From 076a7b8fb4cceb3781ce5bb75cd39e4ff0ca5df5 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Wed, 16 Jun 2021 14:42:44 -0400 Subject: [PATCH 1/4] New functions implemented! --- resource_alks_iamrole.go | 155 ++++++++++++---------------------- resource_alks_iamrole_test.go | 69 +-------------- resource_alks_ltk.go | 51 +++++------ 3 files changed, 75 insertions(+), 200 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 3614afc7..6e9ef2a6 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -1,126 +1,115 @@ package main import ( - "fmt" - "log" - "strings" - "time" - + "context" "github.com/Cox-Automotive/alks-go" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "log" + "strings" + "time" ) func resourceAlksIamRole() *schema.Resource { return &schema.Resource{ - Create: resourceAlksIamRoleCreate, - Read: resourceAlksIamRoleRead, - Update: resourceAlksIamRoleUpdate, - Exists: resourceAlksIamRoleExists, - Delete: resourceAlksIamRoleDelete, + CreateContext: resourceAlksIamRoleCreate, + ReadContext: resourceAlksIamRoleRead, + UpdateContext: resourceAlksIamRoleUpdate, + DeleteContext: resourceAlksIamRoleDelete, Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, - - SchemaVersion: 1, - MigrateState: migrateState, - Schema: map[string]*schema.Schema{ "name": { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "type": { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "include_default_policies": { Type: schema.TypeBool, Required: true, ForceNew: true, - }, + }, "role_added_to_ip": { Type: schema.TypeBool, Computed: true, - }, + }, "arn": { Type: schema.TypeString, Computed: true, - }, + }, "ip_arn": { Type: schema.TypeString, Computed: true, - }, + }, "enable_alks_access": { Type: schema.TypeBool, Default: false, Optional: true, - }, + }, "template_fields": { Type: schema.TypeMap, Elem: schema.TypeString, ForceNew: true, Optional: true, - }, + }, }, } } func resourceAlksIamTrustRole() *schema.Resource { return &schema.Resource{ - Create: resourceAlksIamTrustRoleCreate, - Read: resourceAlksIamRoleRead, - Update: resourceAlksIamRoleUpdate, - Exists: resourceAlksIamRoleExists, - Delete: resourceAlksIamRoleDelete, + CreateContext: resourceAlksIamTrustRoleCreate, + ReadContext: resourceAlksIamRoleRead, + UpdateContext: resourceAlksIamRoleUpdate, + DeleteContext: resourceAlksIamRoleDelete, Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + StateContext: schema.ImportStatePassthroughContext, }, - - SchemaVersion: 1, - MigrateState: migrateState, - Schema: map[string]*schema.Schema{ "name": { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "type": { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "trust_arn": { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "role_added_to_ip": { Type: schema.TypeBool, Computed: true, - }, + }, "arn": { Type: schema.TypeString, Computed: true, - }, + }, "ip_arn": { Type: schema.TypeString, Computed: true, - }, + }, "enable_alks_access": { Type: schema.TypeBool, Default: false, Optional: true, - }, + }, }, } } -func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAlksIamRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS IAM Role Create") var roleName = d.Get("name").(string) @@ -136,12 +125,12 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { client := meta.(*alks.Client) if err := validateIAMEnabled(client); err != nil { - return err + return diag.FromErr(err) } resp, err := client.CreateIamRole(roleName, roleType, templateFields, incDefPol, enableAlksAccess) if err != nil { - return err + return diag.FromErr(err) } d.SetId(resp.RoleName) @@ -149,12 +138,14 @@ func resourceAlksIamRoleCreate(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] alks_iamrole.id: %v", d.Id()) - return resourceAlksIamRoleRead(d, meta) + return resourceAlksIamRoleRead(ctx, d, meta) } -func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAlksIamTrustRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS IAM Trust Role Create") + var diags diag.Diagnostics + var roleName = d.Get("name").(string) var roleType = d.Get("type").(string) var trustArn = d.Get("trust_arn").(string) @@ -162,7 +153,7 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er client := meta.