Merge pull request #180 from Cox-Automotive/tag-ltk-resources

Tag ltk resources

Makefile

@@ -9,7 +9,7 @@ build:
 	go build -v -o examples/terraform-provider-alks -mod=vendor .
 
 test:
-	go test -v .
+	go test -timeout 1200s -v .
 
 plan:
 	@terraform plan

assume_role_policy_test.go

@@ -15,8 +15,8 @@ func TestSuppressEquivalentTrustPolicyDiffs(t *testing.T) {
 		{
 			policy1: string(`
 			{
-				"Version": "1234", 
-				"Id": "Something", 
+				"Version": "1234",
+				"Id": "Something",
 				"Statement": [
 					{
 						"Action": "sts:AssumeRole",
@@ -34,7 +34,7 @@ func TestSuppressEquivalentTrustPolicyDiffs(t *testing.T) {
 			policy2: string(`
 			{
 				"Id": "Something",
-				"Version": "1234", 
+				"Version": "1234",
 				"Statement": [
 					{
 						"Action": "sts:AssumeRole",
@@ -54,8 +54,8 @@ func TestSuppressEquivalentTrustPolicyDiffs(t *testing.T) {
 		{
 			policy1: string(`
 			{
-				"Version": "1234", 
-				"Id": "Something", 
+				"Version": "1234",
+				"Id": "Something",
 				"Statement": [
 					{
 						"Action": "sts:AssumeRole",
@@ -73,7 +73,7 @@ func TestSuppressEquivalentTrustPolicyDiffs(t *testing.T) {
 			policy2: string(`
 			{
 				"Id": "Something",
-				"Version": "1234", 
+				"Version": "1234",
 				"Statement": [
 					{
 						"Action": "sts:AssumeRole",

docs/guides/local_installation.md

@@ -47,11 +47,11 @@ mkdir -p ~/.terraform.d/plugins &&
 **One-liner download for macOS / Linux:**
 
 ```sh
-mkdir -p ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.6.1/darwin_amd64 &&
-      curl -Ls https://api.github.com/repos/Cox-Automotive/terraform-provider-alks/releases | jq -r --arg release "v2.6.1" --arg arch "$(uname -s | tr A-Z a-z)" '.[] | select(.tag_name | contains($release)) | .assets[]| select(.browser_download_url | contains($arch)) | select(.browser_download_url | contains("amd64")) | .browser_download_url' |
-            xargs -n 1 curl -Lo ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.6.1/darwin_amd64/terraform-provider-alks.zip &&
-      pushd ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.6.1/darwin_amd64 &&
-      unzip ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.6.1/darwin_amd64/terraform-provider-alks.zip -d terraform-provider-alks-tmp &&
+mkdir -p ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.7.0/darwin_amd64 &&
+      curl -Ls https://api.github.com/repos/Cox-Automotive/terraform-provider-alks/releases | jq -r --arg release "v2.7.0" --arg arch "$(uname -s | tr A-Z a-z)" '.[] | select(.tag_name | contains($release)) | .assets[]| select(.browser_download_url | contains($arch)) | select(.browser_download_url | contains("amd64")) | .browser_download_url' |
+            xargs -n 1 curl -Lo ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.7.0/darwin_amd64/terraform-provider-alks.zip &&
+      pushd ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.7.0/darwin_amd64 &&
+      unzip ~/.terraform.d/plugins/Cox-Automotive/engineering-enablement/alks/2.7.0/darwin_amd64/terraform-provider-alks.zip -d terraform-provider-alks-tmp &&
       mv terraform-provider-alks-tmp/terraform-provider-alks* . &&
       chmod +x terraform-provider-alks* &&
       rm -rf terraform-provider-alks-tmp &&

docs/resources/alks_ltk.md

@@ -11,10 +11,21 @@ resource "alks_ltk" "test_ltk_user" {
 }
 ```
 
+### ALKS IAM Role Creation With Tags
+```hcl
+resource "alks_ltk" "test_ltk_user" {
+   iam_username             = "My_LTK_User_Name"
+   tags                     = {
+      "tagKey" = "tagValue"
+   } 
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
 * `iam_username` - (Required) The name of the IAM user to create. This parameter allows a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case.
+* `tags` - (Optional) If present, will add specified tags onto role.
 * `iam_user_arn` - (Computed) The ARN associated with the LTK user.
 * `access_key` - (Computed) Generated access key for the LTK user. Note: This is saved in the state file, so please be aware of this.
 * `secret_key` - (Computed) Generated secret key for the LTK user. Note: This is saved in the state file, so please be aware of this.

