Split aws_account resource into aws_account and aws_organization (#52)

Update the aws_account resource to only support non-org-management accounts. Remove unnecessary attributes: account_type and management_account_id. Rename organization_id attribute into organization_master_account_id and change its semantics, because the backend correlates accounts using the org's management/master account ID instead of the organization ID. Fix the modes of aws_account attributes. Replace incorrect usages of WriteOnlyOnceAttributeMode with ImmutableAttributeMode. Add the missing RequiresReplace plan modifier to each ImmutableAttributeMode attribute. Reorder attributes by lexicographic order in the schema. Define a new aws_organization resource specific to org accounts. Update resource examples.
illumio · Aug 16, 2024 · ad1cc47 · ad1cc47
1 parent 0db8a8f
commit ad1cc47
Show file tree

Hide file tree

Showing 13 changed files with 1,953 additions and 398 deletions.
diff --git a/api/illumio/cloud/config/v1/config.pb.go b/api/illumio/cloud/config/v1/config.pb.go
diff --git a/api/illumio/cloud/config/v1/config.proto b/api/illumio/cloud/config/v1/config.proto
@@ -10,33 +10,39 @@ service ConfigService {
   rpc ReadAwsAccount(ReadAwsAccountRequest) returns (ReadAwsAccountResponse);
   rpc UpdateAwsAccount(UpdateAwsAccountRequest) returns (UpdateAwsAccountResponse);
   rpc DeleteAwsAccount(DeleteAwsAccountRequest) returns (google.protobuf.Empty);
+  rpc CreateAwsOrganization(CreateAwsOrganizationRequest) returns (CreateAwsOrganizationResponse);
+  rpc ReadAwsOrganization(ReadAwsOrganizationRequest) returns (ReadAwsOrganizationResponse);
+  rpc UpdateAwsOrganization(UpdateAwsOrganizationRequest) returns (UpdateAwsOrganizationResponse);
+  rpc DeleteAwsOrganization(DeleteAwsOrganizationRequest) returns (google.protobuf.Empty);
 }
 message CreateAwsAccountRequest {
   string account_id = 2;
-  string account_type = 3;
-  optional string management_account_id = 4;
   string mode = 5;
   string name = 6;
-  optional string organization_id = 7;
+  optional string organization_master_account_id = 12;
   string role_arn = 8;
   string role_external_id = 9;
 }
 message CreateAwsAccountResponse {
   string id = 1;
   string account_id = 2;
-  string account_type = 3;
   string mode = 5;
   string name = 6;
+  optional string organization_master_account_id = 12;
+  string role_arn = 8;
+  string role_external_id = 9;
 }
 message ReadAwsAccountRequest {
   string id = 1;
 }
 message ReadAwsAccountResponse {
   string id = 1;
   string account_id = 2;
-  string account_type = 3;
   string mode = 5;
   string name = 6;
+  optional string organization_master_account_id = 12;
+  string role_arn = 8;
+  string role_external_id = 9;
 }
 message UpdateAwsAccountRequest {
   string id = 1;
@@ -46,10 +52,58 @@ message UpdateAwsAccountRequest {
 message UpdateAwsAccountResponse {
   string id = 1;
   string account_id = 2;
-  string account_type = 3;
   string mode = 5;
   string name = 6;
+  optional string organization_master_account_id = 12;
+  string role_arn = 8;
+  string role_external_id = 9;
 }
 message DeleteAwsAccountRequest {
   string id = 1;
 }
+message CreateAwsOrganizationRequest {
+  string master_account_id = 9;
+  string mode = 3;
+  string name = 4;
+  string organization_id = 5;
+  string role_arn = 6;
+  string role_external_id = 7;
+}
+message CreateAwsOrganizationResponse {
+  string id = 1;
+  string master_account_id = 9;
+  string mode = 3;
+  string name = 4;
+  string organization_id = 5;
+  string role_arn = 6;
+  string role_external_id = 7;
+}
+message ReadAwsOrganizationRequest {
+  string id = 1;
+}
+message ReadAwsOrganizationResponse {
+  string id = 1;
+  string master_account_id = 9;
+  string mode = 3;
+  string name = 4;
+  string organization_id = 5;
+  string role_arn = 6;
+  string role_external_id = 7;
+}
+message UpdateAwsOrganizationRequest {
+  string id = 1;
+  string name = 4;
+  google.protobuf.FieldMask update_mask = 8;
+}
+message UpdateAwsOrganizationResponse {
+  string id = 1;
+  string master_account_id = 9;
+  string mode = 3;
+  string name = 4;
+  string organization_id = 5;
+  string role_arn = 6;
+  string role_external_id = 7;
+}
+message DeleteAwsOrganizationRequest {
+  string id = 1;
+}
diff --git a/api/illumio/cloud/config/v1/config_grpc.pb.go b/api/illumio/cloud/config/v1/config_grpc.pb.go
diff --git a/api/illumio/cloud/config/v1/tags.json b/api/illumio/cloud/config/v1/tags.json
@@ -1 +1 @@
-{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_id":7,"role_arn":8,"role_external_id":9,"update_mask":10}}
+{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_account_id":11,"organization_id":7,"organization_master_account_id":12,"role_arn":8,"role_external_id":9,"update_mask":10},"resource/aws_organization":{"account_id":2,"id":1,"master_account_id":9,"mode":3,"name":4,"organization_id":5,"role_arn":6,"role_external_id":7,"update_mask":8}}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_id":7,"role_arn":8,"role_external_id":9,"update_mask":10}}
		{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_account_id":11,"organization_id":7,"organization_master_account_id":12,"role_arn":8,"role_external_id":9,"update_mask":10},"resource/aws_organization":{"account_id":2,"id":1,"master_account_id":9,"mode":3,"name":4,"organization_id":5,"role_arn":6,"role_external_id":7,"update_mask":8}}