(*alks.Client) if err := validateIAMEnabled(client); err != nil { - return err + return diag.FromErr(err) } var resp *alks.IamRoleResponse @@ -183,7 +174,7 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er }) if err != nil { - return err + return diag.FromErr(err) } response := *resp @@ -193,56 +184,39 @@ func resourceAlksIamTrustRoleCreate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id()) - return resourceAlksIamRoleRead(d, meta) + return diags } -func resourceAlksIamRoleDelete(d *schema.ResourceData, meta interface{}) error { +func resourceAlksIamRoleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS IAM Role Delete") client := meta.(*alks.Client) if err := validateIAMEnabled(client); err != nil { - return err + return diag.FromErr(err) } if err := client.DeleteIamRole(d.Id()); err != nil { - return err + return diag.FromErr(err) } return nil } -func resourceAlksIamRoleExists(d *schema.ResourceData, meta interface{}) (b bool, e error) { - log.Printf("[INFO] ALKS IAM Role Exists") +func resourceAlksIamRoleRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + log.Printf("[INFO] ALKS IAM Role Read") client := meta.(*alks.Client) - foundRole, err := client.GetIamRole(d.Id()) - - if err != nil { - // TODO: Clean-up this logic, likely by improving the error responses from `alks-go` - if strings.Contains(err.Error(), "Role not found") { - return false, nil - } - - return false, err - } - - if foundRole == nil { - return false, nil + // Check if role exists. + if d.Id() == "" || d.Id() == "none" { + return nil } - return true, nil -} - -func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error { - log.Printf("[INFO] ALKS IAM Role Read") - - client := meta.(*alks.Client) foundRole, err := client.GetIamRole(d.Id()) if err != nil { d.SetId("") - return err + return nil } log.Printf("[INFO] alks_iamrole.id %v", d.Id()) @@ -260,7 +234,7 @@ func resourceAlksIamRoleRead(d *schema.ResourceData, meta interface{}) error { return nil } -func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error { +func resourceAlksIamRoleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS IAM Role Update") // enable partial state mode @@ -269,13 +243,13 @@ func resourceAlksIamRoleUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChange("enable_alks_access") { // try updating enable_alks_access if err := updateAlksAccess(d, meta); err != nil { - return err + return diag.FromErr(err) } } d.Partial(false) - return nil + return resourceAlksIamRoleRead(ctx, d, meta) } func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { @@ -299,29 +273,4 @@ func updateAlksAccess(d *schema.ResourceData, meta interface{}) error { } } return nil -} - -func migrateState(version int, state *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) { - switch version { - case 0: - log.Println("[INFO] Found Instance State v0, migrating to v1") - return migrateV0toV1(state) - default: - return state, fmt.Errorf("Unrecognized version '%d' in schema for instance of ALKS IAM role '%s'", version, state.Attributes["name"]) - } -} - -func migrateV0toV1(state *terraform.InstanceState) (*terraform.InstanceState, error) { - if state.Empty() { - log.Println("[DEBUG] Empty InstanceState, nothing to migrate") - return state, nil - } - - if _, ok := state.Attributes["enable_alks_access"]; !ok { - log.Printf("[DEBUG] Attributes before migration: %#v", state.Attributes) - state.Attributes["enable_alks_access"] = "false" - log.Printf("[DEBUG] Attributes after migration: %#v", state.Attributes) - } - - return state, nil -} +} \ No newline at end of file diff --git a/resource_alks_iamrole_test.go b/resource_alks_iamrole_test.go index 4f2b83a6..190d1584 100644 --- a/resource_alks_iamrole_test.go +++ b/resource_alks_iamrole_test.go @@ -29,8 +29,8 @@ func TestAccAlksIamRole_Basic(t *testing.T) { "alks_iamrole.foo", "type", "Amazon EC2"), resource.TestCheckResourceAttr( "alks_iamrole.foo", "include_default_policies", "false"), - ), - }, + ), + }, { // update the resource Config: testAccCheckAlksIamRoleConfigUpdateBasic, @@ -43,41 +43,8 @@ func TestAccAlksIamRole_Basic(t *testing.T) { "alks_iamrole.foo", "include_default_policies", "false"), resource.TestCheckResourceAttr( "alks_iamrole.foo", "enable_alks_access", "true"), - ), - }, - }, - }) -} - -func TestAccAlksIamTrustRole_Basic(t *testing.T) { - var resp alks.IamRoleResponse - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckAlksIamRoleDestroy(&resp), - Steps: []resource.TestStep{ - { - Config: testAccCheckAlksIamTrustRoleConfigBasic, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr( - "alks_iamtrustrole.bar", "name", "bar"), - resource.TestCheckResourceAttr( - "alks_iamtrustrole.bar", "type", "Inner Account"), - ), - }, - { - // update the resource - Config: testAccCheckAlksIamTrustRoleConfigUpdateBasic, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr( - "alks_iamtrustrole.bar", "name", "bar"), - resource.TestCheckResourceAttr( - "alks_iamtrustrole.bar", "type", "Inner Account"), - resource.TestCheckResourceAttr( - "alks_iamtrustrole.bar", "enable_alks_access", "true"), - ), - }, + ), + }, }, }) } @@ -101,34 +68,6 @@ func testAccCheckAlksIamRoleDestroy(role *alks.IamRoleResponse) resource.TestChe } } -func testAccCheckAlksIamRoleExists(n string, role *alks.IamRoleResponse) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - - if !ok { - return fmt.Errorf("Not found: %s", n) - } - - if rs.Primary.ID == "" { - return fmt.Errorf("No role ID is set") - } - - client := testAccProvider.Meta().(*alks.Client) - - foundRole, err := client.GetIamRole(rs.Primary.ID) - - if err != nil { - return err - } - - if foundRole.RoleArn != rs.Primary.ID { - return fmt.Errorf("Role not found") - } - - return nil - } -} - func testAccCheckAlksIamRoleAttributes(role *alks.IamRoleResponse) resource.TestCheckFunc { return func(s *terraform.State) error { log.Printf("[INFO] its this %v", role) diff --git a/resource_alks_ltk.go b/resource_alks_ltk.go index f00002f2..da8d6c1c 100644 --- a/resource_alks_ltk.go +++ b/resource_alks_ltk.go @@ -1,6 +1,8 @@ package main import ( + "context" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "log" "github.com/Cox-Automotive/alks-go" @@ -9,16 +11,13 @@ import ( func resourceAlksLtk() *schema.Resource { return &schema.Resource{ - Create: resourceAlksLtkCreate, - Read: resourceAlksLtkRead, - Delete: resourceAlksLtkDelete, - Exists: resourceAlksLtkExists, + CreateContext: resourceAlksLtkCreate, + ReadContext: resourceAlksLtkRead, + DeleteContext: resourceAlksLtkDelete, Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, - SchemaVersion: 1, - Schema: map[string]*schema.Schema{ "iam_username": { Type: schema.TypeString, @@ -43,19 +42,19 @@ func resourceAlksLtk() *schema.Resource { } } -func resourceAlksLtkCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAlksLtkCreate(ctx context.Context,d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS LTK User Create") var iamUsername = d.Get("iam_username").(string) client := meta.(*alks.Client) if err := validateIAMEnabled(client); err != nil { - return err + return diag.FromErr(err) } resp, err := client.CreateLongTermKey(iamUsername) if err != nil { - return err + return diag.FromErr(err) } d.SetId(iamUsername) @@ -65,13 +64,19 @@ func resourceAlksLtkCreate(d *schema.ResourceData, meta interface{}) error { log.Printf("[INFO] alks_ltk.id: %v", d.Id()) - return resourceAlksLtkRead(d, meta) + return resourceAlksLtkRead(ctx, d, meta) } -func resourceAlksLtkRead(d *schema.ResourceData, meta interface{}) error { +func resourceAlksLtkRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS LTK User Read") client := meta.(*alks.Client) + + // Check if role exists. + if d.Id() == "" || d.Id() == "none" { + return nil + } + resp, err := client.GetLongTermKey(d.Id()) if err != nil { @@ -87,35 +92,17 @@ func resourceAlksLtkRead(d *schema.ResourceData, meta interface{}) error { return nil } -func resourceAlksLtkDelete(d *schema.ResourceData, meta interface{}) error { +func resourceAlksLtkDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS LTK User Delete") client := meta.(*alks.Client) if err := validateIAMEnabled(client); err != nil { - return err + return diag.FromErr(err) } if _, err := client.DeleteLongTermKey(d.Id()); err != nil { - return err + return diag.FromErr(err) } return nil } - -func resourceAlksLtkExists(d *schema.ResourceData, meta interface{}) (bool, error) { - log.Printf("[INFO] ALKS LTK User Exists") - - client := meta.