d/codeartifact_auth_token - new data source

aws/data_source_aws_codeartifact_authorization_token.go

@@ -0,0 +1,79 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/codeartifact"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+func dataSourceAwsCodeArtifactAuthorizationToken() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsCodeArtifactAuthorizationTokenRead,
+
+		Schema: map[string]*schema.Schema{
+			"domain": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"domain_owner": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validateAwsAccountId,
+			},
+			"duration_seconds": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				ValidateFunc: validation.Any(
+					validation.IntBetween(900, 43200),
+					validation.IntInSlice([]int{0}),
+				),
+			},
+			"authorization_token": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"expiration": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsCodeArtifactAuthorizationTokenRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codeartifactconn
+	domain := d.Get("domain").(string)
+	domainOwner := meta.(*AWSClient).accountid
+	params := &codeartifact.GetAuthorizationTokenInput{
+		Domain: aws.String(domain),
+	}
+
+	if v, ok := d.GetOk("domain_owner"); ok {
+		params.DomainOwner = aws.String(v.(string))
+		domainOwner = v.(string)
+	}
+
+	if v, ok := d.GetOkExists("duration_seconds"); ok {
+		params.DurationSeconds = aws.Int64(int64(v.(int)))
+	}
+
+	log.Printf("[DEBUG] Getting CodeArtifact authorization token")
+	out, err := conn.GetAuthorizationToken(params)
+	if err != nil {
+		return fmt.Errorf("error getting CodeArtifact authorization token: %w", err)
+	}
+	log.Printf("[DEBUG] CodeArtifact authorization token: %#v", out)
+
+	d.SetId(fmt.Sprintf("%s:%s", domainOwner, domain))
+	d.Set("authorization_token", aws.StringValue(out.AuthorizationToken))
+	d.Set("expiration", aws.TimeValue(out.Expiration).Format(time.RFC3339))
+	d.Set("domain_owner", domainOwner)
+
+	return nil
+}

aws/data_source_aws_codeartifact_authorization_token_test.go

@@ -0,0 +1,113 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAWSCodeArtifactAuthorizationTokenDataSource_basic(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	dataSourceName := "data.aws_codeartifact_authorization_token.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAWSCodeArtifactAuthorizationTokenBasicConfig(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
+					testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCodeArtifactAuthorizationTokenDataSource_owner(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	dataSourceName := "data.aws_codeartifact_authorization_token.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAWSCodeArtifactAuthorizationTokenOwnerConfig(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
+					testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCodeArtifactAuthorizationTokenDataSource_duration(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	dataSourceName := "data.aws_codeartifact_authorization_token.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAWSCodeArtifactAuthorizationTokenDurationConfig(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "authorization_token"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
+					resource.TestCheckResourceAttr(dataSourceName, "duration_seconds", "900"),
+					testAccCheckResourceAttrAccountID(dataSourceName, "domain_owner"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_kms_key" "test" {
+  description             = %[1]q
+  deletion_window_in_days = 7
+}
+
+resource "aws_codeartifact_domain" "test" {
+  domain         = %[1]q
+  encryption_key = aws_kms_key.test.arn
+}
+`, rName)
+}
+
+func testAccCheckAWSCodeArtifactAuthorizationTokenBasicConfig(rName string) string {
+	return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) +
+		fmt.Sprintf(`
+data "aws_codeartifact_authorization_token" "test" {
+  domain = aws_codeartifact_domain.test.domain
+}
+`)
+}
+
+func testAccCheckAWSCodeArtifactAuthorizationTokenOwnerConfig(rName string) string {
+	return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) +
+		fmt.Sprintf(`
+data "aws_codeartifact_authorization_token" "test" {
+  domain       = aws_codeartifact_domain.test.domain
+  domain_owner = aws_codeartifact_domain.test.owner
+}
+`)
+}
+
+func testAccCheckAWSCodeArtifactAuthorizationTokenDurationConfig(rName string) string {
+	return testAccCheckAWSCodeArtifactAuthorizationTokenBaseConfig(rName) +
+		fmt.Sprintf(`
+data "aws_codeartifact_authorization_token" "test" {
+  domain           = aws_codeartifact_domain.test.domain
+  duration_seconds = 900
+}
+`)
+}

aws/provider.go

@@ -193,6 +193,7 @@ func Provider() *schema.Provider {
 			"aws_cloudhsm_v2_cluster":                        dataSourceCloudHsmV2Cluster(),
 			"aws_cloudtrail_service_account":                 dataSourceAwsCloudTrailServiceAccount(),
 			"aws_cloudwatch_log_group":                       dataSourceAwsCloudwatchLogGroup(),
+			"aws_codeartifact_authorization_token":           dataSourceAwsCodeArtifactAuthorizationToken(),
 			"aws_cognito_user_pools":                         dataSourceAwsCognitoUserPools(),
 			"aws_codecommit_repository":                      dataSourceAwsCodeCommitRepository(),
 			"aws_cur_report_definition":                      dataSourceAwsCurReportDefinition(),

website/docs/d/codeartifact_authorization_token.html.markdown

@@ -0,0 +1,34 @@
+---
+subcategory: "CodeArtifact"
+layout: "aws"
+page_title: "AWS: aws_codeartifact_authorization_token"
+description: |-
+    Provides details about a CodeArtifact Authorization Token
+---
+
+# Data Source: aws_codeartifact_authorization_token
+
+The CodeArtifact Authorization Token data source generates a temporary authentication token for accessing repositories in a CodeArtifact domain.
+
+## Example Usage
+
+```hcl
+data "aws_codeartifact_authorization_token" "test" {
+  domain = aws_codeartifact_domain.test.domain
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `domain` - (Required) The name of the domain that is in scope for the generated authorization token.
+* `domain_owner` - (Optional) The account number of the AWS account that owns the domain.
+* `duration_seconds` - (Optional) The time, in seconds, that the generated authorization token is valid. Valid values are `0` and between `900` and `43200`.
+
+## Attributes Reference
+
+In addition to the argument above, the following attributes are exported:
+
+* `authorization_token` - Temporary authorization token.
+* `expiration` - The time in UTC RFC3339 format when the authorization token expires.