Merge pull request #86 from Cox-Automotive/develop

Develop

.gitignore

@@ -10,4 +10,6 @@ glide.lock
 *.iml
 
 # VSCode
-.vscode
+.vscode
+.DS_Store
+.terraform/

README.md

@@ -21,7 +21,7 @@ This module is used for creating IAM Roles via the ALKS API.
 For example on macOS:
 
 ```
-curl -L https://github.com/Cox-Automotive/terraform-provider-alks/releases/download/1.4.2/terraform-provider-alks-darwin-amd64.tar.gz | tar zxv
+curl -L https://github.com/Cox-Automotive/terraform-provider-alks/releases/download/1.4.3/terraform-provider-alks-darwin-amd64.tar.gz | tar zxv
 ```
 
 * Configure Terraform to use this plugin by placing the binary in `.terraform.d/plugins/` on MacOS/Linux or `terraform.d\plugins\` in your user's "Application Data" directory on Windows.
@@ -41,7 +41,7 @@ Static credentials can be provided via an `access_key`, `secret_key` and `token`
 ```tf
 provider "alks" {
     url        = "https://alks.foo.com/rest"
-    version    = "~> 1.4.0"
+    version    = "~> 1.4.3"
     access_key = "accesskey"
     secret_key = "secretkey"
     token      = "sessiontoken"
@@ -55,7 +55,7 @@ You can provide your credentials via the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS
 ```tf
 provider "alks" {
     url     = "https://alks.foo.com/rest"
-    version = "~> 1.4.0"
+    version = "~> 1.4.3"
 }
 ```
 
@@ -74,7 +74,7 @@ You can use an AWS credentials file to specify your credentials. The default loc
 ```tf
 provider "alks" {
     url                     = "https://alks.foo.com/rest"
-    version                 = "~> 1.4.0"
+    version                 = "~> 1.4.3"
     shared_credentials_file = "/Users/brianantonelli/.aws/credentials"
     profile                 = "foo"
 }
@@ -93,7 +93,7 @@ Your ALKS provider block can look just like this:
 ```tf
 provider "alks" {
     url     = "https://alks.foo.com/rest"
-    version = "~> 1.4.0"
+    version = "~> 1.4.3"
 }
 ```
 
