Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return complete Organization data for Delegated Administrator accounts #32056

Merged
merged 17 commits into from
Jun 20, 2023
Merged

Return complete Organization data for Delegated Administrator accounts #32056

merged 17 commits into from
Jun 20, 2023

Conversation

bodgit
Copy link
Contributor

@bodgit bodgit commented Jun 16, 2023
edited by ewbankkit
Loading

Description

The PR allows AWS accounts within an Organization that are Delegated Administrators for any service to return the full set of data with the aws_organizations_organization data source, just like it does when used in the master account for the Organization.

Relations

Closes #32055.
Closes #31265.
Closes #18590.
Closes #20762.
Closes #14968.
Closes #28929.
Closes #31791.

References

Output from Acceptance Testing

I've tested the changes with a local build of the provider with the following code:

provider "aws" {}

data "aws_organizations_organization" "current" {}

output "test" {
  value = data.aws_organizations_organization.current
}

Running this in an existing Organization in a master account, an account that is a delegated administrator and a regular account that is neither works correctly, the full output is returned in all but the last account.

I'm struggling slightly with adding some tests, not necessarily with how to write them, but I'm not sure what my test environment should look like. Looking at some of the existing Organizations tests, such as TestAccOrganizationsDelegatedAdministratorsDataSource_basic, I don't see an Organization being created so it suggests I should already have two accounts that are already set up as an Organization. But then some of the other tests create an Organization (and presumably destroy it) so I'm not sure what I should have to begin with.

$ make testacc TESTS=TestAccXXX PKG=organizations

...

@bodgit
Refactor ListDelegatedAdministrators call
fe5442b 
Move into separate function so it can be called from elsewhere.
@bodgit
Update organization data source
7c3f357 
Check if current account is a delegated administrator for the
Organization. If so, it can also read the roots, account list, etc.

If the ListDelegatedAdministrators call returns Access Denied, ignore
the error as it means the account is just a regular child account. If it
wasn't in the Organization at all, the previous DescribeOrganization
call would have failed anyway.
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. service/organizations Issues and PRs that pertain to the organizations service. size/S Managed by automation to categorize the size of a PR. needs-triage Waiting for first response or review from a maintainer. labels Jun 16, 2023
@ewbankkit
r/aws_organizations_delegated_administrator: Tidy up.
7c8e070 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedAdministrator$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedAdministrator$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/basic
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/disappears
--- PASS: TestAccOrganizations_serial (58.76s)
    --- PASS: TestAccOrganizations_serial/DelegatedAdministrator (58.76s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/basic (32.92s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/disappears (25.84s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	64.858s
@ewbankkit
Merge branch 'main' into HEAD
b1533ff 
# Conflicts:
#	internal/service/organizations/exports_test.go
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Jun 16, 2023
@ewbankkit
organizations: Save WIP (aws_organizations_delegated_administrators, …
4f8c487 
…aws_organizations_delegated_administrator, aws_organizations_organization).
@ewbankkit
Merge branch 'main' into HEAD
425c9f6
@ewbankkit
d/aws_organizations_delegated_administrator: Acceptance tests passing.
d660fe5 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedAdministrator$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedAdministrator$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/basic
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/disappears
--- PASS: TestAccOrganizations_serial (52.87s)
    --- PASS: TestAccOrganizations_serial/DelegatedAdministrator (52.87s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/basic (27.39s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/disappears (25.48s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	58.158s
@ewbankkit
d/aws_organizations_delegated_administrators: Remove 'testAccDelegate…
4f3c4a8 
…dAdministratorsDataSource_multiple'.

Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedAdministrators$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedAdministrators$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedAdministrators
=== RUN   TestAccOrganizations_serial/DelegatedAdministrators/basic
--- PASS: TestAccOrganizations_serial (26.64s)
    --- PASS: TestAccOrganizations_serial/DelegatedAdministrators (26.64s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrators/basic (26.64s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	31.952s
@ewbankkit
d/aws_organizations_delegated_services: Tidy up.
a6e944c 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedServices$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedServices$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedServices
=== RUN   TestAccOrganizations_serial/DelegatedServices/basic
=== RUN   TestAccOrganizations_serial/DelegatedServices/multiple
--- PASS: TestAccOrganizations_serial (57.12s)
    --- PASS: TestAccOrganizations_serial/DelegatedServices (57.12s)
        --- PASS: TestAccOrganizations_serial/DelegatedServices/basic (26.82s)
        --- PASS: TestAccOrganizations_serial/DelegatedServices/multiple (30.30s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	62.446s
@ewbankkit
d/aws_organizations_organization: Tidy up 'testAccOrganizationDataSou…
efcdfa6 
…rce_basic'.

Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_basic' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_basic -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_basic
--- PASS: TestAccOrganizations_serial (20.70s)
    --- PASS: TestAccOrganizations_serial/Organization (20.70s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_basic (20.70s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	26.023s
@ewbankkit
d/aws_organizations_organization: Add 'testAccOrganizationDataSource_…
f7efd59 
…memberAccount'.

Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_memberAccount' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_memberAccount -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_memberAccount
--- PASS: TestAccOrganizations_serial (15.18s)
    --- PASS: TestAccOrganizations_serial/Organization (15.18s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_memberAccount (15.18s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	20.563s
@ewbankkit
Add 'testAccOrganizationDataSource_delegatedAdministrator'.
f02a082
@ewbankkit
Add CHANGELOG entry.
e645929
@ewbankkit
r/aws_organizations_resource_policy: New resource.
428560d 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/ResourcePolicy$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/ResourcePolicy$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/ResourcePolicy
=== RUN   TestAccOrganizations_serial/ResourcePolicy/basic
--- PASS: TestAccOrganizations_serial (31.95s)
    --- PASS: TestAccOrganizations_serial/ResourcePolicy (31.95s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/basic (31.95s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	37.207s
@ewbankkit
r/aws_organizations_resource_policy: Additional tests.
db0dcc6 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/ResourcePolicy$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/ResourcePolicy$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/ResourcePolicy
=== RUN   TestAccOrganizations_serial/ResourcePolicy/basic
=== RUN   TestAccOrganizations_serial/ResourcePolicy/disappears
=== RUN   TestAccOrganizations_serial/ResourcePolicy/tags
--- PASS: TestAccOrganizations_serial (130.74s)
    --- PASS: TestAccOrganizations_serial/ResourcePolicy (130.74s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/basic (32.07s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/disappears (25.42s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/tags (73.25s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	136.099s
@ewbankkit
d/aws_organizations_organization: Get 'testAccOrganizationDataSource_…
bce1a04 
…delegatedAdministrator' working.

Acceptance test output:

% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_delegatedAdministrator' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_delegatedAdministrator -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_delegatedAdministrator
--- PASS: TestAccOrganizations_serial (29.33s)
    --- PASS: TestAccOrganizations_serial/Organization (29.33s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_delegatedAdministrator (29.33s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	34.680s
@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. generators Relates to code generators. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. and removed size/S Managed by automation to categorize the size of a PR. labels Jun 17, 2023
ewbankkit
ewbankkit approved these changes Jun 17, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedAdministrator$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedAdministrator$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/basic
=== RUN   TestAccOrganizations_serial/DelegatedAdministrator/disappears
--- PASS: TestAccOrganizations_serial (52.87s)
    --- PASS: TestAccOrganizations_serial/DelegatedAdministrator (52.87s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/basic (27.39s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrator/disappears (25.48s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	58.158s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedAdministrators$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedAdministrators$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedAdministrators
=== RUN   TestAccOrganizations_serial/DelegatedAdministrators/basic
--- PASS: TestAccOrganizations_serial (26.64s)
    --- PASS: TestAccOrganizations_serial/DelegatedAdministrators (26.64s)
        --- PASS: TestAccOrganizations_serial/DelegatedAdministrators/basic (26.64s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	31.952s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/DelegatedServices$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/DelegatedServices$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/DelegatedServices
=== RUN   TestAccOrganizations_serial/DelegatedServices/basic
=== RUN   TestAccOrganizations_serial/DelegatedServices/multiple
--- PASS: TestAccOrganizations_serial (57.12s)
    --- PASS: TestAccOrganizations_serial/DelegatedServices (57.12s)
        --- PASS: TestAccOrganizations_serial/DelegatedServices/basic (26.82s)
        --- PASS: TestAccOrganizations_serial/DelegatedServices/multiple (30.30s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	62.446s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_basic' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_basic -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_basic
--- PASS: TestAccOrganizations_serial (20.70s)
    --- PASS: TestAccOrganizations_serial/Organization (20.70s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_basic (20.70s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	26.023s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_memberAccount' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_memberAccount -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_memberAccount
--- PASS: TestAccOrganizations_serial (15.18s)
    --- PASS: TestAccOrganizations_serial/Organization (15.18s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_memberAccount (15.18s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	20.563s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/ResourcePolicy$$' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/ResourcePolicy$ -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/ResourcePolicy
=== RUN   TestAccOrganizations_serial/ResourcePolicy/basic
=== RUN   TestAccOrganizations_serial/ResourcePolicy/disappears
=== RUN   TestAccOrganizations_serial/ResourcePolicy/tags
--- PASS: TestAccOrganizations_serial (130.74s)
    --- PASS: TestAccOrganizations_serial/ResourcePolicy (130.74s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/basic (32.07s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/disappears (25.42s)
        --- PASS: TestAccOrganizations_serial/ResourcePolicy/tags (73.25s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	136.099s
% make testacc TESTARGS='-run=TestAccOrganizations_serial/Organization$$/DataSource_delegatedAdministrator' PKG=organizations
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/organizations/... -v -count 1 -parallel 20  -run=TestAccOrganizations_serial/Organization$/DataSource_delegatedAdministrator -timeout 180m
=== RUN   TestAccOrganizations_serial
=== PAUSE TestAccOrganizations_serial
=== CONT  TestAccOrganizations_serial
=== RUN   TestAccOrganizations_serial/Organization
=== RUN   TestAccOrganizations_serial/Organization/DataSource_delegatedAdministrator
--- PASS: TestAccOrganizations_serial (29.33s)
    --- PASS: TestAccOrganizations_serial/Organization (29.33s)
        --- PASS: TestAccOrganizations_serial/Organization/DataSource_delegatedAdministrator (29.33s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/organizations	34.680s

@ewbankkit
Copy link
Contributor

@bodgit Thanks for the contribution 🎉 👏.
To test the new functionality I ended up having to add the aws_organizations_resource_policy resource 😄.

@ewbankkit ewbankkit added the new-resource Introduces a new resource. label Jun 18, 2023
@ewbankkit ewbankkit merged commit a65fd77 into hashicorp:main Jun 20, 2023
@github-actions github-actions bot added this to the v5.5.0 milestone Jun 20, 2023
@github-actions
Copy link

This functionality has been released in v5.5.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@bodgit bodgit deleted the delegated-administrators branch June 23, 2023 15:30
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. service/organizations Issues and PRs that pertain to the organizations service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.5.0
2 participants
@bodgit @ewbankkit