Merge pull request #132 from Cox-Automotive/develop

Merge develop to master
Cox-Automotive · May 17, 2021 · 2a24938 · 2a24938
2 parents 7719a3c + 7aa1195
commit 2a24938
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 18 deletions.
diff --git a/config.go b/config.go
@@ -183,17 +183,6 @@ func (c *Config) Client() (*alks.Client, error) {
 		}
 	}
 
-	// Validate STS for IAM active.
-	validate, err := client.GetMyLoginRole()
-	if err != nil {
-		return nil, err
-	}
-
-	if validate.LoginRole.IamKeyActive != true {
-		return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " +
-			"Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.")
-	}
-
 	client.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion()))
 
 	log.Println("[INFO] ALKS Client configured")

diff --git a/helpers.go b/helpers.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"errors"
+
+	"github.com/Cox-Automotive/alks-go"
+)
+
+func validateIAMEnabled(client *alks.Client) error {
+	// Validate STS for IAM active.
+	resp, err := client.GetMyLoginRole()
+	if err != nil {
+		return err
+	}
+
+	if !resp.LoginRole.IamKeyActive {
+		return errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " +
+			"Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.")
+	}
+
+	return nil
+}
diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go
@@ -135,8 +135,11 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	client := meta.(*alks.Client)
-	resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess)
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 
+	resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess)
 	if err != nil {
 		return err
 	}
@@ -158,6 +161,9 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er
 	var enableAlksAccess = d.Get("enable_alks_access").(bool)
 
 	client := meta.(*alks.Client)
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 
 	var resp *alks.IamRoleResponse
 	err := resource.Retry(2*time.Minute, func() *resource.RetryError {
@@ -194,9 +200,11 @@ func resourceAlksIamRoleDelete(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[INFO] ALKS IAM Role Delete")
 
 	client := meta.(*alks.Client)
-	err := client.DeleteIamRole(d.Id())
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 
-	if err != nil {
+	if err := client.DeleteIamRole(d.Id()); err != nil {
 		return err
 	}
 
@@ -276,6 +284,9 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error {
 	var alksAccess = d.Get("enable_alks_access").(bool)
 	var roleArn = d.Get("arn").(string)
 	client := meta.(*alks.Client)
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 	// create the machine identity
 	if alksAccess {
 		_, err := client.AddRoleMachineIdentity(roleArn)

diff --git a/resource_alks_ltk.go b/resource_alks_ltk.go
@@ -1,9 +1,10 @@
 package main
 
 import (
+	"log"
+
 	alks "github.com/Cox-Automotive/alks-go"
 	"github.com/hashicorp/terraform/helper/schema"
-	"log"
 )
 
 func resourceAlksLtk() *schema.Resource {
@@ -49,8 +50,11 @@ func resourceAlksLtkCreate(d *schema.ResourceData, meta interface{}) error {
 	var iamUsername = d.Get("iam_username").(string)
 
 	client := meta.(*alks.Client)
-	resp, err := client.CreateLongTermKey(iamUsername)
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 
+	resp, err := client.CreateLongTermKey(iamUsername)
 	if err != nil {
 		return err
 	}
@@ -88,9 +92,11 @@ func resourceAlksLtkDelete(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[INFO] ALKS LTK User Delete")
 
 	client := meta.(*alks.Client)
-	_, err := client.DeleteLongTermKey(d.Id())
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
 
-	if err != nil {
+	if _, err := client.DeleteLongTermKey(d.Id()); err != nil {
 		return err
 	}