Merge pull request #122 from Cox-Automotive/develop

Develop

config.go

@@ -162,7 +162,7 @@ func (c *Config) Client() (*alks.Client, error) {
 	}
 
 	// make a basic api call to test creds are valid
-	cident, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
+	_, serr := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
 	// check for valid creds
 	if serr != nil {
 		return nil, serr
@@ -183,8 +183,9 @@ func (c *Config) Client() (*alks.Client, error) {
 		}
 	}
 
-	// check if the user is using a assume-role IAM admin session or MI.
-	if isValidIAM(cident.Arn, client) != true {
+	// Validate STS for IAM active.
+	validateSTS, err := client.IsIamEnabled("")
+	if err != nil || validateSTS.IamEnabled != true {
 		return nil, errors.New("Looks like you are not using ALKS IAM credentials. This will result in errors when creating roles. \n " +
 			"Note: If using ALKS CLI to get credentials, be sure to use the '-i' flag. \n Please see https://coxautoinc.sharepoint.com/sites/service-internal-tools-team/SitePages/ALKS-Terraform-Provider---Troubleshooting.aspx for more information.")
 	}
@@ -204,34 +205,6 @@ func getPluginVersion() string {
 	return "unknown"
 }
 
-/*
-	Validates ARN for assumed-role of:
-		- Admin
-		- IAMAdmin
-		- Machine Identities.
-*/
-func isValidIAM(arn *string, client *alks.Client) bool {
-	// Check if Admin || IAMAdmin
-	if strings.Contains(*arn, "assumed-role/Admin/") || strings.Contains(*arn, "assumed-role/IAMAdmin/") || strings.Contains(*arn, "assumed-role/LabAdmin/") {
-		return true
-	}
-
-	// Check if MI...
-	arnParts := strings.FieldsFunc(*arn, splitBy)
-	iamArn := fmt.Sprintf("arn:aws:iam::%s:role/acct-managed/%s", arnParts[3], arnParts[5])
-
-	_, err := client.SearchRoleMachineIdentity(iamArn)
-	if err != nil {
-		return false
-	}
-
-	return true
-}
-
-func splitBy(r rune) bool {
-	return r == ':' || r == '/'
-}
-
 func generateNewClient(c *Config, client *alks.Client) (*alks.Client, error) {
 
 	// 3. Create account string

go.mod

@@ -3,8 +3,9 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.14
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67
+	github.com/Cox-Automotive/alks-go v0.0.0-20210414185953-754a7e5f7114
 	github.com/aws/aws-sdk-go v1.31.15
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/terraform v0.12.26
 	github.com/mitchellh/go-homedir v1.1.0
 )

go.sum

@@ -29,6 +29,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
 github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67 h1:vcruzED50hPyycvR6mtPXKy2zQoH+AOicCOuwiWr7Cg=
 github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
+github.com/Cox-Automotive/alks-go v0.0.0-20210414185953-754a7e5f7114 h1:U6UO6xb3cFJTMLCJWMVxkhWq2vCrX5c7QnPlsQCPGZE=
+github.com/Cox-Automotive/alks-go v0.0.0-20210414185953-754a7e5f7114/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
 github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
@@ -151,6 +153,8 @@ github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuD
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02 h1:l1KB3bHVdvegcIf5upQ5mjcHjs2qsWnKh4Yr9xgIuu8=
 github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=

vendor/modules.txt

@@ -6,7 +6,7 @@ cloud.google.com/go/internal/optional
 cloud.google.com/go/internal/trace
 cloud.google.com/go/internal/version
 cloud.google.com/go/storage
-# github.com/Cox-Automotive/alks-go v0.0.0-20210331173447-21b08aca8d67
+# github.com/Cox-Automotive/alks-go v0.0.0-20210414185953-754a7e5f7114
 ## explicit
 github.com/Cox-Automotive/alks-go
 # github.com/agext/levenshtein v1.2.2
@@ -94,7 +94,8 @@ github.com/google/uuid
 github.com/googleapis/gax-go/v2
 # github.com/hashicorp/errwrap v1.0.0
 github.com/hashicorp/errwrap
-# github.com/hashicorp/go-cleanhttp v0.5.1
+# github.com/hashicorp/go-cleanhttp v0.5.2
+## explicit
 github.com/hashicorp/go-cleanhttp
 # github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02
 github.com/hashicorp/go-getter
@@ -221,8 +222,6 @@ github.com/mitchellh/hashstructure
 github.com/mitchellh/mapstructure
 # github.com/mitchellh/reflectwalk v1.0.0
 github.com/mitchellh/reflectwalk
-# github.com/motain/gocheck v0.0.0-20131023154940-9beb271d26e6
-## explicit
 # github.com/oklog/run v1.0.0
 github.com/oklog/run
 # github.com/posener/complete v1.2.1
@@ -374,5 +373,3 @@ google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
 google.golang.org/grpc/test/bufconn
-# launchpad.net/gocheck v0.0.0-20140225173054-000000000087
-## explicit