Merge pull request #17959 from willvrny/f_aws_eks_identity_provider_c…

…onfig

r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config

.changelog/17959.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_eks_identity_provider_config
+```

aws/internal/service/eks/enum.go

@@ -1,5 +1,9 @@
 package eks
 
+const (
+	IdentityProviderConfigTypeOidc = "oidc"
+)
+
 const (
 	ResourcesSecrets = "secrets"
 )

aws/internal/service/eks/finder/finder.go

@@ -7,6 +7,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/eks"
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	tfeks "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/eks"
 )
 
 func AddonByClusterNameAndAddonName(ctx context.Context, conn *eks.EKS, clusterName, addonName string) (*eks.Addon, error) {
@@ -214,3 +215,35 @@ func NodegroupUpdateByClusterNameNodegroupNameAndID(conn *eks.EKS, clusterName,
 
 	return output.Update, nil
 }
+
+func OidcIdentityProviderConfigByClusterNameAndConfigName(ctx context.Context, conn *eks.EKS, clusterName, configName string) (*eks.OidcIdentityProviderConfig, error) {
+	input := &eks.DescribeIdentityProviderConfigInput{
+		ClusterName: aws.String(clusterName),
+		IdentityProviderConfig: &eks.IdentityProviderConfig{
+			Name: aws.String(configName),
+			Type: aws.String(tfeks.IdentityProviderConfigTypeOidc),
+		},
+	}
+
+	output, err := conn.DescribeIdentityProviderConfigWithContext(ctx, input)
+
+	if tfawserr.ErrCodeEquals(err, eks.ErrCodeResourceNotFoundException) {
+		return nil, &resource.NotFoundError{
+			LastError:   err,
+			LastRequest: input,
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || output.IdentityProviderConfig == nil || output.IdentityProviderConfig.Oidc == nil {
+		return nil, &resource.NotFoundError{
+			Message:     "Empty result",
+			LastRequest: input,
+		}
+	}
+
+	return output.IdentityProviderConfig.Oidc, nil
+}

aws/internal/service/eks/id.go

@@ -43,6 +43,25 @@ func FargateProfileParseResourceID(id string) (string, string, error) {
 	return "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected cluster-name%[2]sfargate-profile-name", id, fargateProfileResourceIDSeparator)
 }
 
+const identityProviderConfigResourceIDSeparator = ":"
+
+func IdentityProviderConfigCreateResourceID(clusterName, configName string) string {
+	parts := []string{clusterName, configName}
+	id := strings.Join(parts, identityProviderConfigResourceIDSeparator)
+
+	return id
+}
+
+func IdentityProviderConfigParseResourceID(id string) (string, string, error) {
+	parts := strings.Split(id, identityProviderConfigResourceIDSeparator)
+
+	if len(parts) == 2 && parts[0] != "" && parts[1] != "" {
+		return parts[0], parts[1], nil
+	}
+
+	return "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected cluster-name%[2]sconfig-name", id, identityProviderConfigResourceIDSeparator)
+}
+
 const nodeGroupResourceIDSeparator = ":"
 
 func NodeGroupCreateResourceID(clusterName, nodeGroupName string) string {

aws/internal/service/eks/waiter/status.go

@@ -121,3 +121,19 @@ func NodegroupUpdateStatus(conn *eks.EKS, clusterName, nodeGroupName, id string)
 		return output, aws.StringValue(output.Status), nil
 	}
 }
+
+func OidcIdentityProviderConfigStatus(ctx context.Context, conn *eks.EKS, clusterName, configName string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		output, err := finder.OidcIdentityProviderConfigByClusterNameAndConfigName(ctx, conn, clusterName, configName)
+
+		if tfresource.NotFound(err) {
+			return nil, "", nil
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		return output, aws.StringValue(output.Status), nil
+	}
+}

aws/internal/service/eks/waiter/waiter.go

@@ -240,3 +240,37 @@ func NodegroupUpdateSuccessful(conn *eks.EKS, clusterName, nodeGroupName, id str
 
 	return nil, err
 }
+
+func OidcIdentityProviderConfigCreated(ctx context.Context, conn *eks.EKS, clusterName, configName string, timeout time.Duration) (*eks.OidcIdentityProviderConfig, error) {
+	stateConf := resource.StateChangeConf{
+		Pending: []string{eks.ConfigStatusCreating},
+		Target:  []string{eks.ConfigStatusActive},
+		Refresh: OidcIdentityProviderConfigStatus(ctx, conn, clusterName, configName),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*eks.OidcIdentityProviderConfig); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func OidcIdentityProviderConfigDeleted(ctx context.Context, conn *eks.EKS, clusterName, configName string, timeout time.Duration) (*eks.OidcIdentityProviderConfig, error) {
+	stateConf := resource.StateChangeConf{
+		Pending: []string{eks.ConfigStatusActive, eks.ConfigStatusDeleting},
+		Target:  []string{},
+		Refresh: OidcIdentityProviderConfigStatus(ctx, conn, clusterName, configName),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*eks.OidcIdentityProviderConfig); ok {
+		return output, err
+	}
+
+	return nil, err
+}

aws/provider.go

@@ -729,6 +729,7 @@ func Provider() *schema.Provider {
 			"aws_eks_cluster":                                         resourceAwsEksCluster(),
 			"aws_eks_addon":                                           resourceAwsEksAddon(),
 			"aws_eks_fargate_profile":                                 resourceAwsEksFargateProfile(),
+			"aws_eks_identity_provider_config":                        resourceAwsEksIdentityProviderConfig(),
 			"aws_eks_node_group":                                      resourceAwsEksNodeGroup(),
 			"aws_elasticache_cluster":                                 resourceAwsElasticacheCluster(),
 			"aws_elasticache_global_replication_group":                resourceAwsElasticacheGlobalReplicationGroup(),