From 4bb16101ae210c2b8b5c836e0c2130d0ef5d4a49 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Oct 2020 14:40:30 +0300 Subject: [PATCH 1/7] get authorization token resource --- ...ce_aws_codeartifact_authorization_token.go | 80 +++++++++++++ ...s_codeartifact_authorization_token_test.go | 113 ++++++++++++++++++ aws/provider.go | 1 + 3 files changed, 194 insertions(+) create mode 100644 aws/data_source_aws_codeartifact_authorization_token.go create mode 100644 aws/data_source_aws_codeartifact_authorization_token_test.go diff --git a/aws/data_source_aws_codeartifact_authorization_token.go b/aws/data_source_aws_codeartifact_authorization_token.go new file mode 100644 index 000000000000..b7d490594e27 --- /dev/null +++ b/aws/data_source_aws_codeartifact_authorization_token.go @@ -0,0 +1,80 @@ +package aws + +import ( + "fmt" + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/codeartifact" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func dataSourceAwsCodeArtifactAuthorizationToken() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsCodeArtifactAuthorizationTokenRead, + + Schema: map[string]*schema.Schema{ + "domain": { + Type: schema.TypeString, + Required: true, + }, + "domain_owner": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "duration_seconds": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.Any( + validation.IntBetween(900, 43200), + validation.IntInSlice([]int{0}), + ), + }, + "authorization_token": { + Type: schema.TypeString, + Computed: true, + }, + "expiration": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func dataSourceAwsCodeArtifactAuthorizationTokenRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).codeartifactconn + domain := d.Get("domain").(string) + domainOwner := meta.(*AWSClient).accountid + params := &codeartifact.GetAuthorizationTokenInput{ + Domain: aws.String(domain), + } + + if v, ok := d.GetOk("domain_owner"); ok { + params.DomainOwner = aws.String(v.(string)) + domainOwner = v.(string) + } + + if v, ok := d.GetOkExists("duration_seconds"); ok { + params.DurationSeconds = aws.Int64(int64(v.(int))) + } + + log.Printf("[DEBUG] Getting CodeArtifact authorization token") + out, err := conn.GetAuthorizationToken(params) + if err != nil { + return fmt.Errorf("error getting CodeArtifact authorization token: %w", err) + } + + log.Printf("[DEBUG] CodeArtifact authorization token: %#v", out) + log.Printf(aws.StringValue(out.AuthorizationToken)) + + d.SetId(fmt.Sprintf("%s:%s", domainOwner, domain)) + d.Set("authorization_token", aws.StringValue(out.AuthorizationToken)) + d.Set("expiration", aws.TimeValue(out.Expiration).Format(time.RFC3339)) + d.Set("domain_owner", domainOwner) + + return nil +} diff --git a/aws/data_source_aws_codeartifact_authorization_token_test.go b/aws/data_source_aws_codeartifact_authorization_token_test.go new file mode 100644 index 000000000000..2389bd79f00f --- /dev/null +++ b/aws/data_source_aws_codeartifact_authorization_token_test.go @@ -0,0 +1,113 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccAWSCodeArtifactAuthorizationTokenDataSource_basic(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + dataSourceName := "data.aws_codeartifact_authorization_token.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAWSCodeArtifactAuthorizationTokenBasicConfig(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"), + resource.TestCheckResourceAttrSet(dataSourceName, "expiration"), + testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"), + ), + }, + }, + }) +} + +func TestAccAWSCodeArtifactAuthorizationTokenDataSource_owner(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + dataSourceName := "data.aws_codeartifact_authorization_token.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAWSCodeArtifactAuthorizationTokenOwnerConfig(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"), + resource.TestCheckResourceAttrSet(dataSourceName, "expiration"), + testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"), + ), + }, + }, + }) +} + +func TestAccAWSCodeArtifactAuthorizationTokenDataSource_duration(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + dataSourceName := "data.aws_codeartifact_authorization_token.