From 592e1d7c0caf193dbe0820908d1349d449a4eaf8 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 25 Jan 2021 11:10:14 -0500 Subject: [PATCH 1/7] Implement importer. --- resource_alks_iamrole.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 133a1867..4113f7b6 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -19,6 +19,9 @@ func resourceAlksIamRole() *schema.Resource { Update: resourceAlksIamRoleUpdate, Exists: resourceAlksIamRoleExists, Delete: resourceAlksIamRoleDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, SchemaVersion: 1, MigrateState: migrateState, @@ -67,6 +70,9 @@ func resourceAlksIamTrustRole() *schema.Resource { Update: resourceAlksIamRoleUpdate, Exists: resourceAlksIamRoleExists, Delete: resourceAlksIamRoleDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, SchemaVersion: 1, MigrateState: migrateState, From 36d5b1fa1bb3679ddb2e5883c89f213d2c5e1d67 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 25 Jan 2021 11:20:20 -0500 Subject: [PATCH 2/7] Update docs for importing resources. --- docs/resources/alks_iamrole.md | 9 ++++++++- docs/resources/alks_iamtrustrole.md | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/resources/alks_iamrole.md b/docs/resources/alks_iamrole.md index 295e6c21..2a371390 100644 --- a/docs/resources/alks_iamrole.md +++ b/docs/resources/alks_iamrole.md @@ -23,4 +23,11 @@ The following arguments are supported: * `role_added_to_ip` - (Computed) Indicates whether or not an instance profile role was created. * `arn` - (Computed) Provides the ARN of the role that was created. * `ip_arn` - (Computed) If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role. -* `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability. \ No newline at end of file +* `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability. + +## Import + +ALKS IAM roles can be imported using the `name`, e.g. +``` +$ terraform import alks_iamrole.test_role My_Test_Role +``` \ No newline at end of file diff --git a/docs/resources/alks_iamtrustrole.md b/docs/resources/alks_iamtrustrole.md index 13ed1771..cf7ffdf1 100644 --- a/docs/resources/alks_iamtrustrole.md +++ b/docs/resources/alks_iamtrustrole.md @@ -25,4 +25,11 @@ The following arguments are supported: * `role_added_to_ip` - (Computed) Indicates whether or not an instance profile role was created. * `arn` - (Computed) Provides the ARN of the role that was created. * `ip_arn` - (Computed) If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role. -* `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability. \ No newline at end of file +* `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability. + +## Import + +ALKS IAM trust roles can be imported using the `name`, e.g. +``` +$ terraform import alks_iamtrustrole.test_trust_role My_Cross_Test_Role +``` \ No newline at end of file From e3e1137f8b02185f9d35e01a7d2b27abb3791496 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 25 Jan 2021 14:37:54 -0500 Subject: [PATCH 3/7] WIP. --- resource_alks_iamrole.go | 46 ++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 4113f7b6..6ae2fa0d 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -20,7 +20,7 @@ func resourceAlksIamRole() *schema.Resource { Exists: resourceAlksIamRoleExists, Delete: resourceAlksIamRoleDelete, Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + State: resourceAlksIamRoleImport, }, SchemaVersion: 1, @@ -130,9 +130,9 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } d.SetId(resp.RoleName) - d.Set("arn", resp.RoleArn) - d.Set("ip_arn", resp.RoleIPArn) - d.Set("role_added_to_ip", resp.RoleAddedToIP) + _ = d.Set("arn", resp.RoleArn) + _ = d.Set("ip_arn", resp.RoleIPArn) + _ = d.Set("role_added_to_ip", resp.RoleAddedToIP) log.Printf("[INFO] alks_iamrole.id: %v", d.Id()) @@ -173,9 +173,9 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er response := *resp d.SetId(response.RoleName) - d.Set("arn", response.RoleArn) - d.Set("ip_arn", response.RoleIPArn) - d.Set("role_added_to_ip", response.RoleAddedToIP) + _ = d.Set("arn", response.RoleArn) + _ = d.Set("ip_arn", response.RoleIPArn) + _ = d.Set("role_added_to_ip", response.RoleAddedToIP) log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id()) @@ -252,6 +252,24 @@ func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error { return nil } +func resourceAlksIamRoleImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + log.Printf("[INFO] ALKS IAM Role Import") + + // TODO: Delete or finalize this! + log.Printf("ID: " + d.Id()) + client := meta.(*alks.Client) + foundrole, _ := client.GetIamRole(d.Id()) + + log.Printf("Role Type: " + foundrole.RoleType) + + _ = d.Set("name", d.Id()) + _ = d.Set("type", "AWS CodeBuild") // How do we know? API never returns. + _ = d.Set("include_default_policies", false) // Cannot retrieve this for some reason? + + return []*schema.ResourceData{d}, nil + +} + func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { var alksAccess = d.Get("enable_alks_access").