From 3ee2be3c5cef6bc47970401c639e28860e904a52 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 17 Aug 2020 15:55:20 -0400 Subject: [PATCH 01/23] This command adds SHA256 sum for ea/ zip file in the release. --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index f0fd41d1..9a0ffeb9 100644 --- a/Makefile +++ b/Makefile @@ -50,6 +50,8 @@ release: GOOS=windows GOARCH=amd64 go build -ldflags "-X main.versionNumber=$(TRAVIS_TAG)" -o release/terraform-provider-alks_v$(TRAVIS_TAG).exe -mod=vendor $(package) zip release/terraform-provider-alks-windows-amd64.zip release/terraform-provider-alks_v$(TRAVIS_TAG).exe + shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS + rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe rm release/terraform-provider-alks_v$(TRAVIS_TAG) From 6f0ad31acf46cc022e0579f59ee42b5377509021 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 17 Aug 2020 15:55:45 -0400 Subject: [PATCH 02/23] We are going to actually KEEP the binary - this seems to be a new requirement in the release. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9a0ffeb9..2ff1df3d 100644 --- a/Makefile +++ b/Makefile @@ -53,5 +53,5 @@ release: shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe - rm release/terraform-provider-alks_v$(TRAVIS_TAG) + # rm release/terraform-provider-alks_v$(TRAVIS_TAG) From 46c7ef3ef1a70212b8e1e9a91bcb82b3d3fc8437 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Wed, 19 Aug 2020 10:53:59 -0400 Subject: [PATCH 03/23] Almost working with Terraform registry. Still need GPGsigning on all commits for the repository. --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 2ff1df3d..a658943e 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,9 @@ release: shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS + # FIXME: This needs to be done by Admin. + # gpg --detach-sign release/terraform-provider-alks_$(TRAVIS_TAG)_SHA256SUMS + rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe # rm release/terraform-provider-alks_v$(TRAVIS_TAG) From a5c40e5d0df71daeca8b868319c449bdd82f70bd Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 15 Sep 2020 11:18:29 -0400 Subject: [PATCH 04/23] Added new provider for newest TF update. --- examples/versions.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 examples/versions.tf diff --git a/examples/versions.tf b/examples/versions.tf new file mode 100644 index 00000000..bbed3652 --- /dev/null +++ b/examples/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + alks = { + source = "coxautoinc.com/engineering-enablement/alks" + } + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 0.13" +} From ac39518b619053146a753a0cdf7baec0a5bec2bd Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 15 Sep 2020 15:44:16 -0400 Subject: [PATCH 05/23] added working example of multi-provider different account configuration. --- examples/alks.tf | 30 ++++++++++++++++++++++++------ examples/versions.tf | 3 ++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/examples/alks.tf b/examples/alks.tf index 93e605a9..fcc9a05d 100644 --- a/examples/alks.tf +++ b/examples/alks.tf @@ -2,18 +2,36 @@ # PROVIDERS # provider "alks" { - url = "https://alks.foo.com/rest" + url = "https://alks.foo.com/rest" } +provider "alks" { + url = "https://alks.foo.com/rest" + account = "" + role = "" + alias = "second" +} + + provider "aws" { - region = "us-east-1" + region = "us-east-1" } -# CREATE IAM ROLE +# CREATE IAM ROLE -- Initial Provider resource "alks_iamrole" "test_role" { - name = "aba-test-123456" - type = "Amazon EC2" - include_default_policies = false + name = "TEST-DELETE" + type = "AWS CodeBuild" + include_default_policies = false + enable_alks_access = true +} + +# CREATE IAM ROLE -- Secondary Provider +resource "alks_iamrole" "test_role_nonprod" { + provider = alks.second + name = "TEST-DELETE" + type = "AWS CodeBuild" + include_default_policies = false + enable_alks_access = true } # ATTACH POLICY diff --git a/examples/versions.tf b/examples/versions.tf index bbed3652..563e7d3e 100644 --- a/examples/versions.tf +++ b/examples/versions.tf @@ -1,7 +1,8 @@ terraform { required_providers { alks = { - source = "coxautoinc.com/engineering-enablement/alks" + source = "coxautoinc.com/engineering-enablement/alks" + version = "1.4.4" } aws = { source = "hashicorp/aws" From 2fdee0aea012cbc822d498b6a2d50ce0c3dcfb28 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 15 Sep 2020 16:18:33 -0400 Subject: [PATCH 06/23] New fields for the provider. --- provider.