Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/ssoadmin_account_assignment: new resource; d/identitystore: new data sources #15322

Merged
merged 55 commits into from
Jan 14, 2021
Merged

r/ssoadmin_account_assignment: new resource; d/identitystore: new data sources #15322

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
8e07162
resource_aws_sso_permission_set scaffolding
burck1 Sep 23, 2020
29198cc
update schema
burck1 Sep 25, 2020
5d91a54
add aws_sso_assignment
burck1 Sep 26, 2020
75188a7
add data sources
burck1 Sep 26, 2020
8c60069
fmt
burck1 Sep 26, 2020
987457a
make build
burck1 Sep 26, 2020
15d883a
add to provider
burck1 Sep 26, 2020
42ace81
add docs
burck1 Sep 29, 2020
1073f4e
fix build
burck1 Sep 29, 2020
cd10761
remove update from sso assignment
burck1 Oct 9, 2020
44d49a3
implement aws_sso_instance data source
burck1 Oct 4, 2020
62b94e0
add in the sso permission set data source
burck1 Oct 5, 2020
b3bf1bb
docs
burck1 Oct 5, 2020
08010fb
fmt
burck1 Oct 5, 2020
42298e3
resourceAwsSsoAssignmentCreate
burck1 Oct 5, 2020
af767ea
add sso assignment Read
burck1 Oct 9, 2020
f5ffa28
add sso assignment delete
burck1 Oct 9, 2020
9ab6547
fix usage of SetId
burck1 Oct 9, 2020
748e8e0
add sso permission set create
lawdhavmercy Oct 9, 2020
bdb08aa
add sso permission set read
lawdhavmercy Oct 9, 2020
57de011
add sso permission set update
lawdhavmercy Oct 12, 2020
771bffb
add sso permission set delete
lawdhavmercy Oct 12, 2020
6e37523
parse instance id from permission set arn
lawdhavmercy Oct 12, 2020
ae650d4
add timeouts and use resource.StateChangeConf
burck1 Oct 14, 2020
d5a1f51
add sso permission set provisioning
lawdhavmercy Oct 14, 2020
26a3e39
fix id and import
burck1 Oct 15, 2020
958ad40
bugfix
burck1 Oct 15, 2020
0f98c94
bug fix
burck1 Oct 15, 2020
4dbdcff
update Create to check the assignment exists before creating it
burck1 Oct 15, 2020
6f7cac8
update manage_policy_arns
lawdhavmercy Oct 15, 2020
70e789d
update to use paging with data.aws_sso_instance
burck1 Oct 15, 2020
da390fd
update to use paging with data.aws_identity_store_group and data.aws_…
burck1 Oct 15, 2020
25acc97
update to use paging with aws_sso_assignment
burck1 Oct 15, 2020
ebb181b
fix permission set provisioning wait
lawdhavmercy Oct 15, 2020
d83b573
permission set import bug fix
lawdhavmercy Oct 16, 2020
722987a
add permission set create, update, and delete test
lawdhavmercy Oct 16, 2020
97058c7
add sso permisson set website docs
lawdhavmercy Oct 20, 2020
be37681
update to use paging with data.aws_sso_permission_set
burck1 Oct 20, 2020
985e93c
add sso assignment website doc
lawdhavmercy Oct 20, 2020
9e5e798
update sso permission set website doc
lawdhavmercy Oct 20, 2020
810bf2d
resolve make lint errors
burck1 Oct 20, 2020
c1fa9e2
fix lint errors
lawdhavmercy Oct 20, 2020
2b483a3
make website-lint-fix
burck1 Oct 20, 2020
f2af1eb
add sso permission set datasource tests
lawdhavmercy Oct 20, 2020
1df4f86
add sso instance datasource test
lawdhavmercy Oct 20, 2020
7af14a2
terrafmt
burck1 Oct 20, 2020
a5ca96d
add permission set tag and disappear tests
lawdhavmercy Oct 21, 2020
c73bc9e
add sso account assignment tests
lawdhavmercy Oct 22, 2020
7d40a02
lint fixes
burck1 Oct 22, 2020
a7dcf64
remove created_date
burck1 Oct 22, 2020
0c7b1e3
fix lint
burck1 Oct 22, 2020
ed6d69e
isolate only new data/resources
anGie44 Jan 12, 2021
469a9cf
align identitystore data-sources with service design
anGie44 Jan 14, 2021
a723226
align account assignment resource w/service design
anGie44 Jan 14, 2021
b9359a8
implement account assignment sweeper
anGie44 Jan 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 139 additions & 0 deletions aws/data_source_aws_identitystore_group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
package aws

import (
"fmt"
"regexp"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/identitystore"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)

func dataSourceAwsIdentityStoreGroup() *schema.Resource {
return &schema.Resource{
Read: dataSourceAwsIdentityStoreGroupRead,

