Skip to content

Commit

Permalink
Feat: stop sending external_id for env0_aws_credentials resource (#593)
Browse files Browse the repository at this point in the history
  • Loading branch information
TomerHeber authored Mar 13, 2023
1 parent 5b306cb commit 8375f9c
Show file tree
Hide file tree
Showing 13 changed files with 29 additions and 87 deletions.
1 change: 0 additions & 1 deletion client/cloud_credentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ type AwsCredentialsCreatePayload struct {

type AwsCredentialsValuePayload struct {
RoleArn string `json:"roleArn" tfschema:"arn"`
ExternalId string `json:"externalId,omitempty"`
AccessKeyId string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"`
}
Expand Down
3 changes: 1 addition & 2 deletions client/cloud_credentials_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,7 @@ var _ = Describe("CloudCredentials", func() {
mockOrganizationIdCall(organizationId)

payloadValue := AwsCredentialsValuePayload{
RoleArn: "role",
ExternalId: "external",
RoleArn: "role",
}

httpCall = mockHttpClient.EXPECT().
Expand Down
13 changes: 2 additions & 11 deletions env0/resource_aws_credentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,22 +30,13 @@ func resourceAwsCredentials() *schema.Resource {
ForceNew: true,
ConflictsWith: []string{"access_key_id"},
},
"external_id": {
Type: schema.TypeString,
Description: "the aws role external id",
Optional: true,
Sensitive: true,
ForceNew: true,
ConflictsWith: []string{"access_key_id"},
Deprecated: "field will be removed in the near future",
},
"access_key_id": {
Type: schema.TypeString,
Description: "the aws access key id",
Optional: true,
Sensitive: true,
ForceNew: true,
ConflictsWith: []string{"arn", "external_id"},
ConflictsWith: []string{"arn"},
RequiredWith: []string{"secret_access_key"},
},
"secret_access_key": {
Expand All @@ -54,7 +45,7 @@ func resourceAwsCredentials() *schema.Resource {
Optional: true,
Sensitive: true,
ForceNew: true,
ConflictsWith: []string{"arn", "external_id"},
ConflictsWith: []string{"arn"},
RequiredWith: []string{"access_key_id"},
},
},
Expand Down
30 changes: 3 additions & 27 deletions env0/resource_aws_credentials_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
accessor := resourceAccessor(resourceType, resourceName)

awsArnCredentialResource := map[string]interface{}{
"name": "test",
"arn": "11111",
"external_id": "22222",
"name": "test",
"arn": "11111",
}

updatedAwsAccessKeyCredentialResource := map[string]interface{}{
Expand All @@ -33,8 +32,7 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
awsArnCredCreatePayload := client.AwsCredentialsCreatePayload{
Name: awsArnCredentialResource["name"].(string),
Value: client.AwsCredentialsValuePayload{
RoleArn: awsArnCredentialResource["arn"].(string),
ExternalId: awsArnCredentialResource["external_id"].(string),
RoleArn: awsArnCredentialResource["arn"].(string),
},
Type: client.AwsAssumedRoleCredentialsType,
}
Expand Down Expand Up @@ -76,7 +74,6 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)),
resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)),
resource.TestCheckResourceAttr(accessor, "external_id", awsArnCredentialResource["external_id"].(string)),
resource.TestCheckResourceAttr(accessor, "id", returnValues.Id),
),
},
Expand All @@ -90,7 +87,6 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)),
resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)),
resource.TestCheckResourceAttr(accessor, "external_id", awsArnCredentialResource["external_id"].(string)),
resource.TestCheckResourceAttr(accessor, "id", returnValues.Id),
),
},
Expand All @@ -106,21 +102,6 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
},
}

mutuallyExclusiveErrorResource := map[string]interface{}{
"name": "update",
"arn": "11111",
"external_id": "22222",
"access_key_id": "some-key",
}
testCaseFormMutuallyExclusiveError := resource.TestCase{
Steps: []resource.TestStep{
{
Config: resourceConfigCreate(resourceType, resourceName, mutuallyExclusiveErrorResource),
ExpectError: regexp.MustCompile(`"external_id": conflicts with access_key_id`),
},
},
}

missingValidInputErrorResource := map[string]interface{}{
"name": "update",
}
Expand Down Expand Up @@ -156,11 +137,6 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
})
})

t.Run("throw error when enter mutually exclusive values", func(t *testing.T) {
runUnitTest(t, testCaseFormMutuallyExclusiveError, func(mock *client.MockApiClientInterface) {
})
})

t.Run("throw error when don't enter any valid options", func(t *testing.T) {
runUnitTest(t, testCaseFormMissingValidInputError, func(mock *client.MockApiClientInterface) {
})
Expand Down
8 changes: 0 additions & 8 deletions env0/resource_cost_credentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,6 @@ func resourceCostCredentials(providerName string) *schema.Resource {
ForceNew: true,
Required: true,
},
"external_id": {
Type: schema.TypeString,
Description: "the aws role external id",
Sensitive: true,
ForceNew: true,
Optional: true,
Deprecated: "field will be removed in the near future",
},
}

azureSchema := map[string]*schema.Schema{
Expand Down
19 changes: 6 additions & 13 deletions env0/resource_cost_credentials_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,31 +17,27 @@ func TestUnitAwsCostCredentialsResource(t *testing.T) {
accessor := resourceAccessor(resourceType, resourceName)

awsCredentialResource := map[string]interface{}{
"name": "test",
"arn": "11111",
"external_id": "22222",
"name": "test",
"arn": "11111",
}

