Feat: add duration for env0_aws_credentials (#741)

env0/resource_aws_credentials.go

@@ -36,7 +36,7 @@ func resourceAwsCredentials() *schema.Resource {
 				Optional:      true,
 				Sensitive:     true,
 				ForceNew:      true,
-				ConflictsWith: []string{"arn"},
+				ConflictsWith: []string{"arn", "duration"},
 				RequiredWith:  []string{"secret_access_key"},
 			},
 			"secret_access_key": {
@@ -48,6 +48,14 @@ func resourceAwsCredentials() *schema.Resource {
 				ConflictsWith: []string{"arn"},
 				RequiredWith:  []string{"access_key_id"},
 			},
+			"duration": {
+				Type:             schema.TypeInt,
+				Description:      "the session duration in seconds for AWS_ASSUMED_ROLE_FOR_DEPLOYMENT. If set must be one of the following: 3600 (1h), 7200 (2h), 14400 (4h), 18000 (5h default), 28800 (8h), 43200 (12h)",
+				Optional:         true,
+				ValidateDiagFunc: NewIntInValidator([]int{3600, 7200, 14400, 18000, 28800, 43200}),
+				ForceNew:         true,
+				ConflictsWith:    []string{"access_key_id"},
+			},
 		},
 	}
 }
@@ -71,6 +79,8 @@ func resourceAwsCredentialsCreate(ctx context.Context, d *schema.ResourceData, m
 	requestType := client.AwsAssumedRoleCredentialsType
 	if _, ok := d.GetOk("access_key_id"); ok {
 		requestType = client.AwsAccessKeysCredentialsType
+		// Duration applies only for "ASSUME ROLE"
+		value.Duration = 0
 	}
 
 	request := client.AwsCredentialsCreatePayload{

env0/resource_aws_credentials_test.go

@@ -3,6 +3,7 @@ package env0
 import (
 	"fmt"
 	"regexp"
+	"strconv"
 	"testing"
 
 	"github.com/env0/terraform-provider-env0/client"
@@ -18,9 +19,12 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
 	resourceNameImport := resourceType + "." + resourceName
 	accessor := resourceAccessor(resourceType, resourceName)
 
+	duration := 3600
+
 	awsArnCredentialResource := map[string]interface{}{
-		"name": "test",
-		"arn":  "11111",
+		"name":     "test",
+		"arn":      "11111",
+		"duration": strconv.Itoa(duration),
 	}
 
 	updatedAwsAccessKeyCredentialResource := map[string]interface{}{
@@ -32,7 +36,8 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
 	awsArnCredCreatePayload := client.AwsCredentialsCreatePayload{
 		Name: awsArnCredentialResource["name"].(string),
 		Value: client.AwsCredentialsValuePayload{
-			RoleArn: awsArnCredentialResource["arn"].(string),
+			RoleArn:  awsArnCredentialResource["arn"].(string),
+			Duration: duration,
 		},
 		Type: client.AwsAssumedRoleCredentialsType,
 	}
@@ -75,6 +80,7 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
 					resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)),
 					resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)),
 					resource.TestCheckResourceAttr(accessor, "id", returnValues.Id),
+					resource.TestCheckResourceAttr(accessor, "duration", awsArnCredentialResource["duration"].(string)),
 				),
 			},
 		},
@@ -88,6 +94,7 @@ func TestUnitAwsCredentialsResource(t *testing.T) {
 					resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)),
 					resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)),
 					resource.TestCheckResourceAttr(accessor, "id", returnValues.Id),
+					resource.TestCheckResourceAttr(accessor, "duration", awsArnCredentialResource["duration"].(string)),
 				),
 			},
 			{

tests/integration/006_aws_credentials/main.tf

@@ -5,8 +5,9 @@ resource "random_string" "random" {
 }
 
 resource "env0_aws_credentials" "my_role_by_arn" {
-  name = "Test Role arn ${random_string.random.result}"
-  arn  = "Role ARN"
+  name     = "Test Role arn ${random_string.random.result}"
+  arn      = "Role ARN"
+  duration = 7200
 }
 
 data "env0_aws_credentials" "my_role_by_arn" {