From 3e5c7cc3a5b1d76dc1c023fea0d6f5237211f60b Mon Sep 17 00:00:00 2001
From: Veronika Gnilitska <veronika.gnilitska@gmail.com>
Date: Tue, 5 Mar 2024 21:16:46 +0200
Subject: [PATCH] chore: clean up the attributes

---
 README.md                              |  7 +++----
 examples/complete/example.yaml         | 10 ++++++----
 examples/complete/fixtures.auto.tfvars | 14 ++------------
 examples/complete/variables.tf         |  8 ++++++--
 examples/complete/versions.tf          |  4 ----
 main.tf                                |  2 +-
 variables.tf                           |  8 ++++++--
 versions.tf                            |  4 ----
 8 files changed, 24 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index b89d891..d160c52 100644
--- a/README.md
+++ b/README.md
@@ -63,7 +63,6 @@ sops example.yaml
 | ------------------------------------------------------------------------ | ------- |
 | <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.3  |
 | <a name="requirement_datadog"></a> [datadog](#requirement_datadog)       | >= 3.14 |
-| <a name="requirement_sops"></a> [sops](#requirement_sops)                | >= 0.5  |
 
 ## Providers
 
@@ -86,9 +85,9 @@ No modules.
 
 ## Inputs
 
-| Name                                             | Description | Type                                                                                                                                                                                                                           | Default | Required |
-| ------------------------------------------------ | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | :------: |
-| <a name="input_users"></a> [users](#input_users) | n/a         | <pre>list(object({<br> access_roles = map(any)<br> disabled = optional(bool, false)<br> email = string<br> name = string<br> role = string<br> send_user_invitation = optional(bool, true)<br> username = string<br> }))</pre> | n/a     |   yes    |
+| Name                                             | Description | Type                                                                                                                                                                                                     | Default | Required |
+| ------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | :------: |
+| <a name="input_users"></a> [users](#input_users) | n/a         | <pre>list(object({<br> disabled = optional(bool, false)<br> email = string<br> name = string<br> roles = set(string)<br> send_user_invitation = optional(bool, true)<br> username = string<br> }))</pre> | n/a     |   yes    |
 