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/provider.go b/provider.go index 3c2a3c3e..2ff398bb 100644 --- a/provider.go +++ b/provider.go @@ -59,6 +59,18 @@ func Provider() terraform.ResourceProvider { Description: "The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.", DefaultFunc: schema.EnvDefaultFunc("AWS_SHARED_CREDENTIALS_FILE", nil), }, + "account": { + Type: schema.TypeString, + Optional: true, + Description: "The account which you'd like to retrieve credentials for.", + DefaultFunc: schema.EnvDefaultFunc("Account", nil), + }, + "role": { + Type: schema.TypeString, + Optional: true, + Description: "The role which you'd like to retrieve credentials for.", + DefaultFunc: schema.EnvDefaultFunc("Role", nil), + }, "assume_role": assumeRoleSchema(), }, @@ -111,6 +123,8 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { SecretKey: d.Get("secret_key").(string), Token: d.Get("token").(string), Profile: d.Get("profile").(string), + Account: d.Get("account").(string), + Role: d.Get("role").(string), } assumeRoleList := d.Get("assume_role").(*schema.Set).List() From a40018cf09c7a9b219e28cf841b0d6990b52f348 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 15 Sep 2020 16:18:54 -0400 Subject: [PATCH 07/23] implemented multi-account provider config. straight magik in here beware --- config.go | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 5 deletions(-) diff --git a/config.go b/config.go index 80ee1cf0..e8226fdb 100644 --- a/config.go +++ b/config.go @@ -39,6 +39,8 @@ type Config struct { CredsFilename string Profile string AssumeRole assumeRoleDetails + Account string + Role string } type assumeRoleDetails struct { @@ -123,7 +125,7 @@ func getCredentialsFromSession(c *Config) (*credentials.Credentials, error) { // Client returns a properly configured ALKS client or an appropriate error if initialization fails func (c *Config) Client() (*alks.Client, error) { - log.Println("[DEBUG] Validting STS credentials") + log.Println("[DEBUG] Validating STS credentials") // TODO: Fix typo. // lookup credentials creds := getCredentials(c) @@ -196,16 +198,29 @@ func (c *Config) Client() (*alks.Client, error) { // got good creds, create alks sts client client, err := alks.NewSTSClient(c.URL, cp.AccessKeyID, cp.SecretAccessKey, cp.SessionToken) + if err != nil { + return nil, err + } + + // 1. Check if calling for a specific account + if len(c.Account) > 0 && len(c.Role) > 0 { + + // 2. Generate client specified + newClient, err := generateNewClient(c, cident, client) + + if err != nil { + return nil, err + } + + return newClient, nil + } + // check if the user is using a assume-role IAM admin session or MI. if isValidIAM(cident.Arn, client) != true { return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") } - if err != nil { - return nil, err - } - client.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) log.Println("[INFO] ALKS Client configured") @@ -247,3 +262,49 @@ func isValidIAM(arn *string, client *alks.Client) bool { func splitBy(r rune) bool { return r == ':' || r == '/' } + +func generateNewClient(c *Config, cident *sts.GetCallerIdentityOutput, client *alks.Client) (*alks.Client, error) { + + // 3. Create account string + newAccDetail := c.Account + "/ALKS" + c.Role + + // Calling for the same account; fine. + if strings.Contains(newAccDetail, client.AccountDetails.Account) { + + // check if the user is using a assume-role IAM admin session or MI. + if isValidIAM(cident.Arn, client) != true { + return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + + "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") + } + + client.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) + + log.Println("[INFO] ALKS Client configured") + + return client, nil + } else { + + // 4. Alright, new credentials needed - swap em out. + client.AccountDetails.Account = newAccDetail + client.AccountDetails.Role = c.Role + + newCreds, _ := client.CreateIamSession() + newClient, err := alks.NewSTSClient(c.URL, newCreds.AccessKey, newCreds.SecretKey, newCreds.SessionToken) + + if err != nil { + return nil, err + } + + if isValidIAM(cident.Arn, newClient) != true { + return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + + "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") + } + + newClient.