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckAWSCodeArtifactAuthorizationTokenDurationConfig(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"), + resource.TestCheckResourceAttrSet(dataSourceName, "expiration"), + resource.TestCheckResourceAttr(dataSourceName, "duration_seconds", "900"), + testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"), + ), + }, + }, + }) +} + +func testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName string) string { + return fmt.Sprintf(` +resource "aws_kms_key" "test" { + description = %[1]q + deletion_window_in_days = 7 +} + +resource "aws_codeartifact_domain" "test" { + domain = %[1]q + encryption_key = aws_kms_key.test.arn +} +`, rName) +} + +func testAccCheckAWSCodeArtifactAuthorizationTokenBasicConfig(rName string) string { + return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) + + fmt.Sprintf(` +data "aws_codeartifact_authorization_token" "test" { + domain = aws_codeartifact_domain.test.domain +} +`) +} + +func testAccCheckAWSCodeArtifactAuthorizationTokenOwnerConfig(rName string) string { + return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) + + fmt.Sprintf(` +data "aws_codeartifact_authorization_token" "test" { + domain = aws_codeartifact_domain.test.domain + domain_owner = aws_codeartifact_domain.test.owner +} +`) +} + +func testAccCheckAWSCodeArtifactAuthorizationTokenDurationConfig(rName string) string { + return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) + + fmt.Sprintf(` +data "aws_codeartifact_authorization_token" "test" { + domain = aws_codeartifact_domain.test.domain + duration_seconds = 900 +} +`) +} diff --git a/aws/provider.go b/aws/provider.go index c8f4f67c5983..bea835c97e78 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -193,6 +193,7 @@ func Provider() *schema.Provider { "aws_cloudhsm_v2_cluster": dataSourceCloudHsmV2Cluster(), "aws_cloudtrail_service_account": dataSourceAwsCloudTrailServiceAccount(), "aws_cloudwatch_log_group": dataSourceAwsCloudwatchLogGroup(), + "aws_codeartifact_authorization_token": dataSourceAwsCodeArtifactAuthorizationToken(), "aws_cognito_user_pools": dataSourceAwsCognitoUserPools(), "aws_codecommit_repository": dataSourceAwsCodeCommitRepository(), "aws_cur_report_definition": dataSourceAwsCurReportDefinition(), From 323d07c716decc63510ae861ad692b0426e4fe57 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Oct 2020 15:48:46 +0300 Subject: [PATCH 2/7] doc --- ...artifact_authorization_token.html.markdown | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 website/docs/d/codeartifact_authorization_token.html.markdown diff --git a/website/docs/d/codeartifact_authorization_token.html.markdown b/website/docs/d/codeartifact_authorization_token.html.markdown new file mode 100644 index 000000000000..853846d5d9b8 --- /dev/null +++ b/website/docs/d/codeartifact_authorization_token.html.markdown @@ -0,0 +1,35 @@ +--- +subcategory: "CodeArtifact" +layout: "aws" +page_title: "AWS: aws_codeartifact_authorization_token" +description: |- + Provides details about an CodeArtifact Authorization Token +--- + +# Data Source: aws_codeartifact_authorization_token + +The CodeArtifact Authorization Token data source allows the authorization token a CodeArtifact domain. + +## Example Usage + +```hcl +data "aws_codeartifact_authorization_token" "test" { + domain = aws_codeartifact_domain.test.domain +} +``` + +## Argument Reference + +The following arguments are supported: + +* `domain` - (Required) The name of the domain that is in scope for the generated authorization token. +* `domain_owner` - (Optional) The account number of the AWS account that owns the domain. +* `duration_seconds` - (Optional) The time, in seconds, that the generated authorization token is valid. Valid values are `0` and between `900` and `43200`. + +## Attributes Reference + +In addition to the argument above, the following attributes are exported: + +* `authorization_token` - Temporary authorization token. +* `domain_owner` - The account number of the AWS account that owns the domain. +* `expiration` - The time in UTC RFC3339 format when the authorization token expires. From 9f3409bcb1af4a7ad55b442af654fc7cb10961c9 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Oct 2020 15:52:39 +0300 Subject: [PATCH 3/7] add account validation --- aws/data_source_aws_codeartifact_authorization_token.