Support for AWS Signer service (#16383)

Add new data sources and resources for AWS Signer. Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccDataSourceAWSSignerSigningJob_basic (27.90s) --- PASS: TestAccDataSourceAWSSignerSigningProfile_basic (10.31s) --- PASS: TestAccAWSSignerSigningJob_basic (26.76s) --- PASS: TestAccAWSSignerSigningProfile_GenerateNameWithNamePrefix (15.78s) --- PASS: TestAccAWSSignerSigningProfile_GenerateName (15.84s) --- PASS: TestAccAWSSignerSigningProfile_basic (17.35s) --- PASS: TestAccAWSSignerSigningProfile_tags (24.18s) --- PASS: TestAccAWSSignerSigningProfile_SignatureValidityPeriod (24.61s) --- PASS: TestAccAWSSignerSigningProfilePermission_StatementPrefix (19.95s) --- PASS: TestAccAWSSignerSigningProfilePermission_basic (20.55s) --- PASS: TestAccAWSSignerSigningProfilePermission_StartSigningJob_GetSP (23.65s) --- PASS: TestAccAWSSignerSigningProfilePermission_GetSigningProfile (55.43s) ``` Co-authored-by: Veda Raman <vedashreevinay@users.noreply.github.com> Co-authored-by: Brian Flad <bflad417@gmail.com> Co-authored-by: angie pinilla <angelinepinilla@gmail.com>
hashicorp · Nov 23, 2020 · 39bc9f8 · 39bc9f8
1 parent ce344da
commit 39bc9f8
Show file tree

Hide file tree

Showing 28 changed files with 2,672 additions and 0 deletions.
diff --git a/.hashibot.hcl b/.hashibot.hcl
@@ -532,6 +532,9 @@ behavior "regexp_issue_labeler_v2" "service_labels" {
     "service/shield" = [
       "aws_shield_",
     ],
+    "service/signer" = [
+      "aws_signer_",
+    ],
     "service/simpledb" = [
       "aws_simpledb_",
     ],
@@ -1416,6 +1419,10 @@ behavior "pull_request_path_labeler" "service_labels" {
       "**/*_shield_*",
       "**/shield_*",
     ],
+    "service/signer" = [
+      "**/*_signer_*",
+      "**/signer_*"
+    ]
     "service/simpledb" = [
       "aws/internal/service/simpledb/**/*",
       "**/*_simpledb_*",

diff --git a/aws/config.go b/aws/config.go
@@ -140,6 +140,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/ses"
 	"github.com/aws/aws-sdk-go/service/sfn"
 	"github.com/aws/aws-sdk-go/service/shield"
+	"github.com/aws/aws-sdk-go/service/signer"
 	"github.com/aws/aws-sdk-go/service/simpledb"
 	"github.com/aws/aws-sdk-go/service/sns"
 	"github.com/aws/aws-sdk-go/service/sqs"
@@ -337,6 +338,7 @@ type AWSClient struct {
 	sesconn                             *ses.SES
 	sfnconn                             *sfn.SFN
 	shieldconn                          *shield.Shield
+	signerconn                          *signer.Signer
 	simpledbconn                        *simpledb.SimpleDB
 	snsconn                             *sns.SNS
 	sqsconn                             *sqs.SQS
@@ -567,6 +569,7 @@ func (c *Config) Client() (interface{}, error) {
 		servicequotasconn:                   servicequotas.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["servicequotas"])})),
 		sesconn:                             ses.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["ses"])})),
 		sfnconn:                             sfn.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["stepfunctions"])})),
+		signerconn:                          signer.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["signer"])})),
 		simpledbconn:                        simpledb.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sdb"])})),
 		snsconn:                             sns.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sns"])})),
 		sqsconn:                             sqs.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sqs"])})),