updatedAwsCredentialResource := map[string]interface{}{
"name": "update",
"arn": "33333",
"external_id": "44444",
"name": "update",
"arn": "33333",
}

awsCredCreatePayload := client.AwsCredentialsCreatePayload{
Name: awsCredentialResource["name"].(string),
Value: client.AwsCredentialsValuePayload{
RoleArn: awsCredentialResource["arn"].(string),
ExternalId: awsCredentialResource["external_id"].(string),
RoleArn: awsCredentialResource["arn"].(string),
},
Type: client.AwsCostCredentialsType,
}

updateAwsCredCreatePayload := client.AwsCredentialsCreatePayload{
Name: updatedAwsCredentialResource["name"].(string),
Value: client.AwsCredentialsValuePayload{
RoleArn: updatedAwsCredentialResource["arn"].(string),
ExternalId: updatedAwsCredentialResource["external_id"].(string),
RoleArn: updatedAwsCredentialResource["arn"].(string),
},
Type: client.AwsCostCredentialsType,
}
Expand All @@ -67,7 +63,6 @@ func TestUnitAwsCostCredentialsResource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(accessor, "name", awsCredentialResource["name"].(string)),
resource.TestCheckResourceAttr(accessor, "arn", awsCredentialResource["arn"].(string)),
resource.TestCheckResourceAttr(accessor, "external_id", awsCredentialResource["external_id"].(string)),
resource.TestCheckResourceAttr(accessor, "id", "id"),
),
},
Expand All @@ -81,7 +76,6 @@ func TestUnitAwsCostCredentialsResource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(accessor, "name", awsCredentialResource["name"].(string)),
resource.TestCheckResourceAttr(accessor, "arn", awsCredentialResource["arn"].(string)),
resource.TestCheckResourceAttr(accessor, "external_id", awsCredentialResource["external_id"].(string)),
resource.TestCheckResourceAttr(accessor, "id", returnValues.Id),
),
},
Expand All @@ -90,7 +84,6 @@ func TestUnitAwsCostCredentialsResource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(accessor, "name", updatedAwsCredentialResource["name"].(string)),
resource.TestCheckResourceAttr(accessor, "arn", updatedAwsCredentialResource["arn"].(string)),
resource.TestCheckResourceAttr(accessor, "external_id", updatedAwsCredentialResource["external_id"].(string)),
resource.TestCheckResourceAttr(accessor, "id", updateReturnValues.Id),
),
},
Expand Down
8 changes: 3 additions & 5 deletions env0/utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,14 +96,12 @@ func TestReadResourceDataNotification(t *testing.T) {

func TestReadResourceDataWithTag(t *testing.T) {
d := schema.TestResourceDataRaw(t, resourceAwsCredentials().Schema, map[string]interface{}{
"name": "name",
"arn": "tagged_arn",
"external_id": "external_id",
"name": "name",
"arn": "tagged_arn",
})

expectedPayload := client.AwsCredentialsValuePayload{
RoleArn: "tagged_arn",
ExternalId: "external_id",
RoleArn: "tagged_arn",
}

var payload client.AwsCredentialsValuePayload
Expand Down
7 changes: 3 additions & 4 deletions examples/resources/env0_aws_credentials/resource.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
resource "env0_aws_credentials" "credentials" {
name = "example"
arn = "Example role ARN"
external_id = "Example external id"
}
name = "example"
arn = "Example role ARN"
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
resource "env0_aws_credentials" "credentials" {
name = "example"
arn = "Example role ARN"
external_id = "Example external id"
name = "example"
arn = "Example role ARN"
}

data "env0_project" "project" {
Expand All @@ -11,4 +10,4 @@ data "env0_project" "project" {
resource "env0_cloud_credentials_project_assignment" "example" {
credential_id = env0_aws_credentials.credentials.id
project_id = data.env0_project.project.id
}
}
5 changes: 2 additions & 3 deletions tests/integration/006_aws_credentials/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@ resource "random_string" "random" {
}

resource "env0_aws_credentials" "my_role_by_arn" {
name = "Test Role arn ${random_string.random.result}"
arn = "Role ARN"
external_id = "External-id"
name = "Test Role arn ${random_string.random.result}"
arn = "Role ARN"
}

data "env0_aws_credentials" "my_role_by_arn" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,8 @@ resource "env0_project" "test_project" {
}

resource "env0_aws_credentials" "credentials" {
name = "example-${random_string.random.result}"
arn = "Example role ARN"
external_id = "Example-external-id"
name = "example-${random_string.random.result}"
arn = "Example role ARN"
}

data "env0_project_cloud_credentials" "project_cloud_credentials" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,8 @@ resource "env0_project" "project" {
}

resource "env0_aws_cost_credentials" "cost" {
name = "cost-${random_string.random.result}"
arn = "arn"
external_id = "external-id"
name = "cost-${random_string.random.result}"
arn = "arn"
}

resource "env0_cost_credentials_project_assignment" "cost_project_assignment" {
Expand Down
5 changes: 2 additions & 3 deletions tests/integration/024_cloud_credentials/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@ resource "random_string" "random" {
}

resource "env0_aws_credentials" "cred1" {
name = "Test Role arn1 ${random_string.random.result}"
arn = "Role ARN1"
external_id = "External-id1"
name = "Test Role arn1 ${random_string.random.result}"
arn = "Role ARN1"
}

resource "env0_gcp_credentials" "cred2" {
Expand Down

0 comments on commit 8375f9c

Please sign in to comment.