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aws/data_source_aws_codeartifact_authorization_token.go b/aws/data_source_aws_codeartifact_authorization_token.go index b7d490594e27..e1a098c36b8f 100644 --- a/aws/data_source_aws_codeartifact_authorization_token.go +++ b/aws/data_source_aws_codeartifact_authorization_token.go @@ -21,9 +21,10 @@ func dataSourceAwsCodeArtifactAuthorizationToken() *schema.Resource { Required: true, }, "domain_owner": { - Type: schema.TypeString, - Optional: true, - Computed: true, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validateAwsAccountId, }, "duration_seconds": { Type: schema.TypeInt, From c7cd19bcc00a2d9368aafecf995f6283313432fa Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 1 Oct 2020 16:09:42 +0300 Subject: [PATCH 4/7] doc lint --- website/docs/d/codeartifact_authorization_token.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/codeartifact_authorization_token.html.markdown b/website/docs/d/codeartifact_authorization_token.html.markdown index 853846d5d9b8..2592312cc1a7 100644 --- a/website/docs/d/codeartifact_authorization_token.html.markdown +++ b/website/docs/d/codeartifact_authorization_token.html.markdown @@ -24,7 +24,7 @@ The following arguments are supported: * `domain` - (Required) The name of the domain that is in scope for the generated authorization token. * `domain_owner` - (Optional) The account number of the AWS account that owns the domain. -* `duration_seconds` - (Optional) The time, in seconds, that the generated authorization token is valid. Valid values are `0` and between `900` and `43200`. +* `duration_seconds` - (Optional) The time, in seconds, that the generated authorization token is valid. Valid values are `0` and between `900` and `43200`. ## Attributes Reference From 008543cb8ef967ae7b8146fac13bd5539ce2d726 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Oct 2020 16:23:18 +0300 Subject: [PATCH 5/7] lint --- aws/data_source_aws_codeartifact_authorization_token.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/aws/data_source_aws_codeartifact_authorization_token.go b/aws/data_source_aws_codeartifact_authorization_token.go index e1a098c36b8f..4f39c41d9444 100644 --- a/aws/data_source_aws_codeartifact_authorization_token.go +++ b/aws/data_source_aws_codeartifact_authorization_token.go @@ -68,9 +68,7 @@ func dataSourceAwsCodeArtifactAuthorizationTokenRead(d *schema.ResourceData, met if err != nil { return fmt.Errorf("error getting CodeArtifact authorization token: %w", err) } - log.Printf("[DEBUG] CodeArtifact authorization token: %#v", out) - log.Printf(aws.StringValue(out.AuthorizationToken)) d.SetId(fmt.Sprintf("%s:%s", domainOwner, domain)) d.Set("authorization_token", aws.StringValue(out.AuthorizationToken)) From eba9fdf17f3ff43e8a924535a1547e886ae81031 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 8 Oct 2020 18:58:12 +0300 Subject: [PATCH 6/7] Apply suggestions from code review Co-authored-by: Kit Ewbank --- website/docs/d/codeartifact_authorization_token.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/d/codeartifact_authorization_token.html.markdown b/website/docs/d/codeartifact_authorization_token.html.markdown index 2592312cc1a7..c25f8dc0d71c 100644 --- a/website/docs/d/codeartifact_authorization_token.html.markdown +++ b/website/docs/d/codeartifact_authorization_token.html.markdown @@ -3,12 +3,12 @@ subcategory: "CodeArtifact" layout: "aws" page_title: "AWS: aws_codeartifact_authorization_token" description: |- - Provides details about an CodeArtifact Authorization Token + Provides details about a CodeArtifact Authorization Token --- # Data Source: aws_codeartifact_authorization_token -The CodeArtifact Authorization Token data source allows the authorization token a CodeArtifact domain. +The CodeArtifact Authorization Token data source generates a temporary authentication token for accessing repositories in a CodeArtifact domain. ## Example Usage From ffb088304b5cf18a32bbf6a3737bc4cedddbc407 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 8 Oct 2020 19:00:16 +0300 Subject: [PATCH 7/7] Update codeartifact_authorization_token.html.markdown --- website/docs/d/codeartifact_authorization_token.html.markdown | 1 - 1 file changed, 1 deletion(-) diff --git a/website/docs/d/codeartifact_authorization_token.html.markdown b/website/docs/d/codeartifact_authorization_token.html.markdown index c25f8dc0d71c..e19e7e76852c 100644 --- a/website/docs/d/codeartifact_authorization_token.html.markdown +++ b/website/docs/d/codeartifact_authorization_token.html.markdown @@ -31,5 +31,4 @@ The following arguments are supported: In addition to the argument above, the following attributes are exported: * `authorization_token` - Temporary authorization token. -* `domain_owner` - The account number of the AWS account that owns the domain. * `expiration` - The time in UTC RFC3339 format when the authorization token expires.