Skip to content

Commit

Permalink
Merge pull request #66 from Cox-Automotive/develop
Browse files Browse the repository at this point in the history
Merge Develop to Master
  • Loading branch information
ntangy authored Oct 25, 2019
2 parents f84e728 + 2ed59cf commit 96fed0d
Show file tree
Hide file tree
Showing 6 changed files with 120 additions and 179 deletions.
4 changes: 2 additions & 2 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 0 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,19 +168,6 @@ Value | Type | Forces New | Value Type | Descrip
`ip_arn` | Computed | n/a | string | If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role.
`enable_alks_access` | Optional | yes | bool | If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role.

#### `alks_machine_identity`

```
resource "alks_machine_identity" "test_mi" {
role_arn = "arn:aws:iam::123456789123:role/acct-managed/TestTrustRole"
}
```

Value | Type | Forces New | Value Type | Description
--------------------------------- | -------- | ---------- | ---------- | -----------
`role_arn` | Required | yes | string | The arn of the Iam role you want to create a machine identity for.
`machine_identity_arn` | Computed | n/a | string | The arn of the machine identity tied to the iam role.

## Example

See [this example](examples/alks.tf) for a basic Terraform script which:
Expand Down
5 changes: 2 additions & 3 deletions provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,8 @@ func Provider() terraform.ResourceProvider {
},

ResourcesMap: map[string]*schema.Resource{
"alks_iamrole": resourceAlksIamRole(),
"alks_iamtrustrole": resourceAlksIamTrustRole(),
"alks_machine_identity": resourceAlksIamMachineIdentity(),
"alks_iamrole": resourceAlksIamRole(),
"alks_iamtrustrole": resourceAlksIamTrustRole(),
},

ConfigureFunc: providerConfigure,
Expand Down
143 changes: 45 additions & 98 deletions resource_alks_iamrole.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ func resourceAlksIamRole() *schema.Resource {
return &schema.Resource{
Create: resourceAlksIamRoleCreate,
Read: resourceAlksIamRoleRead,
Update: resourceAlksIamRoleUpdate,
Exists: resourceAlksIamRoleExists,
Delete: resourceAlksIamRoleDelete,

Expand Down Expand Up @@ -54,7 +55,6 @@ func resourceAlksIamRole() *schema.Resource {
Type: schema.TypeBool,
Default: false,
Optional: true,
ForceNew: true,
},
},
}
Expand All @@ -64,6 +64,7 @@ func resourceAlksIamTrustRole() *schema.Resource {
return &schema.Resource{
Create: resourceAlksIamTrustRoleCreate,
Read: resourceAlksIamRoleRead,
Update: resourceAlksIamRoleUpdate,
Exists: resourceAlksIamRoleExists,
Delete: resourceAlksIamRoleDelete,

Expand Down Expand Up @@ -102,31 +103,6 @@ func resourceAlksIamTrustRole() *schema.Resource {
Type: schema.TypeBool,
Default: false,
Optional: true,
ForceNew: true,
},
},
}
}

func resourceAlksIamMachineIdentity() *schema.Resource {
return &schema.Resource{
Create: resourceAlksIamMachineIdentityCreate,
Read: resourceAlksIamMachineIdentityRead,
Exists: resourceAlksIamMachineIdentityExists,
Delete: resourceAlksIamMachineIdentityDelete,

SchemaVersion: 1,
MigrateState: migrateState,

Schema: map[string]*schema.Schema{
"role_arn": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"machine_identity_arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
Expand Down Expand Up @@ -247,10 +223,52 @@ func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error {
return populateResourceDataFromRole(foundrole, d)
}

func populateResourceDataFromRole(role *alks.IamRoleResponse, d *schema.ResourceData) error {
func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error {
log.Printf("[INFO] ALKS IAM Role Update")