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) + + log.Println("[INFO] ALKS Client configured") + + // 5. Return this new client for provider + return newClient, nil + } +} From 08e912787e69416ac126ea8d9462beef73f97b36 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 15 Sep 2020 16:27:54 -0400 Subject: [PATCH 08/23] Typo fixed. --- config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.go b/config.go index e8226fdb..05dc0e79 100644 --- a/config.go +++ b/config.go @@ -125,7 +125,7 @@ func getCredentialsFromSession(c *Config) (*credentials.Credentials, error) { // Client returns a properly configured ALKS client or an appropriate error if initialization fails func (c *Config) Client() (*alks.Client, error) { - log.Println("[DEBUG] Validating STS credentials") // TODO: Fix typo. + log.Println("[DEBUG] Validating STS credentials") // lookup credentials creds := getCredentials(c) From d04e87094269bf5fdeb5e568fb4876a9da3c7c93 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 17 Sep 2020 10:48:50 -0400 Subject: [PATCH 09/23] got GPG signing done. --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index a658943e..1af21b2b 100644 --- a/Makefile +++ b/Makefile @@ -52,9 +52,7 @@ release: shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS - # FIXME: This needs to be done by Admin. - # gpg --detach-sign release/terraform-provider-alks_$(TRAVIS_TAG)_SHA256SUMS + gpg --detach-sign release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe - # rm release/terraform-provider-alks_v$(TRAVIS_TAG) From 4ecf11117e969f8e3af154b006a50fbd28e8a8d4 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 17 Sep 2020 13:53:59 -0400 Subject: [PATCH 10/23] Updated examples with new multi-account provider and data source. --- data_source_alks_keys.go | 56 ++++++++++++++++++++++++++++++++++++++++ examples/alks.tf | 19 ++++++++++++-- 2 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 data_source_alks_keys.go diff --git a/data_source_alks_keys.go b/data_source_alks_keys.go new file mode 100644 index 00000000..6b65b96f --- /dev/null +++ b/data_source_alks_keys.go @@ -0,0 +1,56 @@ +package main + +import ( + "github.com/Cox-Automotive/alks-go" + "github.com/hashicorp/terraform/helper/schema" + "log" + "strings" +) + +func dataSourceAlksAccountCreds() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAlksAccountCredsRead, + Schema: map[string]*schema.Schema{ + "access_key": { + Type: schema.TypeString, + Computed: true, + }, + "secret_key": { + Type: schema.TypeString, + Computed: true, + }, + "session_token": { + Type: schema.TypeString, + Computed: true, + }, + "account": { + Type: schema.TypeString, + Computed: true, + }, + "role": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func dataSourceAlksAccountCredsRead(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] ALKS Account Credential Read") + + client := meta.(*alks.Client) + resp, err := client.CreateIamSession() + + if err != nil { + return err + } + + // Return the information to user. + _ = d.Set("access_key", resp.AccessKey) + _ = d.Set("secret_key", resp.SecretKey) + _ = d.Set("session_token", resp.SessionToken) + _ = d.Set("account", client.AccountDetails.Account) + _ = d.Set("role", strings.Split(client.AccountDetails.Role, "/")[0]) + + return nil +} diff --git a/examples/alks.tf b/examples/alks.tf index fcc9a05d..0dfb20ef 100644 --- a/examples/alks.tf +++ b/examples/alks.tf @@ -5,16 +5,31 @@ provider "alks" { url = "https://alks.foo.com/rest" } +# Second ALKS provider, for an account I have access to. provider "alks" { url = "https://alks.foo.com/rest" account = "" role = "" - alias = "second" + alias = "nonprod" } +data "alks_keys" "non_prod_keys" { + provider = alks.nonprod +} + +provider "aws" { + region = "us-east-1" +} +# Second AWS provider, using credentials retreived from data source. provider "aws" { region = "us-east-1" + alias = "nonprod" + + # data source alks keys + access_key = data.alks_keys.non_prod_keys.access_key + secret_key = data.alks_keys.non_prod_keys.secret_key + token = data.alks_keys.non_prod_keys.session_token } # CREATE IAM ROLE -- Initial Provider @@ -27,7 +42,7 @@ resource "alks_iamrole" "test_role" { # CREATE IAM ROLE -- Secondary Provider resource "alks_iamrole" "test_role_nonprod" { - provider = alks.second + provider = alks.nonprod name = "TEST-DELETE" type = "AWS CodeBuild" include_default_policies = false From 45a4628195aafdec8bd2f024ce5839a9a9c6c18c Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 17 Sep 2020 13:54:10 -0400 Subject: [PATCH 11/23] Updated main docs. --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index f135db7d..bd31da9e 100644 --- a/README.md +++ b/README.md @@ -217,6 +217,25 @@ resource "alks_ltk" "test_ltk_user" { | `access_key` | Computed | n/a | string | Generated access key for the LTK user. Note: This is saved in the state file, so please be aware of this. | | `secret_key` | Computed | n/a | string | Generated secret key for the LTK user. Note: This is saved in the state file, so please be aware of this. | +### Data Source Configuration +#### `alks_keys` +```tf +data "alks_keys" "account_keys" { + providers: alks.my_alias +} +``` + +| Value | Type | Forces New | Value Type | Description | +| -------------- | -------- | ---------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `access_key` | Computed | n/a | string | Generated access key for the specified provider. If multiple providers, it takes the `provider` field. Otherwise uses the initial provider. | +| `secret_key` | Computed | n/a | string | Generated secret key for the specified provider. If multiple providers, it takes the `provider` field. Otherwise uses the initial provider. | +| `session_token`| Computed | n/a | string | Generated session token for the specified provider. If multiple providers, it takes the `provider` field. Otherwise uses the initial provider. | +| `account` | Computed | n/a | string | The account number of the returned keys. +| `role` | Computed | n/a | string | The role from the returned keys. + +_Note: This does not take any arguments. See below._ +- **How it works**: Whatever your default provider credentials are, will be used. If multiple providers have been configured, then one can point the data source to return keys for specific providers using `providers` field with a specific `alias`. + ## Example From 228f95ef3f9e8ac91ef583c817de05b7b3d08f1f Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 17 Sep 2020 14:10:26 -0400 Subject: [PATCH 12/23] Created new data source which creates new session and returns respective keys / account info. --- data_source_alks_keys.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data_source_alks_keys.go b/data_source_alks_keys.go index 6b65b96f..b5dfb635 100644 --- a/data_source_alks_keys.go +++ b/data_source_alks_keys.go @@ -7,9 +7,9 @@ import ( "strings" ) -func dataSourceAlksAccountCreds() *schema.Resource { +func dataSourceAlksKeys() *schema.Resource { return &schema.Resource{ - Read: dataSourceAlksAccountCredsRead, + Read: dataSourceAlksKeysRead, Schema: map[string]*schema.Schema{ "access_key": { Type: schema.TypeString, @@ -35,8 +35,8 @@ func dataSourceAlksAccountCreds() *schema.Resource { } } -func dataSourceAlksAccountCredsRead(d *schema.ResourceData, meta interface{}) error { - log.Printf("[INFO] ALKS Account Credential Read") +func dataSourceAlksKeysRead(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] ALKS Keys Data Source Read") client := meta.(*alks.Client) resp, err := client.CreateIamSession() From 58192dac57c12f82ec059ed0044a757bbcdadd01 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Thu, 17 Sep 2020 14:10:43 -0400 Subject: [PATCH 13/23] Added new data source to the provider --- provider.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/provider.go b/provider.go index 2ff398bb..9869ea43 100644 --- a/provider.go +++ b/provider.go @@ -80,6 +80,10 @@ func Provider() terraform.ResourceProvider { "alks_ltk": resourceAlksLtk(), }, + DataSourcesMap: map[string]*schema.Resource{ + "alks_keys": dataSourceAlksKeys(), + }, + ConfigureFunc: providerConfigure, } } From 37cece0bc4dc762af046a1ee904298b54c8c8400 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Fri, 18 Sep 2020 15:38:59 -0400 Subject: [PATCH 14/23] Added new gpg directory for the public key storage to be used for signing. --- gpg/2975641402110640.pub.asc | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 gpg/2975641402110640.pub.asc diff --git a/gpg/2975641402110640.pub.asc b/gpg/2975641402110640.pub.asc new file mode 100644 index 00000000..0e14dd07 --- /dev/null +++ b/gpg/2975641402110640.pub.