feat: allowing for us to provision local users (#41)

* feat: allowing for us to provision local users

* docs: updating the documentation to reflect the changes

Author: gambol99

README.md

@@ -152,7 +152,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_quicksight_subscription_authentication_method"></a> [quicksight\_subscription\_authentication\_method](#input\_quicksight\_subscription\_authentication\_method) | The identity for the QuickSight quicksight\_subscription edition | `string` | `"IAM_AND_QUICKSIGHT"` | no |
 | <a name="input_quicksight_subscription_edition"></a> [quicksight\_subscription\_edition](#input\_quicksight\_subscription\_edition) | The edition for the QuickSight quicksight\_subscription | `string` | `"ENTERPRISE"` | no |
 | <a name="input_quicksight_subscription_email"></a> [quicksight\_subscription\_email](#input\_quicksight\_subscription\_email) | The email address for the QuickSight quicksight\_subscription edition | `string` | `null` | no |
-| <a name="input_quicksight_users"></a> [quicksight\_users](#input\_quicksight\_users) | Map of user accounts to be registered in QuickSight | <pre>map(object({<br>    role = optional(string, "READER")<br>  }))</pre> | `{}` | no |
+| <a name="input_quicksight_users"></a> [quicksight\_users](#input\_quicksight\_users) | Map of user accounts to be registered in QuickSight | <pre>map(object({<br>    identity_type = optional(string, "IAM")<br>    namespace     = optional(string, "default")<br>    role          = optional(string, "READER")<br>  }))</pre> | `{}` | no |
 | <a name="input_quicksights_username"></a> [quicksights\_username](#input\_quicksights\_username) | The username for the QuickSight user | `string` | `"admin"` | no |
 | <a name="input_saml_metadata"></a> [saml\_metadata](#input\_saml\_metadata) | The configuration for the SAML identity provider | `string` | `null` | no |
 | <a name="input_stack_name_cloud_intelligence"></a> [stack\_name\_cloud\_intelligence](#input\_stack\_name\_cloud\_intelligence) | The name of the CloudFormation stack to create the dashboards | `string` | `"CI-Cloud-Intelligence-Dashboards"` | no |

quicksights.tf

@@ -15,10 +15,12 @@ resource "aws_quicksight_user" "users" {
   for_each = var.quicksight_users
 
   email         = each.key
-  iam_arn       = aws_iam_role.cudos_sso[0].arn
-  identity_type = "IAM"
-  session_name  = each.key
-  user_role     = each.value.role
+  iam_arn       = each.value.identity_type == "IAM" ? aws_iam_role.cudos_sso[0].arn : null
+  identity_type = each.value.identity_type
+  namespace     = try(each.value.namespace, "default")
+  session_name  = each.value.identity_type == "IAM" ? each.key : null
+  user_name     = each.value.identity_type == "QUICKSIGHT" ? try(each.value.user_name, null) : null
+  user_role     = try(each.value.role, null)
 
   provider = aws.cost_analysis
 }

variables.tf

@@ -226,7 +226,9 @@ variable "quicksights_username" {
 variable "quicksight_users" {
   description = "Map of user accounts to be registered in QuickSight"
   type = map(object({
-    role = optional(string, "READER")
+    identity_type = optional(string, "IAM")
+    namespace     = optional(string, "default")
+    role          = optional(string, "READER")
   }))
   default = {}
 }