Merge pull request #119 from Cox-Automotive/addDynamicRoles

Add dynamic roles

docs/resources/alks_iamrole.md

@@ -5,6 +5,7 @@ Creates an custom ALKS IAM role for usage in an AWS account.
 ## Example Usage
 
 ### ALKS IAM Role Creation
+
 ```hcl
 resource "alks_iamrole" "test_role" {
     name                     = "My_Test_Role"
@@ -14,22 +15,41 @@ resource "alks_iamrole" "test_role" {
 }
 ```
 
+### ALKS Dynamic Role Creation
+
+```hcl
+resource "alks_iamrole" "test_dynamic_role" {
+    name                     = "my_dynamic_role"
+    type                     = "Amazon EKS IRSA"
+    include_default_policies = false
+    enable_alks_access       = false
+    template_fields          = {
+        "OIDC_PROVIDER"       = "abc1234"
+        "K8S_NAMESPACE"       = "default"
+        "K8S_SERVICE_ACCOUNT" = "my-service-account"
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
+
 * `name` - (Required) The name of the ALKS IAM role which will be reflected in AWS and the ALKS UI.
 * `type` - (Required) The role type to use. To see a list of available roles, [call this endpoint](https://pages.ghe.coxautoinc.com/ETS-CloudAutomation/ALKS-Documentation/#/aws-role-type-rest-service/getAllAwsRoleTypesUsingGET).
 * `include_default_policies` - (Required) Whether or not the default manages policies should be attached to the role.
 * `role_added_to_ip` - (Computed) Indicates whether or not an instance profile role was created.
 * `arn` - (Computed) Provides the ARN of the role that was created.
 * `ip_arn` - (Computed) If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role.
 * `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability.
+* `template_fields` - (Optional) If present, will submit template field data to ALKS.  Note: This will generate an error if the role type does not support template fields.
 
 ## Import
 
 !> **Warning:** This will force-replace the resource.
 
 ALKS IAM roles can be imported using the `name`, e.g.
-```
-$ terraform import alks_iamrole.test_role My_Test_Role
+
+```sh
+terraform import alks_iamrole.test_role My_Test_Role
 ```

examples/alks.tf

@@ -40,6 +40,18 @@ resource "alks_iamrole" "test_role" {
   enable_alks_access       = true
 }
 
+resource "alks_iamrole" "test_dynamic_role" {
+  name                     = "TEST-DELETE-DYNAMIC"
+  type                     = "Amazon EKS IRSA"
+  include_default_policies = false
+  enable_alks_access       = true
+  template_fields = {
+    "OIDC_PROVIDER"       = "abc1234"
+    "K8S_NAMESPACE"       = "default"
+    "K8S_SERVICE_ACCOUNT" = "definitely-not-real"
+  }
+}
+
 # CREATE IAM ROLE -- Secondary Provider
 resource "alks_iamrole" "test_role_nonprod" {
   provider                 = alks.nonprod
@@ -52,7 +64,7 @@ resource "alks_iamrole" "test_role_nonprod" {
 # ATTACH POLICY
 resource "aws_iam_role_policy" "test_policy" {
   name   = "test_policy"
-  role   = "${alks_iamrole.test_role.name}"
+  role   = alks_iamrole.test_role.name
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -71,11 +83,11 @@ EOF
 
 # ATTACH MANAGED POLICY
 resource "aws_iam_role_policy_attachment" "sr-attach" {
-  role       = "${alks_iamrole.test_role.name}"
+  role       = alks_iamrole.test_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
 }
 
 # CREATE LTK USER
 resource "alks_ltk" "ltk" {
   iam_username = "TEST_LTK_USER"
-}
+}

go.mod

@@ -3,11 +3,8 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.14
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50
+	github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67
 	github.com/aws/aws-sdk-go v1.31.15
-	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
 	github.com/hashicorp/terraform v0.12.26
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/motain/gocheck v0.0.0-20131023154940-9beb271d26e6 // indirect
-	launchpad.net/gocheck v0.0.0-20140225173054-000000000087 // indirect
 )

go.sum

@@ -27,10 +27,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20180810175552-4a21cbd618b4/go.mod h1:chxPXzS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
-github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348 h1:4yYbNR8TKaRSYgRbQsH4cC4qFf4VZmmaVC8mp8VWZVg=
-github.com/Cox-Automotive/alks-go v0.0.0-20200605150811-11bd4c1de348/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
-github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50 h1:vGPXuT++0/9xJJvn0rmTsPBJ6jgSIdoyFhNqZIK51bQ=
-github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50/go.mod h1:on+ImEZYjpdcu+CD07RLqMTQmiPkulolQJb387YMpPo=
+github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67 h1:vcruzED50hPyycvR6mtPXKy2zQoH+AOicCOuwiWr7Cg=
+github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
 github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=

resource_alks_iamrole.go

@@ -59,6 +59,12 @@ func resourceAlksIamRole() *schema.Resource {
 				Default:  false,
 				Optional: true,
 			},
+			"template_fields": &schema.Schema{
+				Type:     schema.TypeMap,
+				Elem:     schema.TypeString,
+				ForceNew: true,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -121,9 +127,15 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
 	var roleType = d.Get("type").(string)
 	var incDefPol = d.Get("include_default_policies").(bool)
 	var enableAlksAccess = d.Get("enable_alks_access").(bool)
+	var rawTemplateFields = d.Get("template_fields").(map[string]interface{})
+
+	templateFields := make(map[string]string)
+	for k, v := range rawTemplateFields {
+		templateFields[k] = v.(string)
+	}
 
 	client := meta.(*alks.Client)
-	resp, err := client.CreateIamRole(roleName, roleType, incDefPol, enableAlksAccess)
+	resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess)
 
 	if err != nil {
 		return err

vendor/modules.txt

@@ -6,7 +6,7 @@ cloud.google.com/go/internal/optional
 cloud.google.com/go/internal/trace
 cloud.google.com/go/internal/version
 cloud.google.com/go/storage
-# github.com/Cox-Automotive/alks-go v0.0.0-20200714135032-e03438e39d50
+# github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67
 ## explicit
 github.com/Cox-Automotive/alks-go
 # github.com/agext/levenshtein v1.2.2
@@ -95,7 +95,6 @@ github.com/googleapis/gax-go/v2
 # github.com/hashicorp/errwrap v1.0.0
 github.com/hashicorp/errwrap
 # github.com/hashicorp/go-cleanhttp v0.5.1
-## explicit
 github.com/hashicorp/go-cleanhttp
 # github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02
 github.com/hashicorp/go-getter