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF9kzg8BEADkTfsV59DMBXSwPPt2WMHfyROWUXhk26zvt0qvS4YT2I6bpaZk +26o2vDy74e5KS75jmxb2FUe25LCCFiOjwY845fwNzf1mt/bipbxDJ6AJri3DXs2L +dF5/C0rMbx7WCelDCGe/c5iy+G/6FXn7lv/6nO6XGMW+hUNbGyfgXuCjCWI14nRS +r4sVmFm/d8lcnCDg9n6mvL3gxMuLKbCKz3YwRU6EjXH11CPx9rwnOVOzcvk+fOnC +MxOzOoGf9M1O+U6dfeodfFvGMbqiKKGn3NU1XtrNRNCinQVfBCwZcTFkfGVt4Cb5 +F/jUezzFgAYcvIKIPPXcNIJj4mI/1TeT0t4PKe0dCFKErAr8QS9URA0zpTFZngz8 +FM7gf7O/wxgTlFRoOZmOq1JQ6VQebClSphErgdj3363AAtThaSfPrFt1ZckW62NV +tSr9gs5KKqNwxolKcwcxstMBmJi8j51KzIG0LqS3RbUX7rNw4Zd3kHyUda3JZkUy +si5axD5d0e17wj805bHDK+R2vMrBOk5tD4PxqzkoazYuocGimzfBetyR2fO34YJv +hHRFtY/zTbdDk7wngtBKhOVnJBTj7sxg03X+vPCWkgSLRWQv88Wp4sr4oGYcXtZb +nVjKlbGkBi7LYk4Pbwpce0IBLCLhzAQ/mlfrpYuhEwU4grXGaokMiIScMwARAQAB +tFFBbmRyZXcgTWFnYW5hIChHUEcgS2V5IGZvciBBTEtTIFRGUCkgPDU3NTM2MDE0 +K2FtYWdhbmEzQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbT6JAk4EEwEIADgWIQTS +ibCMoYzGrDXiNCMpdWQUAhEGQAUCX2TODwIbAwULCQgHAgYVCgkICwIEFgIDAQIe +AQIXgAAKCRApdWQUAhEGQDwaD/4l3rWyAC1XYnZtQMloBJuh2ZmzZM3aqgT2ET0U +0OeWcL29Bq737l9w0KQxg2ZCvH0f6q4x0NJjmlwzchCWPpojx50SsdPbSjVGA14V +cUZUjsDWPWEdWuYEhqx88lblfyE0/1QyHtshY2sJ+Av1SU49b2z37nnZ9NfO2h3L +0ZXO4zZ/iDnPC+VqN0BOnWyFNyqHANgRvsxT1V2SsbHZ+MXBCVD2YwJHgJvkXpUE +ooRiPfJt9yP9PE7Ctt88z0om7jPD7CCB9jC09wj0n3fhdzSyeB2b2oD3m9dfaayr +WduaSB25F87BFq8zmrRvnKNZ8fITo8cwLBncwUhCBZFYsbl4+zcTwFsZee0rlagS +j7g7J/e0HLVWY5PIUJlJN/oGYMyhLcht43Mjr4dHISuEQR0iLzet3WwRrFZVFfqE +lXfZbgOIQxwrnge/W792RnI+mqZYJzFK01DONIpcPkxk8gW5hc1IdbYtAKJdjsK7 +rImjfG3sjFrWdUumYYUTxV5xBaM4hhvHcnzsEEvoV4STxpCnWdV/ZLC/Dwf/vMDA +TAfAhh4H7GAhQZRCjc851vom2L6PROoQHSMGmHWTRtHH8i/5ekKLNaZpIJbEmArz +3VkwGxSnZiE9JRKhmVGgWt5T4bmVW1oj1mWDdXSGF/1ReoJHsX1GLNhOrmryq5Pu +sz5Q0rkCDQRfZM4PARAAteWfaoNbE6yA+gfezh10sP6D6BQ+1WaZAphPnt29omst +9XoTpunsRbOIC+HRt9cltkfREoI7SNsSoNuRdtigGhhL5uVEl3NcmDHhbey4tVBr +2fETLva0sb+ZW6XHvNlqE6OmPuQOcTRV84d50MxjL8VUZHC87kn9m7h/51+oXtUi +hKjIaCP15pWUwasqywKTQLzvT8fe9CEQDEpOUjjI2t2P++k2IWJmW4b9kNUD4ycD +w56mCRZX+EKpdFjtK246VFEBAgJPIMfkTqZwoXxu2lctxC89E4ViwEevG56yzwJw +0nblBgczMk+NDgyR5rKrGMUk86pW3MhrkSVhD8FzvmhNesu48f2Vdjn+pDXwWJb9 +56OU73spmq4DCqRUfrS/fVAWR+PgIsqoVk0chB/9A9Wxe4hmPX0VmbLTo2ZAs68I +aFLNTNQ0fQDlLS0kURkKYT1pJJoLVs5KOJXe2NDrNWwNA1xEaT6QmJng53KspUfY +SLJYsH8ZbsYwiKB4P6pRk2MVu0s4YM2v0QbjtC6x9/YmHk3RTR6njdRcPI5ULemI +AlrJsY0HOhQYmvKErPGoM7YW90IzhZfwzwsSjilFgncsCpHKfoCBC3wAEwcyaPX7 +mzU1H5+RkzpuJYqDEVwebINZ1VRGFfPO+0gaFRrQX+2Ths7nEu/N2ovDbwGrb5MA +EQEAAYkCNgQYAQgAIBYhBNKJsIyhjMasNeI0Iyl1ZBQCEQZABQJfZM4PAhsMAAoJ +ECl1ZBQCEQZAufkP/ivq2ZE6RRqqo1uRILqEDj8gB51Jn2f1Lv8yzLYrvuRCu28k +kjnc7Kif6T5mquualMlr9cJStfkH13ZB3YcbVNRqzy1CeNMfLeoWW0fVG97/bY1v +NyClwF8kUUNVNkaM1Qxt2C633hIzA4EjhIkRo6ZkddoUeSCVMbUlpmqdas1iLjsH +CYQMi8cg4SslVGiBc2UqXqsc5jKzr3zrkkn6VHwqKMwPLibLUQwPk1vLxMH4Wrub +GRKZba0zTBAeV2ESuWvaZ/D4Dx8SZPOuekXYw2zIRJPCzXCOjsd0aHpozd4nQ2KT +IgFEEym2JXcoNXO9xs759g8xfpssP+b2xZsfVJlR5iEMMRVWkGLdvDqbcmJu6jCN +XFzNDwOQN5784VAMhFeIEVN5U1w4L5Eun9yVLGjT5WtskTFtrjs+Y7tkwOOmwFmn +F9Ib4oTMTtKH3r7yK4WjDEzjTMZKz8bRIHfMKw2OvrvB9Twarnt3yyuCQ7IxTwae +xY/eqUIok1WWX8uaOLwmwkyY2DM1zeFmHuC3D+d1YU5lpdUPvnJxkLZ9HDDvmENA +Q/6tlx0RRyQZ26NtIcWt1iDXw0dBqce/l8WHpZgiWilrruuel6aNWsa1WRAVCZ4d +VIGR/0trr61FFDJMlj4SZO6zex355E2arhjljVvKaCv/oHeVwTTZp79nEa+9 +=U4F3 +-----END PGP PUBLIC KEY BLOCK----- From e9e319442faca8f796de197a09360d5735f49d24 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Fri, 18 Sep 2020 15:39:18 -0400 Subject: [PATCH 15/23] Updated Makefile so it includes binary, SHA256, and GPG signed files. --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1af21b2b..0d0f48a0 100644 --- a/Makefile +++ b/Makefile @@ -52,7 +52,9 @@ release: shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS - gpg --detach-sign release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS + gpg --import gpg/2975641402110640.pub.asc + + gpg --batch -c --passphrase $(GPG_PASSPHRASE) -u 2975641402110640 --detach-sign release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe From 53a22a6b07f63eabf56b9c405d6f7ac199b67d07 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 22 Sep 2020 10:44:26 -0400 Subject: [PATCH 16/23] Checking for error when creating IAM session. --- config.