From 100b25c6bd1239e59e36b204df6c5034575a36d8 Mon Sep 17 00:00:00 2001
From: Michael Dizon <mdizon@gmail.com>
Date: Thu, 2 Jan 2025 11:11:27 -0500
Subject: [PATCH] fix(main.tf): handle enabled boolean in manage_rules (#124)

* fix(main.tf): handle enabled boolean in manage_rules

* update: add missing output descriptions

* fix typo

* update: add versions.tf to cis-1-2-rules
---
 examples/cis/outputs.tf             |  3 ++-
 main.tf                             |  2 +-
 modules/cis-1-2-rules/outputs.tf    |  3 ++-
 modules/cis-1-2-rules/versions.tf   | 15 +++++++++++++++
 modules/conformance-pack/outputs.tf |  3 ++-
 5 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 modules/cis-1-2-rules/versions.tf

diff --git a/examples/cis/outputs.tf b/examples/cis/outputs.tf
index 48afb35..6af23d7 100644
--- a/examples/cis/outputs.tf
+++ b/examples/cis/outputs.tf
@@ -1,5 +1,6 @@
 output "enabled_rules" {
-  value = module.cis_rules.rules
+  value       = module.cis_rules.rules
+  description = "The output of the enabled CIS rules"
 }
 
 output "config_recorder_id" {
diff --git a/main.tf b/main.tf
index 00f617c..03c7513 100644
--- a/main.tf
+++ b/main.tf
@@ -55,7 +55,7 @@ resource "aws_config_configuration_recorder_status" "recorder_status" {
 }
 
 resource "aws_config_config_rule" "rules" {
-  for_each   = module.this.enabled ? var.managed_rules : {}
+  for_each   = module.this.enabled ? { for k, v in var.managed_rules : k => v if v.enabled } : {}
   depends_on = [aws_config_configuration_recorder_status.recorder_status]
 
   name        = each.key
diff --git a/modules/cis-1-2-rules/outputs.tf b/modules/cis-1-2-rules/outputs.tf
index 68df24a..a25fa9e 100644
--- a/modules/cis-1-2-rules/outputs.tf
+++ b/modules/cis-1-2-rules/outputs.tf
@@ -1,3 +1,4 @@
 output "rules" {
-  value = local.enabled_rules
+  value       = local.enabled_rules
+  description = "Enabled rules"
 }
diff --git a/modules/cis-1-2-rules/versions.tf b/modules/cis-1-2-rules/versions.tf
new file mode 100644
index 0000000..5acf068
--- /dev/null
+++ b/modules/cis-1-2-rules/versions.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4.1"
+    }
+  }
+}
diff --git a/modules/conformance-pack/outputs.tf b/modules/conformance-pack/outputs.tf
index 4826c7f..4332d63 100644
--- a/modules/conformance-pack/outputs.tf
+++ b/modules/conformance-pack/outputs.tf
@@ -1,3 +1,4 @@
 output "arn" {
-  value = aws_config_conformance_pack.default.arn
+  value       = aws_config_conformance_pack.default.arn
+  description = "ARN of the conformance pack"
 }