/>    resources = list(string)<br/>    conditions = optional(list(object({<br/>      test     = string<br/>      variable = string<br/>      values   = list(string)<br/>    })), [])<br/>  }))</pre> | `[]` | no |
 | <a name="input_policy_attachment"></a> [policy\_attachment](#input\_policy\_attachment) | The list of ARN-s of the policy you want to apply | `list(string)` | `[]` | no |
 | <a name="input_username"></a> [username](#input\_username) | Desired name for the IAM user | `string` | n/a | yes |
 
@@ -53,6 +52,9 @@ No requirements.
 | <a name="output_iam_user_login_profile_key_fingerprint"></a> [iam\_user\_login\_profile\_key\_fingerprint](#output\_iam\_user\_login\_profile\_key\_fingerprint) | The fingerprint of the PGP key used to encrypt the password |
 | <a name="output_iam_user_name"></a> [iam\_user\_name](#output\_iam\_user\_name) | The user's name |
 | <a name="output_iam_user_unique_id"></a> [iam\_user\_unique\_id](#output\_iam\_user\_unique\_id) | The unique ID assigned by AWS |
+| <a name="output_keybase_password_decrypt_command"></a> [keybase\_password\_decrypt\_command](#output\_keybase\_password\_decrypt\_command) | Decrypt user password command |
 | <a name="output_keybase_password_pgp_message"></a> [keybase\_password\_pgp\_message](#output\_keybase\_password\_pgp\_message) | Encrypted password |
+| <a name="output_keybase_secret_key_decrypt_command"></a> [keybase\_secret\_key\_decrypt\_command](#output\_keybase\_secret\_key\_decrypt\_command) | Decrypt access secret key command |
+| <a name="output_keybase_secret_key_pgp_message"></a> [keybase\_secret\_key\_pgp\_message](#output\_keybase\_secret\_key\_pgp\_message) | Encrypted access secret key |
 | <a name="output_pgp_key"></a> [pgp\_key](#output\_pgp\_key) | PGP key used to encrypt sensitive data for this user (if empty - secrets are not encrypted) |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/user/main.tf

@@ -21,22 +21,22 @@ resource "aws_iam_user_policy_attachment" "user-attach" {
 }
 
 data "aws_iam_policy_document" "policy" {
-  count = length(var.policy) > 0 ? 1 :0
+  count = length(var.policy) > 0 ? 1 : 0
 
   dynamic "statement" {
     for_each = var.policy
     content {
-      effect = statement.value.effect
+      effect    = statement.value.effect
       actions   = statement.value.actions
       resources = statement.value.resources
 
       dynamic "condition" {
         for_each = length(statement.value.conditions) > 0 ? statement.value.conditions : []
 
         content {
-          test     = condition.value.test  # Condition type (e.g., StringEquals)
-          variable = condition.value.variable   # Condition variable (e.g., "SAML:aud")
-          values   = condition.value.values # Condition values (list of strings)
+          test     = condition.value.test     # Condition type (e.g., StringEquals)
+          variable = condition.value.variable # Condition variable (e.g., "SAML:aud")
+          values   = condition.value.values   # Condition values (list of strings)
         }
       }
     }

modules/user/outputs.tf

@@ -78,4 +78,4 @@ output "keybase_secret_key_decrypt_command" {
 output "keybase_secret_key_pgp_message" {
   description = "Encrypted access secret key"
   value       = module.iam_user.keybase_secret_key_pgp_message
-}
+}

modules/user/tests/basic/1-example.tf

@@ -1,15 +1,15 @@
 module "iam-user" {
-  source        = "../.."
-  username      = "sample-user"
-  
+  source   = "../.."
+  username = "sample-user"
+
   policy = [
     {
       actions   = ["ec2:*"]
       resources = ["*"]
       conditions = [{
-        test = "StringEquals"
+        test     = "StringEquals"
         variable = "ec2:InstanceType"
-        values = ["t3.medium", "c5.2xlarge"]
+        values   = ["t3.medium", "c5.2xlarge"]
       }]
     }
   ]

modules/user/variables.tf

@@ -37,15 +37,15 @@ variable "pgp_key" {
 
 variable "policy" {
   type = list(object({
-    effect     = optional(string, "Allow")
-    actions    = list(string)
-    resources  = list(string)
+    effect    = optional(string, "Allow")
+    actions   = list(string)
+    resources = list(string)
     conditions = optional(list(object({
-      test  = string
-      variable   = string
-      values = list(string)
+      test     = string
+      variable = string
+      values   = list(string)
     })), [])
   }))
   description = "AWS role assigne policy"
-  default = []
+  default     = []
 }