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/config.go b/config.go index 05dc0e79..4741f2b2 100644 --- a/config.go +++ b/config.go @@ -288,7 +288,12 @@ func generateNewClient(c *Config, cident *sts.GetCallerIdentityOutput, client *a client.AccountDetails.Account = newAccDetail client.AccountDetails.Role = c.Role - newCreds, _ := client.CreateIamSession() + newCreds, err := client.CreateIamSession() + + if err != nil { + return nil, err + } + newClient, err := alks.NewSTSClient(c.URL, newCreds.AccessKey, newCreds.SecretKey, newCreds.SessionToken) if err != nil { From cd6e34b2e3ae0791c899c0dfcd440757cd4fc210 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 22 Sep 2020 12:28:12 -0400 Subject: [PATCH 17/23] Rookie mistake: Need to set an ID otherwise the data is LOST. --- data_source_alks_keys.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data_source_alks_keys.go b/data_source_alks_keys.go index b5dfb635..f09c6766 100644 --- a/data_source_alks_keys.go +++ b/data_source_alks_keys.go @@ -52,5 +52,7 @@ func dataSourceAlksKeysRead(d *schema.ResourceData, meta interface{}) error { _ = d.Set("account", client.AccountDetails.Account) _ = d.Set("role", strings.Split(client.AccountDetails.Role, "/")[0]) + d.SetId(client.AccountDetails.Account) + return nil } From c918c9e28115949e98118807f5761512e3f4bc95 Mon Sep 17 00:00:00 2001 From: Webb Barker Date: Wed, 23 Sep 2020 11:01:18 -0400 Subject: [PATCH 18/23] Cleans up linter warnings and refactors client bootstrap process a bit --- config.go | 70 +++++++++++++++++-------------------------------------- 1 file changed, 21 insertions(+), 49 deletions(-) diff --git a/config.go b/config.go index 783e333a..5403b03c 100644 --- a/config.go +++ b/config.go @@ -19,7 +19,7 @@ import ( // Version number, to be injected at link time // to set, add `-ldflags "-X main.versionNumber=1.2.3"` to the go build command var versionNumber string -var ErrNoValidCredentialSources = errors.New(`No valid credential sources found for ALKS Provider. +var errNoValidCredentialSources = errors.New(`No valid credential sources found for ALKS Provider. Please see https://github.com/Cox-Automotive/terraform-provider-alks#authentication for more information on providing credentials for the ALKS Provider`) @@ -78,14 +78,14 @@ func getCredentialsFromSession(c *Config) (*credentials.Credentials, error) { sess, err = session.NewSessionWithOptions(*options) if err != nil { if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" { - return nil, ErrNoValidCredentialSources + return nil, errNoValidCredentialSources } return nil, fmt.Errorf("Error creating AWS session: %s", err) } creds := sess.Config.Credentials cp, err := sess.Config.Credentials.Get() if err != nil { - return nil, ErrNoValidCredentialSources + return nil, errNoValidCredentialSources } log.Printf("[DEBUG] Got session credentials from provider: %s\n", cp.ProviderName) @@ -117,7 +117,7 @@ func (c *Config) Client() (*alks.Client, error) { } } if cpErr != nil { - return nil, ErrNoValidCredentialSources + return nil, errNoValidCredentialSources } // create a new session to test credentails @@ -163,7 +163,6 @@ func (c *Config) Client() (*alks.Client, error) { // make a basic api call to test creds are valid cident, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{}) - // check for valid creds if serr != nil { return nil, serr @@ -171,22 +170,17 @@ func (c *Config) Client() (*alks.Client, error) { // got good creds, create alks sts client client, err := alks.NewSTSClient(c.URL, cp.AccessKeyID, cp.SecretAccessKey, cp.SessionToken) - if err != nil { return nil, err } // 1. Check if calling for a specific account if len(c.Account) > 0 && len(c.Role) > 0 { - // 2. Generate client specified - newClient, err := generateNewClient(c, cident, client) - + client, err = generateNewClient(c, cident, client) if err != nil { return nil, err } - - return newClient, nil } // check if the user is using a assume-role IAM admin session or MI. @@ -230,6 +224,7 @@ func isValidIAM(arn *string, client *alks.Client) bool { if err != nil { return false } + return true } @@ -242,48 +237,25 @@ func generateNewClient(c *Config, cident *sts.GetCallerIdentityOutput, client *a // 3. Create account string newAccDetail := c.Account + "/ALKS" + c.Role - // Calling for the same account; fine. + // Calling for the same account; exit early if strings.Contains(newAccDetail, client.AccountDetails.Account) { - - // check if the user is using a assume-role IAM admin session or MI. - if isValidIAM(cident.Arn, client) != true { - return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + - "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") - } - - client.