-
Notifications
You must be signed in to change notification settings - Fork 23
/
resource_alks_iamtrustrole.go
145 lines (128 loc) · 4.08 KB
/
resource_alks_iamtrustrole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package main
import (
"context"
"log"
"strings"
"time"
"github.com/Cox-Automotive/alks-go"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func resourceAlksIamTrustRole() *schema.Resource {
return &schema.Resource{
CreateContext: resourceAlksIamTrustRoleCreate,
ReadContext: resourceAlksIamRoleRead,
UpdateContext: resourceAlksIamRoleUpdate,
DeleteContext: resourceAlksIamRoleDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
SchemaVersion: 1,
MigrateState: migrateState,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"name_prefix"},
ValidateFunc: ValidRoleName,
},
"name_prefix": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"name"},
ValidateFunc: ValidRolePrefix,
},
"type": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"trust_arn": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"role_added_to_ip": {
Type: schema.TypeBool,
Computed: true,
},
"arn": {
Type: schema.TypeString,
Computed: true,
},
"ip_arn": {
Type: schema.TypeString,
Computed: true,
},
"enable_alks_access": {
Type: schema.TypeBool,
Default: false,
Optional: true,
},
"max_session_duration_in_seconds": {
Type: schema.TypeInt,
Default: 3600,
Optional: true,
ForceNew: true,
},
"tags": TagsSchema(),
"tags_all": TagsSchemaComputed(),
},
CustomizeDiff: SetTagsDiff,
}
}
func resourceAlksIamTrustRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
log.Printf("[INFO] ALKS IAM Trust Role Create")
var roleName = NameWithPrefix(d.Get("name").(string), d.Get("name_prefix").(string))
var roleType = d.Get("type").(string)
var trustArn = d.Get("trust_arn").(string)
var enableAlksAccess = d.Get("enable_alks_access").(bool)
var tags = d.Get("tags").(map[string]interface{})
var max_session_duration_in_seconds = d.Get("max_session_duration_in_seconds").(int)
providerStruct := meta.(*AlksClient)
client := providerStruct.client
if err := validateIAMEnabled(client); err != nil {
return diag.FromErr(err)
}
allTags := tagMapToSlice(combineTagMaps(providerStruct.defaultTags, tags))
var resp *alks.IamRoleResponse
err := resource.RetryContext(ctx, 2*time.Minute, func() *resource.RetryError {
var err *alks.AlksError
options := &alks.CreateIamRoleOptions{
RoleName: &roleName,
RoleType: &roleType,
TrustArn: &trustArn,
AlksAccess: &enableAlksAccess,
Tags: &allTags,
MaxSessionDurationInSeconds: &max_session_duration_in_seconds,
}
resp, err = client.CreateIamTrustRole(options)
if err != nil {
if strings.Contains(err.Error(), "Role already exists") || strings.Contains(err.Error(), "Instance profile exists") {
return resource.NonRetryableError(err)
}
// Amazon IAM utilizes an eventual consistency model:
// https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
//
// The newly created IAM role may not exist immediately and could result in dependent
// resources failing non-deterministically. Loop for 15 second increments up to 2
// minutes checking to ensure the resouce was successfully created and is visible.
time.Sleep(15 * time.Second)
return resource.RetryableError(err)
}
return nil
})
if err != nil {
return diag.FromErr(err)
}
response := *resp
d.SetId(response.RoleName)
_ = d.Set("role_added_to_ip", resp.RoleAddedToIP)
log.Printf("[INFO] alks_iamtrustrole.id: %v", d.Id())
return resourceAlksIamRoleRead(ctx, d, meta)
}