Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider: Allow AssumeRoleARN and credential validation call to shortcut account ID and partition lookup #5177

Merged
merged 5 commits into from
Aug 2, 2018
Merged

provider: Allow AssumeRoleARN and credential validation call to shortcut account ID and partition lookup #5177

merged 5 commits into from
Aug 2, 2018

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Jul 13, 2018

Potentially supersedes: #5060

Changes proposed in this pull request:

  • If provider configuration is set to assume role, use provided ARN to bypass account information calls
  • If provider credential validation is enabled, use results to bypass further account information calls
  • Refactor GetAccountID back to GetAccountInformation to ensure non-SDK-default partitions can be handled (and make it much more readable 😄 )
  • Refactor GetAccountInformation testing

Output from acceptance testing: (provided as a smoke test)

$ make testacc TEST=./aws TESTARGS='-run=TestAccDataSourceAwsAvailabilityZone'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccDataSourceAwsAvailabilityZone -timeout 120m
=== RUN   TestAccDataSourceAwsAvailabilityZone
--- PASS: TestAccDataSourceAwsAvailabilityZone (9.98s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	10.021s

@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. provider Pertains to the provider itself, rather than any interaction with AWS. labels Jul 13, 2018
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Jul 13, 2018
@bflad bflad mentioned this pull request Jul 13, 2018
Closed
@ewbankkit
Copy link
Contributor

How about introducing a struct AccountInformation to avoid the possibility of inadvertently transposing account ID and partition in the various return values?

@bflad bflad requested a review from a team July 17, 2018 01:01
Paul Otto and others added 2 commits July 30, 2018 08:57
@bflad
Change GetAccountID to first try using caller identity for accountid.
b7f2b2b
@bflad
provider: Allow AssumeRoleARN and credential validation call to short…
5dc6d93 
…cut account ID and partition lookup

* If provider configuration is set to assume role, use ARN to bypass account information calls
* If provider credential validation is enabled, use results to bypass account information calls
* Refactor GetAccountID back to GetAccountInformation to ensure non-SDK-default partitions can be handled
* Refactor GetAccountInformation testing
@bflad bflad force-pushed the Ticketmaster-rds-tags-fix-arn branch from cdfa7ea to 2b455af Compare July 30, 2018 13:02
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Jul 30, 2018
@bflad bflad force-pushed the Ticketmaster-rds-tags-fix-arn branch from 2b455af to b967cac Compare July 30, 2018 14:14
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Jul 30, 2018
@bflad
Copy link
Contributor Author

bflad commented Jul 30, 2018

Updated to use t.Run() for new unit tests

paultyng
paultyng suggested changes Jul 31, 2018
View reviewed changes
Copy link
Contributor

@paultyng paultyng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor thing

aws/auth_helpers_test.go Outdated
if err == nil {
t.Fatalf("Expected error when parsing invalid ARN (%q)", invalidArn)
for _, testCase := range testCases {
accountID, partition, err := parseAccountInformationFromARN(testCase.InputARN)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this use t.Run?

aws/auth_helpers_test.go Outdated
iamConn := iam.New(iamSess)
stsConn := sts.New(stsSess)
for _, testCase := range testCases {
closeSts, stsSess, err := getMockedAwsApiSession("STS", testCase.MockEndpoints)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this use t.Run (or at least have a func in here for the defer)?

aws/auth_helpers_test.go Outdated
stsConn := sts.New(stsSess)
for _, testCase := range testCases {
closeIam, iamSess, err := getMockedAwsApiSession("IAM", testCase.MockEndpoints)
defer closeIam()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

t.Run or another func to scope this defer?

aws/auth_helpers_test.go Outdated
if err == nil {
t.Fatalf("Expected error when parsing invalid ARN (%q)", invalidArn)
for _, testCase := range testCases {
accountID, partition, err := parseAccountIDAndPartitionFromARN(testCase.InputARN)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing a t.Run

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated 👍

@bflad bflad requested a review from paultyng July 31, 2018 23:19
@paultyng
Copy link
Contributor

paultyng commented Aug 2, 2018

@ewbankkit good call on the return ordering being unclear, we talked about it internally, opted in this case to just name the function so it was explicit.

@bflad bflad added this to the v1.31.0 milestone Aug 2, 2018
@bflad bflad merged commit e565d1f into master Aug 2, 2018
@bflad bflad deleted the Ticketmaster-rds-tags-fix-arn branch August 2, 2018 13:30
bflad added a commit that referenced this pull request Aug 2, 2018
@bflad
Update CHANGELOG for #5177
f2af45c
@bflad
Copy link
Contributor Author

bflad commented Aug 9, 2018

This has been released in version 1.31.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@bflad bflad mentioned this pull request Aug 15, 2018
Closed
@mberlanda mberlanda mentioned this pull request Sep 5, 2018
Closed
@ghost
Copy link

ghost commented Apr 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@paultyng paultyng paultyng approved these changes

Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. provider Pertains to the provider itself, rather than any interaction with AWS. size/XL Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
v1.31.0
Development

Successfully merging this pull request may close these issues.
3 participants
@bflad @ewbankkit @paultyng