forked from databricks/terraform-provider-databricks
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enforce consistent naming for resource files (databricks#1366)
* Fixed README.md * Enforced consistent naming for resources and files * Added provider/completeness.md to track documentation and testing coverage
- Loading branch information
Showing
78 changed files
with
971 additions
and
569 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -340,4 +340,6 @@ tf.log | |
|
||
scripts/tt | ||
|
||
.metals | ||
.metals | ||
|
||
provider/completeness.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
package aws | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"fmt" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
type awsIamPolicy struct { | ||
Version string `json:"Version,omitempty"` | ||
ID string `json:"Id,omitempty"` | ||
Statements []*awsIamPolicyStatement `json:"Statement"` | ||
} | ||
|
||
type awsIamPolicyStatement struct { | ||
Sid string `json:"Sid,omitempty"` | ||
Effect string `json:"Effect,omitempty"` | ||
Actions interface{} `json:"Action,omitempty"` | ||
NotActions interface{} `json:"NotAction,omitempty"` | ||
Resources interface{} `json:"Resource,omitempty"` | ||
NotResources interface{} `json:"NotResource,omitempty"` | ||
Principal map[string]string `json:"Principal,omitempty"` | ||
Condition map[string]map[string]string `json:"Condition,omitempty"` | ||
} | ||
|
||
|
||
// DataAwsAssumeRolePolicy ... | ||
func DataAwsAssumeRolePolicy() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadContext: func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
externalID := d.Get("external_id").(string) | ||
policy := awsIamPolicy{ | ||
Version: "2012-10-17", | ||
Statements: []*awsIamPolicyStatement{ | ||
{ | ||
Effect: "Allow", | ||
Actions: "sts:AssumeRole", | ||
Condition: map[string]map[string]string{ | ||
"StringEquals": { | ||
"sts:ExternalId": externalID, | ||
}, | ||
}, | ||
Principal: map[string]string{ | ||
"AWS": fmt.Sprintf("arn:aws:iam::%s:root", d.Get("databricks_account_id").(string)), | ||
}, | ||
}, | ||
}, | ||
} | ||
if v, ok := d.GetOk("for_log_delivery"); ok { | ||
if v.(bool) { | ||
// this is production UsageDelivery IAM role, that is considered a constant | ||
logDeliveryARN := "arn:aws:iam::414351767826:role/SaasUsageDeliveryRole-prod-IAMRole-3PLHICCRR1TK" | ||
policy.Statements[0].Principal["AWS"] = logDeliveryARN | ||
} | ||
} | ||
policyJSON, err := json.MarshalIndent(policy, "", " ") | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
d.SetId(externalID) | ||
// nolint | ||
d.Set("json", string(policyJSON)) | ||
return nil | ||
}, | ||
Schema: map[string]*schema.Schema{ | ||
"databricks_account_id": { | ||
Type: schema.TypeString, | ||
Default: "414351767826", | ||
Optional: true, | ||
}, | ||
"for_log_delivery": { | ||
Type: schema.TypeBool, | ||
Description: "Grant AssumeRole to Databricks SaasUsageDeliveryRole instead of root account", | ||
Optional: true, | ||
Default: false, | ||
}, | ||
"external_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
}, | ||
"json": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
ForceNew: true, | ||
}, | ||
}, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package aws | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/databrickslabs/terraform-provider-databricks/qa" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestDataAwsAssumeRolePolicy(t *testing.T) { | ||
d, err := qa.ResourceFixture{ | ||
Read: true, | ||
Resource: DataAwsAssumeRolePolicy(), | ||
NonWritable: true, | ||
ID: ".", | ||
HCL: `external_id = "abc"`, | ||
}.Apply(t) | ||
assert.NoError(t, err) | ||
j := d.Get("json") | ||
assert.Lenf(t, j, 299, "Strange length for policy: %s", j) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package aws | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"fmt" | ||
"regexp" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" | ||
) | ||
|
||
// DataAwsBucketPolicy ... | ||
func DataAwsBucketPolicy() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadContext: func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
bucket := d.Get("bucket").(string) | ||
policy := awsIamPolicy{ | ||
Version: "2012-10-17", | ||
Statements: []*awsIamPolicyStatement{ | ||
{ | ||
Effect: "Allow", | ||
Actions: []string{ | ||
"s3:GetObject", | ||
"s3:GetObjectVersion", | ||
"s3:PutObject", | ||
"s3:DeleteObject", | ||
"s3:ListBucket", | ||
"s3:GetBucketLocation", | ||
}, | ||
Resources: []string{ | ||
fmt.Sprintf("arn:aws:s3:::%s/*", bucket), | ||
fmt.Sprintf("arn:aws:s3:::%s", bucket), | ||
}, | ||
Principal: map[string]string{ | ||
"AWS": fmt.Sprintf("arn:aws:iam::%s:root", d.Get("databricks_account_id").(string)), | ||
}, | ||
}, | ||
}, | ||
} | ||
if v, ok := d.GetOk("full_access_role"); ok { | ||
policy.Statements[0].Principal["AWS"] = v.(string) | ||
} | ||
policyJSON, err := json.MarshalIndent(policy, "", " ") | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
d.SetId(bucket) | ||
// nolint | ||
d.Set("json", string(policyJSON)) | ||
return nil | ||
}, | ||
Schema: map[string]*schema.Schema{ | ||
"databricks_account_id": { | ||
Type: schema.TypeString, | ||
Default: "414351767826", | ||
Optional: true, | ||
}, | ||
"full_access_role": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
}, | ||
"bucket": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validation.StringMatch( | ||
regexp.MustCompile(`^[0-9a-zA-Z_-]+$`), | ||
"must contain only alphanumeric, underscore, and hyphen characters"), | ||
}, | ||
"json": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
ForceNew: true, | ||
}, | ||
}, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package aws | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/databrickslabs/terraform-provider-databricks/qa" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestDataAwsBucketPolicy(t *testing.T) { | ||
d, err := qa.ResourceFixture{ | ||
Read: true, | ||
Resource: DataAwsBucketPolicy(), | ||
NonWritable: true, | ||
ID: ".", | ||
HCL: ` | ||
bucket = "abc" | ||
`, | ||
}.Apply(t) | ||
assert.NoError(t, err) | ||
j := d.Get("json") | ||
assert.Lenf(t, j, 440, "Strange length for policy: %s", j) | ||
} | ||
|
||
func TestDataAwsBucketPolicy_FullAccessRole(t *testing.T) { | ||
d, err := qa.ResourceFixture{ | ||
Read: true, | ||
Resource: DataAwsBucketPolicy(), | ||
NonWritable: true, | ||
ID: ".", | ||
HCL: ` | ||
bucket = "abc" | ||
full_access_role = "bcd" | ||
`, | ||
}.Apply(t) | ||
assert.NoError(t, err) | ||
j := d.Get("json") | ||
assert.Lenf(t, j, 413, "Strange length for policy: %s", j) | ||
} |
Oops, something went wrong.