From 6a107965f98a8895ad247e215bd57ce2645f07dd Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 3 May 2021 10:38:52 -0400 Subject: [PATCH 1/3] Remove TravisCI. --- .travis.yml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 01fc4d74..00000000 --- a/.travis.yml +++ /dev/null @@ -1,22 +0,0 @@ -language: go -sudo: false -go: - - 1.14.4 -os: - - osx - -install: - - make build test - -before_deploy: - - make release - -notifications: - email: false - slack: - secure: FbWAAe1dJvSEC5dhIozsPG94it3WusO149EMdp+tq2pP4VqAek1l6yKtfzuns5NJhdQHyYj4ERMd74l5u98vgZWHHHjUMr7d/4eFlAY3OpfyGNjFInqzmsAkccV0z8wB4Os15kOUM4hNYRJPbOm/17xvGi+eWQVj8XxVsowSe7goSazibNyjd4RQCaM0E4u6GDJlAqgKqw4sP07AsXEiWSI/A1KhifoNOXhK7mFIFvEJrhvahlUuHoQ0NrtHSx1IKo+efxip3usmREEmnNERTTUKRhmo0T7drV0j/IWvb1UNkq9MRsNOOyAgAC7hv7D3GXBFTXylzxB68OnU+f79XDGdivaq3qRAu4WukIrB78ygKdeBD/DeFZtB7DoYtGjSKkArjbRCNTSq1Jux68+mxxNmZ5L5vGRO2P7mciuFRfzx3VT6XsAfEpmEj1J834nkOWZa10Bdxfd0AIN9Ay3w7d6i60yp6F+jzCN7IxQSj9xHu3VV+rtgYdh8ablsmN1zGU4EqvXZtz5qUpw66ZCT8Z9xQq5R2aXtzd9v/xtdopMT6madwBrDPyqnwMluWLHO+y7XXJLzP0dd+6eEozs4uldjUgLbI8w+YCaePe1HXQCxxyNAIvOK5OA8uO32VUgK2VgTilZYquQUP1F9ncdNOknwwVMt1SaeBrr7a+k0fbk= - -matrix: - fast_finish: true - allow_failures: - - go: tip From d8d6f0b801f493d2048a1db5245540914b7bc915 Mon Sep 17 00:00:00 2001 From: Webb Barker Date: Tue, 11 May 2021 15:42:54 -0400 Subject: [PATCH 2/3] Moves IAM Enabled validation logic to helper --- config.go | 11 ----------- helpers.go | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) create mode 100644 helpers.go diff --git a/config.go b/config.go index 8ba5b9a1..ff07f422 100644 --- a/config.go +++ b/config.go @@ -183,17 +183,6 @@ func (c *Config) Client() (*alks.Client, error) { } } - // Validate STS for IAM active. - validate, err := client.GetMyLoginRole() - if err != nil { - return nil, err - } - - if validate.LoginRole.IamKeyActive != true { - return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + - "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") - } - client.SetUserAgent(fmt.Sprintf("alks-terraform-provider-%s", getPluginVersion())) log.Println("[INFO] ALKS Client configured") diff --git a/helpers.go b/helpers.go new file mode 100644 index 00000000..ae594a46 --- /dev/null +++ b/helpers.go @@ -0,0 +1,22 @@ +package main + +import ( + "errors" + + "github.com/Cox-Automotive/alks-go" +) + +func validateIAMEnabled(client *alks.Client) error { + // Validate STS for IAM active. + resp, err := client.GetMyLoginRole() + if err != nil { + return err + } + + if !resp.LoginRole.IamKeyActive { + return errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " + + "Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.") + } + + return nil +} From 0ca44744a66936a4cd5d77aa564ed02f9fe4bf9e Mon Sep 17 00:00:00 2001 From: Webb Barker Date: Tue, 11 May 2021 15:43:29 -0400 Subject: [PATCH 3/3] Updates resources to verify IAM Enabled on modify operations --- resource_alks_iamrole.go | 17 ++++++++++++++--- resource_alks_ltk.go | 14 ++++++++++---- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 529dcc99..8c971fa9 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -135,8 +135,11 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } client := meta.(*alks.Client) - resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess) + if err := validateIAMEnabled(client); err != nil { + return err + } + resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess) if err != nil { return err } @@ -158,6 +161,9 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er var enableAlksAccess = d.Get("enable_alks_access").(bool) client := meta.(*alks.Client) + if err := validateIAMEnabled(client); err != nil { + return err + } var resp *alks.IamRoleResponse err := resource.Retry(2*time.Minute, func() *resource.RetryError { @@ -194,9 +200,11 @@ func resourceAlksIamRoleDelete(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] ALKS IAM Role Delete") client := meta.(*alks.Client) - err := client.DeleteIamRole(d.Id()) + if err := validateIAMEnabled(client); err != nil { + return err + } - if err != nil { + if err := client.DeleteIamRole(d.Id()); err != nil { return err } @@ -276,6 +284,9 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { var alksAccess = d.Get("enable_alks_access").(bool) var roleArn = d.Get("arn").(string) client := meta.(*alks.Client) + if err := validateIAMEnabled(client); err != nil { + return err + } // create the machine identity if alksAccess { _, err := client.AddRoleMachineIdentity(roleArn) diff --git a/resource_alks_ltk.go b/resource_alks_ltk.go index 9994ca73..25d8699d 100644 --- a/resource_alks_ltk.go +++ b/resource_alks_ltk.go @@ -1,9 +1,10 @@ package main import ( + "log" + alks "github.com/Cox-Automotive/alks-go" "github.com/hashicorp/terraform/helper/schema" - "log" ) func resourceAlksLtk() *schema.Resource { @@ -49,8 +50,11 @@ func resourceAlksLtkCreate(d *schema.ResourceData, meta interface{}) error { var iamUsername = d.Get("iam_username").(string) client := meta.(*alks.Client) - resp, err := client.CreateLongTermKey(iamUsername) + if err := validateIAMEnabled(client); err != nil { + return err + } + resp, err := client.CreateLongTermKey(iamUsername) if err != nil { return err } @@ -88,9 +92,11 @@ func resourceAlksLtkDelete(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] ALKS LTK User Delete") client := meta.(*alks.Client) - _, err := client.DeleteLongTermKey(d.Id()) + if err := validateIAMEnabled(client); err != nil { + return err + } - if err != nil { + if _, err := client.DeleteLongTermKey(d.Id()); err != nil { return err }