Schema: map[string]*schema.Schema{
"display_name": {
Type: schema.TypeString,
Computed: true,
},

"filter": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"attribute_path": {
Type: schema.TypeString,
Required: true,
},
"attribute_value": {
Type: schema.TypeString,
Required: true,
},
},
},
},

"group_id": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.All(
validation.StringLenBetween(1, 47),
validation.StringMatch(regexp.MustCompile(`^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`), "must match ([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}"),
),
},

"identity_store_id": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.All(
validation.StringLenBetween(1, 64),
validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9-]*$`), "must match [a-zA-Z0-9-]"),
),
},
},
}
}

func dataSourceAwsIdentityStoreGroupRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).identitystoreconn

input := &identitystore.ListGroupsInput{
IdentityStoreId: aws.String(d.Get("identity_store_id").(string)),
Filters: expandIdentityStoreFilters(d.Get("filter").(*schema.Set).List()),
}

var results []*identitystore.Group

err := conn.ListGroupsPages(input, func(page *identitystore.ListGroupsOutput, lastPage bool) bool {
if page == nil {
return !lastPage
}

for _, group := range page.Groups {
if group == nil {
continue
}

if v, ok := d.GetOk("group_id"); ok && v.(string) != aws.StringValue(group.GroupId) {
continue
}

results = append(results, group)
}

return !lastPage
})

if err != nil {
return fmt.Errorf("error listing Identity Store Groups: %w", err)
}

if len(results) == 0 {
return fmt.Errorf("no Identity Store Group found matching criteria; try different search")
}

if len(results) > 1 {
return fmt.Errorf("multiple Identity Store Groups found matching criteria; try different search")
}

group := results[0]

d.SetId(aws.StringValue(group.GroupId))
d.Set("display_name", group.DisplayName)
d.Set("group_id", group.GroupId)

return nil
}

func expandIdentityStoreFilters(l []interface{}) []*identitystore.Filter {
if len(l) == 0 || l[0] == nil {
return nil
}

filters := make([]*identitystore.Filter, 0, len(l))
for _, v := range l {
tfMap, ok := v.(map[string]interface{})
if !ok {
continue
}

filter := &identitystore.Filter{}

if v, ok := tfMap["attribute_path"].(string); ok && v != "" {
filter.AttributePath = aws.String(v)
}

if v, ok := tfMap["attribute_value"].(string); ok && v != "" {
filter.AttributeValue = aws.String(v)
}

filters = append(filters, filter)
}

return filters
}
131 changes: 131 additions & 0 deletions aws/data_source_aws_identitystore_group_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
package aws

import (
"fmt"
"os"
"regexp"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
)

func TestAccAWSIdentityStoreGroupDataSource_DisplayName(t *testing.T) {
dataSourceName := "data.aws_identitystore_group.test"
name := os.Getenv("AWS_IDENTITY_STORE_GROUP_NAME")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
testAccPreCheckAWSSSOAdminInstances(t)
testAccPreCheckAWSIdentityStoreGroupName(t)
},
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccAWSIdentityStoreGroupDataSourceConfigDisplayName(name),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(dataSourceName, "group_id"),
resource.TestCheckResourceAttr(dataSourceName, "display_name", name),
),
},
},
})
}

func TestAccAWSIdentityStoreGroupDataSource_GroupID(t *testing.T) {
dataSourceName := "data.aws_identitystore_group.test"
name := os.Getenv("AWS_IDENTITY_STORE_GROUP_NAME")
groupID := os.Getenv("AWS_IDENTITY_STORE_GROUP_ID")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
testAccPreCheckAWSSSOAdminInstances(t)
testAccPreCheckAWSIdentityStoreGroupName(t)
testAccPreCheckAWSIdentityStoreGroupID(t)
},
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccAWSIdentityStoreGroupDataSourceConfigGroupID(name, groupID),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(dataSourceName, "group_id", groupID),
resource.TestCheckResourceAttrSet(dataSourceName, "display_name"),
),
},
},
})
}

