Skip to content

Allow multiple users to be created #107

New issue
New issue
Closed
Closed
Allow multiple users to be created#107
@aokhotnikovsisu

Description

@aokhotnikovsisu
aokhotnikovsisu
opened on Sep 30, 2025

Describe the Feature

Would like to have an ability to create as many users as I need, not the single one besides an admin

Expected Behavior

A variable to provide users

Use Case

I need it to share AWS Broker MQ across different apps

Describe Ideal Solution

resource "random_password" "mq_user" {
  for_each = {
    for user in var.mq_users : user.username => user
    if lookup(user, "password", null) == null
  }
  
  length  = 32
  special = true
  min_upper   = 2
  min_lower   = 2
  min_numeric = 2
  min_special = 2
  
  override_special = "!@#$%^&*()_+-=[]{}|"
}

resource "aws_mq_broker" "default" {
...
  dynamic "user" {
    for_each = var.mq_users
    content {
      username       = user.value.username
      password       = lookup(user.value, "password", null) != null ? user.value.password : random_password.mq_user[user.value.username].result
      groups         = lookup(user.value, "groups", [])
      console_access = lookup(user.value, "console_access", false)
    }
  }
...
}

variable "mq_users" {
  type = list(object({
    username       = string
    password       = optional(string)
    groups         = optional(list(string))
    console_access = optional(bool)
  }))
  
  description = <<-EOT
    List of MQ broker users to create.
    - username: (Required) Username for the user
    - password: (Optional) Password for the user. If not provided, a secure random password will be generated
    - groups: (Optional) List of groups for the user. Use ["admin"] for admin privileges
    - console_access: (Optional) Whether to enable console access. Defaults to false
  EOT
  
  default = []
  
  validation {
    condition     = length(var.mq_users) > 0
    error_message = "At least one MQ user must be defined."
  }
  
  validation {
    condition     = length(var.mq_users) <= 250
    error_message = "Maximum of 250 users can be created per MQ broker."
  }
  
  validation {
    condition = alltrue([
      for user in var.mq_users : can(regex("^[a-zA-Z0-9_-]{2,100}$", user.username))
    ])
    error_message = "Usernames must be 2-100 characters long and contain only alphanumeric characters, hyphens, and underscores."
  }
}

Alternatives Considered

An additional module/tf code to configure rabbitmq instance using admin creds which depends on this module

Additional Context

This is for rabbitmq broker

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions