Merge pull request #120 from Cox-Automotive/develop

Merge develop into master

docs/guides/local_installation.md

@@ -3,10 +3,12 @@ page_title: "Local Installation"
 ---
 
 ### Terraform Version 0.12 Local Installation
+
 * Download and install [Terraform](https://www.terraform.io/intro/getting-started/install.html)
 
 **One-liner download for macOS / Linux:**
-```
+
+```sh
 mkdir -p ~/.terraform.d/plugins &&
       curl -Ls https://api.github.com/repos/Cox-Automotive/terraform-provider-alks/releases/latest |
       jq -r ".assets[] | select(.browser_download_url | contains(\"$(uname -s | tr A-Z a-z)\")) | select(.browser_download_url | contains(\"amd64\")) | .browser_download_url" |
@@ -19,6 +21,7 @@ mkdir -p ~/.terraform.d/plugins &&
       rm -rf terraform-provider-alks.zip &&
       popd
 ```
+
 **Manual Installation:**
 
 * Download ALKS Provider binary for your platform from [Releases](https://github.com/Cox-Automotive/terraform-provider-alks/releases)
@@ -28,33 +31,36 @@ mkdir -p ~/.terraform.d/plugins &&
 * Note: If you've used a previous version of the ALKS provider and created a `.terraformrc` file in your home directory you'll want to remove it prior to updating.
 
 * Finally, configure Terraform.
-    * In your `versions.tf` or `main.tf` file you'll want to add the new ALKS provider as such:
-    ```
-    provider "alks" {
-      url       = "https://alks.coxautoinc.com/rest"
-      version   = "YOUR_VERSION_HERE"
-    }
-    ```
+  * In your `versions.tf` or `main.tf` file you'll want to add the new ALKS provider as such:
 
+  ```hcl
+  provider "alks" {
+  url       = "https://alks.coxautoinc.com/rest"
+  version   = "YOUR_VERSION_HERE"
+  }
+  ```
 
 ### Terraform Version 0.13+ Local Installation
+
 * Download and install [Terraform](https://www.terraform.io/intro/getting-started/install.html)
 
 **One-liner download for macOS / Linux:**
-```
-mkdir -p ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.11/darwin_amd64 &&
+
+```sh
+mkdir -p ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.12/darwin_amd64 &&
       curl -Ls https://api.github.com/repos/Cox-Automotive/terraform-provider-alks/releases/latest |
       jq -r ".assets[] | select(.browser_download_url | contains(\"$(uname -s | tr A-Z a-z)\")) | select(.browser_download_url | contains(\"amd64\")) | .browser_download_url" |
-            xargs -n 1 curl -Lo ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.11/darwin_amd64/terraform-provider-alks.zip &&
-      pushd ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.11/darwin_amd64 &&
-      unzip ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.11/darwin_amd64/terraform-provider-alks.zip -d terraform-provider-alks-tmp &&
+            xargs -n 1 curl -Lo ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.12/darwin_amd64/terraform-provider-alks.zip &&
+      pushd ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.12/darwin_amd64 &&
+      unzip ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.12/darwin_amd64/terraform-provider-alks.zip -d terraform-provider-alks-tmp &&
       mv terraform-provider-alks-tmp/terraform-provider-alks* . &&
       chmod +x terraform-provider-alks* &&
       rm -rf terraform-provider-alks-tmp &&
       rm -rf terraform-provider-alks.zip &&
       popd
 ```
-!> **Warning:** Your binary has been placed in `/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.11/darwin_amd64`. For more information on WHY, [read here](https://www.terraform.io/upgrade-guides/0-13.html#new-filesystem-layout-for-local-copies-of-providers).
+
+!> **Warning:** Your binary has been placed in `/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.12/darwin_amd64`. For more information on WHY, [read here](https://www.terraform.io/upgrade-guides/0-13.html#new-filesystem-layout-for-local-copies-of-providers).
 
 **Manual Installation:**
 
@@ -68,24 +74,26 @@ mkdir -p ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/1.5.1
 * Place / `mv` the downloaded binary into the directory above. 
 
 * Finally, configure Terraform.
-    * In your `versions.tf` or `main.tf` file you'll want to add the new ALKS provider as such:
-    ```
-    terraform {
-        required_version = ">= 0.13"
-        required_providers {
-           alks = {
-              source  = "Cox-Automotive/engineering-enablement/alks"
-              version = "YOUR_VERSION_HERE"
-           }
-        }
-    }
-    ```
+  * In your `versions.tf` or `main.tf` file you'll want to add the new ALKS provider as such:
+
+  ```hcl
+  terraform {
+      required_version = ">= 0.13"
+      required_providers {
+          alks = {
+            source  = "Cox-Automotive/engineering-enablement/alks"
+            version = "YOUR_VERSION_HERE"
+          }
+      }
+  }
+  ```
 
 * Note: If you've previously installed our provider, and it is stored in your remote state: you may need to run the [`replace-provider` command](https://www.terraform.io/docs/commands/state/replace-provider.html).
 