@@ -102,7 +102,7 @@ Since Machine Identities work with Instance Profile Metadata directly, it can be
 ```tf
 provider "alks" {
    url     = "https://alks.foo.com/rest"
-   version = "~> 1.4.0"
+   version = "~> 1.4.3"
    assume_role {
       role_arn = "arn:aws:iam::112233445566:role/acct-managed/JenkinsPRODAccountTrust"
    }
@@ -170,6 +170,22 @@ Value                             | Type     | Forces New | Value Type | Descrip
 `ip_arn`                           | Computed | n/a        | string     | If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role.
 `enable_alks_access`        | Optional | yes | bool | If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role.
 
+### `alks_ltk`
+
+```tf
+resource "alks_ltk" "test_ltk_user" {
+   iam_username             = "My_LTK_User_Name"
+}
+```
+
+Value                             | Type     | Forces New | Value Type | Description
+--------------------------------- | -------- | ---------- | ---------- | -----------
+`iam_username`                    | Required | yes        | string     | The name of the IAM user to create. This parameter allows a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case.
+`iam_user_arn`                           | Computed | n/a        | string     | The ARN associated with the LTK user.
+`access_key`                           | Computed | n/a        | string     | Generated access key for the LTK user. Note: This is saved in the state file, so please be aware of this.
+`secret_key`                           | Computed | n/a        | string     | Generated secret key for the LTK user. Note: This is saved in the state file, so please be aware of this.
+
+
 ## Example
 
 See [this example](examples/alks.tf) for a basic Terraform script which:

examples/alks.tf

@@ -40,4 +40,9 @@ EOF
 resource "aws_iam_role_policy_attachment" "sr-attach" {
     role       = "${alks_iamrole.test_role.name}"
     policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
+}
+
+# CREATE LTK USER
+resource "alks_ltk" "ltk" {
+    iam_username = "TEST_LTK_USER"
 }

go.mod

@@ -3,7 +3,7 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.14
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348
+	github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50
 	github.com/aws/aws-sdk-go v1.31.15
 	github.com/hashicorp/go-cleanhttp v0.5.1
 	github.com/hashicorp/terraform v0.12.26

go.sum

@@ -29,6 +29,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
 github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348 h1:4yYbNR8TKaRSYgRbQsH4cC4qFf4VZmmaVC8mp8VWZVg=
 github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
+github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50 h1:vGPXuT++0/9xJJvn0rmTsPBJ6jgSIdoyFhNqZIK51bQ=
+github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
 github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
 github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=

provider.go

@@ -65,6 +65,7 @@ func Provider() terraform.ResourceProvider {
 		ResourcesMap: map[string]*schema.Resource{
 			"alks_iamrole":      resourceAlksIamRole(),
 			"alks_iamtrustrole": resourceAlksIamTrustRole(),
+			"alks_ltk":          resourceAlksLtk(),
 		},
 
 		ConfigureFunc: providerConfigure,

resource_alks_ltk.go

@@ -0,0 +1,116 @@
+package main
+
+import (
+	alks "github.com/Cox-Automotive/alks-go"
+	"github.com/hashicorp/terraform/helper/schema"
+	"log"
+)
+
+func resourceAlksLtk() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAlksLtkCreate,
+		Read:   resourceAlksLtkRead,
+		Delete: resourceAlksLtkDelete,
+		Exists: resourceAlksLtkExists,
+		Importer: &schema.ResourceImporter{
+			// Terraform provided importer
+			State: schema.ImportStatePassthrough,
+		},
+
+		SchemaVersion: 1,
+
+		Schema: map[string]*schema.Schema{
+			"iam_username": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"iam_user_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"access_key": &schema.Schema{
+				Sensitive: true,
+				Type:      schema.TypeString,
+				Computed:  true,
+			},
+			"secret_key": &schema.Schema{
+				Sensitive: true,
+				Type:      schema.TypeString,
+				Computed:  true,
+			},
+		},
+	}
+}
+
+func resourceAlksLtkCreate(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[INFO] ALKS LTK User Create")
+
+	var iamUsername = d.Get("iam_username").(string)
+
+	client := meta.(*alks.Client)
+	resp, err := client.CreateLongTermKey(iamUsername)
+
+	if err != nil {
+		return err
+	}
+
+	d.SetId(iamUsername)
+	_ = d.Set("iam_user_arn", resp.IAMUserArn)
+	_ = d.Set("access_key", resp.AccessKey)
+	_ = d.Set("secret_key", resp.SecretKey)
+
+	log.Printf("[INFO] alks_ltk.id: %v", d.Id())
+
+	return resourceAlksLtkRead(d, meta)
+}
+
+func resourceAlksLtkRead(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[INFO] ALKS LTK User Read")
+
+	client := meta.(*alks.Client)
+	resp, err := client.GetLongTermKey(d.Id())
+
+	if err != nil {
+		d.SetId("")
+		return nil
+	}
+
+	log.Printf("[INFO] alks_ltk.id: %v", d.Id())
+
+	_ = d.Set("iam_username", resp.UserName)
+	_ = d.Set("access_key", resp.AccessKeyID)
+
+	return nil
+}
+
+func resourceAlksLtkDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[INFO] ALKS LTK User Delete")
+
+	client := meta.(*alks.Client)
+	_, err := client.DeleteLongTermKey(d.Id())
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceAlksLtkExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	log.Printf("[INFO] ALKS LTK User Exists")
+
+	client := meta.(*alks.Client)
+	resp, err := client.GetLongTermKey(d.Id())
+
+	if err != nil {
+		return false, err
+	}
+
+	// We can get a 200, but an empty string so this is the condition to check for.
+	if len(resp.LongTermKey.UserName) == 0 {
+		return false, nil
+	}
+
+	return true, nil
+}

resource_alks_ltk_test.go

@@ -0,0 +1,62 @@
+package main
+
+import (
+	"fmt"
+	alks "github.com/Cox-Automotive/alks-go"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"testing"
+)
+
+func TestAlksLTKCreate(t *testing.T) {
+	var resp alks.CreateLongTermKeyResponse
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAlksLtkDestroy(&resp),
+		Steps: []resource.TestStep{
+			// Create the resource
+			resource.TestStep{
+				Config: testAlksLTKCreateConfig,
+				Check:  resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr("alks_ltk.foo", "iam_username", "TEST_LTK_USER")),
+			},
+			// Update the resource
+			resource.TestStep{
+				Config: testAlksLTKUpdateConfig,
+				Check:  resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr("alks_ltk.foo", "iam_username", "TEST_LTK_USER_2")),
+			},
+		},
+	})
+}
+
+func testAlksLtkDestroy(ltk *alks.CreateLongTermKeyResponse) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*alks.Client)
+
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "alks_ltk" {
+				continue
+			}
+
+			resp, err := client.GetLongTermKey(rs.Primary.ID)
+			if resp != nil {
+				return fmt.Errorf("long term key still exists: %#v (%v)", resp, err)
+			}
+		}
+
+		return nil
+	}
+}
+
+const testAlksLTKCreateConfig = `
+  resource "alks_ltk" "foo" {
+    iam_username = "TEST_LTK_USER"
+  }
+`
+
+const testAlksLTKUpdateConfig = `
+  resource "alks_ltk" "foo" {
+    iam_username = "TEST_LTK_USER_2"
+  }
+`