examples/alks.tf

@@ -102,4 +102,7 @@ resource "aws_iam_role_policy_attachment" "sr-attach" {
 # CREATE LTK USER
 resource "alks_ltk" "ltk" {
   iam_username = "TEST-LTK-USER"
+  tags = {
+    TagKey = "TagValue"
+  }
 }

go.mod

@@ -3,7 +3,7 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.18
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20221010204605-136b6e9b6530
+	github.com/Cox-Automotive/alks-go v0.0.0-20221019181202-84b27abafb6b
 	github.com/aws/aws-sdk-go v1.31.15
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0
 	github.com/mitchellh/go-homedir v1.1.0
@@ -57,4 +57,3 @@ require (
 	google.golang.org/grpc v1.48.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 )
-

go.sum

@@ -9,6 +9,8 @@ github.com/Cox-Automotive/alks-go v0.0.0-20221004204541-a25fb5c4f655 h1:akQkFItS
 github.com/Cox-Automotive/alks-go v0.0.0-20221004204541-a25fb5c4f655/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/Cox-Automotive/alks-go v0.0.0-20221010204605-136b6e9b6530 h1:8j3NYoLnFy2PGw+UX47C8jC2j3CCkFeXqlaMfKu9Bh8=
 github.com/Cox-Automotive/alks-go v0.0.0-20221010204605-136b6e9b6530/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
+github.com/Cox-Automotive/alks-go v0.0.0-20221019181202-84b27abafb6b h1:9Ey7kdUL+/f5EY2KOpTawWMw4P7fhZxNmo8gXIuBQzw=
+github.com/Cox-Automotive/alks-go v0.0.0-20221019181202-84b27abafb6b/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=

resource_alks_iamrole.go

@@ -76,6 +76,7 @@ func resourceAlksIamRole() *schema.Resource {
 				Type:     schema.TypeBool,
 				Default:  false,
 				Optional: true,
+				ForceNew: true,
 			},
 			"template_fields": {
 				Type:     schema.TypeMap,
@@ -260,7 +261,7 @@ func resourceAlksIamRoleUpdate(ctx context.Context, d *schema.ResourceData, meta
 
 	if d.HasChange("tags_all") {
 		// try updating enable_alks_access
-		if err := updateIamTags(d, meta); err != nil {
+		if err := updateIamRoleTags(d, meta); err != nil {
 			return diag.FromErr(err)
 		}
 	}
@@ -294,7 +295,7 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error {
 	return nil
 }
 
-func updateIamTags(d *schema.ResourceData, meta interface{}) error {
+func updateIamRoleTags(d *schema.ResourceData, meta interface{}) error {
 	providerStruct := meta.(*AlksClient)
 	client := providerStruct.client
 

resource_alks_ltk.go

@@ -4,16 +4,17 @@ import (
 	"context"
 	"log"
 
+	"github.com/Cox-Automotive/alks-go"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
-
-	// "github.com/Cox-Automotive/alks-go"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 func resourceAlksLtk() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceAlksLtkCreate,
 		ReadContext:   resourceAlksLtkRead,
+		UpdateContext: resourceAlksLtkUpdate,
 		DeleteContext: resourceAlksLtkDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -39,24 +40,37 @@ func resourceAlksLtk() *schema.Resource {
 				Type:      schema.TypeString,
 				Computed:  true,
 			},
+			"tags":     TagsSchema(),
+			"tags_all": TagsSchemaComputed(),
 		},
+		CustomizeDiff: customdiff.All(
+			SetTagsDiff,
+		),
 	}
 }
 
 func resourceAlksLtkCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	log.Printf("[INFO] ALKS LTK User Create")
 
 	var iamUsername = d.Get("iam_username").(string)
+	var tags = d.Get("tags").(map[string]interface{})
 
 	providerStruct := meta.(*AlksClient)
 	client := providerStruct.client
+
+	allTags := tagMapToSlice(combineTagMaps(providerStruct.defaultTags, tags))
+
+	options := &alks.IamUserOptions{
+		IamUserName: &iamUsername,
+		Tags:        &allTags,
+	}
 	if err := validateIAMEnabled(client); err != nil {
 		return diag.FromErr(err)
 	}
 
