From e6c684ffb121e25be7d0a59ced870cedd9cdfc48 Mon Sep 17 00:00:00 2001 From: Tomer Heber Date: Thu, 2 Nov 2023 09:41:27 -0500 Subject: [PATCH] Feat: add duration for env0_aws_credentials (#741) --- env0/resource_aws_credentials.go | 12 +++++++++++- env0/resource_aws_credentials_test.go | 13 ++++++++++--- tests/integration/006_aws_credentials/main.tf | 5 +++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/env0/resource_aws_credentials.go b/env0/resource_aws_credentials.go index d312d72a..98bfbf43 100644 --- a/env0/resource_aws_credentials.go +++ b/env0/resource_aws_credentials.go @@ -36,7 +36,7 @@ func resourceAwsCredentials() *schema.Resource { Optional: true, Sensitive: true, ForceNew: true, - ConflictsWith: []string{"arn"}, + ConflictsWith: []string{"arn", "duration"}, RequiredWith: []string{"secret_access_key"}, }, "secret_access_key": { @@ -48,6 +48,14 @@ func resourceAwsCredentials() *schema.Resource { ConflictsWith: []string{"arn"}, RequiredWith: []string{"access_key_id"}, }, + "duration": { + Type: schema.TypeInt, + Description: "the session duration in seconds for AWS_ASSUMED_ROLE_FOR_DEPLOYMENT. If set must be one of the following: 3600 (1h), 7200 (2h), 14400 (4h), 18000 (5h default), 28800 (8h), 43200 (12h)", + Optional: true, + ValidateDiagFunc: NewIntInValidator([]int{3600, 7200, 14400, 18000, 28800, 43200}), + ForceNew: true, + ConflictsWith: []string{"access_key_id"}, + }, }, } } @@ -71,6 +79,8 @@ func resourceAwsCredentialsCreate(ctx context.Context, d *schema.ResourceData, m requestType := client.AwsAssumedRoleCredentialsType if _, ok := d.GetOk("access_key_id"); ok { requestType = client.AwsAccessKeysCredentialsType + // Duration applies only for "ASSUME ROLE" + value.Duration = 0 } request := client.AwsCredentialsCreatePayload{ diff --git a/env0/resource_aws_credentials_test.go b/env0/resource_aws_credentials_test.go index 933e25ee..df0898cc 100644 --- a/env0/resource_aws_credentials_test.go +++ b/env0/resource_aws_credentials_test.go @@ -3,6 +3,7 @@ package env0 import ( "fmt" "regexp" + "strconv" "testing" "github.com/env0/terraform-provider-env0/client" @@ -18,9 +19,12 @@ func TestUnitAwsCredentialsResource(t *testing.T) { resourceNameImport := resourceType + "." + resourceName accessor := resourceAccessor(resourceType, resourceName) + duration := 3600 + awsArnCredentialResource := map[string]interface{}{ - "name": "test", - "arn": "11111", + "name": "test", + "arn": "11111", + "duration": strconv.Itoa(duration), } updatedAwsAccessKeyCredentialResource := map[string]interface{}{ @@ -32,7 +36,8 @@ func TestUnitAwsCredentialsResource(t *testing.T) { awsArnCredCreatePayload := client.AwsCredentialsCreatePayload{ Name: awsArnCredentialResource["name"].(string), Value: client.AwsCredentialsValuePayload{ - RoleArn: awsArnCredentialResource["arn"].(string), + RoleArn: awsArnCredentialResource["arn"].(string), + Duration: duration, }, Type: client.AwsAssumedRoleCredentialsType, } @@ -75,6 +80,7 @@ func TestUnitAwsCredentialsResource(t *testing.T) { resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)), resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)), resource.TestCheckResourceAttr(accessor, "id", returnValues.Id), + resource.TestCheckResourceAttr(accessor, "duration", awsArnCredentialResource["duration"].(string)), ), }, }, @@ -88,6 +94,7 @@ func TestUnitAwsCredentialsResource(t *testing.T) { resource.TestCheckResourceAttr(accessor, "name", awsArnCredentialResource["name"].(string)), resource.TestCheckResourceAttr(accessor, "arn", awsArnCredentialResource["arn"].(string)), resource.TestCheckResourceAttr(accessor, "id", returnValues.Id), + resource.TestCheckResourceAttr(accessor, "duration", awsArnCredentialResource["duration"].(string)), ), }, { diff --git a/tests/integration/006_aws_credentials/main.tf b/tests/integration/006_aws_credentials/main.tf index 7edd8198..d19af4fa 100644 --- a/tests/integration/006_aws_credentials/main.tf +++ b/tests/integration/006_aws_credentials/main.tf @@ -5,8 +5,9 @@ resource "random_string" "random" { } resource "env0_aws_credentials" "my_role_by_arn" { - name = "Test Role arn ${random_string.random.result}" - arn = "Role ARN" + name = "Test Role arn ${random_string.random.result}" + arn = "Role ARN" + duration = 7200 } data "env0_aws_credentials" "my_role_by_arn" {