 ---
 
 ### Supported Versions
+
 | Terraform 0.10.x       | Terraform 0.12.x  | Terraform 0.13.x | Terraform 0.14.x |
 | ----------------       | ----------------  | ---------------- | ---------------- |
 | ALKS TFP 0.9.0 < 1.3.0 | ALKS TFP 1.3.0+   | ALKS TFP 1.3.0+  | ALKS TFP 1.3.0+  |

docs/resources/alks_iamrole.md

@@ -5,6 +5,7 @@ Creates an custom ALKS IAM role for usage in an AWS account.
 ## Example Usage
 
 ### ALKS IAM Role Creation
+
 ```hcl
 resource "alks_iamrole" "test_role" {
     name                     = "My_Test_Role"
@@ -14,22 +15,41 @@ resource "alks_iamrole" "test_role" {
 }
 ```
 
+### ALKS Dynamic Role Creation
+
+```hcl
+resource "alks_iamrole" "test_dynamic_role" {
+    name                     = "my_dynamic_role"
+    type                     = "Amazon EKS IRSA"
+    include_default_policies = false
+    enable_alks_access       = false
+    template_fields          = {
+        "OIDC_PROVIDER"       = "abc1234"
+        "K8S_NAMESPACE"       = "default"
+        "K8S_SERVICE_ACCOUNT" = "my-service-account"
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
+
 * `name` - (Required) The name of the ALKS IAM role which will be reflected in AWS and the ALKS UI.
 * `type` - (Required) The role type to use. To see a list of available roles, [call this endpoint](https://pages.ghe.coxautoinc.com/ETS-CloudAutomation/ALKS-Documentation/#/aws-role-type-rest-service/getAllAwsRoleTypesUsingGET).
 * `include_default_policies` - (Required) Whether or not the default manages policies should be attached to the role.
 * `role_added_to_ip` - (Computed) Indicates whether or not an instance profile role was created.
 * `arn` - (Computed) Provides the ARN of the role that was created.
 * `ip_arn` - (Computed) If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role.
 * `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability.
+* `template_fields` - (Optional) If present, will submit template field data to ALKS.  Note: This will generate an error if the role type does not support template fields.
 
 ## Import
 
 !> **Warning:** This will force-replace the resource.
 
 ALKS IAM roles can be imported using the `name`, e.g.
-```
-$ terraform import alks_iamrole.test_role My_Test_Role
+
+```sh
+terraform import alks_iamrole.test_role My_Test_Role
 ```

examples/alks.tf

@@ -40,6 +40,18 @@ resource "alks_iamrole" "test_role" {
   enable_alks_access       = true
 }
 
+resource "alks_iamrole" "test_dynamic_role" {
+  name                     = "TEST-DELETE-DYNAMIC"
+  type                     = "Amazon EKS IRSA"
+  include_default_policies = false
+  enable_alks_access       = true
+  template_fields = {
+    "OIDC_PROVIDER"       = "abc1234"
+    "K8S_NAMESPACE"       = "default"
+    "K8S_SERVICE_ACCOUNT" = "definitely-not-real"
+  }
+}
+
 # CREATE IAM ROLE -- Secondary Provider
 resource "alks_iamrole" "test_role_nonprod" {
   provider                 = alks.nonprod
@@ -52,7 +64,7 @@ resource "alks_iamrole" "test_role_nonprod" {
 # ATTACH POLICY
 resource "aws_iam_role_policy" "test_policy" {
   name   = "test_policy"
-  role   = "${alks_iamrole.test_role.name}"
+  role   = alks_iamrole.test_role.name
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -71,11 +83,11 @@ EOF
 
 # ATTACH MANAGED POLICY
 resource "aws_iam_role_policy_attachment" "sr-attach" {
-  role       = "${alks_iamrole.test_role.name}"
+  role       = alks_iamrole.test_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
 }
 
 # CREATE LTK USER
 resource "alks_ltk" "ltk" {
   iam_username = "TEST_LTK_USER"
-}
+}

go.mod

@@ -3,11 +3,8 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.14
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50
+	github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67
 	github.com/aws/aws-sdk-go v1.31.15
-	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
 	github.com/hashicorp/terraform v0.12.26
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/motain/gocheck v0.0.0-20131023154940-9beb271d26e6 // indirect
-	launchpad.net/gocheck v0.0.0-20140225173054-000000000087 // indirect
 )

go.sum

@@ -27,10 +27,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20180810175552-4a21cbd618b4/go.mod h1:chxPXzS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
-github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348 h1:4yYbNR8TKaRSYgRbQsH4cC4qFf4VZmmaVC8mp8VWZVg=
-github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
-github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50 h1:vGPXuT++0/9xJJvn0rmTsPBJ6jgSIdoyFhNqZIK51bQ=
-github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
+github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67 h1:vcruzED50hPyycvR6mtPXKy2zQoH+AOicCOuwiWr7Cg=
+github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
 github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=

resource_alks_iamrole.go

@@ -59,6 +59,12 @@ func resourceAlksIamRole() *schema.Resource {
 				Default:  false,
 				Optional: true,
 			},
+			"template_fields": &schema.Schema{
+				Type:     schema.TypeMap,
+				Elem:     schema.TypeString,
+				ForceNew: true,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -121,9 +127,15 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
 	var roleType = d.Get("type").(string)
 	var incDefPol = d.Get("include_default_policies").(bool)
 	var enableAlksAccess = d.Get("enable_alks_access").(bool)
+	var rawTemplateFields = d.Get("template_fields").(map[string]interface{})
+
+	templateFields := make(map[string]string)
+	for k, v := range rawTemplateFields {
+		templateFields[k] = v.(string)
+	}
 
 	client := meta.(*alks.Client)
-	resp, err := client.CreateIamRole(roleName, roleType, incDefPol, enableAlksAccess)
+	resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess)
 
 	if err != nil {
 		return err