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) - - log.Println("[INFO] ALKS Client configured") - return client, nil - } else { - - // 4. Alright, new credentials needed - swap em out. - client.AccountDetails.Account = newAccDetail - client.AccountDetails.Role = c.Role - - newCreds, err := client.CreateIamSession() - - if err != nil { - return nil, err - } - - newClient, err := alks.NewSTSClient(c.URL, newCreds.AccessKey, newCreds.SecretKey, newCreds.SessionToken) - - if err != nil { - return nil, err - } - - if isValidIAM(cident.Arn, newClient) != true { - return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + - "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") - } + } - newClient.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) + // 4. Alright, new credentials needed - swap em out. + client.AccountDetails.Account = newAccDetail + client.AccountDetails.Role = c.Role - log.Println("[INFO] ALKS Client configured") + newCreds, err := client.CreateIamSession() + if err != nil { + return nil, err + } - // 5. Return this new client for provider - return newClient, nil + newClient, err := alks.NewSTSClient(c.URL, newCreds.AccessKey, newCreds.SecretKey, newCreds.SessionToken) + if err != nil { + return nil, err } + + // 5. Return this new client for provider + return newClient, nil } From 7b689c490ba1f076590dc8ec7c98331e45ce9d2c Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Wed, 23 Sep 2020 11:07:08 -0400 Subject: [PATCH 19/23] Cleaned up unused parameter. --- config.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.go b/config.go index 5403b03c..7522fb82 100644 --- a/config.go +++ b/config.go @@ -177,7 +177,7 @@ func (c *Config) Client() (*alks.Client, error) { // 1. Check if calling for a specific account if len(c.Account) > 0 && len(c.Role) > 0 { // 2. Generate client specified - client, err = generateNewClient(c, cident, client) + client, err = generateNewClient(c, client) if err != nil { return nil, err } @@ -232,7 +232,7 @@ func splitBy(r rune) bool { return r == ':' || r == '/' } -func generateNewClient(c *Config, cident *sts.GetCallerIdentityOutput, client *alks.Client) (*alks.Client, error) { +func generateNewClient(c *Config, client *alks.Client) (*alks.Client, error) { // 3. Create account string newAccDetail := c.Account + "/ALKS" + c.Role From aada560475c22aa03863d21bccb95edce1cdc347 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 28 Sep 2020 09:59:36 -0400 Subject: [PATCH 20/23] Storing the signing key but not putting it into our repo. --- .gitignore | 3 ++- gpg/2975641402110640.pub.asc | 52 ------------------------------------ 2 files changed, 2 insertions(+), 53 deletions(-) delete mode 100644 gpg/2975641402110640.pub.asc diff --git a/.gitignore b/.gitignore index fc529511..ddc0fc39 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,5 @@ glide.lock # VSCode .vscode .DS_Store -.terraform/ \ No newline at end of file +.terraform/ +gpg/ \ No newline at end of file diff --git a/gpg/2975641402110640.pub.asc b/gpg/2975641402110640.pub.asc deleted file mode 100644 index 0e14dd07..00000000 --- a/gpg/2975641402110640.pub.asc +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBF9kzg8BEADkTfsV59DMBXSwPPt2WMHfyROWUXhk26zvt0qvS4YT2I6bpaZk -26o2vDy74e5KS75jmxb2FUe25LCCFiOjwY845fwNzf1mt/bipbxDJ6AJri3DXs2L -dF5/C0rMbx7WCelDCGe/c5iy+G/6FXn7lv/6nO6XGMW+hUNbGyfgXuCjCWI14nRS -r4sVmFm/d8lcnCDg9n6mvL3gxMuLKbCKz3YwRU6EjXH11CPx9rwnOVOzcvk+fOnC -MxOzOoGf9M1O+U6dfeodfFvGMbqiKKGn3NU1XtrNRNCinQVfBCwZcTFkfGVt4Cb5 -F/jUezzFgAYcvIKIPPXcNIJj4mI/1TeT0t4PKe0dCFKErAr8QS9URA0zpTFZngz8 -FM7gf7O/wxgTlFRoOZmOq1JQ6VQebClSphErgdj3363AAtThaSfPrFt1ZckW62NV -tSr9gs5KKqNwxolKcwcxstMBmJi8j51KzIG0LqS3RbUX7rNw4Zd3kHyUda3JZkUy -si5axD5d0e17wj805bHDK+R2vMrBOk5tD4PxqzkoazYuocGimzfBetyR2fO34YJv -hHRFtY/zTbdDk7wngtBKhOVnJBTj7sxg03X+vPCWkgSLRWQv88Wp4sr4oGYcXtZb -nVjKlbGkBi7LYk4Pbwpce0IBLCLhzAQ/mlfrpYuhEwU4grXGaokMiIScMwARAQAB -tFFBbmRyZXcgTWFnYW5hIChHUEcgS2V5IGZvciBBTEtTIFRGUCkgPDU3NTM2MDE0 -K2FtYWdhbmEzQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbT6JAk4EEwEIADgWIQTS -ibCMoYzGrDXiNCMpdWQUAhEGQAUCX2TODwIbAwULCQgHAgYVCgkICwIEFgIDAQIe -AQIXgAAKCRApdWQUAhEGQDwaD/4l3rWyAC1XYnZtQMloBJuh2ZmzZM3aqgT2ET0U -0OeWcL29Bq737l9w0KQxg2ZCvH0f6q4x0NJjmlwzchCWPpojx50SsdPbSjVGA14V -cUZUjsDWPWEdWuYEhqx88lblfyE0/1QyHtshY2sJ+Av1SU49b2z37nnZ9NfO2h3L -0ZXO4zZ/iDnPC+VqN0BOnWyFNyqHANgRvsxT1V2SsbHZ+MXBCVD2YwJHgJvkXpUE -ooRiPfJt9yP9PE7Ctt88z0om7jPD7CCB9jC09wj0n3fhdzSyeB2b2oD3m9dfaayr -WduaSB25F87BFq8zmrRvnKNZ8fITo8cwLBncwUhCBZFYsbl4+zcTwFsZee0rlagS -j7g7J/e0HLVWY5PIUJlJN/oGYMyhLcht43Mjr4dHISuEQR0iLzet3WwRrFZVFfqE -lXfZbgOIQxwrnge/W792RnI+mqZYJzFK01DONIpcPkxk8gW5hc1IdbYtAKJdjsK7 -rImjfG3sjFrWdUumYYUTxV5xBaM4hhvHcnzsEEvoV4STxpCnWdV/ZLC/Dwf/vMDA -TAfAhh4H7GAhQZRCjc851vom2L6PROoQHSMGmHWTRtHH8i/5ekKLNaZpIJbEmArz -3VkwGxSnZiE9JRKhmVGgWt5T4bmVW1oj1mWDdXSGF/1ReoJHsX1GLNhOrmryq5Pu -sz5Q0rkCDQRfZM4PARAAteWfaoNbE6yA+gfezh10sP6D6BQ+1WaZAphPnt29omst -9XoTpunsRbOIC+HRt9cltkfREoI7SNsSoNuRdtigGhhL5uVEl3NcmDHhbey4tVBr -2fETLva0sb+ZW6XHvNlqE6OmPuQOcTRV84d50MxjL8VUZHC87kn9m7h/51+oXtUi -hKjIaCP15pWUwasqywKTQLzvT8fe9CEQDEpOUjjI2t2P++k2IWJmW4b9kNUD4ycD -w56mCRZX+EKpdFjtK246VFEBAgJPIMfkTqZwoXxu2lctxC89E4ViwEevG56yzwJw -0nblBgczMk+NDgyR5rKrGMUk86pW3MhrkSVhD8FzvmhNesu48f2Vdjn+pDXwWJb9 -56OU73spmq4DCqRUfrS/fVAWR+PgIsqoVk0chB/9A9Wxe4hmPX0VmbLTo2ZAs68I -aFLNTNQ0fQDlLS0kURkKYT1pJJoLVs5KOJXe2NDrNWwNA1xEaT6QmJng53KspUfY -SLJYsH8ZbsYwiKB4P6pRk2MVu0s4YM2v0QbjtC6x9/YmHk3RTR6njdRcPI5ULemI -AlrJsY0HOhQYmvKErPGoM7YW90IzhZfwzwsSjilFgncsCpHKfoCBC3wAEwcyaPX7 -mzU1H5+RkzpuJYqDEVwebINZ1VRGFfPO+0gaFRrQX+2Ths7nEu/N2ovDbwGrb5MA -EQEAAYkCNgQYAQgAIBYhBNKJsIyhjMasNeI0Iyl1ZBQCEQZABQJfZM4PAhsMAAoJ -ECl1ZBQCEQZAufkP/ivq2ZE6RRqqo1uRILqEDj8gB51Jn2f1Lv8yzLYrvuRCu28k -kjnc7Kif6T5mquualMlr9cJStfkH13ZB3YcbVNRqzy1CeNMfLeoWW0fVG97/bY1v -NyClwF8kUUNVNkaM1Qxt2C633hIzA4EjhIkRo6ZkddoUeSCVMbUlpmqdas1iLjsH -CYQMi8cg4SslVGiBc2UqXqsc5jKzr3zrkkn6VHwqKMwPLibLUQwPk1vLxMH4Wrub -GRKZba0zTBAeV2ESuWvaZ/D4Dx8SZPOuekXYw2zIRJPCzXCOjsd0aHpozd4nQ2KT -IgFEEym2JXcoNXO9xs759g8xfpssP+b2xZsfVJlR5iEMMRVWkGLdvDqbcmJu6jCN -XFzNDwOQN5784VAMhFeIEVN5U1w4L5Eun9yVLGjT5WtskTFtrjs+Y7tkwOOmwFmn -F9Ib4oTMTtKH3r7yK4WjDEzjTMZKz8bRIHfMKw2OvrvB9Twarnt3yyuCQ7IxTwae -xY/eqUIok1WWX8uaOLwmwkyY2DM1zeFmHuC3D+d1YU5lpdUPvnJxkLZ9HDDvmENA -Q/6tlx0RRyQZ26NtIcWt1iDXw0dBqce/l8WHpZgiWilrruuel6aNWsa1WRAVCZ4d -VIGR/0trr61FFDJMlj4SZO6zex355E2arhjljVvKaCv/oHeVwTTZp79nEa+9 -=U4F3 ------END PGP PUBLIC KEY BLOCK----- From f2ce08ad5407aba1aa1c29d4570ecedbb4600896 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 28 Sep 2020 10:00:15 -0400 Subject: [PATCH 21/23] Added secret key as BASE64 copy and set new GPG_KEY environment variable in TravisCI. --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 0d0f48a0..48015ca5 100644 --- a/Makefile +++ b/Makefile @@ -52,9 +52,9 @@ release: shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS - gpg --import gpg/2975641402110640.pub.asc + echo "$GPG_KEY" | base64 --decode --ignore-garbage | gpg --batch --allow-secret-key-import --import - gpg --batch -c --passphrase $(GPG_PASSPHRASE) -u 2975641402110640 --detach-sign release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS + @gpg --batch -c --passphrase $(GPG_PASSPHRASE) -u C182B91A3A62B0D5 --detach-sign release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS rm release/terraform-provider-alks_v$(TRAVIS_TAG).exe From 443109405da10d1b61396cacf90a7ec29e3dd713 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 28 Sep 2020 10:19:48 -0400 Subject: [PATCH 22/23] add newline at end of file. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index ddc0fc39..bf827417 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,4 @@ glide.lock .vscode .DS_Store .terraform/ -gpg/ \ No newline at end of file +gpg/ From 497edb9bc6b1fcfbda51467efc51a7a2fe20af1e Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Wed, 14 Oct 2020 16:42:15 -0400 Subject: [PATCH 23/23] SHASUM for .zip and .tar files. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 48015ca5..0f898665 100644 --- a/Makefile +++ b/Makefile @@ -50,7 +50,7 @@ release: GOOS=windows GOARCH=amd64 go build -ldflags "-X main.versionNumber=$(TRAVIS_TAG)" -o release/terraform-provider-alks_v$(TRAVIS_TAG).exe -mod=vendor $(package) zip release/terraform-provider-alks-windows-amd64.zip release/terraform-provider-alks_v$(TRAVIS_TAG).exe - shasum -a 256 release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS + shasum -a 256 release/*.tar.gz release/*.zip > release/terraform-provider-alks_v$(TRAVIS_TAG)_SHA256SUMS echo "$GPG_KEY" | base64 --decode --ignore-garbage | gpg --batch --allow-secret-key-import --import