 ## Outputs
 
diff --git a/examples/complete/example.yaml b/examples/complete/example.yaml
index 1a63f89..8f99b5d 100644
--- a/examples/complete/example.yaml
+++ b/examples/complete/example.yaml
@@ -1,5 +1,7 @@
-datadog_api_key: ENC[AES256_GCM,data:cGxuKLw01YXMzg==,iv:sqCip8ibQM10cZqPlb3H9xRojvtD45RU5ZP+3WmlWFQ=,tag:wyIH0RnYdraYyFl3BlGEhw==,type:int]
-datadog_app_key: ENC[AES256_GCM,data:tjZKfOL4Keulow==,iv:qaVRDuuDa5EY/dvqg1eH5ZtBcuvAIdyRO2FItl+7Rok=,tag:EUql9eObFKKtolab/Zi1MA==,type:int]
+#ENC[AES256_GCM,data:vizmAFVc65i3aOmm1285EgS4nNuUe6k1qE/l,iv:EUGvrtHoIRoo8DG1KqD2oqVwyXDW9DZMpuYyxxtX6GU=,tag:+z0ddHz0+U1sr0izJmvylQ==,type:comment]
+#ENC[AES256_GCM,data:RX9TN/KayiiK9uYAsmRMJccHPoUcJaOhQqF3,iv:ZGh4JJ5NMMNtSPs8DAyFuRCZqlji3lFkYdS48hrl9Mw=,tag:lVNCWRdICjuogZwf5q+9Ow==,type:comment]
+datadog_api_key: ENC[AES256_GCM,data:HI6iJYcLyzYFdJbSeAXYW+LcFQeig/dVD1mYDMf2Z04=,iv:KS8PiGiPydJjay8qRCwQhacogqr6FIQWw1Q6fA31BTM=,tag:AmghKo7mNON+zmf/UoiSqw==,type:str]
+datadog_app_key: ENC[AES256_GCM,data:JVrTvIGQxMjL0N+M8ylS07o8gJ2xdQ4Xpwrggw4/uPopI1pZL9xRXg==,iv:ub/uLBjHjWIfz4VJowANx0RZxIcNlnQM/f2rbcIjmO0=,tag:DQ6/PtXuE7jMqn8VTmtH8g==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -15,8 +17,8 @@ sops:
         ejRyZCthYkxvcnN0bHRJVG5RZlo1UEEKDoY/9Bf5OnbMQoOk7wdsTMhTHfmVLHUz
         bYEgOsOwxlL+YEgme0vRFhL3MXGCRJwZISDdGTkFFYz0Rfp4CWksew==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-03-05T18:39:37Z"
-  mac: ENC[AES256_GCM,data:T1ziXhQOuU7pvRVVA9kewyn5efhrrLZ1TYarfVCjF/HL09iRXTTlF0ZkRTOjyqoRoXd+0MEfaVvKlRptcE1WxoR4saOCyju+k3zVQ0i1suOvfmwueHfpZvAetClC2Bwg09iOrR+lE8wz7WnqIBkup53tshjJhpXif9TknnSP2vI=,iv:LovT/poawV4dHPAs0GkZ9tyrY/ClHPAah6xDqa67/J0=,tag:LyZaZ0cHN9namt8PvhOMdg==,type:str]
+  lastmodified: "2024-03-05T19:07:37Z"
+  mac: ENC[AES256_GCM,data:8r44UH8qJMKUtLw4QXc0QEeMyuALHchVllM1I568Me8nV9Vouvh3ObK45URTQs+NwWMMPaWJCDjVL3QR/Vi5lYYS4WFXA5HStTScJiorOAK5xNVWljfDUqmkzhhuOlKtT+IZvcIBu7f1UbToDownEnSOa0dRGnL7NRiM+QFheP4=,iv:iMx1i3M4Trw5CyQJCrWDt4O/M2owFPy4RJBbIsivyUE=,tag:vl4E9IacEKnqiMgfSV9HbQ==,type:str]
   pgp: []
   unencrypted_suffix: _unencrypted
   version: 3.8.1
diff --git a/examples/complete/fixtures.auto.tfvars b/examples/complete/fixtures.auto.tfvars
index 008e224..8ed366a 100644
--- a/examples/complete/fixtures.auto.tfvars
+++ b/examples/complete/fixtures.auto.tfvars
@@ -1,23 +1,13 @@
 users = [
   {
-    access_roles = {
-      "datadog" = {
-        enabled = true,
-        role    = "standard"
-      },
-    },
+    roles    = ["standard"],
     email    = "john.doe@example.com",
     name     = "John Doe",
     role     = "Administrator",
     username = "johndoe"
   },
   {
-    access_roles = {
-      "datadog" = {
-        enabled = true,
-        role    = "read_only"
-      },
-    },
+    roles    = ["read_only"],
     email    = "jane.smith@example.com",
     name     = "Jane Smith",
     role     = "Editor",
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index e86074f..edb1946 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -1,11 +1,15 @@
 variable "users" {
   type = list(object({
-    access_roles         = map(any)
     disabled             = optional(bool, false)
     email                = string
     name                 = string
-    role                 = string
+    roles                = set(string)
     send_user_invitation = optional(bool, true)
     username             = string
   }))
+
+  validation {
+    condition     = alltrue([for role in flatten([for user in var.users : user.roles]) : contains(["standard", "admin", "read_only"], role)])
+    error_message = "Each role must be one of 'standard', 'admin', or 'read_only'."
+  }
 }
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index b005ffc..1ed3cd6 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -2,10 +2,6 @@ terraform {
   required_version = "~> 1.5"
 
   required_providers {
-    sops = {
-      source  = "carlpett/sops"
-      version = "~> 0.5"
-    }
     datadog = {
       source  = "datadog/datadog"
       version = "~> 3.14"
diff --git a/main.tf b/main.tf
index 840c9f4..9b8d26e 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,6 @@ resource "datadog_user" "users" {
   disabled             = each.value.disabled
   email                = each.value.email
   name                 = each.value.name
-  roles                = [local.roles[each.value.access_roles["datadog"].role]]
+  roles                = [for role in each.value.roles : local.roles[role]]
   send_user_invitation = each.value.send_user_invitation
 }
diff --git a/variables.tf b/variables.tf
index e86074f..edb1946 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,11 +1,15 @@
 variable "users" {
   type = list(object({
-    access_roles         = map(any)
     disabled             = optional(bool, false)
     email                = string
     name                 = string
-    role                 = string
+    roles                = set(string)
     send_user_invitation = optional(bool, true)
     username             = string
   }))
+
+  validation {
+    condition     = alltrue([for role in flatten([for user in var.users : user.roles]) : contains(["standard", "admin", "read_only"], role)])
+    error_message = "Each role must be one of 'standard', 'admin', or 'read_only'."
+  }
 }
diff --git a/versions.tf b/versions.tf
index 1cfc0e1..8bc57ef 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,10 +2,6 @@ terraform {
   required_version = ">= 1.3"
 
   required_providers {
-    sops = {
-      source  = "carlpett/sops"
-      version = ">= 0.5"
-    }
     datadog = {
       source  = "datadog/datadog"
       version = ">= 3.14"