diff --git a/aws/data_source_aws_signer_signing_job.go b/aws/data_source_aws_signer_signing_job.go
@@ -0,0 +1,224 @@
+package aws
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/signer"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAwsSignerSigningJob() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsSignerSigningJobRead,
+
+		Schema: map[string]*schema.Schema{
+			"job_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"completed_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"created_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"job_owner": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"job_invoker": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"platform_display_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"platform_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"profile_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"profile_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"requested_by": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"revocation_record": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"reason": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"revoked_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"revoked_by": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"signature_expires_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"signed_object": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"s3": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"bucket": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"key": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"source": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"s3": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"bucket": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"key": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"version": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"status_reason": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsSignerSigningJobRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).signerconn
+	jobId := d.Get("job_id").(string)
+
+	describeSigningJobOutput, err := conn.DescribeSigningJob(&signer.DescribeSigningJobInput{
+		JobId: aws.String(jobId),
+	})
+
+	if err != nil {
+		return fmt.Errorf("error reading Signer signing job (%s): %s", d.Id(), err)
+	}
+
+	if err := d.Set("completed_at", aws.TimeValue(describeSigningJobOutput.CompletedAt).Format(time.RFC3339)); err != nil {
+		return fmt.Errorf("error setting signer signing job completed at: %s", err)
+	}
+
+	if err := d.Set("created_at", aws.TimeValue(describeSigningJobOutput.CreatedAt).Format(time.RFC3339)); err != nil {
+		return fmt.Errorf("error setting signer signing job created at: %s", err)
+	}
+
+	if err := d.Set("job_invoker", describeSigningJobOutput.JobInvoker); err != nil {
+		return fmt.Errorf("error setting signer signing job invoker: %s", err)
+	}
+
+	if err := d.Set("job_owner", describeSigningJobOutput.JobOwner); err != nil {
+		return fmt.Errorf("error setting signer signing job owner: %s", err)
+	}
+
+	if err := d.Set("platform_display_name", describeSigningJobOutput.PlatformDisplayName); err != nil {
+		return fmt.Errorf("error setting signer signing job platform display name: %s", err)
+	}
+
+	if err := d.Set("platform_id", describeSigningJobOutput.PlatformId); err != nil {
+		return fmt.Errorf("error setting signer signing job platform id: %s", err)
+	}
+
+	if err := d.Set("profile_name", describeSigningJobOutput.ProfileName); err != nil {
+		return fmt.Errorf("error setting signer signing job profile name: %s", err)
+	}
+
+	if err := d.Set("profile_version", describeSigningJobOutput.ProfileVersion); err != nil {
+		return fmt.Errorf("error setting signer signing job profile version: %s", err)
+	}
+
+	if err := d.Set("requested_by", describeSigningJobOutput.RequestedBy); err != nil {
+		return fmt.Errorf("error setting signer signing job requested by: %s", err)
+	}
+
+	if err := d.Set("revocation_record", flattenSignerSigningJobRevocationRecord(describeSigningJobOutput.RevocationRecord)); err != nil {
+		return fmt.Errorf("error setting signer signing job revocation record: %s", err)
+	}
+
+	signatureExpiresAt := ""
+	if describeSigningJobOutput.SignatureExpiresAt != nil {
+		signatureExpiresAt = aws.TimeValue(describeSigningJobOutput.SignatureExpiresAt).Format(time.RFC3339)
+	}
+	if err := d.Set("signature_expires_at", signatureExpiresAt); err != nil {
+		return fmt.Errorf("error setting signer signing job requested by: %s", err)
+	}
+
+	if err := d.Set("signed_object", flattenSignerSigningJobSignedObject(describeSigningJobOutput.SignedObject)); err != nil {
+		return fmt.Errorf("error setting signer signing job signed object: %s", err)
+	}
+
+	if err := d.Set("source", flattenSignerSigningJobSource(describeSigningJobOutput.Source)); err != nil {
+		return fmt.Errorf("error setting signer signing job source: %s", err)
+	}
+
+	if err := d.Set("status", describeSigningJobOutput.Status); err != nil {
+		return fmt.Errorf("error setting signer signing job status: %s", err)
+	}
+
+	if err := d.Set("status_reason", describeSigningJobOutput.StatusReason); err != nil {
+		return fmt.Errorf("error setting signer signing job status reason: %s", err)
+	}
+
+	d.SetId(aws.StringValue(describeSigningJobOutput.JobId))
+
+	return nil
+}
diff --git a/aws/data_source_aws_signer_signing_job_test.go b/aws/data_source_aws_signer_signing_job_test.go
@@ -0,0 +1,85 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceAWSSignerSigningJob_basic(t *testing.T) {
+	rString := acctest.RandString(48)
+	profileName := fmt.Sprintf("tf_acc_sp_basic_%s", rString)
+	dataSourceName := "data.aws_signer_signing_job.test"
+	resourceName := "aws_signer_signing_job.job_test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAWSSignerSigningJobConfigBasic(profileName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "status", resourceName, "status"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "job_owner", resourceName, "job_owner"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "job_invoker", resourceName, "job_invoker"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "profile_name", resourceName, "profile_name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAWSSignerSigningJobConfigBasic(profileName string) string {
+	return fmt.Sprintf(`
+data "aws_caller_identity" "current" {}
+
+resource "aws_signer_signing_profile" "test_sp" {
+  platform_id = "AWSLambda-SHA384-ECDSA"
+  name        = "%s"
+}
+
+resource "aws_s3_bucket" "bucket" {
+  bucket = "tf-signer-signing-bucket"
+
+  versioning {
+    enabled = true
+  }
+
+  force_destroy = true
+}
+
+resource "aws_s3_bucket" "dest_bucket" {
+  bucket        = "tf-signer-signing-dest-bucket"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_object" "lambda_signing_code" {
+  bucket = aws_s3_bucket.bucket.bucket
+  key    = "lambdatest.zip"
+  source = "test-fixtures/lambdatest.zip"
+}
+
+resource "aws_signer_signing_job" "job_test" {
+  profile_name = aws_signer_signing_profile.test_sp.name
+
+  source {
+    s3 {
+      bucket  = aws_s3_bucket.bucket.bucket
+      key     = aws_s3_bucket_object.lambda_signing_code.key
+      version = aws_s3_bucket_object.lambda_signing_code.version_id
+    }
+  }
+
+  destination {
+    s3 {
+      bucket = aws_s3_bucket.dest_bucket.bucket
+    }
+  }
+}
+
+data "aws_signer_signing_job" "test" {
+  job_id = aws_signer_signing_job.job_test.job_id
+}`, profileName)
+}