-	resp, err := client.CreateLongTermKey(iamUsername)
+	resp, err := client.CreateIamUser(options)
 	if err != nil {
-		return diag.FromErr(err)
+		return diag.FromErr(err.Err)
 	}
 
 	d.SetId(iamUsername)
@@ -75,26 +89,66 @@ func resourceAlksLtkRead(ctx context.Context, d *schema.ResourceData, meta inter
 	providerStruct := meta.(*AlksClient)
 	client := providerStruct.client
 
+	defaultTags := providerStruct.defaultTags
+	ignoreTags := providerStruct.ignoreTags
+
 	// Check if role exists.
 	if d.Id() == "" || d.Id() == "none" {
 		return nil
 	}
 
-	resp, err := client.GetLongTermKey(d.Id())
+	resp, err := client.GetIamUser(d.Id())
 
 	if err != nil {
-		d.SetId("")
-		return nil
+		//If error is 404, UserNotFound, we log it and let terraform decide how to handle it.
+		//All other errors cause a failure
+		if err.StatusCode == 404 {
+			log.Printf("[Error] %s", err.Err)
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err.Err)
 	}
 
 	log.Printf("[INFO] alks_ltk.id: %v", d.Id())
 
-	_ = d.Set("iam_username", resp.UserName)
-	_ = d.Set("access_key", resp.AccessKeyID)
+	_ = d.Set("iam_username", resp.User.UserName)
+	_ = d.Set("access_key", resp.User.AccessKey)
+
+	allTags := tagSliceToMap(resp.User.Tags)
+	localTags := removeIgnoredTags(allTags, *ignoreTags)
+
+	if err := d.Set("tags_all", localTags); err != nil {
+		return diag.FromErr(err)
+	}
+
+	userSpecificTags := removeDefaultTags(localTags, defaultTags)
+
+	if err := d.Set("tags", userSpecificTags); err != nil {
+		return diag.FromErr(err)
+	}
 
 	return nil
 }
 
+func resourceAlksLtkUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	log.Printf("[INFO] ALKS LTK Update")
+
+	// enable partial state mode
+	d.Partial(true)
+
+	if d.HasChange("tags_all") {
+		// try updating enable_alks_access
+		if err := updateUserTags(d, meta); err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	d.Partial(false)
+
+	return resourceAlksLtkRead(ctx, d, meta)
+}
+
 func resourceAlksLtkDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	log.Printf("[INFO] ALKS LTK User Delete")
 
@@ -104,9 +158,43 @@ func resourceAlksLtkDelete(ctx context.Context, d *schema.ResourceData, meta int
 		return diag.FromErr(err)
 	}
 
-	if _, err := client.DeleteLongTermKey(d.Id()); err != nil {
-		return diag.FromErr(err)
+	if _, err := client.DeleteIamUser(d.Id()); err != nil {
+		return diag.FromErr(err.Err)
 	}
 
 	return nil
 }
+
+func updateUserTags(d *schema.ResourceData, meta interface{}) error {
+	providerStruct := meta.(*AlksClient)
+	client := providerStruct.client
+
+	if err := validateIAMEnabled(client); err != nil {
+		return err
+	}
+
+	//Do a read to get existing tags.  If any of those are in ignore_tags, then they are externally managed
+	//and they should be included in the update so they don't get removed.
+	resp, err := client.GetIamUser(d.Id())
+
+	if err != nil {
+		return err
+	}
+
+	existingTags := tagSliceToMap(resp.User.Tags)
+	externalTags := getExternalyManagedTags(existingTags, *providerStruct.ignoreTags)
+	internalTags := d.Get("tags_all").(map[string]interface{})
+
+	//Tags includes default tags, role specific tags, and tags that exist externally on the role itself and are specified in ignored_tags
+	tags := tagMapToSlice(combineTagMaps(internalTags, externalTags))
+
+	options := alks.IamUserOptions{
+		IamUserName: &resp.User.UserName,
+		Tags:        &tags,
+	}
+
+	if _, err := client.UpdateIamUser(&options); err != nil {
+		return err.Err
+	}
+	return nil
+}