(bool) var roleArn = d.Get("arn").(string) @@ -273,10 +291,9 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { } func populateResourceDataFromRole(role *alks.GetIamRoleResponse, d *schema.ResourceData) error { - d.SetId(role.RoleName) - d.Set("arn", role.RoleArn) - d.Set("ip_arn", role.RoleIPArn) - d.Set("enable_alks_access", role.AlksAccess) + _ = d.Set("arn", role.RoleArn) + _ = d.Set("ip_arn", role.RoleIPArn) + _ = d.Set("enable_alks_access", role.AlksAccess) // role type isnt returned by alks api so this will always false report on a remote state change // for more info see issue #125 on ALKS repo @@ -285,13 +302,6 @@ func populateResourceDataFromRole(role *alks.GetIamRoleResponse, d *schema.Resou return nil } -func populateResourceDataFromMI(mi *alks.MachineIdentityResponse, d *schema.ResourceData) error { - d.SetId(mi.MachineIdentityArn) - d.Set("machine_identity_arn", mi.MachineIdentityArn) - - return nil -} - func migrateState(version int, state *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) { switch version { case 0: From 94d0de268898b224ac3ac54e41f412fe9b2c0cc2 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 25 Jan 2021 16:17:30 -0500 Subject: [PATCH 4/7] WIP part 2. Fixed the create + read for alks iam role, but still having trouble with the type attribute. --- resource_alks_iamrole.go | 44 +++++++++++++++++----------------------- 1 file changed, 19 insertions(+), 25 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 6ae2fa0d..3891a959 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -20,7 +20,7 @@ func resourceAlksIamRole() *schema.Resource { Exists: resourceAlksIamRoleExists, Delete: resourceAlksIamRoleDelete, Importer: &schema.ResourceImporter{ - State: resourceAlksIamRoleImport, + State: schema.ImportStatePassthrough, }, SchemaVersion: 1, @@ -130,13 +130,16 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } d.SetId(resp.RoleName) - _ = d.Set("arn", resp.RoleArn) - _ = d.Set("ip_arn", resp.RoleIPArn) - _ = d.Set("role_added_to_ip", resp.RoleAddedToIP) + //_ = d.Set("type", roleType) + //_ = d.Set("include_default_policies", incDefPol) + //_ = d.Set("role_added_to_ip", resp.RoleAddedToIP) + //_ = d.Set("arn", resp.RoleArn) + //_ = d.Set("ip_arn", resp.RoleIPArn) + //_ = d.Set("enable_alks_access", enableAlksAccess) log.Printf("[INFO] alks_iamrole.id: %v", d.Id()) - return nil + return resourceAlksIamRoleRead(d, meta) } func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) error { @@ -222,14 +225,23 @@ func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] ALKS IAM Role Read") client := meta.(*alks.Client) - foundrole, err := client.GetIamRole(d.Id()) if err != nil { + d.SetId("") return err } - return populateResourceDataFromRole(foundrole, d) + log.Printf("[INFO] alks_iamrole.id %v", d.Id()) + + _ = d.Set("name", foundrole.RoleName) + _ = d.Set("type", d.Get("type").(string)) + _ = d.Set("include_default_policies", d.Get("include_default_policies").(bool)) + _ = d.Set("arn", foundrole.RoleArn) + _ = d.Set("ip_arn", foundrole.RoleIPArn) + _ = d.Set("enable_alks_access", foundrole.AlksAccess) + + return nil } func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error { @@ -252,24 +264,6 @@ func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error { return nil } -func resourceAlksIamRoleImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - log.Printf("[INFO] ALKS IAM Role Import") - - // TODO: Delete or finalize this! - log.Printf("ID: " + d.Id()) - client := meta.(*alks.Client) - foundrole, _ := client.GetIamRole(d.Id()) - - log.Printf("Role Type: " + foundrole.RoleType) - - _ = d.Set("name", d.Id()) - _ = d.Set("type", "AWS CodeBuild") // How do we know? API never returns. - _ = d.Set("include_default_policies", false) // Cannot retrieve this for some reason? - - return []*schema.ResourceData{d}, nil - -} - func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { var alksAccess = d.Get("enable_alks_access").(bool) var roleArn = d.Get("arn").