// enable partial state mode
d.Partial(true)

if d.HasChange("enable_alks_access") {
// try updating enable_alks_access
if err := updateAlksAccess(d, meta); err != nil {
return err
}

d.SetPartial("enable_alks_access")
}

d.Partial(false)

return nil
}

func updateAlksAccess(d *schema.ResourceData, meta interface{}) error {
var alksAccess = d.Get("enable_alks_access").(bool)
var roleArn = d.Get("arn").(string)
client := meta.(*alks.Client)
// create the machine identity
if alksAccess {
_, err := client.AddRoleMachineIdentity(roleArn)
if err != nil {
return err
}
} else {
// delete the machine identity
_, err := client.DeleteRoleMachineIdentity(roleArn)
if err != nil {
return err
}
}
return nil
}

func populateResourceDataFromRole(role *alks.GetIamRoleResponse, d *schema.ResourceData) error {
d.SetId(role.RoleName)
d.Set("arn", role.RoleArn)
d.Set("ip_arn", role.RoleIPArn)
d.Set("enable_alks_access", role.AlksAccess)

// role type isnt returned by alks api so this will always false report on a remote state change
// for more info see issue #125 on ALKS repo
// d.Set("type", role.RoleType)
Expand Down Expand Up @@ -289,74 +307,3 @@ func migrateV0toV1(state *terraform.InstanceState) (*terraform.InstanceState, er

return state, nil
}

func resourceAlksIamMachineIdentityCreate(d *schema.ResourceData, meta interface{}) error {
log.Printf("[INFO] ALKS IAM Machine Identity Create")

var roleArn = d.Get("role_arn").(string)

client := meta.(*alks.Client)
resp, err := client.AddRoleMachineIdentity(roleArn)

if err != nil {
return err
}

d.SetId(roleArn)
d.Set("machine_identity_arn", resp.MachineIdentityArn)

log.Printf("[INFO] alks_machine_identity_arn: %v", d.Get("machine_identity_arn").(string))

return nil
}

func resourceAlksIamMachineIdentityRead(d *schema.ResourceData, meta interface{}) error {
log.Printf("[INFO] ALKS IAM Machine Identity Read")

client := meta.(*alks.Client)

foundMI, err := client.SearchRoleMachineIdentity(d.Id())

if err != nil {
return err
}

return populateResourceDataFromMI(foundMI, d)
}

func resourceAlksIamMachineIdentityExists(d *schema.ResourceData, meta interface{}) (b bool, e error) {
log.Printf("[INFO] ALKS IAM Machine Identity Exists")

client := meta.(*alks.Client)

foundMI, err := client.SearchRoleMachineIdentity(d.Id())

if err != nil {
if strings.Contains(err.Error(), "Could not find a matching record with the given parameters") {
return false, nil
}

return false, err
}

if foundMI == nil {
return false, nil
}

return true, nil
}

func resourceAlksIamMachineIdentityDelete(d *schema.ResourceData, meta interface{}) error {
log.Printf("[INFO] ALKS IAM Machine Identity Delete")

var roleArn = d.Get("role_arn").(string)

client := meta.(*alks.Client)
_, err := client.DeleteRoleMachineIdentity(roleArn)

if err != nil {
return err
}

return nil
}
118 changes: 57 additions & 61 deletions resource_alks_iamrole_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,20 @@ func TestAccAlksIamRole_Basic(t *testing.T) {
"alks_iamrole.foo", "include_default_policies", "false"),
),
},
resource.TestStep{
// update the resource
Config: testAccCheckAlksIamRoleConfigUpdateBasic,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"alks_iamrole.foo", "name", "bar420"),
resource.TestCheckResourceAttr(
"alks_iamrole.foo", "type", "Amazon EC2"),
resource.TestCheckResourceAttr(
"alks_iamrole.foo", "include_default_policies", "false"),
resource.TestCheckResourceAttr(
"alks_iamrole.foo", "enable_alks_access", "true"),
),
},
},
})
}
Expand All @@ -52,22 +66,16 @@ func TestAccAlksIamTrustRole_Basic(t *testing.T) {
"alks_iamtrustrole.bar", "type", "Inner Account"),
),
},
},
})
}

func TestAccAlksIamMachineIdentity_Basic(t *testing.T) {
var resp alks.MachineIdentityResponse