func TestAccAWSIdentityStoreGroupDataSource_NonExistent(t *testing.T) {
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSSSOAdminInstances(t) },
Providers: testAccProviders,
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: testAccAWSIdentityStoreGroupDataSourceConfigNonExistent,
ExpectError: regexp.MustCompile(`no Identity Store Group found matching criteria`),
},
},
})
}

func testAccPreCheckAWSIdentityStoreGroupName(t *testing.T) {
if os.Getenv("AWS_IDENTITY_STORE_GROUP_NAME") == "" {
t.Skip("AWS_IDENTITY_STORE_GROUP_NAME env var must be set for AWS Identity Store Group acceptance test. " +
"This is required until ListGroups API returns results without filtering by name.")
}
}

func testAccPreCheckAWSIdentityStoreGroupID(t *testing.T) {
if os.Getenv("AWS_IDENTITY_STORE_GROUP_ID") == "" {
t.Skip("AWS_IDENTITY_STORE_GROUP_ID env var must be set for AWS Identity Store Group acceptance test. " +
"This is required until ListGroups API returns results without filtering by name.")
}
}

func testAccAWSIdentityStoreGroupDataSourceConfigDisplayName(name string) string {
return fmt.Sprintf(`
data "aws_ssoadmin_instances" "test" {}

data "aws_identitystore_group" "test" {
filter {
attribute_path = "DisplayName"
attribute_value = %q
}
identity_store_id = tolist(data.aws_ssoadmin_instances.test.identity_store_ids)[0]
}
`, name)
}

func testAccAWSIdentityStoreGroupDataSourceConfigGroupID(name, id string) string {
return fmt.Sprintf(`
data "aws_ssoadmin_instances" "test" {}

data "aws_identitystore_group" "test" {
filter {
attribute_path = "DisplayName"
attribute_value = %q
}

group_id = %q

identity_store_id = tolist(data.aws_ssoadmin_instances.test.identity_store_ids)[0]
}
`, name, id)
}

const testAccAWSIdentityStoreGroupDataSourceConfigNonExistent = `
data "aws_ssoadmin_instances" "test" {}

data "aws_identitystore_group" "test" {
filter {
attribute_path = "DisplayName"
attribute_value = "does-not-exist"
}
identity_store_id = tolist(data.aws_ssoadmin_instances.test.identity_store_ids)[0]
}
`
111 changes: 111 additions & 0 deletions aws/data_source_aws_identitystore_user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
package aws

import (
"fmt"
"regexp"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/identitystore"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)

func dataSourceAwsIdentityStoreUser() *schema.Resource {
return &schema.Resource{
Read: dataSourceAwsIdentityStoreUserRead,

Schema: map[string]*schema.Schema{
"filter": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"attribute_path": {
Type: schema.TypeString,
Required: true,
},
"attribute_value": {
Type: schema.TypeString,
Required: true,
},
},
},
},

"identity_store_id": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.All(
validation.StringLenBetween(1, 64),
validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9-]*$`), "must match [a-zA-Z0-9-]"),
),
},

"user_id": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.All(
validation.StringLenBetween(1, 47),
validation.StringMatch(regexp.MustCompile(`^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`), "must match ([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}"),
),
},

"user_name": {
Type: schema.TypeString,
Computed: true,
},
},
}
}

func dataSourceAwsIdentityStoreUserRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).identitystoreconn

input := &identitystore.ListUsersInput{
IdentityStoreId: aws.String(d.Get("identity_store_id").(string)),
Filters: expandIdentityStoreFilters(d.Get("filter").(*schema.Set).List()),
}

var results []*identitystore.User

err := conn.ListUsersPages(input, func(page *identitystore.ListUsersOutput, lastPage bool) bool {
if page == nil {
return !lastPage
}

for _, user := range page.Users {
if user == nil {
continue
}

if v, ok := d.GetOk("user_id"); ok && v.(string) != aws.StringValue(user.UserId) {
continue
}

results = append(results, user)
}

return !lastPage
})

if err != nil {
return fmt.Errorf("error listing Identity Store Users: %w", err)
}

if len(results) == 0 {
return fmt.Errorf("no Identity Store User found matching criteria; try different search")
}

if len(results) > 1 {
return fmt.Errorf("multiple Identity Store Users found matching criteria; try different search")
}

user := results[0]

d.SetId(aws.StringValue(user.UserId))
d.Set("user_id", user.UserId)
d.Set("user_name", user.UserName)

return nil
}
Loading