(string) From e7e7c9fac9aceac024f608cb67059b20637c1267 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 26 Jan 2021 10:00:38 -0500 Subject: [PATCH 5/7] Code cleanup. --- resource_alks_iamrole.go | 44 ++++++++++++---------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 3891a959..17b018fb 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -130,12 +130,6 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } d.SetId(resp.RoleName) - //_ = d.Set("type", roleType) - //_ = d.Set("include_default_policies", incDefPol) - //_ = d.Set("role_added_to_ip", resp.RoleAddedToIP) - //_ = d.Set("arn", resp.RoleArn) - //_ = d.Set("ip_arn", resp.RoleIPArn) - //_ = d.Set("enable_alks_access", enableAlksAccess) log.Printf("[INFO] alks_iamrole.id: %v", d.Id()) @@ -176,13 +170,10 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er response := *resp d.SetId(response.RoleName) - _ = d.Set("arn", response.RoleArn) - _ = d.Set("ip_arn", response.RoleIPArn) - _ = d.Set("role_added_to_ip", response.RoleAddedToIP) log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id()) - return nil + return resourceAlksIamRoleRead(d, meta) } func resourceAlksIamRoleDelete(d *schema.ResourceData, meta interface{}) error { @@ -203,7 +194,7 @@ func resourceAlksIamRoleExists(d *schema.ResourceData, meta interface{}) (b bool client := meta.(*alks.Client) - foundrole, err := client.GetIamRole(d.Id()) + foundRole, err := client.GetIamRole(d.Id()) if err != nil { // TODO: Clean-up this logic, likely by improving the error responses from `alks-go` @@ -214,7 +205,7 @@ func resourceAlksIamRoleExists(d *schema.ResourceData, meta interface{}) (b bool return false, err } - if foundrole == nil { + if foundRole == nil { return false, nil } @@ -225,7 +216,7 @@ func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] ALKS IAM Role Read") client := meta.(*alks.Client) - foundrole, err := client.GetIamRole(d.Id()) + foundRole, err := client.GetIamRole(d.Id()) if err != nil { d.SetId("") @@ -234,12 +225,15 @@ func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] alks_iamrole.id %v", d.Id()) - _ = d.Set("name", foundrole.RoleName) - _ = d.Set("type", d.Get("type").(string)) - _ = d.Set("include_default_policies", d.Get("include_default_policies").(bool)) - _ = d.Set("arn", foundrole.RoleArn) - _ = d.Set("ip_arn", foundrole.RoleIPArn) - _ = d.Set("enable_alks_access", foundrole.AlksAccess) + _ = d.Set("name", foundRole.RoleName) + _ = d.Set("arn", foundRole.RoleArn) + _ = d.Set("ip_arn", foundRole.RoleIPArn) + _ = d.Set("enable_alks_access", foundRole.AlksAccess) + + // TODO: In the future, our API or tags need to dynamically grab these values. + // Till then, all imports require a destroy + create. + //_ = d.Set("type", foundrole.RoleType) + //_ = d.Set("include_default_policies", foundrole.InclDefaultPolicies) return nil } @@ -284,18 +278,6 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { return nil } -func populateResourceDataFromRole(role *alks.GetIamRoleResponse, d *schema.ResourceData) error { - _ = d.Set("arn", role.RoleArn) - _ = d.Set("ip_arn", role.RoleIPArn) - _ = d.Set("enable_alks_access", role.AlksAccess) - - // role type isnt returned by alks api so this will always false report on a remote state change - // for more info see issue #125 on ALKS repo - // d.Set("type", role.RoleType) - - return nil -} - func migrateState(version int, state *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) { switch version { case 0: From 1726b1be7e426e25c0433ad097bf1224093de826 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 26 Jan 2021 10:03:43 -0500 Subject: [PATCH 6/7] Add warning in the docs about importing. --- docs/resources/alks_iamrole.md | 2 ++ docs/resources/alks_iamtrustrole.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/resources/alks_iamrole.md b/docs/resources/alks_iamrole.md index 2a371390..0493d8ec 100644 --- a/docs/resources/alks_iamrole.md +++ b/docs/resources/alks_iamrole.md @@ -27,6 +27,8 @@ The following arguments are supported: ## Import +!> **Warning:** This will force-replace the resource. + ALKS IAM roles can be imported using the `name`, e.g. ``` $ terraform import alks_iamrole.test_role My_Test_Role diff --git a/docs/resources/alks_iamtrustrole.md b/docs/resources/alks_iamtrustrole.md index cf7ffdf1..1122dced 100644 --- a/docs/resources/alks_iamtrustrole.md +++ b/docs/resources/alks_iamtrustrole.md @@ -29,6 +29,8 @@ The following arguments are supported: ## Import +!> **Warning:** This will force-replace the resource. + ALKS IAM trust roles can be imported using the `name`, e.g. ``` $ terraform import alks_iamtrustrole.test_trust_role My_Cross_Test_Role From 732ca44fe8d037e01dd968c4bfbafbe074fc9f64 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 18 Feb 2021 11:07:28 -0500 Subject: [PATCH 7/7] Need to set 'role_added_to_ip' field on create. --- resource_alks_iamrole.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 17b018fb..71fb9b91 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -130,6 +130,7 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } d.SetId(resp.RoleName) + _ = d.Set("role_added_to_ip", resp.RoleAddedToIP) log.Printf("[INFO] alks_iamrole.id: %v", d.Id()) @@ -170,6 +171,7 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er response := *resp d.SetId(response.RoleName) + _ = d.Set("role_added_to_ip", resp.RoleAddedToIP) log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id())