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAlksIamMachineIdentityDestroy(&resp),
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccCheckAlksIamMachineIdentityConfigBasic,
Check: resource.TestCheckResourceAttrSet(
"alks_machine_identity.bob", "role_arn",
// update the resource
Config: testAccCheckAlksIamTrustRoleConfigUpdateBasic,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"alks_iamtrustrole.bar", "name", "bar"),
resource.TestCheckResourceAttr(
"alks_iamtrustrole.bar", "type", "Inner Account"),
resource.TestCheckResourceAttr(
"alks_iamtrustrole.bar", "enable_alks_access", "true"),
),
},
},
Expand All @@ -93,30 +101,6 @@ func testAccCheckAlksIamRoleDestroy(role *alks.IamRoleResponse) resource.TestChe
}
}

func testAccCheckAlksIamMachineIdentityDestroy(mi *alks.MachineIdentityResponse) resource.TestCheckFunc {
return func(s *terraform.State) error {
client := testAccProvider.Meta().(*alks.Client)

for _, rs := range s.RootModule().Resources {
if rs.Type == "alks_machine_identity" {
respz, err := client.SearchRoleMachineIdentity(rs.Primary.ID)
if respz != nil {
return fmt.Errorf("Machine Identity still exists: %#v (%v)", respz, err)
}
} else if rs.Type == "alks_iamrole" {
respz, err := client.GetIamRole(rs.Primary.ID)
if respz != nil {
return fmt.Errorf("Role still exists: %#v (%v)", respz, err)
}
} else {
continue
}
}

return nil
}
}

func testAccCheckAlksIamRoleExists(n string, role *alks.IamRoleResponse) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
Expand Down Expand Up @@ -160,35 +144,47 @@ func testAccCheckAlksIamRoleAttributes(role *alks.IamRoleResponse) resource.Test
}

const testAccCheckAlksIamRoleConfigBasic = `
resource "alks_iamrole" "foo" {
resource "alks_iamrole" "foo" {
name = "bar420"
type = "Amazon EC2"
include_default_policies = false
}
include_default_policies = false
}
`

const testAccCheckAlksIamRoleConfigUpdateBasic = `
resource "alks_iamrole" "foo" {
name = "bar420"
type = "Amazon EC2"
include_default_policies = false
enable_alks_access = true
}
`

const testAccCheckAlksIamTrustRoleConfigBasic = `
resource "alks_iamrole" "foo" {
name = "foo"
type = "Amazon EC2"
include_default_policies = false
}
resource "alks_iamrole" "foo" {
name = "foo"
type = "Amazon EC2"
include_default_policies = false
}
resource "alks_iamtrustrole" "bar" {
name = "bar"
type = "Inner Account"
trust_arn = "${alks_iamrole.foo.arn}"
}
resource "alks_iamtrustrole" "bar" {
name = "bar"
type = "Inner Account"
trust_arn = "${alks_iamrole.foo.arn}"
}
`

const testAccCheckAlksIamMachineIdentityConfigBasic = `
resource "alks_iamrole" "foo" {
name = "foo"
type = "Amazon EC2"
include_default_policies = false
}
const testAccCheckAlksIamTrustRoleConfigUpdateBasic = `
resource "alks_iamrole" "foo" {
name = "foo"
type = "Amazon EC2"
include_default_policies = false
}
resource "alks_machine_identity" "bob" {
role_arn = "${alks_iamrole.foo.arn}"
}
resource "alks_iamtrustrole" "bar" {
name = "bar"
type = "Inner Account"
trust_arn = "${alks_iamrole.foo.arn}"
enable_alks_access = true
}
`
Loading

0 comments on commit 96fed0d

Please sign in to comment.