(*alks.Client) - resp, err := client.GetLongTermKey(d.Id()) - - if err != nil { - return false, err - } - - // We can get a 200, but an empty string so this is the condition to check for. - if len(resp.LongTermKey.UserName) == 0 { - return false, nil - } - - return true, nil -} From 337caf38ae803f1c52d0322942d7e254d74c1c83 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Tue, 6 Jul 2021 15:38:47 -0400 Subject: [PATCH 2/4] Formatting. --- provider.go | 14 +++++++------- resource_alks_ltk.go | 10 +++++----- resource_alks_ltk_test.go | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/provider.go b/provider.go index c366b253..1dd2d0f3 100644 --- a/provider.go +++ b/provider.go @@ -18,7 +18,7 @@ func Provider() *schema.Provider { Required: true, Description: "This is the base URL to ALKS service. It must be provided, but it can also be sourced from the ALKS_URL environment variable.", DefaultFunc: schema.EnvDefaultFunc("ALKS_URL", nil), - }, + }, "access_key": { Type: schema.TypeString, Optional: true, @@ -26,8 +26,8 @@ func Provider() *schema.Provider { DefaultFunc: schema.MultiEnvDefaultFunc([]string{ "ALKS_ACCESS_KEY_ID", "AWS_ACCESS_KEY_ID", - }, nil), - }, + }, nil), + }, "secret_key": { Type: schema.TypeString, Optional: true, @@ -35,8 +35,8 @@ func Provider() *schema.Provider { DefaultFunc: schema.MultiEnvDefaultFunc([]string{ "ALKS_SECRET_ACCESS_KEY", "AWS_SECRET_ACCESS_KEY", - }, nil), - }, + }, nil), + }, "token": { Type: schema.TypeString, Optional: true, @@ -44,8 +44,8 @@ func Provider() *schema.Provider { DefaultFunc: schema.MultiEnvDefaultFunc([]string{ "ALKS_SESSION_TOKEN", "AWS_SESSION_TOKEN", - }, nil), - }, + }, nil), + }, "profile": { Type: schema.TypeString, Optional: true, diff --git a/resource_alks_ltk.go b/resource_alks_ltk.go index da8d6c1c..4ecf053e 100644 --- a/resource_alks_ltk.go +++ b/resource_alks_ltk.go @@ -23,26 +23,26 @@ func resourceAlksLtk() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - }, + }, "iam_user_arn": { Type: schema.TypeString, Computed: true, - }, + }, "access_key": { Sensitive: true, Type: schema.TypeString, Computed: true, - }, + }, "secret_key": { Sensitive: true, Type: schema.TypeString, Computed: true, - }, + }, }, } } -func resourceAlksLtkCreate(ctx context.Context,d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func resourceAlksLtkCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS LTK User Create") var iamUsername = d.Get("iam_username").(string) diff --git a/resource_alks_ltk_test.go b/resource_alks_ltk_test.go index 675b5c97..e5ea18d6 100644 --- a/resource_alks_ltk_test.go +++ b/resource_alks_ltk_test.go @@ -20,12 +20,12 @@ func TestAlksLTKCreate(t *testing.T) { { Config: testAlksLTKCreateConfig, Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr("alks_ltk.foo", "iam_username", "TEST_LTK_USER")), - }, + }, // Update the resource { Config: testAlksLTKUpdateConfig, Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttr("alks_ltk.foo", "iam_username", "TEST_LTK_USER_2")), - }, + }, }, }) } From 7fb811184da72ff9b19a0ee48ea8e156e5dbf894 Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Fri, 9 Jul 2021 15:47:26 -0400 Subject: [PATCH 3/4] Fixed return for IAM Trust Role create function. --- resource_alks_iamrole.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 9566b78c..9fdfa437 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -184,7 +184,7 @@ func resourceAlksIamTrustRoleCreate(ctx context.Context, d *schema.ResourceData, log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id()) - return diags + return resourceAlksIamRoleRead(ctx, d, meta) } func resourceAlksIamRoleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { From 055b8e9b8e5f96ac7d9d9a86452baffb4ab8f59f Mon Sep 17 00:00:00 2001 From: Andrew Magana Date: Mon, 12 Jul 2021 09:33:29 -0400 Subject: [PATCH 4/4] Removed unused variable. --- resource_alks_iamrole.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/resource_alks_iamrole.go b/resource_alks_iamrole.go index 9fdfa437..5d1b6c4f 100644 --- a/resource_alks_iamrole.go +++ b/resource_alks_iamrole.go @@ -144,8 +144,6 @@ func resourceAlksIamRoleCreate(ctx context.Context, d *schema.ResourceData, meta func resourceAlksIamTrustRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { log.Printf("[INFO] ALKS IAM Trust Role Create") - var diags diag.Diagnostics - var roleName = d.Get("name").(string) var roleType = d.Get("type").(string) var trustArn = d.Get("trust_arn").(string)